Proxy Server Or Gateway Patents (Class 726/12)
  • Patent number: 11075819
    Abstract: Methods of managing an information technology (IT) infrastructure include detecting by a configuration management system an unauthorized change to one of a plurality of network elements, determining by the configuration management system that the unauthorized change to the one of the plurality of network elements creates a risk condition to an operation of one of the services provided by the IT infrastructure, and initiating an action to remedy the unauthorized change in response to determining that the unauthorized change to the one of the plurality of network elements creates the risk condition to the operation of one of the services provided by the IT infrastructure. Related systems and computer program products are disclosed.
    Type: Grant
    Filed: August 7, 2014
    Date of Patent: July 27, 2021
    Assignee: CA, Inc.
    Inventors: Kieron John James Connelly, Anivella Venkata Satya Sai Narsimha Subrahmanya Sudhakar, Steven M. Isenberg, Mirian Minomizaki Sato, Daocheng Chen
  • Patent number: 11075884
    Abstract: A security monitor monitors network communications at a loopback interface of a pod in the container system. The pod includes a service mesh proxy and an application container. The application container includes computer-readable instructions and is initiated via a container service and is isolated using operating system-level virtualization. The application container communicates with the service mesh proxy using the loopback interface. The security monitor extracts network address and port information from packet data in the network communications at the loopback interface. The security monitor determines one or more connection contexts of the network communications at the loopback interface, each connection context used to identify a network session of the application container with a remote application container.
    Type: Grant
    Filed: February 1, 2019
    Date of Patent: July 27, 2021
    Assignee: NeuVector, Inc.
    Inventors: Yuncong Feng, Gang Duan
  • Patent number: 11063928
    Abstract: Disclosed are various examples for transferring device identifying information during authentication. In some examples, an authentication request is transmitted to an identity manager. Instructions to negotiate a ticket are received from the identity manager. A ticket is negotiated from a key distribution center using a certificate comprising a unique device identifier of the client device. The unique device identifier is embedded in the ticket by the key distribution center based on verification that the certificate is valid. Authentication of the client device is completed through the identity manager using the ticket.
    Type: Grant
    Filed: May 30, 2019
    Date of Patent: July 13, 2021
    Assignee: VMWARE, INC.
    Inventors: Emily Hong Xu, Lloyd Spencer Evans, Lakshman Rao Abburi, Tomas Boman
  • Patent number: 11049056
    Abstract: A plurality of users connect to an application sending requests over a transport and receiving responses from an application that contain sensitive data. For each user request, the application runs one or more data requests and commands to various data sources or other information systems which return the sensitive data. The application then processes the data and returns is to the user as is or processed based on some business logic. The application includes a run-time environment—where the application logic is executed.
    Type: Grant
    Filed: September 29, 2016
    Date of Patent: June 29, 2021
    Assignee: Secupi Security Solutions Ltd
    Inventors: Alon Rosenthal, Dotan Adler
  • Patent number: 11038858
    Abstract: Systems and methods are disclosed for encrypting portions of data for storage and processing in a remote network. For example, methods may include receiving a message that includes data for forwarding to a server device; encrypting a portion of the data to determine an encrypted portion; determining metadata based on the portion of the data, wherein the metadata indicates one or more properties of the portion of the data and enables one or more operations to be performed by the server device that depend on the one or more properties; determining a payload including the data with both the encrypted portion and the metadata substituted for the portion of the data; and transmitting the payload to the server device.
    Type: Grant
    Filed: February 18, 2020
    Date of Patent: June 15, 2021
    Assignee: ServiceNow, Inc.
    Inventors: Pierre Francois Rohel, Siddharth Shah, Martin Wexler
  • Patent number: 11036867
    Abstract: Mechanisms for performing advanced rule analysis are provided. The mechanisms perform natural language processing of a security rule set data structure, specifying a plurality of security rules. The mechanisms execute, for each security rule pairing, a determination of a similarity measure indicating a degree of similarity of the textual description of the first security rule in the pairing with the textual description of the second security rule in the pairing, and in response to the security measure being equal to or above duplicate rule threshold value, eliminating one of the first security rule or the second security rule in the pairing from the security rule set data structure to generate a modified security rule set data structure. The mechanisms deploy the modified security rule set data structure to a computing environment for use in identifying security incidents and performing event management.
    Type: Grant
    Filed: February 27, 2019
    Date of Patent: June 15, 2021
    Assignee: International Business Machines Corporation
    Inventors: Aankur Bhatia, Paul J. Dwyer, Yiye Huang
  • Patent number: 11039313
    Abstract: According to certain embodiments, a method by a user equipment (UE) for securing network steering information includes transmitting a registration request to a Visited Public Land Mobile Network (VPLMN). Upon successful authentication by an authentication server function (AUSF), a home network root key is generated. A protected message comprising Network Steering Information is received from a first network node. The protected message is protected using a configuration key (Kconf) and a first Message Authentication Code (MAC-1). The configuration key (Kconf) is determined from the home network root key, and the UE verifies the MAC-1. Based on the Kconf and the MAC-1, it is verified that the VPLMN did not alter Network Steering Information. An acknowledgement message, which is protected with a second Message Authentication Code (MAC-2), is transmitted to a Home Public Land Mobile Network (HPLMN).
    Type: Grant
    Filed: January 28, 2021
    Date of Patent: June 15, 2021
    Assignee: TELEFONAKTIEBOLAGET LM ERICSSON (PUBL)
    Inventors: Vesa Torvinen, Monica Wifvesson, Ivo Sedlacek
  • Patent number: 11025592
    Abstract: An exemplary system, method, and computer-accessible medium for authenticating a second device, can include initiating a first network connection between a server and a first device, initiating a second network connection between the server and the second device, and authenticating the second device based on the first network connection and the second network connection. Access to a network resource(s) can be granted to the second device based on the authentication. Access to the network resource(s) by the second device can be revoked if the first network connection is severed. The first network connection can be a first encrypted network connection and the second network connection can be a second encrypted network connection. The first network connection can be a first virtual private network (“VPN”) connection and the second network connection can be a second VPN connection.
    Type: Grant
    Filed: October 4, 2019
    Date of Patent: June 1, 2021
    Assignee: CAPITAL ONE SERVICES, LLC
    Inventors: Austin Walters, Vincent Pham, Jeremy Goodsitt
  • Patent number: 11019032
    Abstract: Techniques to perform an operation comprising determining, by a local area network (LAN) controller, that a first device has connected to a predefined service set identifier (SSID) of a first wireless access point (AP), of a plurality of wireless APs, receiving, by the LAN controller from the first device, an Extensible Authentication Protocol (EAP) response specifying a destination address of a first private LAN controller associated with a first private network, creating, by the LAN controller based on the destination address, a Control and Provisioning of Wireless Access Points (CAPWAP) tunnel between the first wireless AP and the first private LAN controller, and configuring, by the LAN controller, the first wireless AP to broadcast a private SSID associated with the first private network, wherein the first device accesses the first private network via the CAPWAP tunnel by connecting to the first wireless AP using the private SSID.
    Type: Grant
    Filed: September 10, 2018
    Date of Patent: May 25, 2021
    Assignee: Cisco Technology, Inc.
    Inventors: Igor Slutsker, Javier I. Contreras Albesa
  • Patent number: 11019102
    Abstract: A method for a communication network in a motor vehicle, wherein a communication in the communication network involves a data transmission being performed and the communication network has provision for at least two communication subscribers. Also, disclosed is an electronic monitoring unit for a motor vehicle control device.
    Type: Grant
    Filed: November 17, 2017
    Date of Patent: May 25, 2021
    Inventor: Helge Zinner
  • Patent number: 11012475
    Abstract: A computer-implemented method of managing security services for one or more cloud computing platforms is disclosed.
    Type: Grant
    Filed: October 26, 2018
    Date of Patent: May 18, 2021
    Assignee: VALTIX, INC.
    Inventors: Praveen Patnala, Vishal Jain, Vijay Chander
  • Patent number: 11005745
    Abstract: Example methods are provided for a network management entity to perform network configuration failure diagnosis in a software-defined networking (SDN) environment. The method may comprise receiving a request to diagnose a network configuration failure; and generating and sending control information to a host to cause the host to inject, at a first network element, a diagnostic packet for transmission along a datapath to a configuration server via multiple second network elements. The diagnostic packet may be configured according to a network configuration protocol supported by the configuration server. The method may also comprise: receiving report information associated with the diagnostic packet from at least one of the following: the first network element, the multiple second network elements and the configuration server; and based on the report information, determining a diagnosis result associated with the network configuration failure.
    Type: Grant
    Filed: February 18, 2019
    Date of Patent: May 11, 2021
    Assignee: VMWARE, INC.
    Inventors: Qiao Huang, Donghai Han, Qiong Wang, Benli Ye, Xu Wang, Jia Cheng
  • Patent number: 11005892
    Abstract: System, method, and apparatus of securing and managing Internet-connected devices and networks. A wireless communication router is installed at a customer venue, and provides Internet access to multiple Internet-connected devices via a wireless communication network that is served by the router. A monitoring and effecting unit of the router performs analysis of traffic that passes through the router; identifies which Internet-connected devices send or receive data; and selectively enforces traffic-related rules based on policies stored in the router. Optionally, the monitoring and effecting unit is pre-installed in the router in a disabled mode; and is later activated after the router was deployed at a customer venue. Optionally, the router notifies the Internet Service Provider the number and type of Internet-connected devices that are served by the router.
    Type: Grant
    Filed: September 16, 2018
    Date of Patent: May 11, 2021
    Assignee: ALLOT LTD.
    Inventors: Yair Manor, Yaron Muzikant
  • Patent number: 10992537
    Abstract: An embodiment may involve a managed network containing computing devices. The computing devices may be respectively associated with unqualified domain names. One or more server devices may be disposed within a remote network management platform that manages the managed network. These server devices may be configured to: probe the managed network, by way of a proxy server application disposed within the managed network, to obtain information related to applications operating on the computing devices, network connectivity of the computing devices, and representations of the unqualified domain names; obtain a regular expression; determine a subset of the computing devices in the managed network on which a particular application is operating and for which the respectively associated unqualified domain names match the regular expression; and generate a map of the managed network in which the subset of the computing devices is represented as a grouped node instead of individual nodes.
    Type: Grant
    Filed: March 28, 2018
    Date of Patent: April 27, 2021
    Assignee: ServiceNow, Inc.
    Inventors: Haviv Rosh, Alexei Tilikin
  • Patent number: 10986131
    Abstract: Techniques for generating access control policy warnings and suggestions are disclosed herein. An access control policy change specifying changes to one or more permissions associated with the access control policy is received and, based on a set of requests for access associated with the access control policy, an access control policy warning is produced which specifying an indication of whether or not the changes to the one or more permissions should be permitted.
    Type: Grant
    Filed: December 17, 2014
    Date of Patent: April 20, 2021
    Assignee: Amazon Technologies, Inc.
    Inventors: William Frederick Hingle Kruse, Ashish Rangole
  • Patent number: 10958671
    Abstract: A computer-implemented method includes: detecting, by a user device, an event that indicates a potential security compromise of the user device; determining, by the user device, a service accessible on the user device; sending, by the user device, a breach notification to a service provider corresponding to the service accessible on the user device; receiving, by the user device, a security profile from the service provider; and restricting, by the user device, access to the service provider by a client of the service provider on the user device until the security profile is satisfied by a user completing a security challenge defined in the security profile.
    Type: Grant
    Filed: November 22, 2019
    Date of Patent: March 23, 2021
    Assignee: INTERNATIONAL BUSINESS MACHINES CORPORATION
    Inventors: Swaminathan Balasubramanian, Radha M. De, Ashley D. Delport, Indrajit Poddar, Cheranellore Vasudevan
  • Patent number: 10936523
    Abstract: The invention relates to a communication module for connecting a lighting bus system (1) to a network (3) based on an internet protocol, wherein each component (2a . . . 2f) coupled to the bus system (1) is assigned a unique bus address, the communication module (4) is assigned a plurality of network addresses, at least one of the plurality of network addresses contains the bus address of a component (2a . . . 2f) and the communication module (4) is designed to receive data transmitted to the at least one network address from the network (3), to extract the bus address of the component (2a . . . 2f) from the network address, to determine data to be transmitted to the component (2a . . . 2f) by using the extracted bus address on the basis of the received data, and to transmit the determined data to the component (2a . . . 2f) having the extracted bus address via the bus system (1), or to provide the data generated autonomously by a component (2a . . .
    Type: Grant
    Filed: August 24, 2018
    Date of Patent: March 2, 2021
    Assignee: TRIDONIC GMBH & CO KG
    Inventors: Markus Ender, Frank Lochmann, Dieter Severin
  • Patent number: 10917400
    Abstract: Systems and methods related to an online security center are provided. For example, a processor may receive authentication information via a first website, a first application, or both. The authentication information may be associated with an account registered with a second website, a second application, or both. The processor may store the authentication information. The processor may receive input of a selection related to managing a stored password of the authentication information. The processor may automatically generate a new password based at least in part on one or more password specifications that enhance security of the new password, a configurable time limit for changing the authentication information, or some combination thereof. The processor may then display a recommendation including the new password, automatically change the stored password to the new password, or some combination thereof, based on the input.
    Type: Grant
    Filed: February 15, 2017
    Date of Patent: February 9, 2021
    Assignee: United Services Automobile Association (USAA)
    Inventor: James Neil Goings
  • Patent number: 10917403
    Abstract: A method for variable length decoding, the method including: receiving, in a default word length mode, at least one first data word having a default first word length; combining the received at least one first data word as a first portion of data; receiving, after the at least one first data word, a transition word indicative of transitioning to a variable word length mode; receiving, after the transition word, a first word length word indicative of a second word length; receiving, after the first word length word, at least one second data word having the second word length; and combining the received at least one second data word as a second portion of the data.
    Type: Grant
    Filed: November 12, 2019
    Date of Patent: February 9, 2021
    Assignee: Kara Partners LLC
    Inventors: Brian Penny, Desmond Penny
  • Patent number: 10911538
    Abstract: Authentication information at a first portion of encrypted data may be identified. A cryptographic key may be derived based on a combination of an identification of the first portion of the received encrypted data and a master key. Additional authentication information may be generated based on a combination of the derived cryptographic key and another portion of the received encrypted data. The encrypted data may be verified by comparing the authentication information at the first portion of the received encrypted data with the generated additional authentication information. In response to verifying the received encrypted data, a second cryptographic key may be derived based on a combination of an identification of the another portion of the encrypted data and the master key. The other portion of the received encrypted data may be decrypted by using the second cryptographic key.
    Type: Grant
    Filed: April 11, 2017
    Date of Patent: February 2, 2021
    Assignee: Fortanix, Inc.
    Inventors: Ambuj Kumar, Anand Kashyap, Jethro Gideon Beekman, Faisal Faruqui, Andrew Leiserson
  • Patent number: 10911549
    Abstract: A proxy in a service-based telecommunication network, such as a fifth generation (5G) network, can receive a request a from a consumer network function (NF) and route the request to a producer NF. The request can be addressed to the proxy at an Internet Protocol (IP) layer, but include a path header, such as a Hypertext Transfer Protocol Two (HTTP/2) path pseudo-header field, that indicates a type of producer NF and a type of service. The proxy can select a particular instance of that type of producer NF based on the path header and can forward the request to an IP address of the selected producer NF that corresponds to the type of service indicated in the path header.
    Type: Grant
    Filed: July 30, 2019
    Date of Patent: February 2, 2021
    Assignee: T-Mobile USA, Inc.
    Inventors: Mallika Deshpande, Prannoy Kiran Saride
  • Patent number: 10891381
    Abstract: Examples relate to detecting vulnerabilities in a web application. One example enables identifying a set of inputs in a web application input form. The set of inputs may be categorized based on a set of predetermined conditions. The set of inputs may be scored based on the categorization. A subset of the set of inputs may be determined to be a set of parameters of interest for the web application based on the scored set of inputs.
    Type: Grant
    Filed: November 13, 2015
    Date of Patent: January 12, 2021
    Assignee: MICRO FOCUS LLC
    Inventors: Jeremy Brooks, Sasi Siddharth Muthurajan, Nidhi Govindram Kejriwal
  • Patent number: 10873566
    Abstract: Example methods are provided for a firewall controller to implement a distributed firewall in a virtualized computing environment that includes a source host and a destination host. The method may comprise retrieving a first firewall rule that is applicable at the destination host to an ingress packet destined for a destination virtualized computing instance supported by the destination host; and based on the first firewall rule, generating a second firewall rule that is applicable at the source host to an egress packet destined for the destination virtualized computing instance. The method may further comprise instructing the source host to apply the second firewall rule to, in response to determination that the egress packet is blocked by the second firewall rule, drop the egress packet such that the egress packet is not sent from the source host to the destination host.
    Type: Grant
    Filed: February 23, 2016
    Date of Patent: December 22, 2020
    Assignee: NICIRA, INC.
    Inventor: Donghai Han
  • Patent number: 10866793
    Abstract: At least one application may include instructions comprising application instructions and a plurality of separate pipeline definition instructions. The application instructions may be within a virtual container including at least one program that is generically executable in a plurality of different continuous integration and delivery (CI/CD) environments. Each of the plurality of separate pipeline definition instructions may be configured for each of the plurality of different CI/CD environments such that each pipeline definition may operate only in the CI/CD environment for which it is created. Each pipeline definition may be configured to cause the CI/CD environment for which it is created to execute the at least one program.
    Type: Grant
    Filed: October 10, 2019
    Date of Patent: December 15, 2020
    Assignee: Capital One Services, LLC
    Inventors: Brandon Atkinson, Christopher Bowers, Dallas Edwards
  • Patent number: 10868715
    Abstract: Techniques are described for providing users with access to computer networks, such as to enable users to create computer networks that are provided by a remote configurable network service for use by the users. Such provided computer networks may be configured to be private computer networks accessible only by the users who create them, and may each be created and configured by a client of the configurable network service to be an extension to an existing computer network of the client, such as a private computer network extension to an existing private computer network of the client. In addition, access to remote resource services may be configured and provided from such computer networks in various manners, such as to include a local access mechanism as part of a provided computer network that is configured to forward communications sent to the access mechanism to a particular remote resource service.
    Type: Grant
    Filed: September 14, 2015
    Date of Patent: December 15, 2020
    Assignee: Amazon Technologies, Inc.
    Inventors: Eric Jason Brandwine, Daniel T. Cohn, Andrew J. Doane
  • Patent number: 10846264
    Abstract: Disclosed herein are system, method, and computer program product embodiments for routing and storing files. In an embodiment, a file router system may route files to different geographic locations. This routing may aid in adhering to government regulations pertaining to the archival of files. For example, the file router system may interface with and/or receive files from a cloud computing platform. The file router system may manage the geographic file storage location. The file router system may also determine a file retention plan. The file retention plan may indicate a file retention period. The file router system may transmit the file retention plan to a data storage center located in the geographic file storage location. The file retention plan may further aid in adhering to government regulations.
    Type: Grant
    Filed: June 13, 2018
    Date of Patent: November 24, 2020
    Assignee: SAP SE
    Inventors: Suresh Kumar P, Vijay Kumar, Bhuvaneswari D, Kishan Rao Ramesh Yaradi, Ankit Jain
  • Patent number: 10838708
    Abstract: In one embodiment, a system for managing a virtualization environment comprises a plurality of host machines, one or more virtual disks comprising a plurality of storage devices, a virtualized file server (VFS) comprising a plurality of file server virtual machines (FSVMs), wherein each of the FSVMs is running on one of the host machines and conducts I/O transactions with the one or more virtual disks, and a virtualized file server backup system configured to back up data stored in a VFS located a cluster of host machines to an object store, and retrieve the backed-up data as needed to restore the data in the VFS. The object store may be located in a public cloud. The object store may include a low-cost storage medium within the cluster. An FSVM of the VFS may provide an object store interface to low-cost storage media.
    Type: Grant
    Filed: October 15, 2018
    Date of Patent: November 17, 2020
    Assignee: Nutanix, Inc.
    Inventors: Vishal Sinha, Richard James Sharpe, Kalpesh Ashok Bafna, Anil Kumar Gopalapura Venkatesh, Durga Mahesh Arikatla, Shyamsunder Prayagchand Rathi
  • Patent number: 10834133
    Abstract: A technique to enforce mobile device security policy is based on a “risk profile” of the individual device, where the risk profile is fine-grained and based on the types of applications installed on the device, the services they are accessing, and the operation(s) the user granted the device authorization to perform. Thus, the approach takes into account not only the actual applications installed on the device (and those actively in use), but also the services those applications are accessing, and the scope of operations the user has granted the device authorization to perform. By combining this information to create the risk profile, a suitable security policy, including one that does not unnecessarily degrade device usability, may then be applied.
    Type: Grant
    Filed: December 4, 2012
    Date of Patent: November 10, 2020
    Assignee: International Business Machines Corporation
    Inventors: Simon Gilbert Canning, David Paul Moore, Shane Bradley Weeden, Stephen Viselli
  • Patent number: 10834050
    Abstract: Application programming interfaces (APIs) can be unintentionally exposed and allow for potentially undesirable use of corporate resources. An API call filtering system configured to monitor API call requests received via an endpoint and API call responses received via a supporting service of an API or web service. The API call filtering system enables enterprises to improve their security posture by identifying, studying, reporting, and securing their APIs within their enterprise network.
    Type: Grant
    Filed: August 7, 2017
    Date of Patent: November 10, 2020
    Assignee: SHAPE SECURITY, INC.
    Inventors: Justin D. Call, Timothy D. Peacock
  • Patent number: 10834131
    Abstract: A method, system, and computer-usable medium are disclosed for (a) responsive to communication of a client handshake from a client to a server for establishing encrypted communications between the client and the server: (i) holding open, by an intermediate verification system interfaced between the server and the client, the client handshake; and (ii) opening a connection between the intermediate verification system and the server via which the intermediate verification system issues a server verification handshake to the server; (b) responsive to issuance of the server verification handshake to the server, receiving a server certificate associated with the server by the intermediate verification system; (c) responsive to receipt of the server certificate, processing, by the intermediate verification system, the server certificate to determine an identity of the server; and (d) rendering, by the intermediate verification system, a security policy decision regarding traffic between the server and client based
    Type: Grant
    Filed: November 28, 2017
    Date of Patent: November 10, 2020
    Assignee: Forcepoint LLC
    Inventors: Tuomo Syvänne, Olli-Pekka Niemi, Valtteri Rahkonen
  • Patent number: 10819750
    Abstract: Disclosed are various embodiments for a multi-tenant authentication and permissions framework. In a first embodiment, an interceptor intercepts a request to perform an operation with respect to a network resource from a client device, authenticates the client device has having a user identity with an authentication service, receives data from a permissions service indicating whether the user identity has permission to perform the operation, and forwards the request to perform the operation to a service.
    Type: Grant
    Filed: April 27, 2018
    Date of Patent: October 27, 2020
    Assignee: AMAZON TECHNOLOGIES, INC.
    Inventors: Piyush Pramod Yawalkar, Sandeep Archana Vasudevan
  • Patent number: 10812513
    Abstract: In communication with networked electronic devices, a method for providing a holistic view of a malware attack potentially being conducted on these networked electronic devices is described. The method includes requesting analytic data from each of the plurality of networked electronic devices. Thereafter, the analytic data from each of the networked electronic devices is analyzed to correlate analytic data from each of the plurality of networked electronic devices in order to provide the holistic view of a malware attack potentially being conducted. After correlation, display information is generated, where the display information includes the correlated analytic data.
    Type: Grant
    Filed: November 5, 2018
    Date of Patent: October 20, 2020
    Assignee: FireEye, Inc.
    Inventors: Jayaraman Manni, Philip Eun, Michael M. Berrow
  • Patent number: 10805434
    Abstract: Techniques for content inspection in a communication network, including detecting a packet in transit between a first and second endpoint, determining that content of the packet fails a content check, modifying a payload containing the content, adjusting a sequence number to account for the modification, and injecting a response message into a corresponding stream in an opposite direction. The response message may contain information relating to a reason for the rejection.
    Type: Grant
    Filed: June 7, 2018
    Date of Patent: October 13, 2020
    Assignee: Hyannis Port Research, Inc.
    Inventors: Anthony D. Amicangioli, Timothy G. Field, Dominick S. Grochowina, Bernard J. Rosen, Andrew C. Carp, Yura Pyatnychko
  • Patent number: 10797884
    Abstract: Methods of facilitating communication between clients and servers are contemplated. Embodiments of the inventive subject matter make it possible for a client to establish a packet-based connection with a server by first authenticating with a web backend. This can enable, for example, a client to establish a packet-based connection with a server though a web browser.
    Type: Grant
    Filed: April 2, 2018
    Date of Patent: October 6, 2020
    Assignee: NETWORK NEXT, INC.
    Inventor: Glenn Alexander Fiedler
  • Patent number: 10798157
    Abstract: Technologies for function as a service (FaaS) arbitration include an edge gateway, multiple endpoint devices, and multiple service providers. The edge gateway receives a registration request from a service provider that is indicative of an FaaS function identifier and a transform function. The edge gateway verifies an attestation received from the service provider and registers the service provider. The edge gateway receives a function execution request from an endpoint device that is indicative of the FaaS function identifier. The edge gateway selects the service provider based on the FaaS function identifier, programs an accelerator with the transform function, executes the transform function with the accelerator to transform the function execution request to a provider request, and submits the provider request to the service provider. The service provider may be selected based on an expected service level included in the function execution request. Other embodiments are described and claimed.
    Type: Grant
    Filed: December 28, 2018
    Date of Patent: October 6, 2020
    Assignee: Intel Corporation
    Inventors: Francesc Guim Bernat, Ned Smith, Kshitij Doshi, Alexander Bachmutsky, Suraj Prabhakaran
  • Patent number: 10791480
    Abstract: The present specification relates to a communication method and a communication device, and a random access method of a user equipment (UE), according to one embodiment of the present specification, comprises the steps of: sensing a random access trigger in a connected state; determining the type of the random access trigger when the random access trigger is sensed; and performing congestion control if the type of the random access trigger is a preset type.
    Type: Grant
    Filed: May 22, 2017
    Date of Patent: September 29, 2020
    Assignee: Samsung Electronics Co., Ltd.
    Inventors: Soeng Hun Kim, Gert Jan Van Lieshout, Sang Bum Kim, Kyeong In Jeong
  • Patent number: 10771454
    Abstract: An information processing system comprises a terminal device; an end server; and an intermediate server connected to the terminal device and the end server via a network. The intermediate server includes a communication device that communicates with the terminal device and the end server; a memory device that stores an ID correspondence table that registers a combination of first login information and second login information, the first login information being for logging in to the intermediate server, the second login information being for logging in to the end server; and a controller, when the controller executes an information processing program, the controller operating as an ID issue receiving unit, an end server accessing unit, an ID issuing unit, and an end server access receiving unit.
    Type: Grant
    Filed: July 27, 2018
    Date of Patent: September 8, 2020
    Assignee: KYOCERA DOCUMENT SOLUTIONS INC.
    Inventor: Takehiro Hara
  • Patent number: 10771484
    Abstract: Intrusion preludes may be detected (including detection using fabricated responses to blocked network requests), and particular sources of network communications may be singled out for greater scrutiny, by performing intrusion analysis on packets blocked by a firewall. An integrated intrusion detection system uses an end-node firewall that is dynamically controlled using invoked-application information and a network policy. The system may use various alert levels to trigger heightened monitoring states, alerts sent to a security operation center, and/or logging of network activity for later forensic analysis. The system may monitor network traffic to block traffic that violates the network policy, monitor blocked traffic to detect an intrusion prelude, and monitor traffic from a potential intruder when an intrusion prelude is detected.
    Type: Grant
    Filed: May 17, 2018
    Date of Patent: September 8, 2020
    Assignee: Intel Corporation
    Inventor: Satyendra Yadav
  • Patent number: 10756906
    Abstract: An architecture and methods for self-sovereign digital identity is described. The method mimics the handling of identities in the physical world, by provisioning unique digital identities to people. Digital identities and consent tokens are said to be self-sovereign because they are tightly controlled by their owners using identity engines installed on personal devices. Identity engines are interoperable, establishing a web identity layer. Self-sovereign digital identities are used to identify their holders, sign and encrypt transactions, and create digital seals that cannot be repudiated. Digital seals affix the identities and attestations of collaborating parties to digital identities, consent tokens, transactions, documents, and other artifacts. Self-sovereign digital identities can be exchanged securely, verified using proof-of-possession and proof-of-custody tests when collaborating synchronously, and verified using a proof-of-existence identity registry when collaborating asynchronously.
    Type: Grant
    Filed: November 12, 2018
    Date of Patent: August 25, 2020
    Inventor: Kalman Csaba Toth
  • Patent number: 10750402
    Abstract: The present specification relates to a communication method and a communication device, and a random access method of a user equipment (UE), according to one embodiment of the present specification, comprises the steps of: sensing a random access trigger in a connected state; determining the type of the random access trigger when the random access trigger is sensed; and performing congestion control if the type of the random access trigger is a preset type.
    Type: Grant
    Filed: May 22, 2017
    Date of Patent: August 18, 2020
    Assignee: Samsung Electronics Co., Ltd.
    Inventors: Soeng Hun Kim, Gert Jan Van Lieshout, Sang Bum Kim, Kyeong In Jeong
  • Patent number: 10742605
    Abstract: Detecting and blocking content that can develop undesired behavior by artificial intelligence (AI) entities toward users during a learning process is provided. Input information is received for a set of one or more AI entities. Characteristics of the input information are evaluated based on rules of a selected policy from a set of policies and learned characteristics of information associated with a corpus of information. It is determined whether a result of evaluating the characteristics of the input information exceeds a predefined threshold. In response to determining that the result of evaluating the characteristics of the input information exceeds the predefined threshold, the input information for the set of AI entities is filtered by performing a selective filtering action, using a firewall, based on context of the input information.
    Type: Grant
    Filed: May 8, 2018
    Date of Patent: August 11, 2020
    Assignee: International Business Machines Corporation
    Inventors: Clifford A. Pickover, Komminist Weldemariam, Edgar A. Zamora Duran
  • Patent number: 10742765
    Abstract: A device system includes a first server on a first network and a second server on a second network. The second server stores processing data transmitted from the first server in the second memory, in response to a request for processing the processing data from the electronic device, transmits the processing data to the electronic device, and stores, in the second memory, information indicating that the processing data has been processed in association with the processing data in response to reception of a notification indicating that the processing data has been processed from the electronic device. The first server determines whether the second server stores the information indicating that the processing data has been processed, and stores the information indicating that the processing data has been processed in the first memory based on a determination that the second server stores the information indicating that the processing data has been processed.
    Type: Grant
    Filed: August 21, 2018
    Date of Patent: August 11, 2020
    Assignee: RICOH COMPANY, LTD.
    Inventor: Kazuhiro Mukai
  • Patent number: 10735407
    Abstract: A system and method for of temporary password management may include: obtaining, by a password management entity, a request to login a local device into an authentication authority; generating, by the password management entity, a temporary password; sending, by the password management entity, the temporary password to the authentication authority; sending, by the password management entity, the temporary password to a user device; obtaining, at the authentication authority the temporary password from the local device; comparing, by the authentication authority, the temporary password obtained from the local device with the temporary password obtained from the password management entity; and authorizing the login if a match is found.
    Type: Grant
    Filed: March 27, 2018
    Date of Patent: August 4, 2020
    Assignee: SECRET DOUBLE OCTOPUS LTD.
    Inventors: Shimrit Tzur-David, Chen Tetelman, Amit Rahav
  • Patent number: 10735397
    Abstract: Systems and methods for decentralized and asynchronous authentication flow between users, relying parties and identity providers. A trusted user agent application or digital lock box under a user's control may perform the functions of an authentication broker. In particular, the user agent application or digital lock box can accept relying party requests and respond with authentication and identity data previously obtained from an identity provider server, and without the involvement of a centralized broker server.
    Type: Grant
    Filed: January 22, 2019
    Date of Patent: August 4, 2020
    Assignee: SecureKey Technologies Inc.
    Inventors: Troy Jacob Ronda, Pierre Antoine Roberge, Dmitry Barinov, Michael Varley, David Alexander Stark, Gregory Howard Wolfond, Aleksandar Likic, Michael John Page
  • Patent number: 10721251
    Abstract: Non-limiting embodiments of the present technology are directed to a field of computer science, and particularly to the methods and systems for remote access detection when browsing web resource pages. A method comprises receiving data representative of a periodicity of a computer mouse movement events; generating a statistical model, the statistical model representative of a typical periodicity of the computer mouse movement events associated with a legitimate user of the electronic device; receiving an indication of computer mouse movement events from the electronic device during a browsing session of the web resource; comparing a periodicity of the computer mouse movement events with the statistical model; in response to detecting a deviation in computer mouse movement events, generating a notification determining a presence of a remote connection to the browsing session; transmitting the notification to an entity associated with the web resources.
    Type: Grant
    Filed: January 30, 2019
    Date of Patent: July 21, 2020
    Assignee: Group IB, Ltd
    Inventors: Pavel Vladimirovich Krylov, Ilya Konstantinovich Sachkov
  • Patent number: 10715532
    Abstract: An automation system comprises a local threat information server operating within automation plant and a plurality of field devices operating at a control layer of the automation plant. The local threat information server is configured to: receive threat information from one or more external sources, receive plant information from one or more internal sources, set a threat level according to one or more of the threat information and the plant information, and distribute an indication of the threat level to one or more control layer devices. Each respective field device is configured to: receive the indication of the threat level, identify one or more security operations corresponding to the threat level, and execute the one or more security operations.
    Type: Grant
    Filed: July 9, 2015
    Date of Patent: July 14, 2020
    Assignee: Siemens Aktiengesellschaft
    Inventors: Leandro Pfleger de Aguiar, Thomas Gruenewald
  • Patent number: 10708813
    Abstract: The present specification relates to a communication method and a communication device, and a random access method of a user equipment (UE), according to one embodiment of the present specification, comprises the steps of: sensing a random access trigger in a connected state; determining the type of the random access trigger when the random access trigger is sensed; and performing congestion control if the type of the random access trigger is a preset type.
    Type: Grant
    Filed: May 22, 2017
    Date of Patent: July 7, 2020
    Assignee: Samsung Electronics Co., Ltd.
    Inventors: Soeng Hun Kim, Gert Jan Van Lieshout, Sang Bum Kim, Kyeong In Jeong
  • Patent number: 10686795
    Abstract: A method for controlling access to one or more of a plurality of target systems includes receiving profile data that defines one or more features associated with a plurality of individuals with one or more entitlements of those individuals. Each entitlement is indicative of target system access. The method further includes generating a model that includes one or more sets of rules where each set of rules is associated with an entitlement of the profile data. Each entitlement is indicative of target system/application access. Each rule within a set relates a combination of one or more features of the profile data with a confidence value. Profile data that defines one or more features associated with a target individual is received from a first user management system. A listing that includes one or more entitlements associated with the target individual, and confidence values associated with the one or more entitlements is generated based on the profile data and the rules.
    Type: Grant
    Filed: June 22, 2018
    Date of Patent: June 16, 2020
    Assignee: Accenture Global Solutions Limited
    Inventors: Rexall E. Thexton, Gaurav Tandon, Sanjeev Shukla, Anthony McCoy, Sidath Mudiyanselage, Andrew Poole, Hannah Craddock, Qurrat Ul Ain, Colleen Connolly, Farbod Kamiab
  • Patent number: 10673861
    Abstract: Techniques to provide secure access to a cloud-based service are disclosed. In various embodiments, a request is received from a client app on a device to connect to a security proxy associated with the cloud-based service. A secure tunnel connection between the device and a node with which the security proxy is associated is used to establish the requested connection to the security proxy. Information associated with the secure tunnel is used to determine that the requesting client app is authorized to access the cloud-based service from the device and to obtain from an identity provider associated with the cloud-based service a security token to be used by the client app to authenticate to the cloud-based service.
    Type: Grant
    Filed: April 26, 2019
    Date of Patent: June 2, 2020
    Assignee: MOBILE IRON, INC.
    Inventors: Kumara Das Karunakaran, Vijay Pawar, Jian Liu
  • Patent number: RE48507
    Abstract: Systems and methods for facilitating distribution of application programming interfaces (APIs) in a social hub are described herein. The social API hub enables users (i.e., API consumers) to access (e.g., search, test, and/or otherwise utilize or consume) APIs that other users (i.e., API developers) submitted to the hub in a standardized manner. Additionally, users can wrap submitted APIs in a standard description format and add various add-ons on top of an existing API infrastructure in order to provide additional functionality.
    Type: Grant
    Filed: July 5, 2017
    Date of Patent: April 6, 2021
    Assignee: KONG, INC.
    Inventors: Marco Palladino, Augusto Marietti, Michele Zonca