Firewall Patents (Class 726/11)
  • Patent number: 12160824
    Abstract: Systems and methods for managing use of power of a wireless communication device configured to communicate over a plurality of radio links. A criterion is detected, and one of the plurality of radio links is selected as a selected radio link based on detecting the criterion. Operation of the selected radio link is switched from a first operating mode to a second operating mode, and operation of one or more remaining radio links of the plurality of radio links is disabled. In response to switching operation of the selected radio link to the second operating mode, the selected radio link oscillates between an awake state and an asleep state. Radio traffic information for the plurality of radio links is received, via the selected radio link, during the awake state.
    Type: Grant
    Filed: May 18, 2023
    Date of Patent: December 3, 2024
    Assignee: Samsung Electronics Co., Ltd.
    Inventors: Sharan Naribole, Srinivas Kandala, Wook Bong Lee, Ashok Ranganath
  • Patent number: 12113768
    Abstract: A system may identify a resource deployed in a computer, where discovery protocol data traffic is unencrypted. The system may receive metadata associated with the discovery protocol data traffic, update the computer network based at least in part on the information included in the metadata, and provide a response to the client. The system may authenticate a request from the client to access the resource using an encrypted protocol, and provide, to the client, access to the resource upon authentication, according to a resource attribute.
    Type: Grant
    Filed: October 31, 2018
    Date of Patent: October 8, 2024
    Assignee: Hewlett Packard Enterprise Development LP
    Inventor: Ramsundar Janakiraman
  • Patent number: 12111650
    Abstract: The present invention relates to a system for coordinating operation control and operation maintenance for an urban rail transit and a method using the same, where the system includes: an intelligent operation maintenance subsystem and an intelligent operation control subsystem, the intelligent operation maintenance subsystem and the intelligent operation control subsystem include coordination linkage engine modules respectively, and the intelligent operation maintenance subsystem synchronizes, by using the coordination linkage engine modules, a fault handling plan to the intelligent operation control subsystem. Compared with the prior art, the present invention has the advantages of scientific and reasonable dispatching decision-making, high efficiency and high intelligence.
    Type: Grant
    Filed: October 19, 2020
    Date of Patent: October 8, 2024
    Assignee: CASCO SIGNAL LTD.
    Inventors: Jiafu Pei, Enhua Hu, Li Lin, Bingfeng Zhang, Xiangping Zhu, Ning Zheng, Shuanglei Yang, Jiafeng Guo
  • Patent number: 12105610
    Abstract: Systems and methods provide techniques for more effective and efficient predictive monitoring of a software application framework. In response, embodiments of the present invention provide methods, apparatuses, systems, computing devices, and/or the like that are configured to enable effective and efficient predictive monitoring of a software application framework using incident signatures for the software application that are generated by using a natural language processing machine learning framework, a structured data processing machine learning model, and an incident severity level detection machine learning model.
    Type: Grant
    Filed: September 27, 2021
    Date of Patent: October 1, 2024
    Assignees: ATLASSIAN PTY LTD., ATLASSIAN US, INC.
    Inventors: Karthik Muralidharan, Sri Vardhamanan A, Aneesh Kundu
  • Patent number: 12107834
    Abstract: Some embodiments provide a method that collects metrics for one or more paths of a first tunnel implementing a first security association (SA) and for one or more paths of a second tunnel implementing a second SA. The method selects a path based on the collected metrics of the paths of the first and second tunnels. When the selected path belongs to the first tunnel, the method encrypts data transmitted as encrypted payload of the first SA and transmits the encrypted payload in the first tunnel. When the selected path belongs to the second tunnel, the method encrypts data to be transmitted as encrypted payload of the second SA and transmits the encrypted payload in the second tunnel.
    Type: Grant
    Filed: January 6, 2022
    Date of Patent: October 1, 2024
    Assignee: VMware LLC
    Inventors: Yong Wang, Awan Kumar Sharma, Sourabh Bhattacharya, Deepika Solanki, Sarthak Ray
  • Patent number: 12081565
    Abstract: A method may include receiving, via a secure deployment management (SDM) system, configuration data associated with an industrial device, identifying, via the SDM system, a presence of a secure deployment management (SDM) node associated with the industrial device, and establishing, via the SDM system, a secure communication channel between the SDM system and the SDM node using one or more security protocols. The method may also involve sending, via the SDM system, the configuration data to the industrial device via the secure communication channel. The industrial device may receive the configuration data without performing one or more security operations on the configuration data.
    Type: Grant
    Filed: February 7, 2023
    Date of Patent: September 3, 2024
    Assignee: Rockwell Automation Technologies, Inc.
    Inventors: David C. Mazur, Todd A. Wiese, Jonathan Alan Mills, Nathaniel S. Sandler, Rob A. Entzminger
  • Patent number: 12081438
    Abstract: One aspect of the instant application facilitates automatic policy engine selection. During operation, a system can monitor a network including a set of network devices. The system can receive, based on the monitoring, a set of attributes associated with the network. At least two network devices are equipped with a different policy enforcement engine for enforcing one or more given policy rules. The system can apply a unified policy model to determine, based on the set of attributes, an assignment of the one or more given policy rules to the first policy enforcement engine and the second policy enforcement engine for providing an optimized policy enforcement. The system may then select based on the assignment, one or both of the first policy enforcement engine and the second policy enforcement engine. The system may activate the selected one or both policy enforcement engines for enforcing the given policy rules.
    Type: Grant
    Filed: October 11, 2021
    Date of Patent: September 3, 2024
    Assignee: Hewlett Packard Enterprise Development LP
    Inventors: Mark A. Parenti, Timothy M. Ireland, Mathieu Riverin, Rajaseelan Manavalan, Marek Tomasz Telus
  • Patent number: 12074793
    Abstract: A level 2 (L2) switch receives a packet of upstream communication and a packet of downstream communication that are transmitted from a network device. Further, in a case where it is determined whether or not the received packet is a packet of upstream communication, and when it is determined that the packet is of session upstream communication and is a packet at a session start time, the L2 switch acquires session information and destination information included in the packet of the upstream communication, and stores in a session table. Further, when it is determined that the packet is of upstream communication and is not a packet at a session start time, and destination information of the packet is different from destination information stored in the session table, the L2 switch updates the destination information of the packet to the destination information stored in the session table.
    Type: Grant
    Filed: July 1, 2020
    Date of Patent: August 27, 2024
    Assignee: Nippon Telegraph and Telephone Corporation
    Inventors: Yuki Takei, Masayuki Nishiki, Masato Nishiguchi
  • Patent number: 12063580
    Abstract: A communication system provides secure communication between two nodes in a self-organizing network without the need for a centralized security or control device. A first node of the two nodes is provisioned with one or more security profiles, auto-discovers a second node of the two nodes, authenticates the second node based on a security profile of the one or more security profiles, selects a security profile of the one or more security profiles to encrypt a communication session between the two nodes, and encrypts the communication session between the two nodes based on the selected security profile. The second node also is provisioned with the same one or more security profiles, authenticates the first node based on a same security profile as is used to authenticate the second node, and encrypts the communication session based on the same security profile as is used for encryption by the first node.
    Type: Grant
    Filed: January 24, 2023
    Date of Patent: August 13, 2024
    Assignee: Google Technology Holdings LLC
    Inventors: Shravan Mahidhara, Vasanthi Raghuram
  • Patent number: 12045264
    Abstract: A connected device at a client network implements a local data classification service for classifying data based on a data classification service of a remote provider network. The local data classification service receives a request to classify data at one or more data sources of the client network. The request is initiated from a client device of the client network according to a management interface for a data classification service of a remote provider network (e.g., using the same API request used by the remote classification service). The local data classification service obtains at least some of the data from the one or more data sources of the client network. The local data classification service classifies the obtained data according to different types of sensitivity using the data classification engine in the execution environment without the data being exposed outside of a data isolation boundary of the client network.
    Type: Grant
    Filed: November 14, 2022
    Date of Patent: July 23, 2024
    Assignee: Amazon Technologies, Inc.
    Inventors: Eric Jason Brandwine, Calvin Yue-Ren Kuo
  • Patent number: 12041085
    Abstract: Obtaining one or more metrics associated with a network location. Determining, based on the one or more metrics and one or more prefatory check conditions, a prefatory status of the network location, the prefatory status indicating a benign status, malicious status, or a suspicious status. If the prefatory status of the network location indicates the benign status or the malicious status, providing a notification of the prefatory status in response to the prefatory status being determined. If the prefatory status of the network location indicates a suspicious status, obtaining a document object model of the network location. Obtaining a screenshot of an entire page of content at the network location. Generating a null hypothesis based on the document object model, the null hypothesis including a potential brand list, the potential brand list including one or more potential brands. Obtaining a set of reference images for each of the one or more potential brands of the potential brand list.
    Type: Grant
    Filed: June 25, 2021
    Date of Patent: July 16, 2024
    Assignee: Zoho Corporation Private Limited
    Inventors: Gouttham Nambirajan, Sita Lakshmi Sangameswaran, Ramprakash Ramamoorthy, Shailesh Kumar Davey
  • Patent number: 12041089
    Abstract: Systems and methods include, responsive to a scan by the CASB system of a plurality of users associated with a tenant in a Software-as-a-Service (SaaS) application where the scan includes identifying malware in content in the SaaS application and performing Data Loss Prevention (DLP) in the content in the SaaS application, maintaining records associated with a plurality of incidents for the malware and the DLP; providing a User Interface (UI) for the tenant including an analytics view with a plurality of summary tiles including visualizations of the plurality of incidents for the malware and the DLP for the tenant; and providing the UI for the tenant including a table listing any of the plurality of incidents for the malware and the DLP for the tenant, including any of unique data objects, unique users internal to the tenant, and unique external entities, associated with the plurality of incidents.
    Type: Grant
    Filed: November 17, 2020
    Date of Patent: July 16, 2024
    Assignee: Zscaler, Inc.
    Inventors: Pooja Deshmukh, Iris Gao, Jasbir S. Kaushal, Sarthak Saxena
  • Patent number: 12032655
    Abstract: Provided are asynchronous data ingestion and enrichment systems and methods. The systems comprise a plurality of components (e.g., ingestion components, enrichment components, and/or publishing components). Instead of passing data from one component to another, the data is sent to a messaging queue that formats and hold the data until the subsequent component is ready to receive it. Additionally, each component comprises a central microservice and a plurality of instances, the central microservice configured to communicate with each instance of the plurality of instances.
    Type: Grant
    Filed: August 27, 2020
    Date of Patent: July 9, 2024
    Assignee: NOBLIS, INC.
    Inventors: Nathan Dellinger, David Peters
  • Patent number: 12021833
    Abstract: A network interface has an input port, which is designed to accept messages from a first device or first network, and an output port, which is designed to forward the messages to a second device or second network. A memory is provided for a timetable. The network interface is designed to forward messages arriving at the input port during open times defined by the timetable to the output port and to discard messages arriving at the input port during closed times defined by the timetable. A configuration unit is designed to accept and store in the memory a timetable defined by a monitoring unit as a shared secret for the network interface and at least one sender of messages, and/or to negotiate a timetable with at least one sender of messages as a shared secret.
    Type: Grant
    Filed: August 16, 2019
    Date of Patent: June 25, 2024
    Assignee: Continental Automotive GmbH
    Inventor: Helge Zinner
  • Patent number: 12015745
    Abstract: An image processing apparatus includes: a first hardware processor that sets cooperative processing including first processing and second processing that cooperate with each other in a server that provides a service that determines the cooperative processing; a second hardware processor that receives a command to execute the first processing; a third hardware processor that generates alternative processing in place of the first processing in a case where it is detected that the command cannot be received after the cooperative processing has been set; and a fourth hardware processor that executes the alternative processing.
    Type: Grant
    Filed: October 21, 2022
    Date of Patent: June 18, 2024
    Assignee: KONICA MINOLTA, INC.
    Inventor: Megumi Miura
  • Patent number: 12010096
    Abstract: Disclosed are systems and methods for firewall configuration. A request can be transmitted to a DNS server. A response to the DNS request can include an Internet Protocol (IP) address. A firewall rule can be generated permitting access to the IP address. The firewall rule can be configured to be valid until expiration of a time-to-live value in the response to the DNS request. Thus, firewall rules can be automatically created as needed by executed processes, eliminating the need for manual firewall rule creation. As the firewall rule is invalid after the expiration of the time-to-live value, risks associated with maintaining out-of-date firewall rules are eliminated, as is the requirement to manually remove or modify out-of-date firewall rules.
    Type: Grant
    Filed: April 6, 2023
    Date of Patent: June 11, 2024
    Assignee: Comcast Cable Communications, LLC
    Inventor: Alexander Gurney
  • Patent number: 12010098
    Abstract: A segmentation firewall executing on a host enforces a segmentation policy. In a co-existence mode, the segmentation firewall operates in co-existence with a system firewall that enforces a security policy. The segmentation firewall is configured to either drop packets that do not match any permissive rule or pass packets that match a permissive rule to the system firewall to enable the system firewall to determine whether to drop or accept the passed packets. To enable efficient operation of the segmentation firewall when operating in co-existence with the system firewall, the segmentation firewall may include a plurality of rule chains and may be configured to exit a chain and bypass remaining rule chains upon an input packet matching a permissive rule of the segmentation policy.
    Type: Grant
    Filed: July 6, 2023
    Date of Patent: June 11, 2024
    Assignee: ILLUMIO, INC.
    Inventors: Daniel Richard Cook, Anish Vinodkumar Desai, Thomas Michael McCormick
  • Patent number: 12010020
    Abstract: A system for storing data includes a controller, an Ethernet switch and a storage device. The controller is configured to receive data routing instructions, and manage forwarding rules of a switch forwarding table to implement the data routing instructions. The Ethernet switch is configured to receive data, access the switch forwarding table, and route the data to the storage device using the switch forwarding table.
    Type: Grant
    Filed: August 31, 2020
    Date of Patent: June 11, 2024
    Assignee: KIOXIA CORPORATION
    Inventor: Yaron Klein
  • Patent number: 12003511
    Abstract: A method for operating a system hosted on a mobile entity is disclosed, wherein the system is operable to connect to a communication network. The method, performed by a controller of the system, comprises seeking to establish a trust relationship with a cooperating system hosted on a mobile entity, and, if a trust relationship with the cooperating system is established, performing at least one of: initiating use of a resource provided by the cooperating system, or initiating provision of a resource for use by the cooperating system. Also disclosed is a method for operating a function comprising a digital representative of a system hosted on a mobile entity, wherein the system is operable to connect to a communication network.
    Type: Grant
    Filed: April 30, 2019
    Date of Patent: June 4, 2024
    Assignee: TELEFONAKTIEBOLAGET LM ERICSSON (PUBL)
    Inventors: Miljenko Opsenica, Patrik Salmela, Roberto Morabito, Edgar Ramos, Tero Kauppinen, Miika Komu
  • Patent number: 12003485
    Abstract: Techniques for outbound/inbound lateral traffic punting based upon process risk are disclosed. In some embodiments, a system/process/computer program product for outbound/inbound lateral traffic punting based upon process risk includes receiving, at a network device on an enterprise network, process identification (ID) information from an endpoint (EP) agent executed on an EP device, in which the process ID information identifies a process that is associated with an outbound or inbound network session on the EP device on the enterprise network, and the EP agent selected the network session for punting to the network device for inspection; monitoring network communications associated with the network session at the network device to identify an application identification (APP ID) for the network session; and performing an action based on a security policy using the process ID information and the APP ID.
    Type: Grant
    Filed: February 23, 2023
    Date of Patent: June 4, 2024
    Assignee: Palo Alto Networks, Inc.
    Inventors: Ho Yu Lam, Robert Earle Ashley, Paul Theodore Mathison, Qiuming Li, Taylor Ettema
  • Patent number: 11968217
    Abstract: Techniques for providing domain name and URL visual verifications to increase security of operations on a device. The techniques include a visual indicator and/or warning to a user on the user's computing device that a domain or URL requested by the user and the device is unpopular, new, unknown, inauthentic, associated with malware or phishing, or in some other way, risky. The techniques include identifying a domain name in a communication received by a computing device and then determining a popularity ranking and/or an age of the domain name. The device can render, for display on a screen of the device, a visual indicator having the popularity ranking and/or the age of the domain name. Also, the techniques can include identifying a URL in a communication received by a computing device and then rendering, for display on a screen of the device, a visual indicator having the entire URL.
    Type: Grant
    Filed: December 27, 2021
    Date of Patent: April 23, 2024
    Assignee: Lookout, Inc.
    Inventor: Brian James Buck
  • Patent number: 11962622
    Abstract: To prevent un-authorized accesses to data and resources available in workloads on an organization's or enterprise's computer network, various improvements to automated computer network security processes to enable them to enforce network security policies using native network security mechanisms to control communications to and/or from workload units of applications running on different nodes within hybrid computer network infrastructures having both traditional hardware resources and virtual resources provided by private and public cloud infrastructure services.
    Type: Grant
    Filed: February 6, 2023
    Date of Patent: April 16, 2024
    Assignee: FireEye Security Holdings US LLC
    Inventors: Lisun Joao Kung, Jose Renato Goncalves Santos, Sarowar Golam Sikder
  • Patent number: 11956209
    Abstract: Disclosed herein are systems and methods for storing patient medical information on a local processing device, anonymizing a portion of that medical information and storing it on a second processing device, exposing that anonymized medical information to a third processing device coupled to the second processing device through a network, and restricting users of the third processing device to only accessing HIPAA compliant medical information. Alarms are included for indicating the improper transfer of HIPAA data.
    Type: Grant
    Filed: October 6, 2021
    Date of Patent: April 9, 2024
    Inventor: Volker Rudolph
  • Patent number: 11956328
    Abstract: In some implementations, a user plane (UP) device may receive a control packet indicating a logout associated with a subscriber session. The UP device may store an indication of the logout associated with the subscriber session. The UP device may determine, after storing the indication, that the logout associated with the subscriber session has not been completed within a subscriber logout period. The UP device may transmit an error indication indicating that the logout has not been completed within the subscriber logout period. In some implementations, a control plane (CP) device may receive the error indication indicating that the logout associated with the subscriber session has not been completed. The CP device may process the logout based at least in part on receiving the error indication. The CP device may transmit, based on processing the logout, a logout notification associated with the logout.
    Type: Grant
    Filed: July 18, 2022
    Date of Patent: April 9, 2024
    Assignee: Juniper Networks, Inc.
    Inventors: Subrat Pani, Shirish B. Dandekar
  • Patent number: 11956269
    Abstract: The methods and systems relate to improvements to threat modeling systems through the use of crowdsourcing. Specifically, the methods and systems relate to generating recommendations based on crowdsourced threat modeling contributions. For example, the methods and systems automate the threat modeling process by leveraging data in order to drive consistent and measurable quality of threat models and enable threat models to provide aggregated views of risk concentration at any altitude.
    Type: Grant
    Filed: December 3, 2021
    Date of Patent: April 9, 2024
    Assignee: Capital One Services, LLC
    Inventors: Jonathan Underwood, Neil Barlow, Fraser Richard Scott
  • Patent number: 11949656
    Abstract: Network traffic inspection is disclosed. An application executing on a client device as an operating system that uses a virtual private network (VPN) stack of the operating system intercepts a first IP packet. The application determines that a policy should be applied to the intercepted first IP packet. The policy is applied to the intercepted first IP packet.
    Type: Grant
    Filed: August 20, 2021
    Date of Patent: April 2, 2024
    Assignee: Barracuda Networks, Inc.
    Inventors: Pablo German Sole, Jose Luis Ferras Pereira, Sinan Eren, Luisa Marina Moya Praca de Araujo Lima
  • Patent number: 11941130
    Abstract: Methods of securely storing and providing data in a data storage system, and a corresponding system are described. A method comprises the steps of: connecting the security module to a remote host only within a predetermined remote access time window, wherein said remote access time window is stored on the security module; receiving a file transfer request from the remote host to the security module; authenticating the file transfer request; receiving the file and caching the file within the security module; isolating the remote host from the security module; connecting the security module and the data storage device; transferring the cached file from the security module to be stored in the data storage device; and isolating the security module and the data storage device once file transfer is complete. This provides a secure system where a data storage device is controllably connected to a remote host.
    Type: Grant
    Filed: August 14, 2020
    Date of Patent: March 26, 2024
    Inventors: Ken Stratford, Ivan Knezovich
  • Patent number: 11936738
    Abstract: A system, method, and computer program product are provided for managing a connection between a device and a network. In use, a first device coupled between a second device and a network is identified. Further, the first device is controlled based on predefined criteria utilizing the second device, for managing a connection between the second device and the network.
    Type: Grant
    Filed: December 14, 2020
    Date of Patent: March 19, 2024
    Assignee: McAfee, LLC
    Inventor: Efrain Ortiz, Jr.
  • Patent number: 11924377
    Abstract: Disclosed here is a method to determine a user intent when a user device initiates an interactive voice response (IVR) call with a wireless telecommunication network. A processor can detect the IVR call initiated with the network and determine whether the user device is a member of the network. Upon determining that the user device is a member of the network, the processor can obtain user history including interaction history between the user and the network. Based on the user history, the processor can predict the user intent when the user initiates the IVR call. The processor can detect whether user device is a 5G capable device. Upon the determining that the device is 5G capable and based on the predicted user intent, the processor can suggest to the user an application configured to execute on the user device and configured to address the predicted user intent.
    Type: Grant
    Filed: January 5, 2023
    Date of Patent: March 5, 2024
    Assignee: T-Mobile USA, Inc.
    Inventors: Phi Nguyen, Nathaniel Blodgett
  • Patent number: 11909845
    Abstract: Examples herein involve a multi-access edge computing (MEC) environment. An example process may include receiving a tenant application that is to be hosted in a MEC environment. The MEC environment may be situated between a user device and an external platform. The process may include assigning an edge service identifier (ESID) to the tenant application. The ESID may be used to indicate that a message, associated with the user device, involves the tenant application. The process may include assigning a host identifier to the tenant application. The host identifier may be used to indicate that report data, associated with execution of the tenant application within the MEC environment, is to be provided to the external platform. The process may include routing communications associated with the tenant application using the ESID and the host identifier.
    Type: Grant
    Filed: February 24, 2022
    Date of Patent: February 20, 2024
    Assignee: Verizon Patent and Licensing Inc.
    Inventors: Cheul Shim, Mahadevan Viswanathan, Thierry R. Sender
  • Patent number: 11888982
    Abstract: In the IKE or IPSec SA rekeying, whether the rekey exchange includes the cryptographic suite in the payload depends on whether the cryptographic suite used in the old SA is changed on both ends, e.g., the initiator and the responder. If the cryptographic suite is not changed, then the rekey exchange does not include the cryptographic suite. Additionally, in the IPSec SA rekey, if the flowing information is not changed in either end, the rekey exchange further does not include the Traffic Selector (TS). As such, the size of the payload is decreased, which saves bandwidth, more processing time and power in the course of the IKE SA or the IPSec SA rekey.
    Type: Grant
    Filed: May 16, 2021
    Date of Patent: January 30, 2024
    Assignee: HUAWEI TECHNOLOGIES CO., LTD.
    Inventors: Sandeep Kampati, De Sheng, Dharmanandana Reddy Pothula, Bharath Soma Satya Meduri
  • Patent number: 11874932
    Abstract: Approaches presented herein enable a security risk manager embedded in an application to manage security vulnerabilities of the application. More specifically, the application comprises code entities such as components, packages, libraries, or microservices. The entities are modified as part of the application development process to have an enabled state, in which these entities are permitted to run normally when called, and a disabled state, in which these entities do not run when called but instead perform a back-out behavior such as generating an error message. At runtime, the application periodically accesses a security vulnerabilities database to check for security alerts. When a relevant security alert is found, the application changes any code entities that are affected by the security alert to the disabled state pending investigation by an operations team. The application notifies the operations team by sending a notification of the security alert to an external security monitoring tool.
    Type: Grant
    Filed: June 30, 2021
    Date of Patent: January 16, 2024
    Assignee: International Business Machines Corporation
    Inventors: Matthew Paul Chapman, Chengxuan Xing, Ashley Donald Harrison, Vlad Balanescu
  • Patent number: 11876780
    Abstract: A facility controlling a communication device to create a disconnected ad hoc network and then to rejoin an internetwork is described. The communication device makes a direct or indirect wireless connection with a participant in a network in which the communication device was formerly a participant. In response to making the connection, the communication device: (1) communicates with a registration authority of the network to synchronize a provisional registration authority state established by the first communication device during a period after the communication device was formally a participant in the network and before the connection was made; and (2) communicates with a security authority of the network to synchronize a security authority state established by the communication device during the period.
    Type: Grant
    Filed: September 29, 2021
    Date of Patent: January 16, 2024
    Assignee: QUIXOTIC HOLDINGS, LLC
    Inventor: Anthony Samuel Jacobs
  • Patent number: 11861524
    Abstract: A method includes receiving, in a first networking platform, an electronic message directed from a first party to a workflow to a second party of the workflow. The method also includes identifying a document attached to the electronic message as relevant to the workflow, and identifying at least a portion of a text content in the electronic message as relevant to the workflow. The method also includes updating the workflow associated with the workflow based on the document attached to the electronic message, when the second party provides the input and storing the document attached to the electronic message in a database, as a new version of the workflow. A system and a non-transitory, computer-readable medium storing instructions to perform the above method are also provided.
    Type: Grant
    Filed: August 26, 2020
    Date of Patent: January 2, 2024
    Assignee: Ironclad, Inc.
    Inventors: Jason Li, Cai Gogwilt, Kevin Verdieck, Mary Zhuang, Blake Reary
  • Patent number: 11860724
    Abstract: An event analysis system is provided. During operation, the system can determine an event description associated with the switch from an event log of the switch. The event description can correspond to an entry in a table in a switch configuration database of the switch. A respective database in the switch can be a relational database. The system can then obtain an event log segment, which is a portion of the event log, comprising the event description based on a range of entries. Subsequently, the system can apply a pattern recognition technique on the event log segment based on the entry in the switch configuration database to determine one or more patterns corresponding to an event associated with the event description. The switch can then apply a machine learning technique using the one or more patterns to determine a recovery action for mitigating the event.
    Type: Grant
    Filed: June 25, 2020
    Date of Patent: January 2, 2024
    Assignee: Hewlett Packard Enterprise Development LP
    Inventors: Chinlin Chen, Anu Mercian, Renato Chaves de Aguiar
  • Patent number: 11855961
    Abstract: Techniques are provided that rotate a device address used to identify a wireless client device on a wireless network. The wireless client device and at least one network infrastructure component identify a plurality of device addresses associated with the wireless client device. In some embodiments, the plurality of device addresses are generated via a corresponding plurality of invocations of a stateful random number generator, such as a cryptographically secure pseudorandom number generator.
    Type: Grant
    Filed: May 25, 2021
    Date of Patent: December 26, 2023
    Assignee: CISCO TECHNOLOGY, INC.
    Inventors: Roberto Muccifora, Domenico Ficara, Amine Choukir, Anirban Karmakar, Vincent Cuissard, Sudhir Kumar Jain
  • Patent number: 11855896
    Abstract: A computerized method for directing transmission of a data packet within a distributed cloud computing system is disclosed that includes receiving the data packet by a receiving gateway instance deployed within the distributed cloud computing system, when a session corresponding to the data packet is found via a session lookup, forwarding the data packet to a destination in accordance with the session lookup, when the session is not found via the session lookup, determining whether one least one peer firewall instance is available, and when a first peer firewall instance is available and the data packet is a synchronize packet, forwarding the data packet to the first peer firewall instance. In some instances, the data packet is a TCP packet and in others, the data packet is received from either of a spoke gateway or a transit gateway that is deployed within the distributed cloud computing system.
    Type: Grant
    Filed: March 29, 2021
    Date of Patent: December 26, 2023
    Assignee: Aviatrix Systems, Inc.
    Inventors: Lee-Chik Cheung, Xiaobo Sherry Wei, Shanshan Xu, Praveen Vannarath
  • Patent number: 11853426
    Abstract: The portable peripheral (100) of communication with the data network (105) utilizing the internet protocol, comprises: a connector (110) to mechanically connect and establish a removable wired connection between the peripheral and a portable terminal, a first means (115) of wired bidirectional communication with the portable terminal, a second means (120) of bidirectional communication with a data network and a unit security (122) protecting the communication between the first and the second means of communication, this communication being established between the first and the second means of communication, the security unit (122) comprising a system (127) of autonomous DNS management, the means of communication and the security unit being embedded in a unique housing (130) removable from the portable terminal.
    Type: Grant
    Filed: April 25, 2022
    Date of Patent: December 26, 2023
    Inventor: Vladimir Mickael Leal Monteiro
  • Patent number: 11848951
    Abstract: A hybrid-fabric apparatus comprises a black box memory configured to store a plurality of behavior metrics and an anomaly agent coupled to the black box. The anomaly agent determines a baseline vector corresponding to nominal behavior of the fabric, wherein the baseline vector comprises at least two different behavior metrics that are correlated with each other. The anomaly agent disaggregates anomaly detection criteria into a plurality of anomaly criterion to be distributed among network nodes in the fabric, the anomaly detection criteria characterizing a variation from the baseline vector, and each of the plurality of anomaly criterion comprising a function of a measured vector of behavior metrics. The variation can be calculated based on a variation function applied to a vector of measured behavior metrics having elements corresponding to member elements of the baseline vector. Anomaly criterion statuses calculated by at least some of the network nodes are aggregated.
    Type: Grant
    Filed: December 13, 2021
    Date of Patent: December 19, 2023
    Assignee: Nant Holdings IP, LLC
    Inventor: Thomas M. Wittenschlaeger
  • Patent number: 11848872
    Abstract: Described herein is a system for automatically capturing configuration changes to the cloud computing resources. The system for automatically capturing configuration changes may detect changes to configurations of cloud computing resources across the geographic regions, in real-time. The changes may be stored in a central data storage device instantiated by a central cloud computing account. Furthermore, a relationship graph indicating the relationships between the different cloud computing resources may be generated.
    Type: Grant
    Filed: August 1, 2022
    Date of Patent: December 19, 2023
    Assignee: Capital One Services, LLC
    Inventor: Matthew Gladney
  • Patent number: 11843605
    Abstract: The present disclosure relates to traffic monitoring through one or more access control servers configured for (i) routing server resource request messages to resource server(s), (ii) extracting information identifying a target server resource from data packets corresponding to one or more received server resource request messages, and (iii) selectively transmitting the received server resource request message to a resource server. The security server(s) is configured to receive a server resource request message data extracted from a server resource request message and initiate a first security response, wherein the initiated first security response is dependent on analysis of the server resource request message data.
    Type: Grant
    Filed: October 31, 2022
    Date of Patent: December 12, 2023
    Assignee: Ping Identity Corporation
    Inventors: Bernard Harguindeguy, Udayakumar Subbarayan, Isidore Rosenblum, Abduraheem Poonthiruthi, Anoop Krishnan Gopalakrishnan, Ashwani Kumar
  • Patent number: 11829504
    Abstract: A system and method for data loss prevention (DLP) is disclosed, the system and method including at least: receiving, by one or more computing devices and from one or more remote sources, one or more data streams each containing a textual data; consolidating, by the one or more computing devices, the one or more data streams into a single data stream, wherein the single data stream includes a field indicating from which of the one or more remote sources the textual data for each of the one or more data streams originates; transmitting, by the one or more computing devices, the single data stream to an analytics engine; determining, with the analytics engine, whether the textual data of each of the one or more data streams contains a sensitive data using a reference table; and based on the determining, transmitting, by the one or more computing devices, a request to the one or more remote sources to delete the textual data.
    Type: Grant
    Filed: September 30, 2020
    Date of Patent: November 28, 2023
    Assignee: Capital One Services, LLC
    Inventors: Aleksandr Markenzon, Kyle Flaherty, Somkanti Biswas
  • Patent number: 11830043
    Abstract: A system and method for providing digital audio services is described. One embodiment is a method for proving digital audio services, comprising receiving, using a communications interface, an audio stream from a content provider; determining a timestamp for a first audio stream segment; determining a timestamp for a second audio stream segment; updating a playlist with a representation of the audio stream; receiving a query for content information; and sending offer information, in response to receiving the query for content information.
    Type: Grant
    Filed: February 3, 2023
    Date of Patent: November 28, 2023
    Assignee: Auddia Inc.
    Inventor: Jeffrey Thramann
  • Patent number: 11822521
    Abstract: A method of accessing data includes storing a table that includes a plurality of tablets corresponding to distinct non-overlapping table portions. Respective pluralities of tablet access objects and application objects are stored in a plurality of servers. A distinct application object and distinct tablet are associated with each tablet access object. Each application object corresponds to a distinct instantiation of an application associated with the table. The tablet access objects and associated application objects are redistributed among the servers in accordance with a first load-balancing criterion. A first request directed to a respective tablet is received from a client. In response, the tablet access object associated with the respective tablet is used to perform a data access operation on the respective tablet, and the application object associated with the respective tablet is used to perform an additional computational operation to produce a result to be returned to the client.
    Type: Grant
    Filed: February 14, 2022
    Date of Patent: November 21, 2023
    Assignee: Google LLC
    Inventors: Jeffrey Adgate Dean, Sanjay Ghemawat, Andrew Fikes, Yasushi Saito
  • Patent number: 11822653
    Abstract: A small piece of hardware connects to a mobile device and filters out attacks and malicious code. Using the piece of hardware, a mobile device can be protected by greater security and possibly by the same level of security offered by its associated corporation/enterprise. In one embodiment, a mobile security system includes a connection mechanism for connecting to a data port of a mobile device and for communicating with the mobile device; a network connection module for acting as a gateway to a network; a security policy for determining whether to forward content intended for the mobile device to the mobile device; and a security engine for executing the security policy.
    Type: Grant
    Filed: October 4, 2022
    Date of Patent: November 21, 2023
    Assignee: CUPP Computing AS
    Inventor: Shlomo Touboul
  • Patent number: 11818100
    Abstract: Methods and systems for automatic provisioning of security policies for content streaming control within a Content Delivery Network (CDN) are provided. According to one aspect, a method for automatic provisioning of security policies for content streaming control by a network node within a CDN that supports at least one streaming media protocol comprises: obtaining a manifest, the manifest being generated in response to a user requesting a streaming content from the CDN; determining a first security policy associated with the user and/or the requested streaming content in accordance with the manifest; updating a set of firewall rules for implementing security policies in accordance with the determined first security policy; and applying the updated set of firewall rules to validate requests from the user for the streaming content. The policies are dynamically configured and may be sparsely provisioned, e.g., downloaded only to the pertinent nodes and activated only when necessary.
    Type: Grant
    Filed: December 4, 2017
    Date of Patent: November 14, 2023
    Assignee: Telefonaktiebolaget LM Ericsson (publ)
    Inventors: Stere Preda, Daniel Migault, Makan Pourzandi
  • Patent number: 11809890
    Abstract: Various systems and methods for managing quality of storage service in a virtual network are described herein. A system for managing quality of service in a virtual network includes an analytic platform configured to analyze input/output operations by a virtual host on a storage array in a virtual network, the virtual host identified with a virtual network identifier (VNI), and the virtual network identified by a virtual host address (VHA); and a security controller to: receive, from the analytic platform, storage array metrics associated with the VNI and the VHA; determine that the storage array metrics violate a threshold condition; and cause a responsive action to adjust the operating environment of the virtual host to maintain quality of input/output service for hosts sharing the storage array.
    Type: Grant
    Filed: June 29, 2018
    Date of Patent: November 7, 2023
    Assignee: Intel Corporation
    Inventor: Ziye Yang
  • Patent number: 11805566
    Abstract: In a connection reactivation method, a connection of a PDU session established by user equipment on a N3GPP side is reactivated through communications via a 3GPP network. The user equipment accesses both the 3GPP and the N3GPP network and is originally in an idle state on the N3GPP network. An access and mobility management function entity receives a first message from a session management function entity to reactivate the PDU session connection of the user equipment. The access and mobility management function entity sends a second message to the user equipment via the 3GPP access network to instruct the user equipment to reactivate the connection of the PDU session.
    Type: Grant
    Filed: September 10, 2021
    Date of Patent: October 31, 2023
    Assignee: HUAWEI TECHNOLOGIES CO., LTD.
    Inventors: Huan Li, Youyang Yu
  • Patent number: 11805101
    Abstract: Some embodiments provide a novel secure method for suppressing address discovery messaging. In some embodiments, the method receives an address discovery record that provides a network address associated with a machine connected to a network. The method then identifies a set of one or more rules for evaluating the received address discovery record to determine whether the address discovery record or its provided network address should be distributed to one or more hosts and/or devices associated with the network. The method then processes the set of rules to determine whether the received address discovery record violates a rule in the set of rules so as to prevent the distribution of its provided network address. When the address discovery record violates a rule, the method discards it in some embodiments.
    Type: Grant
    Filed: April 6, 2021
    Date of Patent: October 31, 2023
    Assignee: VMWARE, INC.
    Inventors: Li Sun, Parasuramji Rajendran, Yang Ping, Jianjun Shen
  • Patent number: 11805033
    Abstract: The present invention relates to a computer implemented method, preferably a computer implemented method, and a system, which have been designed to bridge a gap in the End User experience monitoring that has been created by the adoption of cloud based services by Enterprise customer by replicating exactly the actions performed by the user on a cloud based application in order to determine the true end user experience and alert in case of unexpected latency and also by analyzing at the same time the impacts of the Internet network and the local infrastructure of the Enterprise user on the end user experience of the cloud based application that is monitored.
    Type: Grant
    Filed: November 9, 2021
    Date of Patent: October 31, 2023
    Assignee: Martello Technologies Corporation
    Inventors: Antoine Leboyer, Gary Steere, Jean-Francois Piot