Proxy Server Or Gateway Patents (Class 726/12)
  • Patent number: 9218200
    Abstract: Methods, systems and computer readable media for granting class level trust in an open application programming interface (API) system is disclosed. The method includes defining a common information model (CIM) architecture, and the CIM architecture is configured with a CIM object manager (CIMOM) for managing client requests made through APIs. The APIs are handled by the CIMOM and the CIMOM accesses schemas that include one or more classes. The method includes applying trust level settings to particular ones of the one or more classes of the schemas, and the trust level settings define client permissions to the particular classes. The method further includes hiding the particular classes to clients that lack a trust level sufficient to access the particular classes. Clients that lack the trust level are serviced with classes that do not have the applied trust level settings.
    Type: Grant
    Filed: August 21, 2008
    Date of Patent: December 22, 2015
    Assignee: VMware, Inc.
    Inventors: Daniel K. Hiltgen, Steven To
  • Patent number: 9202051
    Abstract: The auditing of a device that includes a physical memory is disclosed. One or more hardware parameters that correspond to a hardware configuration is received. Initialization information is also received. The physical memory is selectively read and at least one result is determined. The result is provided to a verifier.
    Type: Grant
    Filed: August 14, 2013
    Date of Patent: December 1, 2015
    Assignee: QUALCOMMIncorporated
    Inventors: Bjorn Markus Jakobsson, Karl-Anders R. Johansson
  • Patent number: 9203808
    Abstract: There are provided a method of automated managing an ordered set of security rules implemented at a plurality of security gateways and a system thereof. The method comprises obtaining data characterizing a connectivity request which may become allowable only upon changes of an initial rule-set, thus giving rise to an unfitting connectivity request; analyzing routing tables of the plurality of the security gateways; generating ranking the security gateways in accordance with their relevance to the unfitting connectivity request; selecting one or more security gateways with the highest ranking; and implementing a configuration change required in order to facilitate allowance of the unfitting connectivity request at the one or more selected security gateways.
    Type: Grant
    Filed: May 1, 2013
    Date of Patent: December 1, 2015
    Assignee: TUFIN SOFTWARE TECHNOLOGIES LTD.
    Inventors: Reuven Harrison, Michael Hamelin
  • Patent number: 9203620
    Abstract: A mobile telephone or other type of mobile communication device is configured to store a cryptographic credential within a secure hardware environment of the device. A script is provisioned for execution in the mobile communication device, the script comprising program code that executes at least in part within the secure hardware environment and is configured to utilize the cryptographic credential stored within the secure hardware environment. Prior to permitting the script to access the cryptographic credential, the secure hardware environment verifies an endorsement of the script. The endorsement may be provided by an issuer of the cryptographic credential. The cryptographic credential stored in the secure hardware environment may comprise a long-term credential and the script may be configured to generate a plurality of short-lived credentials based on the long-term credential.
    Type: Grant
    Filed: January 28, 2009
    Date of Patent: December 1, 2015
    Assignee: EMC Corporation
    Inventor: Magnus Nyström
  • Patent number: 9202239
    Abstract: Billing usage of a cloud computing environment is described. Usage is metered of one or more resources within the cloud computing environment by one or more users. The one or more users may be associated with at least one entity. The metered usage of one or more cloud resources is converted to a revenue-generating value. The revenue-generating value is billed to the at least one entity associated with the one or more users. Revenue is collected from the at least one entity for the metered usage of one or more cloud resources. The collected revenue is shared with a plurality of parties.
    Type: Grant
    Filed: November 17, 2011
    Date of Patent: December 1, 2015
    Assignee: Oracle International Corporation
    Inventors: Willem Robert Van Biljon, Christopher Conway Pinkham, Russell Andrew Cloran, Michael Carl Gorven, Alexandre Hardy, Brynmor K. B. Divey, Quinton Robin Hoole, Girish Kalele
  • Patent number: 9202016
    Abstract: A network device is configured to receive a request, from a device, for private information associated with a user of a user device, on behalf of another user device. The network device may authenticate the device, the user device, and the other user device. The network device may request and receive the user's authorization to send the private information to the other user device. The network device may generate and send a token used to request the private information. The network device may receive the token from the device, determine that the token is valid, and send the private information.
    Type: Grant
    Filed: August 15, 2012
    Date of Patent: December 1, 2015
    Assignee: Verizon Patent and Licensing Inc.
    Inventor: Raymond C. Counterman
  • Patent number: 9197640
    Abstract: An authentication engine may be configured to receive an authentication request and credentials from a client. The authentication engine may then generate a proxy agent configured to interact with an identity provider to authenticate the client on behalf of the client, using the credentials. In this way, the authentication engine may receive an assertion of authentication of the client from the identity provider, by way of the proxy agent.
    Type: Grant
    Filed: June 28, 2013
    Date of Patent: November 24, 2015
    Assignee: BMC SOFTWARE, INC.
    Inventor: Karl Frederick Miller
  • Patent number: 9191364
    Abstract: An on-premise software application (“OPA”) is communicated with according to an action received from outside a firewall. The action concerns user account information maintained by the OPA. The OPA is installed on a device located inside the firewall. The action is received from a management server located outside the firewall. The action includes a portion that adheres to a standardized format. An OPA interface request is generated based on the action. The OPA interface request includes the standardized portion. The OPA interface request is sent to an agent/OPA interface.
    Type: Grant
    Filed: December 4, 2013
    Date of Patent: November 17, 2015
    Assignee: Okta, Inc.
    Inventors: Christopher Barbara, RaghuRam Pamidimarri
  • Patent number: 9183361
    Abstract: Techniques for resource access authorization are described. In one or more implementations, an application identifier is used to control access to user resources by an application. A determination is made whether to allow the application to access the user resources by comparing an application identifier received from an authorization service with a system application identifier for the application obtained from a computing device on which the application is executing.
    Type: Grant
    Filed: September 12, 2011
    Date of Patent: November 10, 2015
    Assignee: Microsoft Technology Licensing, LLC
    Inventors: Oludare V. Obasanjo, Stephen R. Gordon, Aleksandr Radutskiy, Philip J. Hallin, Atanas D. Oskov, Jeremy D. Viegas, Daniel C. Kitchener
  • Patent number: 9185113
    Abstract: A system and method for establishing a virtual network connection between an initiating computing device operated by an initiator and a target computing device operated by a target so that one of said computing devices is able to control the other of said computing devices. The system comprises a third party proxy to which the computing devices are connected. The third party proxy receives a request for a virtual network connection to said target computing device from said initiating computing device and requests initiator credentials for said initiating computing device and target credentials for said target computing device. Said credentials are delivered to the respective computing device. The system also comprises a core node configured to receive the credentials from the respective computing device, authenticate the received credentials, and if said credentials are authentic, establish the virtual network connection between said initiating computing device and said target computing device.
    Type: Grant
    Filed: December 4, 2013
    Date of Patent: November 10, 2015
    Assignee: RealVNC Ltd
    Inventors: Jason Barrie Morley, Nicolas David Reeves, Adam Greenwood Byrne, Katarzyna Maria Czeczot
  • Patent number: 9185058
    Abstract: An exemplary method of providing network address translation (NAT) for GPRS tunneling protocol user plane (or GTP-U) traffic on a data center server supporting multiple radio bearers in a mobile network is disclosed. The method includes: receiving packets from a source node via a GTP-U tunnel; filtering ingress GTP-U packets from other types of packets; forwarding a respective ingress GTP-U packet with a public destination IP address to a first queue if a destination IP address matches a defined GTP-U public IP address for the destination node; extracting one or more ingress GTP-U packets and forwarding the packets to a user-land operating system process for inspection; performing NAT of the destination IP address; placing ingress GTP-U packets that have an internal IP address that identifies with a particular radio bearer into a second queue; and forwarding the ingress GTP-U packets via a radio bearer within a network for processing.
    Type: Grant
    Filed: March 15, 2013
    Date of Patent: November 10, 2015
    Assignee: Alcatel Lucent
    Inventors: Michael N. Hua, Sami Assaad, Camille Bijjani, Manikka Thyagarajan
  • Patent number: 9172705
    Abstract: A system for interactive network access approval includes a server, a first application running on a first device for requesting access to a website on the network, and a second application running on a second device for approving access to the website. The server receives a request via the first application for access to the website, immediately transmits the request to the second application, receives via the second application approval for access to the website, and immediately grants access to the website to the first application. A method for granting access to a website is also described.
    Type: Grant
    Filed: July 10, 2014
    Date of Patent: October 27, 2015
    Assignee: FORCEFIELD ONLINE, INC
    Inventors: Michael Kong, Mark Madsen
  • Patent number: 9167427
    Abstract: The method of operating a network includes receiving, by an authentication, authorization and accounting (AAA) proxy of the network, authentication information for user equipment from a first wireless access point, the AAA proxy being a proxy for an authentication, authorization and accounting (AAA) server in a radiocommunication network, transmitting, by the AAA proxy, at least the received authentication information to the radiocommunication network, receiving, by the AAA proxy, first key information from the radiocommunication network, generating, by the AAA proxy, second key information based on the first key information and third key information based on the second key information, storing, by the AAA proxy, the first and second key information, and transmitting, by the AAA proxy, the third key information to the first wireless access point, the third key information allowing the user equipment access to a network via the first wireless access point.
    Type: Grant
    Filed: March 15, 2013
    Date of Patent: October 20, 2015
    Assignee: Alcatel Lucent
    Inventors: Salvatore Messana, Paul Rominski, Raymond Johnson, Dheena Moongilan, Laurent Thiebaut, John Cladianos
  • Patent number: 9160754
    Abstract: An apparatus and method uses location based authentication of a user accessing a virtual machine (VM) by using the physical location of the virtual machine as a criteria for the authentication. When a user requires a logical partition to run in a known, specified physical location, the user specifies the physical location when the VM is created. The specified physical location is then incorporated into the user authentication process. Users are challenged and must know the physical location in order to be authenticated to the system. When a “disruptive event” in the cloud environment occurs that necessitates moving the VM to another location, the original physical location is stored so the virtualization manager later can automatically relocate the VM back to its original physical location.
    Type: Grant
    Filed: November 14, 2013
    Date of Patent: October 13, 2015
    Assignee: International Business Machines Corporation
    Inventors: Bin Cao, Jim C. Chen
  • Patent number: 9161249
    Abstract: A computer-implemented method for performing Internet site security analyzes may include (1) identifying a plurality of clients, each client within the plurality of clients connecting to the Internet from a different Internet Protocol address, (2) identifying a plurality of Internet sites targeted for a security assessment, and then, for each Internet site within the plurality of Internet sites, (3) selecting at least one client from the plurality of clients to use as a proxy for communicating with the Internet site, (4) communicating with the Internet site, using the client as a proxy, to gather information for a security analysis of the Internet site, and (5) performing the security analysis of the Internet site based at least in part on the gathered information. Various other methods, systems, and computer-readable media are also disclosed.
    Type: Grant
    Filed: July 7, 2011
    Date of Patent: October 13, 2015
    Assignee: Symantec Corporation
    Inventors: Corrado Leita, Marc Dacier
  • Patent number: 9154512
    Abstract: Methods and apparatus are disclosed for processing data packets using a router and a proxy in order to transparently proxy a connection between a client and a server. One method involves mapping a TCP connection to a connection ID and sending a segment from the TCP connection to a proxy, including the connection ID, a direction value and an identifier of an assigned proxy application, such that the segment appears to be from the connection. The method further involves a proxy creating and reading from an IP socket which corresponds to the segment, the connection ID, direction and assigned proxy application and then spoofing the segment using the connection ID, a second direction value, and an identifier of the assigned proxy application.
    Type: Grant
    Filed: March 30, 2006
    Date of Patent: October 6, 2015
    Assignee: Cisco Technology, Inc.
    Inventors: Diheng Qu, Nicholas Leavy
  • Patent number: 9143525
    Abstract: Intrusion preludes may be detected (including detection using fabricated responses to blocked network requests), and particular sources of network communications may be singled out for greater scrutiny, by performing intrusion analysis on packets blocked by a firewall. An integrated intrusion detection system uses an end-node firewall that is dynamically controlled using invoked-application information and a network policy. The system may use various alert levels to trigger heightened monitoring states, alerts sent to a security operation center, and/or logging of network activity for later forensic analysis. The system may monitor network traffic to block traffic that violates the network policy, monitor blocked traffic to detect an intrusion prelude, and monitor traffic from a potential intruder when an intrusion prelude is detected.
    Type: Grant
    Filed: June 10, 2014
    Date of Patent: September 22, 2015
    Assignee: Intel Corporation
    Inventor: Satyendra Yadav
  • Patent number: 9134786
    Abstract: Methods and systems for a device in a network are disclosed. The methods and systems compare priority data of the device to priority data of a set of other devices in the network. In addition, the methods and systems determine the device has a priority greater than or equal to a priority of each device in the set of other devices based, at least in part, on the comparison. The methods and systems also select the device as an elected device based, at least in part, on the priority determination. In addition, the methods and systems transmit, using the elected device, a Wake-On-LAN command.
    Type: Grant
    Filed: January 9, 2013
    Date of Patent: September 15, 2015
    Assignee: POWERPLUG LTD.
    Inventor: Eyal Yechieli
  • Patent number: 9131008
    Abstract: A method for discovery profile based unified credential processing for disparate security domains can include loading a discovery profile specifying types of manageable resources to be discovered during discovery of manageable resources and authentication protocols for use in accessing each type of the resources. The method also can include discovering the resources across disparate security domains and selecting a discovered one of the resources in a particular one of the security domains for a systems management task. The method further can include transforming an authentication credential not specific to the particular one of the security domains to a mapped authentication credential specific to the particular one of the security domains and authenticating into the particular one of the security domains with the mapped authentication credential utilizing an authentication protocol specified by the profile in order to perform the systems management task on the selected discovered one of the resources.
    Type: Grant
    Filed: September 30, 2008
    Date of Patent: September 8, 2015
    Assignee: LENOVO ENTERPRISE SOLUTIONS (SINGAPORE) PTE. LTD.
    Inventors: Eric W. Brown, Ramamohan Chennamsetty, Abraham L. Woldemichael
  • Patent number: 9124448
    Abstract: Described is an improved method, system, and computer program product for implementing an improved resequencer, along with related mechanisms and processes. A best efforts resequencing approach is described for determining a set of messages to process in a computing system.
    Type: Grant
    Filed: April 4, 2009
    Date of Patent: September 1, 2015
    Assignee: ORACLE INTERNATIONAL CORPORATION
    Inventors: Atul Singh, Maneesh Joshi, Ashwin Patel, Annaji Rao Garimella
  • Patent number: 9118700
    Abstract: A method of operating a computing device that allows inspecting data that the device attempts to transmit over a network in an encrypted form for presence of malware, viruses or confidential information. The method includes intercepting a request from an application to an encryption component of an operating system to encrypt the data and acquiring encrypted data generated by the encryption component in response to the request. SSL or TLS protocol may be used for encryption. The request may be intercepted using API hooking. The data in an unencrypted form and an identifier of the encrypted data may be provided to a data inspection facility for establishing a correspondence between the unencrypted and encrypted data, using the identifier. The data inspection facility performs inspection of the unencrypted data to determine whether to allow transmission of the encrypted data over the network.
    Type: Grant
    Filed: October 1, 2013
    Date of Patent: August 25, 2015
    Assignee: Microsoft Technology Licensing, LLC
    Inventors: Vladimir Lifliand, Avraham Michael Ben-Menahem
  • Patent number: 9118483
    Abstract: A communication system includes a first relay device connected to a first network accessible by any user, and a second relay device connected to a second network accessible by a specific user. The first relay device includes a first receiver, a first authentication information acquisition unit, and a first transmitter. The first receiver receives an electronic certificate from a terminal device of the specific user. The first authentication information acquisition unit acquires authentication information. The first transmitter transmits the authentication information to a service device connected to the first network, and transmits the electronic certificate to the second relay device. The second relay device includes a second receiver, a second authentication information acquisition unit, and a second transmitter. The second receiver receives the electronic certificate. The second authentication information acquisition unit acquires authentication information.
    Type: Grant
    Filed: November 8, 2013
    Date of Patent: August 25, 2015
    Assignee: FUJI XEROX CO., LTD.
    Inventor: Yukio Yamakawa
  • Patent number: 9106490
    Abstract: A system, method and communication device configuration for sharing multimedia content between network devices, such as UPnP or UPnP/DLNA devices and mobile communication devices, across different local networks or subnets. One possible system arrangement or architecture is based on the communication devices forming groups and then sharing UPnP control messages across the groups. The system arrangement supports enabling group member access to UPnP devices that are in other group devices or reachable via other group devices. By enabling devices to form groups across wide-area networks and distribute UPnP messages within the group members, the system effectively extends the range of a UPnP network. Devices include an overlay middleware and an xDLNA application to provide the functionality to form or join a device group and communicate multimedia content with other devices in the group as if the devices are within the same local network.
    Type: Grant
    Filed: January 9, 2008
    Date of Patent: August 11, 2015
    Assignee: Google Technology Holdings LLC
    Inventor: Narayanan Venkitaraman
  • Patent number: 9104431
    Abstract: Deploying a software image from a source data-processing system on target data-processing entities of a target data-processing system, the software image including memory blocks being individually accessible, with a predefined subset of the memory blocks defining a bootstrap module. The deploying includes downloading the bootstrap module onto a main one of the target data-processing entities from the source data-processing system, booting the main target data-processing entity from the bootstrap module thereby loading a streaming driver in the bootstrap module, and serving each request of accessing a selected memory block of the software image on the main data-processing entity by the streaming driver.
    Type: Grant
    Filed: January 14, 2013
    Date of Patent: August 11, 2015
    Assignee: International Business Machines Corporation
    Inventors: Jacques Fontignie, Claudio Marinelli, Bernardo Pastorelli, Luigi Pichetti
  • Patent number: 9107072
    Abstract: A method for execution by at least one server within a domain of a service provider. The method comprises receiving a first request from a communication device registered with the service provider. A response including a token is sent to the communication device. Then a second request is received, this one from an application server over a communication channel at least partly not within the domain of the service provider. The second request contains the token, which causes the at least one server to send a response to the application server, which response includes information about the communication device obtained based on the token. Use of the token facilitates customer access to data services and applications, while making the token anonymous safeguards the privacy of customer data.
    Type: Grant
    Filed: February 11, 2011
    Date of Patent: August 11, 2015
    Inventor: Alexander Hoi Wong
  • Patent number: 9106634
    Abstract: Authenticating a user to a first service to allow the user to access a resource provided by the first service. The resource is a protected resource requiring a general purpose credential (e.g. a user name and/or password) to access the resource. The method includes receiving at a second service, from the device, an ad-hoc credential. The ad-hoc credential is a credential that is particular to the device. The ad-hoc credential can be used to authenticate both the user and the device, but cannot be directly used to as authentication at the first service for the user to access the resource. The method further includes, at the second service, substituting the general purpose credential for the ad-hoc credential and forwarding the general purpose credential to the first service. As such the first service can provide the resource to the user at the device.
    Type: Grant
    Filed: January 2, 2013
    Date of Patent: August 11, 2015
    Assignee: Microsoft Technology Licensing, LLC
    Inventors: Meir Mendelovich, Ron Matchoro
  • Patent number: 9100366
    Abstract: A policy is established comprising a condition having a multiphase attribute of a multiphase transaction. Phase specific policies are established for each phase in which the multiphase attribute may become known. The multiphase transaction is evaluated according to the phase specific policies at each phase of the multiphase transaction in which the multiphase attribute may become known until a policy decision of the policy is determined.
    Type: Grant
    Filed: September 13, 2012
    Date of Patent: August 4, 2015
    Assignee: Cisco Technology, Inc.
    Inventors: Haiyan Luo, Hari Shankar, Daryl Odnert, Niranjan Koduri
  • Patent number: 9088546
    Abstract: Systems, methods and apparatuses of establishing an IPsec (Internet Protocol Security) VPN (Virtual Private Network) tunnel are disclosed. One method includes receiving, by a wireless mesh network access point, a user configuration, wherein the user configuration includes a type of traffic, determining an internal interface of the wireless mesh network access node based on the type of traffic, dynamically determining a local endpoint address for the IPsec VPN tunnel based on the selected internal interface, establishing the IPsec VPN tunnel through the selected internal interface of the wireless mesh network access node, and encapsulating non-IP packets of non-IP traffic within IP packets.
    Type: Grant
    Filed: October 15, 2014
    Date of Patent: July 21, 2015
    Assignee: ABB Inc.
    Inventors: Danu Tjahjono, Rafiq Shaikh, Wenge Ren
  • Patent number: 9075992
    Abstract: Systems (100) and methods (2100) for identifying, deterring and/or delaying malicious attacks being waged on a Computer Network (“CN”). The methods involve implementing a Mission Plan (“MP”) at a first Network Node (“NN”). MP (1900, 1902) specifies that: a first IDentity Parameter (“IDP”) for a second NN has numerous possible values associated therewith; and at least two possible values are to be used in communications to and from the second NN in different timeslots of a time frame (2020-2026). At the first NN, a value for the first IDP, which is contained in a received packet, is compared with the possible values specified in MP to determine if the value is a “correct” value for a current timeslot. If it is determined that the value is not “correct” for the current timeslot, then the first NN performs actions to identify, deter or delay a possible malicious attack on CN.
    Type: Grant
    Filed: May 1, 2012
    Date of Patent: July 7, 2015
    Assignee: Harris Corporation
    Inventors: Wayne B. Smith, Ellen K. Lin
  • Patent number: 9055031
    Abstract: A check in communication is received from an agent running inside a firewall via a permitted firewall communication channel. The check in communication is received via the permitted firewall communication channel without modifying a firewall configuration. The check in communication is responding to with an instruction to be performed by the agent running inside the firewall, where the response is via the permitted firewall communication channel.
    Type: Grant
    Filed: April 30, 2014
    Date of Patent: June 9, 2015
    Assignee: Okta, Inc.
    Inventors: Todd McKinnon, Kristoffer J. Grandy
  • Patent number: 9055107
    Abstract: The method of delegating authentication, within a chain of entities, relies upon a recording of at least a portion of a TLS handshake between a gateway device and user, in which the user needs access to a desired server. The method then relies upon re-verification of cryptographic evidence in the recorded portion of the TLS handshake, which is forwarded either (1) to the server to which access is desired, in which case the server re-verifies the recorded portion to confirm authentication, or, (2) to a third party entity, in which case the third party entity confirms authentication and provides credentials to the gateway server which then uses the credentials to authenticate to the server as the user.
    Type: Grant
    Filed: December 1, 2006
    Date of Patent: June 9, 2015
    Assignee: Microsoft Technology Licensing, LLC
    Inventors: Gennady Medvinsky, Nir Nice, Tomer Shiran, Alexander Teplitsky, Paul Leach, John Neystadt
  • Publication number: 20150150113
    Abstract: An isolation proxy server system separates a typical proxy server or reverse proxy server into two physical computing platforms. A first physical platform, a front end proxy server, receives requests from clients on an external network, but is unable to relay requests by originating corresponding requests on an internal network. A second physical platform, a back end proxy client, originates distinct work requests to the front end proxy server. The front end proxy server forward client requests to the back end proxy client in responses to the distinct work requests it receives from the back proxy client. The back end proxy client relays the client requests to a target server. Thus, the front end proxy server may not originate new requests to the server(s) in the protected zone, and the back end proxy client may not receive new requests from clients or from the front end proxy server.
    Type: Application
    Filed: November 25, 2013
    Publication date: May 28, 2015
    Applicant: Verizon Patent and Licensing Inc.
    Inventors: Terence A. Robb, William M. Lacey, William J. Wofford, IV, James R. Lehmpuhl
  • Patent number: 9043895
    Abstract: A system and method for providing a comprehensive security solution for databases through a reverse proxy, optionally featuring translating database queries across a plurality of different database platforms.
    Type: Grant
    Filed: August 1, 2011
    Date of Patent: May 26, 2015
    Assignee: GREEN SQL LTD.
    Inventors: David Maman, Yuli Stremovsky
  • Patent number: 9043589
    Abstract: One aspect of the invention is a method for providing restricted access to confidential services without impacting the security of a network. The method includes using a gateway to isolate one or more components providing confidential services from one or more other portions of an enterprise network. A first communication directed to a selected one of the one or more components may be received at the gateway. A determination may be made as to whether the first communication is user traffic or management traffic. The first communication may then be authenticated. If the first communication is user traffic, the first communication is forwarded to a component providing the confidential services. If the first communication is management traffic, the first communication is encrypted and forwarded to a component providing the confidential services. Additionally, components of the sub-network may be monitored to identify malicious changes.
    Type: Grant
    Filed: November 14, 2007
    Date of Patent: May 26, 2015
    Assignee: HEWLETT-PACKARD DEVELOPMENT COMPANY, L.P.
    Inventors: Robert R. Vail, Mary Jo Billings, Robert D. Bohrer, Robert D. Brooks, II, Mary M. Emmighausen, Howard M. Fannin, Edward R. Jaroch, Tonya L. Justice, Alan L. Kelkenberg, Scott R. Morris, William T. Parks, Jr., Hayes I. Saxon, William L. Weaver
  • Patent number: 9037844
    Abstract: An infrastructure for securely communicating with electronic meters is described, which enables secure communication between a utility and a meter located at a customer, over a communication link or connection such as via a network. This enables messages to be sent from the utility to the meter and vice versa in a secure manner. The network provides a communication medium for communicating via the C12.22 protocol for secure metering. A cryptographic backend is used to cryptographically process messages to be sent to the meter and to similarly cryptographically process messages sent from the meter. By providing appropriate cryptographic measures such as key management, confidentiality and authentication, the meter can only interpret and process messages from a legitimate utility and the utility can ensure that the messages it receives are from a legitimate meter and contain legitimate information.
    Type: Grant
    Filed: February 26, 2010
    Date of Patent: May 19, 2015
    Assignee: Itron, Inc.
    Inventors: Michael T. Garrison Stuber, Richard Eric Robinson
  • Patent number: 9038140
    Abstract: Described herein is a technology for facilitating the integration of a collaboration environment. In some implementations, an activity associated with a business object is accessed via a work center. A request to post the activity is sent to a collaboration application. The collaboration application then returns an activity identifier, and the user is redirected to the activity identifier.
    Type: Grant
    Filed: November 15, 2012
    Date of Patent: May 19, 2015
    Assignee: SAP SE
    Inventors: Weicheng Mao, Ziqiang Huang, Hua Wang, Xueyong Gong, Michael Rey
  • Publication number: 20150135302
    Abstract: This application relates generally to a system operating on network traffic between a network-based software as a service (SaaS) provider and a client. The system can be configured as a managed communications network proxy and take action on the network traffic based on predefined policies and rules.
    Type: Application
    Filed: November 12, 2014
    Publication date: May 14, 2015
    Applicant: ADALLOM, INC.
    Inventors: Aviram Cohen, Liran Moysi, Ami Luttwak, Roy Reznik, Greg Vishnepolsky
  • Publication number: 20150135301
    Abstract: The invention provides a method of and system for networked security, involving multiple clients and servers. Rather than relying on single server based authentication and/or single stream based data transmission, the invention breaks apart information before if leaves the User's computer so that intercepting any single electronic message does not provide the hacker with sufficient information to gain access. The invention splits the values (i.e. password, User name, card number for authorization; encrypted text for encryption, etc.) at the point of sender/external authorization client. These split values are encrypted with different keys and transmitted to multiple external authorization servers. The invention can be applied to any secure transmission, storage or authentication of data over a data network.
    Type: Application
    Filed: July 2, 2014
    Publication date: May 14, 2015
    Inventors: Traverse A. Davies, SR., Jordan Bruce MacLeod
  • Patent number: 9032502
    Abstract: A system and method for a distributed multi-processing security gateway establishes a host side session, selects a proxy network address for a server based on network information, and using the proxy network address to establish a server side session. The proxy network address is selected such that a same processing element is assigned to process data packets from the server side session and the host side session. The network information includes a security gateway network address and a host network address. By assigning processing elements in this manner, higher capable security gateways are provided.
    Type: Grant
    Filed: October 2, 2013
    Date of Patent: May 12, 2015
    Assignee: A10 Networks, Inc.
    Inventors: Lee Chen, Ronald Wai Lun Szeto
  • Publication number: 20150128245
    Abstract: Methods for managing an address on a switching device, managing an address on a network switch, and screening addresses in a cloud computing environment are provided. One embodiment is directed towards a computer-implemented method for managing an address on a switching device that is communicatively coupled to a plurality of virtual machines. The method includes accessing an address pool that includes an assigned address for each virtual machine from the plurality of virtual machines. The method includes determining, on the switching device, a used address for the virtual machine from the plurality of virtual machines. The method includes determining whether the used address is matching the assigned address for each virtual machine. The method also includes routing traffic from the virtual machine to a hypervisor in response to the used address matching the assigned address.
    Type: Application
    Filed: November 7, 2013
    Publication date: May 7, 2015
    Applicant: International Business Machines Corporation
    Inventors: Deanna L.Q. Brown, Susan F. Crowell, Jason A. Nikolai, Andrew T. Thorstensen
  • Patent number: 9025438
    Abstract: A system and method for communication failover is disclosed. The disclosed embodiments allow voice communications (both inbound and outbound) that are normally carried by VoIP to be automatically switched over to a PSTN in the event of a failure of the VoIP communication network.
    Type: Grant
    Filed: June 29, 2010
    Date of Patent: May 5, 2015
    Assignee: Century Link Intellectual Property LLC
    Inventors: Charles A. Palmer, Kevin Thomas Boland, Donald Eugene Lawver, Jeffrey Francis Smith, William Lyle Wiley
  • Patent number: 9027120
    Abstract: A network security system having a hierarchical configuration is provided. In one embodiment the present invention includes a plurality of subsystems, where each subsystem includes a plurality of distributed software agents configured to collect base security events from monitor devices, and a local manager module coupled to the plurality of distributed software agents to generate correlated events by correlating the base security events. Each subsystem can also include a filter coupled to the manager module to select which base security events are to be processed further. The selected base security events are passed to a global manager module coupled to the plurality of subsystems that generates global correlated events by correlating the base security events selected for further processing by each filter of each subsystem.
    Type: Grant
    Filed: October 10, 2003
    Date of Patent: May 5, 2015
    Assignee: Hewlett-Packard Development Company, L.P.
    Inventors: Kenny Tidwell, Christian Beedgen, Hugh S. Njemanze, Pravin S. Kothari
  • Patent number: 9027138
    Abstract: Novel solutions for detecting and/or treating malware on a subscriber's premise network. Such solutions can include, but are not limited to, tools and techniques that can detect, and/or enable the detection of, malware infections on individual subscriber devices within the subscriber's network. In a particular embodiment, for example, a premise gateway, or other device on the subscriber's premise network, is configured to analyze packets traveling through the premise gateway and, based on that analysis, identify one or more subscriber devices that are infected with malware.
    Type: Grant
    Filed: June 29, 2012
    Date of Patent: May 5, 2015
    Assignee: CenturyLink Intellectual Property LLC
    Inventors: Michael Glenn, Donald J. Smith, John Butala
  • Patent number: 9026788
    Abstract: In a centralized credential management system, website credentials are stored in a vault storage at a vault. The website credentials are encrypted based upon a key not available to the vault and are for authenticating a user to a third party website. Through a client, a user authenticates to the vault and retrieves the encrypted website credentials and parameters and code for properly injecting the credentials into a website authentication form. The website credentials are decrypted at the client and injected into the authentication form using the parameters and code.
    Type: Grant
    Filed: April 25, 2013
    Date of Patent: May 5, 2015
    Assignee: Symantec Corporation
    Inventors: Barry Ferg, Gary Krall, David M'Raihi, Nicolas Popp
  • Patent number: 9021573
    Abstract: A method and a system are disclosed that enable an address at the edge router to be used to establish a multi-pipe virtual private network (MVPN) connecting controllers to multiple web enabled end user devices (EUDs) inside a security protected local area network (LAN). The EUDs connect to a central server (CS) outside the LAN during configuration establishing registration and identity (ID) for each EUD. Once the EUDs establish connection from inside the LAN, the CS is enabled to communicate with the EUDs using the address and ID provided during registration. The CS then acts as a facilitator establishing secure VPN connection between controllers in the cloud and the EUDs inside the LAN. CS further acts as a pass through for those LANs that do not allow direct connections to controllers outside the LAN. The CS continues to monitor the health of the overall system once connectivity is established.
    Type: Grant
    Filed: November 15, 2012
    Date of Patent: April 28, 2015
    Assignee: Cradle Technologies
    Inventors: Ramachandran Natarajan, Suhas S. Patil
  • Patent number: 9021586
    Abstract: Apparatus and methods are provided that prevent cross-site request forgery at one or more web servers. A proxy dynamically monitors web server responses to client requests for content having a selected characteristic, adds a hidden token to content identified as having the selected characteristic prior to serving the content to a requesting client, and stores a copy of the hidden token for later verification that client request content sent to a web server is authentic. The proxy monitors client request content sent to the one or more web servers for a selected characteristic, and allows client request content having the selected characteristic to be processed by a web server application only if the client request content includes a token previously provided by the proxy and only if the token has a value matching a stored token value for the respective client.
    Type: Grant
    Filed: July 20, 2010
    Date of Patent: April 28, 2015
    Assignee: AT&T Intellectual Property I, L.P.
    Inventor: Robert Garskof
  • Patent number: 9021251
    Abstract: A communication network is operated by receiving traffic from a user device at a gateway device associated with a gateway service provider, which manages gateways to both secure and insecure networks. The gateway uses security policies to determine if traffic is destined to the secure or insecure network and applies appropriate policies which cause the traffic to be routed, dropped, or analyzed.
    Type: Grant
    Filed: November 2, 2009
    Date of Patent: April 28, 2015
    Assignee: AT&T Intellectual Property I, L.P.
    Inventors: Deepak Chawla, William R. Beckett, III
  • Patent number: 9021272
    Abstract: The present invention relates to key management in a secure microcontroller, and more particularly, to systems, devices and methods of automatically and transparently employing logic or physical address based keys that may also be transferred using dedicated buses. A cryptographic engine translates a logic address to at least one physical address, and processes a corresponding data word based on at least one target key. The target key is selected from a plurality of keys based on the logic or physical address. A universal memory controller stores each processed data word in the corresponding physical address within a memory. Each key is associated with a memory region within the memory, and therefore, the logic or physical address associated with a memory region may be used to automatically identify the corresponding target key. A dedicated secure link may be used to transport key request commands and the plurality of keys.
    Type: Grant
    Filed: August 28, 2012
    Date of Patent: April 28, 2015
    Assignee: Maxim Integrated Products, Inc.
    Inventors: Vincent Debout, Frank Lhermet, Yann Yves René Loisel, Grégory Rome, Christophe Tremlet
  • Patent number: 9021575
    Abstract: An agent on a device within a network receives a request to access a resource outside the network. A first encrypted connection is established between the device and the agent, and a second encrypted connection is established between the agent and the resource, to facilitate encrypted communication traffic between the device and the resource. The agent sends a policy request to a network appliance within the network, the request specifying the resource. The agent receives a policy response indicating that the resource is associated with one or more security policies of the network. Traffic passing between the device and the resource is selectively decrypted and inspected depending on the security policies.
    Type: Grant
    Filed: May 8, 2013
    Date of Patent: April 28, 2015
    Assignee: iboss, Inc.
    Inventor: Paul Michael Martini
  • Patent number: 9021090
    Abstract: The communications management systems manage access to a local area network or network content by external users, applications, and devices. The systems and methods are implemented on a network appliance to manage content within the network and facilitate content transmission through a firewall that separates the network from a larger networking environment, such as the World Wide Web.
    Type: Grant
    Filed: May 29, 2012
    Date of Patent: April 28, 2015
    Assignee: Seagate Technology LLC
    Inventors: James A. Savage, Tim Bucher