Proxy Server Or Gateway Patents (Class 726/12)
  • Patent number: 10374929
    Abstract: An online system determines a frequency with which its users delete information stored in a browser on client devices associated with each user. When a user accesses the online system, the online system determines a user identifier associated with the user and determines if one or more conditions are satisfied based on information received from a browser used to access the online system. If a condition is satisfied, the online system communicates an instruction to the browser to communicate information associated with a third party and the user identifier to the third party. Information previously stored in the browser and associated with the user identifier is compared to information associated with the user identifier received from the browser. Deletion of information stored in the browser is determined when stored information associated with the user identifier differs from received information associated with the user identifier.
    Type: Grant
    Filed: December 27, 2016
    Date of Patent: August 6, 2019
    Assignee: Facebook, Inc.
    Inventors: Alexey Maykov, Ryan Edward Huettl, Anirudhan Vijayakanthan, Nipun Mathur
  • Patent number: 10375019
    Abstract: The present disclosure relates to network security software cooperatively configured on plural nodes to authenticate and authorize devices, applications, users, and data protocol in network communications by exchanging nonpublic identification codes, application identifiers, and data type identifiers via pre-established communication pathways and comparing against pre-established values to provide authorized communication and prevent compromised nodes from spreading malware to other nodes.
    Type: Grant
    Filed: October 5, 2018
    Date of Patent: August 6, 2019
    Assignee: Stealthpath, Inc.
    Inventors: Mike Clark, Andrew Gordon, Matt Clark
  • Patent number: 10374869
    Abstract: A containerized architecture to secure and manage Internet-connected devices, such as “Internet of Things” devices, is disclosed. In various embodiments, one or more containerized applications are run, e.g., on an Internet of Things gateway, subject to management by the management server. At least one of the containerized applications is a management agent configured to participate, subject to control of the management server, in management of one or more other of said containerized applications.
    Type: Grant
    Filed: September 20, 2016
    Date of Patent: August 6, 2019
    Assignee: MOBILE IRON, INC.
    Inventor: Sandeep Jain
  • Patent number: 10366431
    Abstract: Disclosed are various embodiments for resuming sessions and electronic commerce session across devices. A computing environment is employed to maintain a navigation history comprising a plurality of product pages accessed by a first client device during an electronic commerce session. At least one of the plurality of product pages is determined to be presented on the second client device in response to a request to resume the electronic commerce session being received from a second client device. The product page determined is presented on the second client device.
    Type: Grant
    Filed: May 15, 2015
    Date of Patent: July 30, 2019
    Assignee: Amazon Technologies, Inc.
    Inventor: Nisarg Shah
  • Patent number: 10356080
    Abstract: Techniques described herein may be used to centralize authentication and authorization for accessing cloud services provided by different cloud platform deployments. A user equipment (UE) may provide user information to a cloud admin server. The cloud admin server may authenticate and authorize the UE locally and then initiate a sign on procedure with each cloud platform deployment. The sign on procedure may include obtaining user group information for the user and providing the user group information to the cloud platform deployments so that the cloud platform deployments may return permission information without having to each perform an authentication and authorization procedure. The cloud admin server may relay the permission information to the UE, and the UE may use the permission information to access any/all of the cloud services.
    Type: Grant
    Filed: March 17, 2017
    Date of Patent: July 16, 2019
    Assignee: Verizon Patent and Licensing Inc.
    Inventor: Minbao Li
  • Patent number: 10348400
    Abstract: A method for identifying a device capable of communicating by Li-Fi including the steps of generating and storing a list of first pieces of address data and a list of transmission frequencies each associated with a first piece of address data; selecting second pieces of address data (11) to form a MAC address (10); transforming each second piece of address data into a third piece of address data containing a transmission frequency value associated with the second piece of address data; generating a global address; assigning the global address to the device; and recording the global address in a memory module of the device capable of communicating by Li-Fi.
    Type: Grant
    Filed: July 18, 2016
    Date of Patent: July 9, 2019
    Assignee: OLEDCOMM
    Inventor: Suat Topsu
  • Patent number: 10348556
    Abstract: A network system includes a datacenter including a gateway router configured to route data transmissions of public network traffic to and from a plurality of VPCs hosted by the datacenter. A first VPC is configured to communicate with the gateway router. The first VPC is accessible and identifiable via a first public IP address. A second VPC is configured to communicate with the gateway router, and the second VPC is accessible and identifiable via a second public IP address. A direct connection transmits a particular data transmission based on the first public IP address and the second public IP address, directly between the first VPC and the second VPC so as to bypass the gateway router. The first public IP address and the second public IP address are assigned from among a group of public IP addresses allocated for assignment to VPCs hosted by the datacenter.
    Type: Grant
    Filed: June 2, 2016
    Date of Patent: July 9, 2019
    Assignee: Alibaba Group Holding Limited
    Inventors: Gang Cheng, Hong Tang, Jiesheng Wu
  • Patent number: 10348681
    Abstract: Embodiments of the present invention provide methods, systems and computer program products for the centralized, secure offloading of security services for distributed security enforcement points. In an embodiment, a network data processing system can be configured for centralized secure offload of security services for distributed security enforcement points and can include a set of security enforcement points controlling communication flows between devices in different less trusted zones of protection. The system also can include a security server communicatively coupled to the security enforcement points and hosting security services logic disposed in a more trusted zone of protection. Each of the security enforcement points can include an interface to the security services logic and program code enabled to offload security related services processing through the interface to the security services logic disposed in the more trusted zone of protection.
    Type: Grant
    Filed: January 24, 2007
    Date of Patent: July 9, 2019
    Assignee: INTERNATIONAL BUSINESS MACHINES CORPORATION
    Inventors: Curtis M. Gearhart, Christopher Meyer, Linwood H. Overby, Jr., David J. Wierbowski
  • Patent number: 10348568
    Abstract: Embodiments of the present disclosure provide a method and an apparatus for performing communication in software-defined networking, and a communications system. The method includes: receiving a message sent by a network device, where the message includes a signaling message; determining, according to a control policy, a matching condition that matches the message, where the control policy includes a matching condition and operation information corresponding to the matching condition; processing the message according to the operation information corresponding to the matching condition that matches the message; and sending the processed message to the network device. According to the method and the apparatus for performing communication in software-defined networking, and the communications system in the present disclosure, a problem in the prior art that a control device serving as a network control center cannot communicate with a base station is resolved.
    Type: Grant
    Filed: September 15, 2017
    Date of Patent: July 9, 2019
    Assignee: Huawei Technologies Co., Ltd.
    Inventor: Wei Zhang
  • Patent number: 10346179
    Abstract: An information processing apparatus having a function of entering and returning from a hibernation state and communicable with a server apparatus performing device certification includes a storage unit configured to, in a case where a software module is activated, store a hash value of the activated software module in a volatile memory, a request unit configured to request device certification based on a hash value stored in the volatile memory from the server apparatus, and an excluding unit configured to, in a case where the device certification is requested after returning from the hibernation state, exclude a software module activated before entering the hibernation state from a target of the device certification.
    Type: Grant
    Filed: November 19, 2015
    Date of Patent: July 9, 2019
    Assignee: Canon Kabushiki Kaisha
    Inventors: Kazuya Kishi, Koji Harada, Junichi Hayashi, Nobuhiro Tagashira, Takami Eguchi, Yasuhiro Nakamoto, Ayuta Kawazu
  • Patent number: 10341830
    Abstract: Provided are a method and apparatus for sending or forwarding information. The sending method is applied to an M2M communication system and includes: a sending device sends to-be-sent information to a target device through a communication network, wherein the information carries one of the followings: a first ID, which is used for identifying the target device outside the communication network, and a second ID, which is used for identifying the target device inside the communication network; the sending device acquires a recognizable ID corresponding to the specified ID through the communication network; and the sending device sends the information to the target device through the communication network according to the recognizable ID. The technical problem that there is still no effective object identification solution which is compatible with various standard systems in the related arts is solved, and different M2M user equipment can be distinguished in the M2M communication system.
    Type: Grant
    Filed: October 10, 2013
    Date of Patent: July 2, 2019
    Assignee: ZTE CORPORATION
    Inventors: Hui Xu, Chuanxi Wu
  • Patent number: 10341345
    Abstract: Systems, methods, and computer-readable media related to configuration of browser applications executed on client computing device to control the functionality of the browser application as at least some content is accessed. The configuration of the browser application can be controlled programmatically such that the browser configuration can be validated and controlled by at least some content providers. Additionally, the configuration and subsequent processing of content provided by an authenticating content provider can be implemented in a manner such that users of a client computing device and other applications on the client computing device may not have access to modify or otherwise interfere with the operation of the browser software application.
    Type: Grant
    Filed: December 15, 2015
    Date of Patent: July 2, 2019
    Assignee: Amazon Technologies, Inc.
    Inventors: Jesper Mikael Johansson, Peter Frank Hill
  • Patent number: 10341385
    Abstract: Systems and methods for managing risk management rules are provided. A risk management rule may be configured at a rule configuration interface are described. The rule configuration interface may include a list of access rights available for selection. Based on input received, one of the access rights may be identified as a base access right and one of the access rights may be identified as a conflicting access right for the risk management rule. The access rights provisioned at the computing system may be monitored to determine whether a user is provisioned with both the base access right and the conflicting access right. If so, a violation review may be created and presented at a violation review interface at which a decision for the violation review is receivable. An exception to the risk management rule may also be configured at an exception configuration interface.
    Type: Grant
    Filed: April 11, 2016
    Date of Patent: July 2, 2019
    Assignee: Bank of America Corporation
    Inventors: Armen Moloian, Ronald W. Ritchey
  • Patent number: 10339339
    Abstract: Techniques to securely store and retrieve data are disclosed. In various embodiments, a process of retrieving secure data includes receiving a request, where the request includes a first secret data and a second secret data. The process further includes identifying a first encrypted data to retrieve based on the request, using the first secret data to decrypt the first encrypted data to generate a decrypted data, generating a second encrypted data, where the second encrypted data is encrypted using the second secret data. In response to the request, the second encrypted data is provided.
    Type: Grant
    Filed: February 10, 2017
    Date of Patent: July 2, 2019
    Assignee: MOBILERON, INC.
    Inventor: Timothy Jackson
  • Patent number: 10333969
    Abstract: Embodiments provide system and methods for a DDoS service using a mix of mitigation systems (also called scrubbing centers) and non-mitigation systems. The non-mitigation systems are less expensive and thus can be placed at or near a customer's network resource (e.g., a computer, cluster of computers, or entire network). Under normal conditions, traffic for a customer's resource can go through a mitigation system or a non-mitigation system. When an attack is detected, traffic that would have otherwise gone through a non-mitigation system is re-routed to a mitigation system. Thus, the non-mitigation systems can be used to reduce latency and provide more efficient access to the customer's network resource during normal conditions. Since the non-mitigation servers are not equipped to respond to an attack, the non-mitigation systems are not used during an attack, thereby still providing protection to the customer network resource using the mitigation systems.
    Type: Grant
    Filed: October 9, 2018
    Date of Patent: June 25, 2019
    Assignee: Level 3 Communications, LLC
    Inventors: Robert Smith, Shawn Marck, Christopher Newton
  • Patent number: 10320806
    Abstract: A method includes receiving authentication information for a client device at a server. The authentication information includes a geographic location of the client device and a first result of a one-way hash function based on a combination including an authentication seed and a first secret. The method includes computing, at the server, a second result of the one-way hash function based on a combination including the authentication seed and a second secret. The method also includes enabling the client device to access a second network in response to a determination by the server that the first result matches the second result and a determination by the server that the client device is authorized to access the second network based on the geographic location.
    Type: Grant
    Filed: September 9, 2014
    Date of Patent: June 11, 2019
    Assignee: WAYPORT, INC.
    Inventors: James D. Keeler, John R. Melendez
  • Patent number: 10303898
    Abstract: A method for blocking web page trackers by a web browser of a mobile device, including loading a web page on a mobile device, scanning the web page to detect scripts in the web page, for each detected script, comparing content of the script with a list of URL connections, to detect trackers present in the script, each URL connection being associated with a corresponding tracker, storing the detected trackers, displaying the stored trackers to a user, enabling a user to selectively block, via said mobile device, one or more of the displayed trackers, and reloading the web page, comprising, for each selected tracker to block, rejecting the URL connection corresponding to the selected tracker.
    Type: Grant
    Filed: October 15, 2017
    Date of Patent: May 28, 2019
    Assignee: Finjan Mobile, Inc.
    Inventors: Scot Robinson, Patrick Conlin, Jules Panopoulos, Julie Mar-Spinola
  • Patent number: 10306468
    Abstract: The techniques described herein are configured to map a new security association to an active Internet Protocol (IP) Multimedia Subsystem (IMS) session subsequent to the occurrence of a connectivity interruption. In various examples, the connectivity interruption occurs in an access network that supports an IMS network. The new security association is established using an updated IP address that is configured for (e.g., assigned to) a mobile device after the connectivity interruption to the IMS session occurs. The techniques described herein improve network performance because less resources are spent to establish new IMS session in response to the interruption. Rather, in accordance with the examples provided herein, network components can determine that a new security association is associated with an active IMS session, and the network components can map the new security association to the active IMS session (e.g., one for which the IMS has not released the IMS bearer).
    Type: Grant
    Filed: June 29, 2016
    Date of Patent: May 28, 2019
    Assignee: T-Mobile USA, Inc.
    Inventors: Carl Williams, Ming Shan Kwok
  • Patent number: 10298635
    Abstract: An approach for managing collaboration on IWBs allows users of different third-party collaboration services to participate in collaboration meetings on IWBs. The approach allows the users to use collaboration functionality provided by IWBs, such as annotation, and to communicate with each other, even though the users are using different third party collaboration services. The approach uses a collaboration manager that provides a “single wrapper” application program interface (API) and centralized management of collaboration meetings, including license key and token management, cross-license collaboration, user management and meeting management. The collaboration manager acts as a mediation layer that handles the APIs of different third-party collaboration services and allows users using heterogeneous collaboration clients to participate in collaboration meetings.
    Type: Grant
    Filed: December 19, 2016
    Date of Patent: May 21, 2019
    Assignee: Ricoh Company, Ltd.
    Inventors: Rathnakara Malatesha, Lana Wong, Hiroshi Kitada
  • Patent number: 10275231
    Abstract: At least one application may include instructions comprising application instructions and a plurality of separate pipeline definition instructions. The application instructions may be within a virtual container including at least one program that is generically executable in a plurality of different continuous integration and delivery (CI/CD) environments. Each of the plurality of separate pipeline definition instructions may be configured for each of the plurality of different CI/CD environments such that each pipeline definition may operate only in the CI/CD environment for which it is created. Each pipeline definition may be configured to cause the CI/CD environment for which it is created to execute the at least one program.
    Type: Grant
    Filed: October 4, 2018
    Date of Patent: April 30, 2019
    Assignee: Capital One Services, LLC
    Inventors: Brandon Atkinson, Christopher Bowers, Dallas Edwards
  • Patent number: 10257089
    Abstract: Techniques are disclosed for providing a distributed customer premises equipment (CPE) comprising several devices. The distributed CPE may include a control plane subsystem configured to execute on a first device, a first data plane subsystem configured to execute on a second device, and a second data plane subsystem configured to execute on a third device. The second device may be further configured to execute a first virtual machine capable of executing a first network function. The third device may be further configured to execute a second virtual machine capable of executing a second network function. In certain embodiments, the control plane subsystem may be configured to control forwarding functionality of the first data plane subsystem and the second data plane subsystem, and control the first network function and the second network function. In certain embodiments, the first device and the second device are customer premises equipment (CPE) devices.
    Type: Grant
    Filed: October 28, 2016
    Date of Patent: April 9, 2019
    Assignee: AT&T Intellectual Property I, L.P.
    Inventors: Robert Bays, Srinivas Narayan
  • Patent number: 10237259
    Abstract: Systems and methods for decentralized and asynchronous authentication flow between users, relying parties and identity providers. A trusted user agent application or digital lock box under a user's control may perform the functions of an authentication broker. In particular, the user agent application or digital lock box can accept relying party requests and respond with authentication and identity data previously obtained from an identity provider server, and without the involvement of a centralized broker server.
    Type: Grant
    Filed: February 28, 2017
    Date of Patent: March 19, 2019
    Assignee: SecureKey Technologies Inc.
    Inventors: Troy Jacob Ronda, Pierre Antoine Roberge, Dmitry Barinov, Michael Varley, David Alexander Stark, Gregory Howard Wolfond, Aleksandar Likic, Michael John Page
  • Patent number: 10230770
    Abstract: A system and method for providing a network proxy layer are disclosed. The network proxy layer may receive a connection establishment event for a client connection of an application session and send the client connection event to an application proxy for the application session, the application proxy being associated with an application of a server. Upon establishment of the client connection, the network proxy layer may receive one or more data packets from the client connection. The network proxy layer may further receive a connection establishment event for a server connection of the application session of the server, and receive one or more data packets from the server connection.
    Type: Grant
    Filed: December 2, 2013
    Date of Patent: March 12, 2019
    Assignee: A10 Networks, Inc.
    Inventors: Feilong Xu, Chih-Wei Chao, Lee Chen
  • Patent number: 10212191
    Abstract: An access control rule authorizing communication between a plurality of managed servers within an administrative domain is determined. Communication information describing past communication between the plurality of managed servers is obtained. A subset of managed servers from the plurality of managed servers is identified by grouping the plurality of managed servers based on the obtained communication information. A group-level label set is determined to associate with the subset of managed servers. Role labels are determined for managed servers in the subset of managed servers. A managed server is associated with one role label. Based on the group-level label set and the role labels, an access control rule is generated authorizing communication between a first managed server of the subset of managed servers and a second managed server. The access control rule is stored as part of an administrative domain-wide management policy.
    Type: Grant
    Filed: February 7, 2018
    Date of Patent: February 19, 2019
    Assignee: Illumio, Inc.
    Inventors: Paul J. Kirner, Matthew K. Glenn, Mukesh Gupta, Roy N. Nakashima, Thukalan V. Verghese
  • Patent number: 10200351
    Abstract: The disclosure describes systems, methods and devices relating to a sign-on and management hub or service for users of multiple internal, external or Software-as-a-Service (SaaS) software applications (Apps), with options for centralized management and sharing of accounts without needing to provide login credentials to individual users.
    Type: Grant
    Filed: December 4, 2013
    Date of Patent: February 5, 2019
    Assignee: Google LLC
    Inventors: Erik Gustavson, Scott Kriz, Aaron Eisenberger, Garrett Brown, Jason Carulli, Andrew Arrow, Prashant Nadarajan, Fong Woh Fai, Chung Weng Wai, Saw Kee Wooi
  • Patent number: 10193914
    Abstract: Techniques for analyzing a page to be presented by a browser running on a computing platform. The page is disabled. The page is tested to determine if the page is framed by a second page. The page is enabled if the testing indicates that the page is not framed by a second page. Each level of a hierarchy of framed pages is inspected to determine whether each level is authorized. The page is enabled if the inspecting indicates that each level of the hierarchy of framed pages is authorized.
    Type: Grant
    Filed: September 9, 2016
    Date of Patent: January 29, 2019
    Assignee: salesforce.com, inc.
    Inventor: Yoel Gluck
  • Patent number: 10187392
    Abstract: A communications system includes communications terminals connected to a management server.
    Type: Grant
    Filed: October 7, 2015
    Date of Patent: January 22, 2019
    Assignee: RICOH COMPANY, LTD.
    Inventors: Yuuta Hamada, Takahiro Asai, Hiroshi Hinohara
  • Patent number: 10182321
    Abstract: Techniques for setting up wireless data transfer are described. In one embodiment, for example, an apparatus may be configured to monitor network traffic. A context or origin of the network traffic may be determined. Control options for setting up a wireless data transfer may be determined and presented to a user. Based upon user input, a control option may be selected. Routing network traffic may be performed based upon the selected control option. Other embodiments are described and claimed.
    Type: Grant
    Filed: November 21, 2014
    Date of Patent: January 15, 2019
    Assignee: FACEBOOK, INC.
    Inventors: Joonas Emil Hjelt, Lauri Jaakko Vuornos
  • Patent number: 10171484
    Abstract: A system includes: a CPU, a computer readable memory and a computer readable storage medium associated with a computer device of a service provider; program instructions to receive, by the computer device, a breach notification from a user device, wherein the user device includes a client that corresponds to the service provider, and the breach notification indicates a potential security compromise of the user device; program instructions to identify, by the computer device, a plurality of user devices that have the client; and program instructions to transmit, by the computer device, a respective security profile to each of the identified plurality of user devices, wherein each of the respective security profiles defines a security challenge that must be completed to obtain access. The program instructions are stored on the computer readable storage medium for execution by the CPU via the computer memory.
    Type: Grant
    Filed: August 30, 2016
    Date of Patent: January 1, 2019
    Assignee: INTERNATIONAL BUSINESS MACHINES CORPORATION
    Inventors: Swaminathan Balasubramanian, Radha M. De, Ashley D. Delport, Indrajit Poddar, Cheranellore Vasudevan
  • Patent number: 10154009
    Abstract: Concepts and technologies are disclosed herein for providing a basic firewall using a virtual networking function. A control system having a processor can detect a firewall request that can include a request to create a basic firewall. The processor can analyze a recipe to determine a virtual switch and a basic firewall virtual function that are to provide the functionality of the basic firewall. The processor can trigger instantiation of the virtual switch via a network control function and instantiation of the basic firewall virtual function via a service control function. The processor also can validate the basic firewall. The basic firewall can provide filtering of traffic at the network transport layer using the virtual switch, and as such, the virtual switch may not operate on the application layer.
    Type: Grant
    Filed: August 11, 2015
    Date of Patent: December 11, 2018
    Assignee: AT&T Intellectual Property I, L.P.
    Inventor: W. Cooper Chastain
  • Patent number: 10152465
    Abstract: Various embodiment methods for performing security-focused web crawling by a server may include identifying sensitive data on a first web page, and generating a first document object model (DOM) for the first web page in which the first DOM represents the sensitive data on the first web page. Various embodiments may further include comparing one or more attributes of the sensitive data in the first DOM with the one or more attributes of the sensitive data in a second DOM for a second web page, and determining whether the first web page is different from the second web page based on the comparison of the one or more attributes of the sensitive data in the first DOM and the second DOM.
    Type: Grant
    Filed: December 20, 2016
    Date of Patent: December 11, 2018
    Assignee: QUALCOMM Incorporated
    Inventors: Mihai Christodorescu, Alexey Aliev, Dinakar Dhurjati, Hilmi Gunes Kayacik
  • Patent number: 10152280
    Abstract: According to one embodiment, a storage device includes a processor which executes first processing, second processing and third processing. The second processing includes processing for relaying a command issued by a host device, and an execution result of the first processing corresponding to the command, between the host device and the first processing. The third processing includes processing for causing the second processing to transition from a first state to a second state of lower energy consumption than the first state, when a first period in which the second processing is in an idle state exceeds a second period. The third processing further includes processing for maintaining the first state under a first condition, when the first period exceeds the second period.
    Type: Grant
    Filed: December 19, 2017
    Date of Patent: December 11, 2018
    Assignee: TOSHIBA MEMORY CORPORATION
    Inventors: Takashi Ishiguro, Hirokazu Morita
  • Patent number: 10142166
    Abstract: A security system is described for managing a premises. The security system comprises security system components and a first controller. A takeover component receives security data of the security system from the first controller. The security data is used to configure a second controller to communicate with the security system. The second controller communicates with the security system components and replaces the first controller in management of the security system.
    Type: Grant
    Filed: March 13, 2018
    Date of Patent: November 27, 2018
    Assignee: iControl Networks, Inc.
    Inventors: Marc Baum, Paul J. Dawes, Mike Kinney, Reza Raji, David Swenson, Aaron Wood
  • Patent number: 10142346
    Abstract: Disclosed are systems, methods and computer-readable storage medium for extending a private cloud to a public cloud. The private cloud can be extended to the public cloud by establishing a virtual private network between a private cloud and a public cloud, receiving one or more access control lists provisioned by the private cloud, determining contracts between an end point group of the private cloud and an end point group of the public cloud based on the one or more access control lists, and extending the end point group of the private cloud to the end point group of the public cloud across the virtual private network.
    Type: Grant
    Filed: July 28, 2016
    Date of Patent: November 27, 2018
    Assignee: CISCO TECHNOLOGY, INC.
    Inventors: Pavan Basetty, Subrata Banerjee, Ruben Hakopian
  • Patent number: 10142289
    Abstract: A secure interface for a mobile communications device has output communications circuitry operable to communicate with an external network, private network communications circuitry operable to communicate with a mobile communications device, and an input/output filter connected between the output communications circuitry and the private network communications circuitry. The input/output filter separately filters, based on programmed stored criteria, externally-received information packets from the external network via the output communications circuitry and internally-received information packets from the mobile communications device via the private network communications circuitry.
    Type: Grant
    Filed: March 27, 2018
    Date of Patent: November 27, 2018
    Assignee: Owl Cyber Defense Solutions, LLC
    Inventor: Salvatore Morlando
  • Patent number: 10142440
    Abstract: Embodiments for enforced registry of cookies in a tiered delivery network by at least a portion of a processor. Information of a cookie may be extracted at a reverse proxy providing access to an application server. Cookie registration rules provided to the registry by an application on the application server may be obtained such that the registry enables the reverse proxy to enforce compliance with the cookie registration rules for each cookie requesting access to the application. The extracted information of the cookie may be compared against the cookie registration rules provided to the registry by the application. The cookie may be suppressed from being relayed to the application upon determining the extracted information is non-compliant with the cookie registration rules.
    Type: Grant
    Filed: July 29, 2016
    Date of Patent: November 27, 2018
    Assignee: INTERNATIONAL BUSINESS MACHINES CORPORATION
    Inventors: Gary F. Diamanti, Yaser K. Doleh, Jeffrey W. Lucas, Mauro Marzorati
  • Patent number: 10135827
    Abstract: A client computer hosts a virtual private network tool to establish a virtual private network connection with a remote network. Upon startup, the virtual private network tool collects critical network information for the client computer, and sends this critical network information to an address assignment server in the remote network. The address assignment server compares the critical network information with a pool of available addresses in the remote network, and assigns addresses for use by the client computer that do not conflict with the addresses for local resources. The address assignment server also provides routing information for resources in the remote network to the virtual private network tool. The virtual private network tool will postpone loading this routing information into the routing tables of the client computer until the client computer requests access to a specific resource in the remote network.
    Type: Grant
    Filed: July 12, 2016
    Date of Patent: November 20, 2018
    Assignee: SonicWALL Inc.
    Inventors: Paul Lawrence Hoover, Rodger Del Erickson, Bryan Sauve
  • Patent number: 10120670
    Abstract: At least one application may include instructions comprising application instructions and a plurality of separate pipeline definition instructions. The application instructions may be within a virtual container including at least one program that is generically executable in a plurality of different continuous integration and delivery (CI/CD) environments. Each of the plurality of separate pipeline definition instructions may be configured for each of the plurality of different CI/CD environments such that each pipeline definition may operate only in the CI/CD environment for which it is created. Each pipeline definition may be configured to cause the CI/CD environment for which it is created to execute the at least one program.
    Type: Grant
    Filed: March 28, 2018
    Date of Patent: November 6, 2018
    Assignee: Capital One Services, LLC
    Inventors: Brandon Atkinson, Christopher Bowers, Dallas Edwards
  • Patent number: 10110600
    Abstract: The disclosed embodiments include systems and methods for dynamically investigating a changing asset-to-asset cloud communication environment. The disclosed embodiments may involve creating a baseline context for a trusted server, the baseline context including categories of assets in the changing asset-to-asset cloud communication environment and corresponding access rights for the categories of assets, training the baseline context for the trusted server based on automatically discovered access rights, and operating the trained baseline context for the trusted server.
    Type: Grant
    Filed: February 5, 2018
    Date of Patent: October 23, 2018
    Assignee: CyberArk Software Ltd.
    Inventor: Dor Simca
  • Patent number: 10110714
    Abstract: A network access device (NAD) receives a UDP packet from a client to be transmitted to a management server over Internet, the UDP packet including a management message. The NAD is one of NADs managed by the management server. The NAD determines whether the management server is reachable using a UDP protocol. The NAD transmits the UDP packet to the management server using the UDP protocol over the Internet if it is determined that the management server is reachable using the UDP protocol. Otherwise, the NAD extracts a UDP payload from the UDP packet, encapsulates the UDP payload within an HTTP POST request, and transmits the HTTP POST request having the UDP payload encapsulated therein to the management server using a HTTP protocol over the Internet.
    Type: Grant
    Filed: December 9, 2015
    Date of Patent: October 23, 2018
    Assignee: CISCO TECHNOLOGY, INC.
    Inventors: Clifford A. Frey, John Bicket, Kevin Paul Herbert, Varun Sagar Malhotra, Benjamin A. Chambers
  • Patent number: 10110567
    Abstract: The present invention relates to a server comprising at least an application outputting at least one cookie, the server including a scrambled cookie names generator, a correspondence mechanism associating connections attributes for the application with an unpredictable scrambled cookie name, the scrambled cookie name being the one provided in the cookie sent to client side for use in the next connections to the application.
    Type: Grant
    Filed: July 11, 2014
    Date of Patent: October 23, 2018
    Assignee: GEMALTO SA
    Inventors: Eric Garreau, Alexandre Schaff
  • Patent number: 10104069
    Abstract: Requests for access to Web service resources are evaluated based on the type of request that is received. Requests are not granted unless sufficient proof of authentication is provided to grant that request. An authentication service evaluates one or more factors to determine whether or not to authenticate the client. After being authenticated by the authentication service, proof of authentication is provided to the Web service, which grants access to the Web service resource.
    Type: Grant
    Filed: October 31, 2017
    Date of Patent: October 16, 2018
    Assignee: Microsoft Technology Licensing, LLC
    Inventors: Craig V. McMurtry, Alexander T. Weinert, Vadim Meleshuk, Mark E. Gabarra
  • Patent number: 10101989
    Abstract: In one embodiment, a system for managing a virtualization environment comprises a plurality of host machines, one or more virtual disks comprising a plurality of storage devices, a virtualized file server (VFS) comprising a plurality of file server virtual machines (FSVMs), wherein each of the FSVMs is running on one of the host machines and conducts I/O transactions with the one or more virtual disks, and a virtualized file server backup system configured to back up data stored in a VFS located a cluster of host machines to an object store, and retrieve the backed-up data as needed to restore the data in the VFS. The object store may be located in a public cloud. The object store may include a low-cost storage medium within the cluster. An FSVM of the VFS may provide an object store interface to low-cost storage media.
    Type: Grant
    Filed: February 2, 2017
    Date of Patent: October 16, 2018
    Assignee: Nutanix, Inc.
    Inventors: Vishal Sinha, Richard James Sharpe, Kalpesh Ashok Bafna, Anil Kumar Gopalapura Venkatesh, Durga Mahesh Arikatla, Shyamsunder Prayagchand Rathi
  • Patent number: 10095558
    Abstract: A new approach is proposed that contemplates systems and methods to support a mechanism to offload all aspects of inline SSL processing of an application running on a server/host to an embedded networking device such as a Network Interface Card (NIC), which serves as a hardware accelerator for all applications running on the server that need to have a secure connection with a remote client device over a network. By utilizing a plurality of its software and hardware features, the embedded networking device is configured to process all SSL operations of the secure connection inline, i.e., the SSL operations are performed as packets are transferred between the host and the client over the network, rather than having the SSL operations offloaded to the NIC, which then returns the packets to the host (or the remote client device) before they can be transmitted to the remote client device (or to the host).
    Type: Grant
    Filed: May 11, 2016
    Date of Patent: October 9, 2018
    Assignee: CAVIUM, INC.
    Inventors: Ram Kumar Manapragada, Manojkumar Panicker, Faisal Masood, Satish Kikkeri
  • Patent number: 10080138
    Abstract: In some embodiments, a network regulator device protects a local network of client systems (e.g. Internet-of-things devices such as smartphones, home appliances, wearables, etc.) against computer security threats. When introduced to the local network, some embodiments of network regulator take over some network services from a router, and automatically install the network regulator as gateway to the local network. The network regulator then carries out an automatic device discovery procedure and distribute device-specific utility agents to the protected client systems. An exemplary utility agent detects when its host device has left the local network, and in response, sets up a virtual private network (VPN) tunnel with a security server to maintain protection of the respective device.
    Type: Grant
    Filed: March 29, 2018
    Date of Patent: September 18, 2018
    Assignee: Bitdefender IPR Management Ltd.
    Inventors: Cosmin C. Stan, Andrei Rusu, Bogdan C. Cebere, Alexandru I. Achim
  • Patent number: 10050939
    Abstract: Techniques for communication in a hybrid cloud computing system. The techniques include utilizing cross-origin resource sharing to allow a web-based application to communicate with both a public host computer and a private host computer of the hybrid cloud computing system. More specifically, a web-based application downloaded from the public host computer would include code that, when executed, would programmatically make HTTP requests to the private host computer. The private host computer would respond with an Access-Control-Allow-Origin header specifying the origin of the public host computer as an allowed origin, thereby allowing the web-based application to access resources from the private host computer. The techniques may be used for managing computing or software resources of the hybrid cloud computing system and also for transfer of data related to managing computing or software resources of the hybrid cloud computing system.
    Type: Grant
    Filed: December 15, 2015
    Date of Patent: August 14, 2018
    Assignee: VMWARE, INC.
    Inventors: Rostislav Hristov, Vesselin Arnaudov
  • Patent number: 10044738
    Abstract: Intrusion preludes may be detected (including detection using fabricated responses to blocked network requests), and particular sources of network communications may be singled out for greater scrutiny, by performing intrusion analysis on packets blocked by a firewall. An integrated intrusion detection system uses an end-node firewall that is dynamically controlled using invoked-application information and a network policy. The system may use various alert levels to trigger heightened monitoring states, alerts sent to a security operation center, and/or logging of network activity for later forensic analysis. The system may monitor network traffic to block traffic that violates the network policy, monitor blocked traffic to detect an intrusion prelude, and monitor traffic from a potential intruder when an intrusion prelude is detected.
    Type: Grant
    Filed: September 22, 2015
    Date of Patent: August 7, 2018
    Assignee: Intel Corporation
    Inventor: Satyendra Yadav
  • Patent number: 10033762
    Abstract: Provided are methods, network devices, and computer-program products for a network deception system. The network deception system can engage a network threat with a deception mechanism, and dynamically escalating the deception to maintain the engagement. The system can include super-low, low, and high-interaction deceptions. The super-low deceptions can respond to requests for address information, and requires few computing resources. When network traffic directed to the super-low deception requires a more complex response, the system can initiate a low-interaction deception. The low-interaction deception can emulate multiple devices, which can give the low-interaction deception away as a deception. Hence, when the network traffic includes an attempted connection, the system can initiate a high-interaction deception. The high-interaction more closely emulates a network device, and can be more difficult to identify as a deception.
    Type: Grant
    Filed: April 25, 2017
    Date of Patent: July 24, 2018
    Assignee: ACALVIO TECHNOLOGIES, INC.
    Inventors: Johnson Wu, Rajendra A. Gopalakrishna, Sreenivas Gukal, Rammohan Varadarajan
  • Patent number: 10032042
    Abstract: In some implementations, a computer-implemented method and system for enrolling customers into a digital identification program may include obtaining, from a digital identification database, customer information that describes a customer, providing to the customer device an access code for activation, receiving a request from the customer device for the digital identification, where the request includes the access code and customer information that describes the customer, providing a request for secure information that describes the customer from a secure information database, receiving the secure information that describes the customer stored in the secure information database, generating the digital identification for the customer based on the secure information and the customer information, and providing the digital identification to the customer device.
    Type: Grant
    Filed: December 9, 2015
    Date of Patent: July 24, 2018
    Assignee: MorphoTrust USA, LLC
    Inventors: Robert Andrew Eckel, A. David Kelts
  • Patent number: 10009188
    Abstract: Methods and nodes (200, 202) in a data distribution network, for distributing content to multiple consuming nodes (C1, C2, C3, . . . ). A first node (200) detects (2:2) multiple data flows (2:1b) of a first content from the first node to a second node (202) in the distribution network, when the first node operates as delivering node of the first content for the consuming nodes. The first node then instructs (2:4) the second node to operate as delivering node of the first content for the consuming nodes and redirects (2:5) the consuming nodes to use the second node as delivering node of the first content. The first node further reduces (2:6) the multiple data flows to a common data flow of the first content to the second node. Thereby, efficiency can be improved in the data distribution network by reducing the number of data flows between the first and second nodes.
    Type: Grant
    Filed: March 25, 2013
    Date of Patent: June 26, 2018
    Assignee: Telefonaktiebolaget LM Ericsson (publ)
    Inventors: Stefan Hellkvist, Joacim Halén, Jan-Erik Mångs