Proxy Server Or Gateway Patents (Class 726/12)
  • Patent number: 10721251
    Abstract: Non-limiting embodiments of the present technology are directed to a field of computer science, and particularly to the methods and systems for remote access detection when browsing web resource pages. A method comprises receiving data representative of a periodicity of a computer mouse movement events; generating a statistical model, the statistical model representative of a typical periodicity of the computer mouse movement events associated with a legitimate user of the electronic device; receiving an indication of computer mouse movement events from the electronic device during a browsing session of the web resource; comparing a periodicity of the computer mouse movement events with the statistical model; in response to detecting a deviation in computer mouse movement events, generating a notification determining a presence of a remote connection to the browsing session; transmitting the notification to an entity associated with the web resources.
    Type: Grant
    Filed: January 30, 2019
    Date of Patent: July 21, 2020
    Assignee: Group IB, Ltd
    Inventors: Pavel Vladimirovich Krylov, Ilya Konstantinovich Sachkov
  • Patent number: 10715532
    Abstract: An automation system comprises a local threat information server operating within automation plant and a plurality of field devices operating at a control layer of the automation plant. The local threat information server is configured to: receive threat information from one or more external sources, receive plant information from one or more internal sources, set a threat level according to one or more of the threat information and the plant information, and distribute an indication of the threat level to one or more control layer devices. Each respective field device is configured to: receive the indication of the threat level, identify one or more security operations corresponding to the threat level, and execute the one or more security operations.
    Type: Grant
    Filed: July 9, 2015
    Date of Patent: July 14, 2020
    Assignee: Siemens Aktiengesellschaft
    Inventors: Leandro Pfleger de Aguiar, Thomas Gruenewald
  • Patent number: 10708813
    Abstract: The present specification relates to a communication method and a communication device, and a random access method of a user equipment (UE), according to one embodiment of the present specification, comprises the steps of: sensing a random access trigger in a connected state; determining the type of the random access trigger when the random access trigger is sensed; and performing congestion control if the type of the random access trigger is a preset type.
    Type: Grant
    Filed: May 22, 2017
    Date of Patent: July 7, 2020
    Assignee: Samsung Electronics Co., Ltd.
    Inventors: Soeng Hun Kim, Gert Jan Van Lieshout, Sang Bum Kim, Kyeong In Jeong
  • Patent number: 10686795
    Abstract: A method for controlling access to one or more of a plurality of target systems includes receiving profile data that defines one or more features associated with a plurality of individuals with one or more entitlements of those individuals. Each entitlement is indicative of target system access. The method further includes generating a model that includes one or more sets of rules where each set of rules is associated with an entitlement of the profile data. Each entitlement is indicative of target system/application access. Each rule within a set relates a combination of one or more features of the profile data with a confidence value. Profile data that defines one or more features associated with a target individual is received from a first user management system. A listing that includes one or more entitlements associated with the target individual, and confidence values associated with the one or more entitlements is generated based on the profile data and the rules.
    Type: Grant
    Filed: June 22, 2018
    Date of Patent: June 16, 2020
    Assignee: Accenture Global Solutions Limited
    Inventors: Rexall E. Thexton, Gaurav Tandon, Sanjeev Shukla, Anthony McCoy, Sidath Mudiyanselage, Andrew Poole, Hannah Craddock, Qurrat Ul Ain, Colleen Connolly, Farbod Kamiab
  • Patent number: 10673861
    Abstract: Techniques to provide secure access to a cloud-based service are disclosed. In various embodiments, a request is received from a client app on a device to connect to a security proxy associated with the cloud-based service. A secure tunnel connection between the device and a node with which the security proxy is associated is used to establish the requested connection to the security proxy. Information associated with the secure tunnel is used to determine that the requesting client app is authorized to access the cloud-based service from the device and to obtain from an identity provider associated with the cloud-based service a security token to be used by the client app to authenticate to the cloud-based service.
    Type: Grant
    Filed: April 26, 2019
    Date of Patent: June 2, 2020
    Assignee: MOBILE IRON, INC.
    Inventors: Kumara Das Karunakaran, Vijay Pawar, Jian Liu
  • Patent number: 10659988
    Abstract: The present specification relates to a communication method and a communication device, and a random access method of a user equipment (UE), according to one embodiment of the present specification, comprises the steps of: sensing a random access trigger in a connected state; determining the type of the random access trigger when the random access trigger is sensed; and performing congestion control if the type of the random access trigger is a preset type.
    Type: Grant
    Filed: May 22, 2017
    Date of Patent: May 19, 2020
    Assignee: Samsung Electronics Co., Ltd.
    Inventors: Soeng Hun Kim, Gert Jan Van Lieshout, Sang Bum Kim, Kyeong In Jeong
  • Patent number: 10659236
    Abstract: The present disclosure provides a method for superseding a log-in through PKI-based authentication with respect to a log-in request of a user by using a blockchain database.
    Type: Grant
    Filed: August 14, 2019
    Date of Patent: May 19, 2020
    Assignee: Coinplug, Inc.
    Inventors: Seung Il Ra, Hee Soon Kim, Jay Wu Hong, Joon Sun Uhr
  • Patent number: 10652779
    Abstract: A method for providing congestion information in a network is performed in a memory available to a computing entity. A traffic demand is obtained within a certain part of the network by evaluating an amount of traffic in the part of the network per time. A congestion value representing a congestion level of a bottleneck connection link in the network is calculated. The congestion value is a scalar and calculated based on a comparison between measured and/or estimated traffic and traffic demand within a certain part of said network.
    Type: Grant
    Filed: May 26, 2015
    Date of Patent: May 12, 2020
    Assignee: NEC CORPORATION
    Inventors: Andreas Maeder, Faqir Zarrar Yousaf
  • Patent number: 10637738
    Abstract: A system and method for generating network traffic logs including product identifiers is presented. A first computer system includes a first memory coupled to a first processor. The first memory includes instructions that upon execution cause the first computer system to receive a log entry from a second computer system. The log entry includes a virtual network interface identification associated with a first virtual computer system instance. The instructions cause the first computer system to determine a machine image using the virtual network interface identification, and update a record indicating usage of virtual computer system instances created using the machine image.
    Type: Grant
    Filed: May 26, 2017
    Date of Patent: April 28, 2020
    Assignee: AMAZON TECHNOLOGIES, INC.
    Inventor: Patrick Edward McDowell
  • Patent number: 10608995
    Abstract: The disclosed embodiments disclose techniques for optimizing data transfer costs for cloud-based security services. During operation, an intermediary computing device receives a network request from a client located in a remote enterprise location that is sending the network request to a distinct, untrusted remote site (e.g., a site separate from the distinct locations of the remote enterprise, the cloud data center, and the intermediary computing device). The intermediary computing device caches a set of data associated with the network request while forwarding the set of data to the cloud-based security service for analysis. Upon receiving a confirmation from the cloud-based security service that the set of data has been analyzed and is permitted to be transmitted to the specified destination, the intermediary computing device forwards the cached set of data to the specified destination.
    Type: Grant
    Filed: December 14, 2017
    Date of Patent: March 31, 2020
    Assignee: Nubeva, Inc.
    Inventors: Randy Yen-pang Chou, Greig W. Bannister
  • Patent number: 10599120
    Abstract: Disclosed systems and methods for monitoring an execution system of a programming logic controller (PLC), the method comprising: accessing, by a security module, the PLC execution system and dividing the code and data of the PLC execution system into a plurality of program modules; modifying, by the security module, data exchange interfaces of the program modules used for the interaction between the program modules and the resources of the operating system such that said interaction occurs through the security module, while a format of the data being exchanged complies with a format specified by the security module; and monitoring, by the security module, the execution of the PLC execution system, including monitoring the interaction of the program modules of the PLC execution system with each other and with the resources of the operating system.
    Type: Grant
    Filed: September 26, 2017
    Date of Patent: March 24, 2020
    Assignee: AO Kaspersky Lab
    Inventors: Pavel V. Dyakin, Dmitry A. Kulagin
  • Patent number: 10601602
    Abstract: A method is provided for exchanging data flows between two terminals, via a multipath link formed of a plurality of transmission channels at least one of the channels of which is a unidirectional channel. The method implements two interface modules operating in transmission mode or in reception mode, respectively. In transmission mode, an interface module separates the transmitted data flow into a plurality of secondary data flows and transits them via the plurality of transmission channels. In reception mode, it reassembles the received secondary data flows into a single data flow. The interface modules route the acknowledgement information of the data packets transiting via a unidirectional channel via the return path of a bidirectional channel.
    Type: Grant
    Filed: March 2, 2018
    Date of Patent: March 24, 2020
    Assignee: THALES
    Inventors: Fabrice Arnal, Cédric Baudoin
  • Patent number: 10601814
    Abstract: A system and method for of temporary password management may include: obtaining, by a password management entity, a request to login a local device into an authentication authority; generating, by the password management entity, a temporary password; sending, by the password management entity, the temporary password to the authentication authority; sending, by the password management entity, the temporary password to a user device; obtaining, at the authentication authority the temporary password from the local device; comparing, by the authentication authority, the temporary password obtained from the local device with the temporary password obtained from the password management entity; and authorizing the login if a match is found.
    Type: Grant
    Filed: July 26, 2017
    Date of Patent: March 24, 2020
    Assignee: SECRET DOUBLE OCTOPUS LTD.
    Inventors: Shimrit Tzur-David, Chen Tetelman, Amit Rahav
  • Patent number: 10601594
    Abstract: A variety of mechanisms to perform End-to-End authentication between entities having diverse capabilities (E.g. processing, memory, etc.) and with no prior security associations are used. Security provisioning and configuration process is done such that appropriate security credentials, functions, scope and parameters may be provisioned to an Entity. Mechanisms to distribute the security credentials to other entities which could then use the credentials to perform an End-to-End authentication at the Service Layer or the Session Layer and using Direct or Delegated modes are developed.
    Type: Grant
    Filed: October 10, 2018
    Date of Patent: March 24, 2020
    Assignee: Convida Wireless, LLC
    Inventors: Vinod Kumar Choyi, Dale N. Seed, Catalina M. Mladin, Chonggang Wang
  • Patent number: 10594678
    Abstract: Provided is a process including: receiving, with an intermediary server, a request to access web content at a web server; submitting, from the intermediary server a value by which possession of an access credential is demonstrated, wherein the value is withheld from the client web browser; receiving, by the intermediary web browser, instructions to store in web browser memory an access token; and sending, from the intermediary server, to the client web browser executing on the client computing device, instructions to store the access token in browser memory of the client web browser, thereby authenticating the client web browser without the client web browser having access to the value by which possession of the access credential is demonstrated.
    Type: Grant
    Filed: June 20, 2018
    Date of Patent: March 17, 2020
    Assignee: ALTR Solutions, Inc.
    Inventors: James Douglas Beecham, Scott Nathaniel Goldfarb
  • Patent number: 10592302
    Abstract: Some embodiments of the invention provide a system for defining, distributing and enforcing policies for authorizing API (Application Programming Interface) calls to applications executing on one or more sets of associated machines (e.g., virtual machines, containers, computers, etc.) in one or more datacenters. This system has a set of one or more servers that acts as a logically centralized resource for defining and storing policies and parameters for evaluating these policies. The server set in some embodiments also enforces these API-authorizing policies. Conjunctively, or alternatively, the server set in some embodiments distributes the defined policies and parameters to policy-enforcing local agents that execute near the applications that process the API calls. From an associated application, a local agent receives API-authorization requests to determine whether API calls received by the application are authorized.
    Type: Grant
    Filed: July 31, 2018
    Date of Patent: March 17, 2020
    Assignee: STYRA, INC.
    Inventors: Timothy L. Hinrichs, Teemu Koponen, Andrew Curtis, Torin Sandall, Octavian Florescu
  • Patent number: 10587485
    Abstract: In one example of federated mobile device management, a first management server federates with a second management server based on an exchange of one or more identity authentication certificates between them. After the first and second management servers have federated or affiliated, they can exchange mobile device management data, including compliance policies, rules, resources, etc., with each other. Based on a request from a client device for affiliated mobile device management, the first management server can request and receive device management data from the second management device. The first management server can evaluate the device management data received from the second management device for conformity with a baseline management policy. If it conforms, the first management server can use the device management data from the second management server, at least in part, to manage the client device.
    Type: Grant
    Filed: May 15, 2019
    Date of Patent: March 10, 2020
    Assignee: AIRWATCH LLC
    Inventors: Daniel Quintas, Anthony Kueh
  • Patent number: 10586063
    Abstract: A device is provided including processing circuitry configured to generate a plurality of file fragments by splitting a file stored in the device, and to determine a plurality of cloud storages used to store respective file fragments from the plurality of file fragments, wherein the plurality of cloud storages are from among cloud storages in which a user of the device is registered; and communication circuitry configured to request the plurality of cloud storages to respectively store the plurality of file fragments.
    Type: Grant
    Filed: August 9, 2016
    Date of Patent: March 10, 2020
    Assignee: Samsung Electronics Co., Ltd.
    Inventors: Kyung-ah Chang, Jeong-hyun Yun, Sangjeong Lee, Hyo-gun Lee
  • Patent number: 10581886
    Abstract: An event-analysis system detects anomalies in the operation of a service by processing operational logs, trace files, and event databases produced by the service in accordance with a hierarchical behavioral profile. The event analysis system converts the operational logs, trace files, and event databases into a normalized event stream which is sent to an analysis engine. The analysis engine converts the stream of normalized events to a set of metrics maintained in association with the profile hierarchy. Operational anomalies of the service are detected by analyzing incoming events in the context of metrics maintained in association with applicable leaf-node profiles, root node profiles, and intermediate node profiles.
    Type: Grant
    Filed: June 14, 2016
    Date of Patent: March 3, 2020
    Assignee: Amazon Technologies, Inc.
    Inventor: Nima Sharifi Mehr
  • Patent number: 10581805
    Abstract: Various embodiments of the present technology provide a distributed overwatch system that allows transactions with government-grade privacy and security. The security and privacy can be achieved by a combination of distributed trusted proxies, to which anonymous users connect with the overwatch of a variety of network security engines. The structured ecosystem provides mechanism for the blockchain to be monitored by an overwatch capability combining big data analytics, intelligent learning, and comprehensive vulnerability assessment to ensure any risks introduced by vulnerabilities are effectively mitigated. The system may include multiple proxy servers geographically distributed around the world. Each proxy can be associated with local network security engines to probe and analyze network traffic. Each proxy can mask sensitive data (e.g., personally identifiable information) within the transaction before it is stored.
    Type: Grant
    Filed: June 10, 2019
    Date of Patent: March 3, 2020
    Assignee: GCP IP Holdings I, LLC
    Inventors: Jordan Simons, Steve Ernst
  • Patent number: 10567276
    Abstract: A method and apparatus for pre-configuring a communication network to support delivery of a service to an end point associated with the service is provided. A virtual network (VN) having a plurality of VN nodes is provided and associated with a respective plurality of physical network nodes of the communication network. Logical tunnels communicatively interconnect the VN nodes. VN virtual routers (v-routers) associated with the VN nodes are provided and configured to route packets between the VN nodes via the logical tunnels. Edge nodes of the communication network are configured to monitor for a packet associated with the service, and to submit the packet to the VN for handling thereby.
    Type: Grant
    Filed: February 23, 2017
    Date of Patent: February 18, 2020
    Assignee: HUAWEI TECHNOLOGIES CO., LTD.
    Inventor: Hang Zhang
  • Patent number: 10560422
    Abstract: Systems and methods for enhanced monitoring and adaptive management of inter-network Domain Name System (“DNS”) traffic include an information capture device in a monitored network. The information capture device receives a redirected connection request originated by a client machine in the monitored network in response to a modified DNS answer from a recursive name server outside of the monitored network, captures detailed information associated with the redirected connection request that is inaccessible to the recursive name server, and sends the captured information to a data storage accessible to the recursive name server for storage as augmented DNS data associated with the client machine and/or the redirected connection request. The information capture device further provides, in response to the redirected connection request, an adaptive answer generated based on the augmented DNS data to the client machine.
    Type: Grant
    Filed: June 27, 2016
    Date of Patent: February 11, 2020
    Assignee: VERISIGN, INC.
    Inventors: Ramakant Pandrangi, Denis Phillips
  • Patent number: 10552195
    Abstract: Exemplary methods, apparatuses, and systems perform a live migration of a virtual infrastructure from a first set of data stores to a second set of data stores using a placement engine configured to determine optimal locations for placement of components of the virtual infrastructure and an optimal order of migration for the components of the virtual infrastructure from the first set of data stores to the second set of data stores.
    Type: Grant
    Filed: December 8, 2017
    Date of Patent: February 4, 2020
    Assignee: VMware, Inc.
    Inventors: Steve Jones, Praagyan Pokharel, Shivam Tiwari, Jeff Moroski
  • Patent number: 10542433
    Abstract: A connection establishment method, a device, and a system are disclosed to resolve a problem in the prior art that because first user equipment is connected to any user equipment, security of a relay service function is poor. A specific solution is: receiving, by first user equipment, a served object group identifier sent by a network device; receiving discovery information sent by second user equipment; and when determining that an identifier of a second group is included in the served object group identifier, establishing a connection between the first user equipment and the second user equipment according to a data link layer ID of the second user equipment.
    Type: Grant
    Filed: May 5, 2017
    Date of Patent: January 21, 2020
    Assignee: Huawei Technologies Co., Ltd.
    Inventor: Yanmei Yang
  • Patent number: 10536470
    Abstract: A computer-implemented method includes: detecting, by a user device, an event that indicates a potential security compromise of the user device; determining, by the user device, a service accessible on the user device; sending, by the user device, a breach notification to a service provider corresponding to the service accessible on the user device; receiving, by the user device, a security profile from the service provider; and restricting, by the user device, access to the service provider by a client of the service provider on the user device until the security profile is satisfied by a user completing a security challenge defined in the security profile.
    Type: Grant
    Filed: November 30, 2018
    Date of Patent: January 14, 2020
    Assignee: INTERNATIONAL BUSINESS MACHINES CORPORATION
    Inventors: Swaminathan Balasubramanian, Radha M. De, Ashley D. Delport, Indrajit Poddar, Cheranellore Vasudevan
  • Patent number: 10528332
    Abstract: At least one application may include instructions comprising application instructions and a plurality of separate pipeline definition instructions. The application instructions may be within a virtual container including at least one program that is generically executable in a plurality of different continuous integration and delivery (CI/CD) environments. Each of the plurality of separate pipeline definition instructions may be configured for each of the plurality of different CI/CD environments such that each pipeline definition may operate only in the CI/CD environment for which it is created. Each pipeline definition may be configured to cause the CI/CD environment for which it is created to execute the at least one program.
    Type: Grant
    Filed: March 18, 2019
    Date of Patent: January 7, 2020
    Assignee: Capital One Services, LLC
    Inventors: Brandon Atkinson, Christopher Bowers, Dallas Edwards
  • Patent number: 10516617
    Abstract: A technology is provided for improving computer network throughput. Data located in memory of a processing device may be identified. The data packets located in the memory may be sent through a tunneling interface to encapsulate the data packets using a tunneling protocol on a first computing device. Alternatively, the data packets can be sent through a split proxy interface system. The data packets received in the interface may also be encoded using random linear network coding (RLNC) to form encoded packets, using a processor. Further, the encoded packets may be sent across a packet network to a second computing device.
    Type: Grant
    Filed: November 10, 2015
    Date of Patent: December 24, 2019
    Assignee: APS Technology 1 LLC
    Inventors: Chris Anderson, Jeffrey G. Ballif
  • Patent number: 10516694
    Abstract: Systems and methods are described to enable mitigation of network attacks in communication networks. When a network attack is detected, packets within the communication network are routed through a hierarchical mitigation system, which includes at least two tiers of mitigation devices configured to apply mitigation techniques to the packets. Outer tiers of the hierarchical mitigation system (e.g., closer to an edge of the communication network) can apply simple mitigation techniques that are efficient even when distributed, and which provide early mitigation for attack packets while not requiring large amounts of computing resources. Inner tiers of the hierarchical mitigation system (e.g., closer to a destination device) can apply more complex mitigation systems that may require centralized application, and which provide more robust mitigation at a potentially higher computing resource cost.
    Type: Grant
    Filed: March 29, 2016
    Date of Patent: December 24, 2019
    Assignee: AMAZON TECHNOLOGIES, INC.
    Inventors: Piyush Gupta, Stephen Andrew Stroud Saville, Andrew John Kiggins, Atulya S. Beheray
  • Patent number: 10505901
    Abstract: Concepts and technologies are disclosed herein for providing a basic firewall using a virtual networking function. A control system having a processor can detect a firewall request that can include a request to create a basic firewall. The processor can analyze a recipe to determine a virtual switch and a basic firewall virtual function that are to provide the functionality of the basic firewall. The processor can trigger instantiation of the virtual switch via a network control function and instantiation of the basic firewall virtual function via a service control function. The processor also can validate the basic firewall. The basic firewall can provide filtering of traffic at the network transport layer using the virtual switch, and as such, the virtual switch may not operate on the application layer.
    Type: Grant
    Filed: December 7, 2018
    Date of Patent: December 10, 2019
    Assignee: AT&T Intellectual Property I, L.P.
    Inventor: W. Cooper Chastain
  • Patent number: 10505850
    Abstract: One aspect relates to initiating, by a device, a connection with an application server associated with one or more application services. A gateway derives an uplink network token and/or a downlink network token. The tokens are provisioned to the device and/or an application server over the user-plane. The tokens are included with uplink and/or downlink packets, respectively. Another aspect relates to receiving a data packet at a gateway. The gateway determines a requirement for a network token from the packet. The gateway derives the network token based on a device subscription profile maintained by a network. The network token may be sent with the packet to a destination address associated with the packet. A packet including a network token may be received at a gateway. The gateway may verify the network token and send the data packet to an application server or a device if the verifying is successful.
    Type: Grant
    Filed: September 25, 2015
    Date of Patent: December 10, 2019
    Assignee: QUALCOMM Incorporated
    Inventors: Soo Bum Lee, Gavin Bernard Horn, John Nasielski, Stefano Faccin
  • Patent number: 10500968
    Abstract: A method of charging an electric vehicle (EV) includes receiving a user's authentication code in an electric vehicle service equipment (EVSE) from a user's mobile device, comparing in the EVSE the user's authentication code to a whitelist having a plurality of authorized user authentication codes, and enabling an electric vehicle (EV) charging transaction serviced by the EVSE in response to the comparing of the user's authentication code to the whitelist so that a user's authentication code is authenticated to enable the EV charging transaction without concurrent access to an EVSE-related remote server.
    Type: Grant
    Filed: January 29, 2018
    Date of Patent: December 10, 2019
    Assignee: WEBASTO CHARGING SYSTEMS, INC.
    Inventors: Scott Ryan Shumaker, Lovlesh Tandon, Herman Joseph Steinbuchel, IV, Robert Salazar, Jr., Larry Hayashigawa
  • Patent number: 10499226
    Abstract: A method and apparatus for a multi-compatible 6LoWPAN gateway system may include a main processor directing operation of a plurality of wireless adapters, each of the plurality of wireless adapters operably connected to one of a plurality of microcontroller processors, and each microcontroller processor executing code instructions of a real-time operating system. The main processor may route an incoming transmission to a first of the plurality of wireless adapters, and, upon notification from a first microcontroller processor operably connected to the first of the plurality of wireless adapters that the first wireless adapter did not receive the incoming transmission, or that the first real-time operating system did not process a data packet within the incoming transmission, may route the incoming transmission to a next wireless adapter operably connected to a next microcontroller processor until the data packet has been processed.
    Type: Grant
    Filed: July 6, 2017
    Date of Patent: December 3, 2019
    Assignee: Dell Products, LP
    Inventor: Pedram Radmand
  • Patent number: 10491613
    Abstract: Disclosed embodiments provide systems, methods, and computer-readable storage media for secure data communication between two devices. A disclosed system responds to a request from an originating communication device in a first network to connect with a communication device in a second network, for communication, by receiving a request from the communication device in the first network, the request including payload data and a destination network address in the second network. The system then transmits the received payload data to the destination address in the second network after analyzing the payload data for network intrusion. When the analysis does not indicate network intrusion, the system determines a route to the destination network address by looking up the destination address in a routing table and forwarding the payload data to the destination network address in the second network. If the analysis indicates network intrusion, the system discards the payload data.
    Type: Grant
    Filed: January 22, 2019
    Date of Patent: November 26, 2019
    Assignee: Capital One Services, LLC
    Inventor: Paul Ellis Mayes
  • Patent number: 10474388
    Abstract: An exemplary system preserves the autonomy of two or more distinct storage management systems all the while enabling backed up data to be restored from a first storage management system (the “local system”) to a specially-configured client in a second storage management system (the “remote system”). For example, backed up data in the local system (e.g., a secondary copy of production data) may be transferred, in a restore operation, from secondary storage in the local storage management system, which originated the data, to a client of the remote storage management system (the “remote client”). As a specially-configured “restore-only client,” the remote client is limited to receiving backed up data from the local storage management system, via restore operation(s) managed by the local storage manager. The remote client remains a full-fledged client in its home system, the remote storage management system.
    Type: Grant
    Filed: February 22, 2018
    Date of Patent: November 12, 2019
    Assignee: Commvault Systems, Inc.
    Inventors: Prasad Nara, Michael Frank Klose
  • Patent number: 10475018
    Abstract: Disclosed are various embodiments for updating account data with multiple account providers. Account management logic determines that personal information associated with a user has been updated. Multiple accounts of the user that may use the personal information are determined. The accounts are with multiple account providers. Corresponding account update requests for the accounts are sent to the account providers. The account update requests specify the personal information that has been updated.
    Type: Grant
    Filed: November 29, 2013
    Date of Patent: November 12, 2019
    Assignee: Amazon Technologies, Inc.
    Inventors: Daniel Wade Hitchcock, Brad Lee Campbell
  • Patent number: 10470102
    Abstract: A router management server may be utilized to manage a plurality of home routers. Appropriate access control rules may be determined by the router management server for various client devices including IoT devices based on the type and/or make/model of the client devices. MAC address-bound WLAN passphrases may be assigned to the client devices and bound to the MAC addresses associated the client devices. Further, WLAN passphrases may be associated with expiration periods and/or access control rules. Therefore, a secure home network environment that takes into account the vulnerabilities of IoT devices may be achieved without the involvement of an IT department. Moreover, Flexibility of WLAN passphrase management may be improved.
    Type: Grant
    Filed: March 25, 2016
    Date of Patent: November 5, 2019
    Assignee: ZITOVAULT, INC.
    Inventors: Ron Keidar, Timothy McElwee
  • Patent number: 10469543
    Abstract: A user device registers with a proxy-call session control function device (P-CSCF) associated with an Internet protocol (IP) multimedia subsystem (IMS). The user device forwards a request to the P-CSCF requesting a session via the IMS for an IMS call. If a response to the request is not received from the P-CSCF during a time period after forwarding the request, the user device attempts to newly register with the P-CSCF. If the new registration is successful, the user device re-forwards the request to the P-CSCF. Otherwise, if the new registration with the P-CSCF is unsuccessful, the user device registers with a different P-CSCF and forwards the request to the second P-CSCF.
    Type: Grant
    Filed: April 27, 2018
    Date of Patent: November 5, 2019
    Assignee: Verizon Patent and Licensing Inc.
    Inventors: Muhammad Salman Nomani, Andrew E. Youtz, Jun Yuan
  • Patent number: 10454949
    Abstract: Cross-Site Request Forgery attacks are mitigated by a CSRF mechanism executing at a computing entity. The CSRF mechanism is operative to analyze information associated with an HTTP request for a resource. The HTTP request typically originates as an HTTP redirect from another computing entity, such as an enterprise Web portal. Depending on the nature of the information associated with the HTTP request, the HTTP request may be rejected because the CSRF mechanism determines that the request is or is likely associated with a CSRF attack. To facilitate this determination, the approach leverages a new type of “referer” attribute, a trustedReferer, which indicates that the request originates from a server that has previously established a trust relationship with the site at which the CSRF mechanism executes. The trustedReferer attribute typically is set by the redirecting entity, and in an HTTP request header field dedicated for that attribute.
    Type: Grant
    Filed: November 20, 2015
    Date of Patent: October 22, 2019
    Assignee: International Business Machines Corporation
    Inventors: Lewis Lo, Ching-Yun Chao, Li Yi, Leonardo A. Uzcategui, John Yow-Chun Chang, Rohan Gandhi
  • Patent number: 10452757
    Abstract: A system and method for facilitating personalization of one or more multi-instance software applications in a networked enterprise computing environment. An example method includes providing a first user option to specify one or more adjustments to a rendering of a software application; identifying one or more servers that are employed to obtain content for the rendering; and selectively providing information specifying the one or more adjustments to the one or more servers, such that the one or more adjustments appear in a rendering provided when a user accesses the software application from any of the one or more servers. In a more specific embodiment, the information specifying the one or more adjustments to the one or more servers include customization metadata (also called personalization metadata) stored on a first server, called the gateway server.
    Type: Grant
    Filed: November 25, 2014
    Date of Patent: October 22, 2019
    Assignee: ORACLE INTERNATIONAL CORPORATION
    Inventor: Li Pang
  • Patent number: 10437907
    Abstract: Various embodiments enable an application to obtain information associated with a link to content without navigating to the link. The application can be configured to identify a link, receive input to attain information associated with the link, and send a request to a service for the information. In one or more embodiments, a service can be configured to receive a request for information associated with a link, ascertain one or more sources from which to gather the information, determine appropriate mechanisms by which to obtain the information, and acquire the information. Alternately or additionally, the service can further assemble the information into a consumable format, and return the consumable format to a requesting application or device.
    Type: Grant
    Filed: July 18, 2014
    Date of Patent: October 8, 2019
    Assignee: MICROSOFT TECHNOLOGY LICENSING, LLC
    Inventors: William L. Portnoy, Todd D. Newman, Steven W. Ickman
  • Patent number: 10440568
    Abstract: The embodiments herein relate to a method in a wireless device (101) for enabling trusted communication between a wireless device entity (101a) and a second network node (105) via a first network node (103). The wireless device (101) and the first network node (103) are adapted to communicate using a secure communication channel. The wireless device (101) transmits a message to the first network node (103) using the secure communication channel. The message comprises information indicating that the wireless device entity (101a) is comprised in a trusted zone of the wireless device (101). The trusted zone is at least partly trusted by the first network node (103).
    Type: Grant
    Filed: October 17, 2013
    Date of Patent: October 8, 2019
    Assignee: TELEFONAKTIEBOLAGET LM ERICSSON (PUBL)
    Inventors: Ulf Mattsson, Victor Manuel Avila Gonzalez, Anders Lundström
  • Patent number: 10437507
    Abstract: A system and method that provides for the backup and recovery of personalized user data. An exemplary method includes storing user data files in electronic memory of a user device, continuously tracking user actions by one or more user devices to detect interact with at least one external resource; determining whether the tracked user actions have modified one or more of the plurality of user data files; and if the processor determines that the tracked user actions have modified a user data file, storing the modified user data file in a data storage system.
    Type: Grant
    Filed: September 9, 2016
    Date of Patent: October 8, 2019
    Assignee: Acronis International GmbH
    Inventors: Alexander G. Tormasov, Mark Shmulevich, Serguei S. Beloussov, Stanislav Protasov
  • Patent number: 10432591
    Abstract: A communication event is established between an initiating device and a responding device under the control of a remote communications controller. In a pre-communication event establishment phase, a secure connection is established between the initiating device and the communications controller, and session key negotiation messages are exchanged between the initiating device and the communications controller via the secure connection to obtain session key data in an electronic storage location accessible to the initiating device. The secure connection terminates once the session key data has been obtained. In a subsequent communication event establishment phase—after the session key data has been obtained and the secure connection has terminated in the pre-establishment phase—a communication event request is transmitted from the initiating device to the communications controller comprising a payload encrypted with the session key data.
    Type: Grant
    Filed: October 17, 2018
    Date of Patent: October 1, 2019
    Assignee: Microsoft Technology Licensing, LLC
    Inventors: Uladzimir A. Skuratovich, Namendra Kumar, Andrey Belenko, Timothy Mark Moore
  • Patent number: 10432590
    Abstract: A communication event is established between an initiating device and a responding device under the control of a remote communications controller. In a pre-communication event establishment phase, a secure connection is established between the initiating device and the communications controller, and session key negotiation messages are exchanged between the initiating device and the communications controller via the secure connection to obtain session key data in an electronic storage location accessible to the initiating device. The secure connection terminates once the session key data has been obtained. In a subsequent communication event establishment phase—after the session key data has been obtained and the secure connection has terminated in the pre-establishment phase—a communication event request is transmitted from the initiating device to the communications controller comprising a payload encrypted with the session key data.
    Type: Grant
    Filed: October 17, 2018
    Date of Patent: October 1, 2019
    Assignee: Microsoft Technology Licensing, LLC
    Inventors: Uladzimir A. Skuratovich, Namendra Kumar, Andrey Belenko, Timothy Mark Moore
  • Patent number: 10432421
    Abstract: Provided are a communication control device and a communication system capable of detecting message transmission in the case where an invalid device transmits a message to a common communication line. A monitoring device decides a reference time point t0 for periodical message transmission by an ECU, decides multiple scheduled transmission time points t1, t2, . . . obtained by adding a period corresponding to an integer multiple of a transmission cycle T of a message to the reference time point t0, and decides that a predetermined period including each of the scheduled transmission time points is a permission period for message transmission. The monitoring device determines whether or not a detected message on a CAN bus has been transmitted during the permission period. If determined that transmission of an invalid message is not permitted, the monitoring device performs processing of causing the ECU which receives the message to discard the message.
    Type: Grant
    Filed: November 18, 2015
    Date of Patent: October 1, 2019
    Assignees: National University Corporation Nagoya University, AutoNetworks Technologies, Ltd., Sumitomo Wiring Systems, Ltd., Sumitomo Electric Industries, Ltd.
    Inventors: Hiroaki Takada, Ryo Kurachi, Naoki Adachi
  • Patent number: 10425430
    Abstract: A system for hierarchical scanning includes an interface and a processor. The interface is to receive an indication to scan using a payload; provide the payload to a set of addresses on a set of ports; and receive a set of responses. Each response is associated with an address and a port. The processor is to: for each response of the set of responses: determine whether a follow-up probe exists associated with the response; and in the event the follow-up probe exists associated with the response: execute the follow-up probe on the address and the port associated with the response; and store the set of data received in response to the follow-up probe in a database.
    Type: Grant
    Filed: April 22, 2016
    Date of Patent: September 24, 2019
    Assignee: Expanse, Inc.
    Inventors: Connor Leete Gilbert, Michael Haggblade
  • Patent number: 10417452
    Abstract: Net2Core is a Server Application Design Framework that provides inherent security for information due to its tri-partite structure. The Net2Core Server Application Design Framework consists of a Server process (the “Net Process”) that is accessible by a Client; a Server process that is responsible for all Application information processing (the “Core Process”) which is inaccessible directly by a Client; and a Storage medium to pass requests to the “Core Process” from the “Net Process” and to pass results provided by the “Core Process” to the “Net Process”. Additional to the request/response interaction of the “Net Process” to/from the “Core Process” through the Storage, there is also direct communication from the “Net Process” to signal the “Core Process” of the need for operation and from the “Core Process” to the “Net Process” to signal “Core Process” completion.
    Type: Grant
    Filed: June 15, 2015
    Date of Patent: September 17, 2019
    Assignee: Parametric Systems Pty Ltd
    Inventor: Chris Hillman
  • Patent number: 10417028
    Abstract: Management of virtual machines within a private network may be provided from a server application, such as a web application, on a machine remote from a private network. The server application receives management commands and communications the management commands in a vendor independent format to a client application within the private network. The client application receives the management commands, instantiates the management commands into a vendor specific definition and redirects the management commands to the virtual machine host for appropriate execution.
    Type: Grant
    Filed: March 20, 2018
    Date of Patent: September 17, 2019
    Assignee: KASEYA LIMITED
    Inventors: George Runcie, Derek Rodrigues
  • Patent number: 10409705
    Abstract: A processor is configured to execute an event-driven program along a plurality of execution paths. Each of the plurality of execution paths is determined by randomly chosen outcomes at non-deterministic points along the plurality of execution paths. A memory is configured to store values of properties of the event-driven code in response to executing the event-driven program along the plurality of execution paths. The processor is also configured to infer normal ranges of the properties of the event-driven program based on the values stored in the memory.
    Type: Grant
    Filed: April 27, 2017
    Date of Patent: September 10, 2019
    Assignee: Nokia of America Corporation
    Inventors: Lalita J. Jagadeesan, Veena B. Mendiratta
  • Patent number: 10374869
    Abstract: A containerized architecture to secure and manage Internet-connected devices, such as “Internet of Things” devices, is disclosed. In various embodiments, one or more containerized applications are run, e.g., on an Internet of Things gateway, subject to management by the management server. At least one of the containerized applications is a management agent configured to participate, subject to control of the management server, in management of one or more other of said containerized applications.
    Type: Grant
    Filed: September 20, 2016
    Date of Patent: August 6, 2019
    Assignee: MOBILE IRON, INC.
    Inventor: Sandeep Jain