Packet Filtering Patents (Class 726/13)
  • Patent number: 11146449
    Abstract: System and techniques for network architecture for Internet-of-Things (IoT) device are described herein. An indication may be received from a pre-certified IoT blank device. Here, the indication includes a unique identifier and a request for configuration information. An application to send to the IoT device may be located using the unique identifier. The application may be sent to the IoT device. data from the IoT device corresponding to a sensor on the IoT device operated using the application may be received.
    Type: Grant
    Filed: March 30, 2016
    Date of Patent: October 12, 2021
    Assignee: Intel Corporation
    Inventors: Atif Hussein, Trina Ward, Patricia Robb
  • Patent number: 11138319
    Abstract: A computer system performs tracking of security context for confidential or untrusted values input from sources in an executing application to sinks in the executing application. The security context includes indications of sources and declassifier methods corresponding to the values and has been previously defined prior to the tracking. Prior to release of a selected confidential or untrusted value by a sink in the executing application, security context is fetched for the selected confidential or untrusted value. A selected declassifier method is caused to be used on the selected confidential or untrusted value prior to release of the selected confidential or untrusted value to the sink. The selected declassifier method obfuscates the selected confidential or untrusted value and is selected based on the security context for the selected confidential or untrusted value. The obfuscated confidential or untrusted value is caused to be released to the sink in the executing application.
    Type: Grant
    Filed: October 25, 2017
    Date of Patent: October 5, 2021
    Assignee: International Business Machines Corporation
    Inventors: Pietro Ferrara, Marco Pistoia, Omer Tripp, Petar Tsankov
  • Patent number: 11100274
    Abstract: A system and method are disclosed for providing an enhanced email client having interactive content capabilities. The system includes a recipient email server for receiving emails from a sender email server and for receiving dynamic interactive content from a third party content service provider when it is determined that the email includes capabilities for displaying interactive content. The method includes steps of sanitizing a received email at a user's computing system, checking the sanitized email to determine if it contains interactive content, and retrieving the interactive content in the sanitized email without requiring the user to click out to a separate window or browser instance.
    Type: Grant
    Filed: December 8, 2019
    Date of Patent: August 24, 2021
    Inventor: Justin Khoo
  • Patent number: 11089039
    Abstract: Systems and methods are described to predict spikes in requests for content on a computing network based on referrer field values of prior requests associated with spikes. Specifically, a traffic spike prediction service is disclosed that can analyze information regarding past requests on the computing network to detect a spike in requests to a content item, where a significant number of request within the spike include a common referrer field value. The traffic spike prediction service can then detect a request to a second content also including the common referrer field value, and predict that a spike is expected to occur with respect to the second content. The traffic spike prediction service can manage the expected spike by increasing an amount of computing resources available to service requests to the second content.
    Type: Grant
    Filed: December 9, 2019
    Date of Patent: August 10, 2021
    Assignee: Amazon Technologies, Inc.
    Inventor: Pratap Ramamurthy
  • Patent number: 11082501
    Abstract: The systems and methods described herein can enable the indirect transmission of session data between different domains. The system can pass the session data through a hashing function so that the data from a given domain remains private and secure to the specific domain. The system can generate clusters of associated domains for a given client device that the system can use to maintain a session between the client device and the domain.
    Type: Grant
    Filed: April 22, 2020
    Date of Patent: August 3, 2021
    Assignee: Google LLC
    Inventors: Gang Wang, Sagnik Nandy
  • Patent number: 11070465
    Abstract: A routing system for distributing multicast routing information for a multicast service includes a plurality of routers including a multicast source router and a plurality of multicast receiver routers, the plurality of routers providing a multicast service, wherein the routers are configured to exchange multicast information associated with the multicast service including identification of multicast sources and the multicast receivers.
    Type: Grant
    Filed: May 13, 2019
    Date of Patent: July 20, 2021
    Assignee: 128 Technology, Inc.
    Inventors: Hadriel S. Kaplan, Abilash Menon, Patrick Timmons, Michael Baj, Robert Penfield, Patrick MeLampy
  • Patent number: 11057348
    Abstract: A method for data center network segmentation is provided. The data center network segmentation is for a hybrid environment including physical servers and appliances as well as virtual servers and appliances. The data center network segmentation uses software-defined networking (SDN) technology of physical SDN-ready servers/appliances and virtual SDN-ready servers/appliances. The method includes centralizing the management of network security policies for physical and virtual firewalls. The method includes using SDN to direct network traffic between physical servers through physical firewalls, and to direct network traffic between virtual servers through virtual firewalls. The method further includes using the SDN to direct network traffic from physical servers to virtual servers through physical firewalls, and to direct network traffic from virtual servers to physical servers through virtual firewalls.
    Type: Grant
    Filed: August 22, 2019
    Date of Patent: July 6, 2021
    Assignee: Saudi Arabian Oil Company
    Inventor: Abdallah M Baabdallah
  • Patent number: 11050771
    Abstract: To detect a communication by a predetermined type of software, which disguises normal communication, an information processing apparatus includes: a communication data acquiring unit 21 configured to acquire communication data generated by a terminal connected to a network; a distribution calculating unit 24 configured to calculate distribution of attribute information of a plurality of communications with a same communication destination, based on the acquired communication data; and an estimating unit 25 configured to estimate whether a detected communication is a communication by a predetermined type of software by determining whether the calculated distribution satisfies a predetermined criterion.
    Type: Grant
    Filed: October 16, 2018
    Date of Patent: June 29, 2021
    Assignee: PFU LIMITED
    Inventors: Seigo Terada, Keiji Michine, Takashi Kobayashi
  • Patent number: 11032311
    Abstract: Methods, non-transitory computer readable media, attack mitigation apparatuses, and network security systems that maintain an application context model for a protected application based on ingested logs. The application context model includes a map of network infrastructure associated with the protected application. Using the application context model, potential attack(s) against the protected application are identified and possible mitigation action(s) to take in response to one or more of the identified potential attack(s) are scored. A stored policy is executed to evaluate the possible mitigation action(s) based on the scoring. One or more of the possible mitigation action(s) are initiated on the identified potential attack(s) based on the evaluation. With this technology, malicious network activity can be more effectively and quickly detected and mitigated resulting in improved network security.
    Type: Grant
    Filed: December 11, 2018
    Date of Patent: June 8, 2021
    Assignee: F5 NETWORKS, INC.
    Inventors: Sebastian Michael Convertino, Judge Kennedy Singh Arora
  • Patent number: 11025667
    Abstract: Disclosed are a system, method, and computer readable storage medium having instructions for applying a plurality of interconnected filters to protect a computing device from a DDoS attack. The method includes, responsive to detecting the computing device is subject to the DDoS attack, intercepting data from a network node to the computing device, determining data transmission parameters, assigning an initial danger rating to the network node, identifying a subset of the plurality of the interconnected filters which are concurrently triggered, changing the danger rating of the network node based on an application of the subset of the plurality of interconnected filters that are triggered and the data transmission parameters, and responsive to determining that the danger rating of the network node exceeds a threshold value, limiting a transmittal of data from the network node to the computing device by limiting channel capacity between the network node and the computing device.
    Type: Grant
    Filed: May 22, 2020
    Date of Patent: June 1, 2021
    Assignee: AO Kaspersky Lab
    Inventors: Nikolay V. Gudov, Alexander A. Khalimonenko, Denis E. Koreshkov
  • Patent number: 11025590
    Abstract: A network security system implements connectivity policies of a network environment. The network security system may use a network topology mapping to implement connectivity policies, where the network topology mapping includes sets of security zones, security devices, and zone paths between the security zones via the one or more security devices. The network security system can generate a universal representation of a connectivity policy for the network environment using a universal syntax. Using the network topology mapping, the network security system can identify zone paths between the security zones for implementing the connectivity policy. The network security system can configure security devices along the zone paths in accordance with the connectivity policies. Configuring security devices may include converting some or all of the universal representation of the connectivity policy into a device-specific representation in a native syntax of the security device.
    Type: Grant
    Filed: August 19, 2020
    Date of Patent: June 1, 2021
    Assignee: Goldman Sachs & Co. LLC
    Inventors: Daniel Boris Kovenat, Dheepak Ramanujam, Michael Joel O'Connor
  • Patent number: 11024144
    Abstract: Some embodiments provide a method for a first network slice selector that selects network slices for connections from endpoint devices located within a first geographic range. The method selects a network slice for a connection between a mobile endpoint device and a network domain that originates when the mobile endpoint device is located within the first geographic range. The method stores state that maps the connection to the selected network slice. The method forwards data traffic belonging to the connection from the mobile endpoint device onto the selected network slice using the stored state. After the mobile endpoint device moves from the first geographic range to a second geographic range, the method receives data traffic belonging to the connection from a second network slice selector that selects network slices for connections from endpoint devices within the second geographic range and forwards said received data traffic onto the selected network slice.
    Type: Grant
    Filed: June 17, 2019
    Date of Patent: June 1, 2021
    Assignee: VMWARE, INC.
    Inventors: Marc-Andre Bordeleau, Raja Kommula, Jeremy Tidemann, Constantine Polychronopoulos, Edward Choh, Ojas Gupta, Georgios Oikonomou, Robert Kidd
  • Patent number: 11016702
    Abstract: A managing unit included in a distributed storage network (DSN) receives an event representation request, and identifies event record entries based on that request. The event record entries include information associating reporting entities with the event record entries. The management unit obtains the event record entries from the reporting entities; at least one event record entry is obtained from a first reporting entity, and at least another event record entry is obtained from a second reporting entity. In response to receiving the event representation request, the management unit generates a representation of the event record entries, and outputs the representation to a requesting entity.
    Type: Grant
    Filed: October 1, 2018
    Date of Patent: May 25, 2021
    Assignee: PURE STORAGE, INC.
    Inventors: Greg R. Dhuse, Yogesh R. Vedpathak
  • Patent number: 10992642
    Abstract: Methods and systems are disclosed for document isolation. A host computer system may be configured to implement document isolation via one or more of a host-based firewall, an internet isolation firewall, and/or a segregation of a trusted memory space and an untrusted memory space. The host computer system may be configured to access one or more files using a first set of one or more applications and/or processes operating within the trusted memory space and/or a second set of one or more applications and/or processes operating within an untrusted memory space. The host computer system may be configured to open (e.g., always open) the one or more accessed files in the trusted memory space of the host computer system.
    Type: Grant
    Filed: September 21, 2018
    Date of Patent: April 27, 2021
    Assignee: L3 Technologies, Inc.
    Inventors: Glenn Coleman, Peter Martz, Kenneth Moritz
  • Patent number: 10990599
    Abstract: A system and method for applying extended regular expressions against arbitrary data objects, wherein a state machine maintains an internal state model for the system, an object analysis server receives data objects from a data source, and the object analysis server analyzes the structure and contents of the objects, compares them against received search pattern, and directs the state machine to update the state model based on either or both of the analysis and comparison operations.
    Type: Grant
    Filed: December 10, 2018
    Date of Patent: April 27, 2021
    Assignee: ARIA SOLUTIONS, INC.
    Inventor: Paul Peloski
  • Patent number: 10986190
    Abstract: An information processing device (20) performs a session timer updating process of restoring the remaining time of a session timer to N seconds whenever a packet is received from a client (10). The information processing device (20) does not perform the session timer updating process even when a packet is received from the client (10) until a session timer update stop time (?) elapses after the session timer was last updated. The information processing device (20) resumes the session timer updating process after the session timer update stop time (?) has elapsed after the session timer was last updated.
    Type: Grant
    Filed: March 25, 2019
    Date of Patent: April 20, 2021
    Assignee: NIPPON TELEGRAPH AND TELEPHONE CORPORATION
    Inventor: Muneyuki Kawatani
  • Patent number: 10972509
    Abstract: In particular embodiments, a data processing data inventory generation system is configured to: (1) generate a data model (e.g., a data inventory) for one or more data assets utilized by a particular organization; (2) generate a respective data inventory for each of the one or more data assets; and (3) map one or more relationships between one or more aspects of the data inventory, the one or more data assets, etc. within the data model. In particular embodiments, a data asset (e.g., data system, software application, etc.) may include, for example, any entity that collects, processes, contains, and/or transfers personal data (e.g., such as a software application, “internet of things” computerized device, database, website, data-center, server, etc.). The system may be configured to identify particular data assets and/or personal data in data repositories using any suitable intelligent identity scanning technique.
    Type: Grant
    Filed: September 28, 2020
    Date of Patent: April 6, 2021
    Assignee: OneTrust, LLC
    Inventors: Kabir A. Barday, Mihir S. Karanjkar, Steven W. Finch, Ken A. Browne, Nathan W. Heard, Aakash H. Patel, Jason L. Sabourin, Richard L. Daniel, Dylan D. Patton-Kuhl, Jonathan Blake Brannon
  • Patent number: 10972915
    Abstract: Methods, systems, and computer readable media may be operable to wireless hotspot activity of one or more access points supporting multiple radios. A DHCP relay agent may receive a DHCP request from a device seeking to join a hotspot service provided through a gateway. If the number of currently connected devices is less than the maximum connected device limit, then the agent may increase the number of currently connected devices by one, and relay the encapsulated DHCP request over a GRE tunnel. If the number of connected devices already meets or exceeds the allowed limit, then the DHCP relay agent may instruct the gateway or its access point to disconnect the new device.
    Type: Grant
    Filed: September 18, 2017
    Date of Patent: April 6, 2021
    Assignee: ARRIS ENTERPRISES LLC
    Inventor: Wen Ji Zhao
  • Patent number: 10972434
    Abstract: A security gateway security gateway provisions a web browser hosted on a user device with a proxy auto-configuration file configured to automatically redirect the web browser to the security gateway as a proxy server for clientless virtual private network (VPN) operation when the web browser browses any uniform resource locator including a particular domain name that encompasses a private network. Upon receiving from the web browser over a public network a request to access a private resource on the private network, the security gateway establishes a secure public connection to the web browser, establishes a private connection to the private resource, and associate the private connection with the secure public connection to form a clientless VPN connection between the web browser and the private resource. The security gateway forwards content between the private resource and the web browser over the clientless VPN connection without performing any content rewrite operations.
    Type: Grant
    Filed: September 7, 2018
    Date of Patent: April 6, 2021
    Assignee: CISCO TECHNOLOGY, INC.
    Inventors: Piotr Jerzy Kupisiewicz, Frederic Detienne
  • Patent number: 10944722
    Abstract: A novel method for managing firewall configuration of a software defined data center is provided. Such a firewall configuration is divided into multiple sections that each contains a set of firewall rules. Each tenant of the software defined data center has a corresponding set of sections in the firewall configuration. The method allows each tenant to independently access and update/manage its own corresponding set of sections. Multiple tenants or users are allowed to make changes to the firewall configuration simultaneously.
    Type: Grant
    Filed: June 29, 2016
    Date of Patent: March 9, 2021
    Assignee: NICIRA, INC.
    Inventors: Radha Popuri, Shadab Shah, James Joseph Stabile, Sameer Kurkure, Kaushal Bansal
  • Patent number: 10944721
    Abstract: Enterprise users' mobile devices typically access the Internet without being protected by the enterprise's network security policy, which exposes the enterprise network to Internet-mediated attack by malicious actors. This is because the conventional approach to protecting the mobile devices and associated enterprise network is to tunnel all of the devices' Internet communications to the enterprise network, which is very inefficient since typically only a very small percentage of Internet communications originating from an enterprise's mobile devices are communicating with Internet hosts that are associated with threats. In the present disclosure, the mobile device efficiently identifies which communications are associated with Internet threats, and tunnels only such identified traffic to the enterprise network, where actions may be taken to protect the enterprise network.
    Type: Grant
    Filed: June 10, 2020
    Date of Patent: March 9, 2021
    Assignee: Centripetal Networks, Inc.
    Inventors: Sean Moore, Peter P. Geremia
  • Patent number: 10944744
    Abstract: Methods, devices and apparatus for verifying a terminal device are provided. In one aspect, a method includes: recording a correspondence between a source IP address of an authentication message and an MAC address of the terminal device in a first whitelist after successful authentication is performed for the terminal device based on the authentication message, where the authentication message carries an MAC address of the terminal device; querying the first whitelist based on a source IP address of a data packet when the data packet from the terminal device is monitored; confirming the terminal device is successfully authenticated if the source IP address hits the first whitelist.
    Type: Grant
    Filed: August 10, 2018
    Date of Patent: March 9, 2021
    Assignee: HANGZHOU DPTECH TECHNOLOGIES CO., LTD.
    Inventor: Futao Wang
  • Patent number: 10939380
    Abstract: An information handling system operating a low power communications engine comprising a wireless adapter for communicating on a low power communication technology network for receiving low power communication technology data traffic for at least one always-on remote management service for the information handling system, a controller receiving a location status of the information handling system via the low power communication technology network indicating a location or network, where the controller executes code instructions for a low power communications engine to assess a location trust level from an environment characteristics analysis engine to determine whether the location status is a trusted zone location or an untrusted zone location utilizing binary classification machine learning based on input variables including data relating to history of activity at the location or on the network learned by the environment characteristics analysis engine from reported operational or network activity, and the co
    Type: Grant
    Filed: October 31, 2018
    Date of Patent: March 2, 2021
    Assignee: Dell Products, LP
    Inventors: Sinem Gulbay, Carlton A. Andrews
  • Patent number: 10938689
    Abstract: In general, certain embodiments of the present disclosure provide techniques or mechanisms for automatically filtering network messages in an aviation network for an aircraft based on a current system context. According to various embodiments, a method is provided comprising receiving a network message transmitted from a source avionic device to a destination avionic device via one or more network packets within the aviation network. A current system context, indicating an aggregate status of avionic devices within the aviation network, is determined based on monitoring the avionic devices. The network message is analyzed by identifying a plurality of attributes corresponding to header and data fields of the one or more network packets corresponding to the network message. The acceptability of the network message within the current system context is determined based on one or more filter rules that specify what attributes are allowed within a particular system context.
    Type: Grant
    Filed: August 3, 2018
    Date of Patent: March 2, 2021
    Assignee: The Boeing Company
    Inventors: John E. Bush, Steven L. Arnold, Arun Ayyagari
  • Patent number: 10931692
    Abstract: In one embodiment, a device in a network receives information regarding a network anomaly detected by an anomaly detector deployed in the network. The device identifies the detected network anomaly as a false positive based on the information regarding the network anomaly. The device generates an output filter for the anomaly detector, in response to identifying the detected network anomaly as a false positive. The output filter is configured to filter an output of the anomaly detector associated with the false positive. The device causes the generated output filter to be installed at the anomaly detector.
    Type: Grant
    Filed: January 20, 2016
    Date of Patent: February 23, 2021
    Assignee: Cisco Technology, Inc.
    Inventors: Javier Cruz Mota, Jean-Philippe Vasseur, Grégory Mermoud, Andrea Di Pietro
  • Patent number: 10902111
    Abstract: Methods, media, and systems for detecting attack are provided. In some embodiments, the methods include: comparing at least part of a document to a static detection model; determining whether attacking code is included in the document based on the comparison of the document to the static detection model; executing at least part of the document; determining whether attacking code is included in the document based on the execution of the at least part of the document; and if attacking code is determined to be included in the document based on at least one of the comparison of the document to the static detection model and the execution of the at least part of the document, reporting the presence of an attack.
    Type: Grant
    Filed: December 11, 2018
    Date of Patent: January 26, 2021
    Assignee: The Trustees of Columbia University in the City of New York
    Inventors: Salvatore J. Stolfo, Wei-Jen Li, Angelos D. Keromytis, Elli Androulaki
  • Patent number: 10887341
    Abstract: A method and system for protecting cloud-hosted applications against application-layer slow distributed denial-of-service (DDoS) attacks. The comprising collecting telemetries from a plurality of sources deployed in at least one cloud computing platform hosting a protected cloud-hosted application; providing a set of rate-based and rate-invariant features based on the collected telemetries; evaluating each feature in the set of rate-based and rate-invariant features to determine whether a behavior of each feature and a behavior of the set of rate-based and rate-invariant features indicate a potential application-layer slow DDoS attack; and causing execution of a mitigation action, when an indication of a potential application-layer slow DDoS attack is determined.
    Type: Grant
    Filed: July 24, 2017
    Date of Patent: January 5, 2021
    Assignee: Radware, Ltd.
    Inventors: Ehud Doron, Nir Ilani, David Aviv, Yotam Ben Ezra, Amit Bismut, Yuriy Arbitman
  • Patent number: 10877950
    Abstract: A method of requesting a search query to be displayed in a web browser. The method includes receiving search terms and slash operators and generating results based on the search terms and slash operators.
    Type: Grant
    Filed: December 16, 2011
    Date of Patent: December 29, 2020
    Assignee: INTERNATIONAL BUSINESS MACHINES CORPORATION
    Inventors: Gregory B. Lindahl, Bryn Robert Dole, Michael Markson, Keith Peters, Robert Michael Saliba, Rich Skrenta, Robert N. Truel
  • Patent number: 10872153
    Abstract: A secure terminal configured to support a trusted execution environment that utilizes policy enforcement to filter and authorize transmissions received from a host device and destined for a remote device. Upon receiving a transmission from the host device, the secure terminal verifies that the instruction, message, or request contained within the transmission satisfy parameters set by a policy. If the transmission satisfies the parameters, then the secure terminal signs the transmission with a key unique to the trusted platform module associated with the secure terminal and forwards the signed transmission to the remote device. If the transmission fails one or more parameters within the policy, a message that details the instruction or operation contained within the transmission is exposed to a user at an output device, in which the user can authorize or reject the transmission using an input device.
    Type: Grant
    Filed: April 20, 2018
    Date of Patent: December 22, 2020
    Assignee: Microsoft Technology Licensing, LLC
    Inventors: David Garfield Thaler, III, Brian Clifford Telfer, Stefan Thom, Torsten Stein, Robert Solomon, Christopher Glenn Kaler
  • Patent number: 10862850
    Abstract: Example methods and systems are provided for network-address-to-identifier translation in a virtualized computing environment. The method may comprise: based on traffic flow information associated with a first network address and a second network address, determining that the first network address is associated with a first identifier that identifies the first virtualized computing instance. The method may also comprise: obtaining network topology information specifying how the first virtualized computing instance is connected to the second virtualized computing instance via one or more logical forwarding elements; and based on the network topology information, determining that the second network address is associated with a second identifier that identifies the second virtualized computing instance.
    Type: Grant
    Filed: June 15, 2017
    Date of Patent: December 8, 2020
    Assignee: NICIRA, INC.
    Inventor: Kaushal Bansal
  • Patent number: 10855709
    Abstract: A tracing mechanism is provided for analyzing session-based attacks. An exemplary method comprises: detecting a potential attack associated with a session from a potential attacker based on predefined anomaly detection criteria; adding a tracing flag identifier to a response packet; sending a notification to a cloud provider of the potential attack, wherein the notification comprises the tracing flag identifier; and sending the response packet to the potential attacker, wherein, in response to receiving the response packet with the tracing flag identifier, the cloud provider: determines a source of the potential attack based on a destination of the response packet; forwards the response packet to the potential attacker based on the destination of the response packet; and monitors the determined source to evaluate the potential attack. The response packet is optionally delayed by a predefined time duration and/or until the cloud provider has acknowledged receipt of the notification.
    Type: Grant
    Filed: July 19, 2018
    Date of Patent: December 1, 2020
    Assignee: EMC IP Holding Company LLC
    Inventors: Kfir Wolfson, Jehuda Shemer, Aviram Fireberger, Amos Zamir, Oron Golan
  • Patent number: 10855674
    Abstract: Methods, systems, and apparatus, including computer programs encoded on a computer-readable storage medium, for pre-boot network-based authentication. In some implementations, a computing device enters a UEFI environment upon powering on the computing device. While in the UEFI environment, the computing device restricts booting of an operating system of the computing device, accesses a signed certificate corresponding to a particular user, sends a verification request to a server system over a communication network, and receives a verification response from the server system over the communication network. In response to receiving the verification response, the computing device (i) enables the operating system to boot and (ii) verifies the identity of the particular user to the operating system such that the operating system logs in the particular user without requiring further proof of identity for the particular user.
    Type: Grant
    Filed: May 10, 2018
    Date of Patent: December 1, 2020
    Assignee: MicroStrategy Incorporated
    Inventors: Darrell Geusz, Michael W. Morrow, Loic Fabro
  • Patent number: 10841309
    Abstract: To improve the access control in regard to safety and protection of network operation and network data when controlling accesses to networks based on IT systems including embedded systems or distributed systems, it is proposed that observation and evaluation (detection) of the communication in a network (performance of a network communication protocol collation of the observed protocol with a multiplicity of reference protocols, preferably stored in a list, that are usually used in operation- and/or safety-critical networks) be used to independently identify whether an uncritical or critical network is involved in the course of a network access, in particular the setup of a network connectivity, to at least one from at least one network that is uncritical in regard to operation and/or safety, in particular referred to as a standard network, and at least one network that is critical in regard to operation and/or safety.
    Type: Grant
    Filed: March 23, 2018
    Date of Patent: November 17, 2020
    Assignee: SIEMENS AKTIENGESELLSCHAFT
    Inventor: Rainer Falk
  • Patent number: 10834052
    Abstract: A monitoring method implemented by an access point for a network that can maintain an address association table is described. The method can include selecting at least two entries in the address association table, storing at least one predetermined characteristic obtained over a predefined period of time for each inflow and each outflow associated with the selected entries, and comparing, for at least one pair of selected entries, at least one stored characteristic for an inflow associated with one of the entries of the pair with the at least one corresponding stored characteristic for an outflow associated with the other entry of the pair. If, for at least one pair of entries, the comparison step indicates that an inflow associated with one of the entries of the pair transports an application content of the same nature as an outflow associated with the other entry of the pair, a risk of fraud can be detected.
    Type: Grant
    Filed: December 13, 2017
    Date of Patent: November 10, 2020
    Assignee: ORANGE
    Inventors: Bertrand Bouvet, Stéphane Boizard
  • Patent number: 10833703
    Abstract: A DMA (Direct Memory Access) transfer apparatus acquires information including a transfer source address and a transfer destination address based on a received transfer instruction, selects whether to perform first checksum calculation for data from an area of a memory corresponding to the transfer source address or perform second checksum calculation different from the first checksum calculation, and transfers data obtained via the checksum calculation selected in the selecting to an area of the memory corresponding to the transfer destination address.
    Type: Grant
    Filed: December 7, 2018
    Date of Patent: November 10, 2020
    Assignee: CANON KABUSHIKI KAISHA
    Inventors: Daisuke Horio, Koji Churei
  • Patent number: 10826929
    Abstract: Embodiments of the invention are directed to systems, methods, and computer program products for vulnerability assessment and hash generation for exterior data deployment. In this way, the system utilizes a vulnerability assessment to generate a permit to send approval for dissemination of data, files, or the like outside of the entity via an electronic communication. The vulnerability assessment determines a permit to send status for the communication. The system may then generate a hash for the communication and embed the hash within the data of the communication. Upon sending, the entity will only permit communications with a known hash embedded therein from being transmitted outside of the internal entity network.
    Type: Grant
    Filed: December 1, 2017
    Date of Patent: November 3, 2020
    Assignee: BANK OF AMERICA CORPORATION
    Inventors: William R. Overhultz, Jr., Michael Jacob Richardson
  • Patent number: 10812348
    Abstract: Methods and systems are provided for automatically capturing network data for a detected anomaly. In some examples, a network node establishes a baseline usage by applying at least one baselining rule to network traffic to generate baseline statistics, detects an anomaly usage by applying at least one anomaly rule to network traffic and generating an anomaly event, and captures network data according to an anomaly event by triggering at least one capturing rule to be applied to network traffic when an associated anomaly event is generated.
    Type: Grant
    Filed: July 15, 2016
    Date of Patent: October 20, 2020
    Assignee: A10 Networks, Inc.
    Inventors: Rajkumar Jalan, Ronald Wai Lun Szeto, Rishi Sampat, Julia Lin
  • Patent number: 10798059
    Abstract: A disclosed method may include (1) receiving a packet at a tunnel driver in kernel space on a routing engine of a network device, (2) identifying, at the tunnel driver, metadata of the packet that indicates whether at least one firewall filter had already been correctly applied to the packet before the packet arrived at the tunnel driver, (3) determining, based at least in part on the metadata of the packet, that the firewall filter had not been correctly applied to the packet before the packet arrived at the tunnel driver, and then in response to determining that the firewall filter had not been correctly applied to the packet, (4) invoking at least one firewall filter hook that applies at least one firewall rule on the packet before the packet is allowed to exit kernel space on the routing engine. Various other apparatuses systems, and methods are also disclosed.
    Type: Grant
    Filed: October 6, 2017
    Date of Patent: October 6, 2020
    Assignee: Juniper Networks, Inc
    Inventors: Prashant Singh, Sreekanth Rupavatharam, Hariprasad Shanmugam, Erin MacNeil
  • Patent number: 10788879
    Abstract: A wireless mobile device (“UE”) operating in a battery-conserving low-power state processes incoming signaling or data in a received message to determine whether to act further on information in the message by enabling additional processing capability in the UE. A server may generate awaken information derived from a stored secret value that only the UE device and a server that manages the UE can obtain. The awaken information may also be based on a shared value shared between the server and the UE. The UE may separately derive the awaken information and may exit a low power state when awaken information received from the server in an awaken message in a first protocol matches the separately derived awaken information. The server may transmit a fall-back second awaken message in a different protocol than the first protocol if no confirmation is received that the UE received the first awaken message.
    Type: Grant
    Filed: July 4, 2018
    Date of Patent: September 29, 2020
    Assignee: M2 MD Technologies Inc.
    Inventor: Charles M. Link, II
  • Patent number: 10791150
    Abstract: In particular embodiments, a data processing data inventory generation system is configured to: (1) generate a data model (e.g., a data inventory) for one or more data assets utilized by a particular organization; (2) generate a respective data inventory for each of the one or more data assets; and (3) map one or more relationships between one or more aspects of the data inventory, the one or more data assets, etc. within the data model. In particular embodiments, a data asset (e.g., data system, software application, etc.) may include, for example, any entity that collects, processes, contains, and/or transfers personal data (e.g., such as a software application, “internet of things” computerized device, database, website, data-center, server, etc.). The system may be configured to identify particular data assets and/or personal data in data repositories using any suitable intelligent identity scanning technique.
    Type: Grant
    Filed: February 24, 2020
    Date of Patent: September 29, 2020
    Assignee: OneTrust, LLC
    Inventors: Kabir A. Barday, Mihir S. Karanjkar, Steven W. Finch, Ken A. Browne, Nathan W. Heard, Aakash H. Patel, Jason L. Sabourin, Richard L. Daniel, Dylan D. Patton-Kuhl, Jonathan Blake Brannon
  • Patent number: 10785130
    Abstract: Example embodiments disclosed herein relate to implementing pre-filter rules at a network infrastructure device. In one example, the network infrastructure device receives a packet flow including a first pre-filter tag including information from implementation of a first subset of a set of pre-filter rules. In the example, the network infrastructure device includes logic to implement a second subset of the pre-filter rules. The second subset of pre-filter rules are different from the first subset of pre-filter rules. The second subset of pre-filter rules are implemented on the packet flow to yield a pre-filter result.
    Type: Grant
    Filed: April 23, 2015
    Date of Patent: September 22, 2020
    Assignee: Hewlett Packard Enterprise Development LP
    Inventors: Joseph A. Curcio, Bruce E. LaVigne, Wei Lu
  • Patent number: 10778802
    Abstract: Methods, computer program products, and systems are presented. The method computer program products, and systems can include, for instance: generating a first mobile device fingerprint of a mobile device and associating the first mobile device fingerprint to an identifier, and generating a second mobile device fingerprint of the mobile device and associating the second mobile device fingerprint to a MAC address of a mobile device. The methods, computer program products, and systems can include, for instance: receiving a first mobile device fingerprint of a mobile device and an identifier associated to the first mobile device fingerprint; receiving a second mobile device fingerprint of the mobile device and a MAC address associated to the second mobile device fingerprint; and associating received data received from the mobile device to the identifier.
    Type: Grant
    Filed: August 30, 2018
    Date of Patent: September 15, 2020
    Assignee: HCL Technologies Limited
    Inventors: Michael R. Billau, John K. Gerken, III, Jeremy A. Greenberger, Ciaran E. Hannigan
  • Patent number: 10764946
    Abstract: Techniques are described of forming a mesh network for wireless communication. One method includes broadcasting, from a first node connected to a core network, a beacon signal, receiving a connection establishment request from a second node in response to the broadcasted beacon signal; determining a radio resource availability associated with a plurality of radios of the first node based on the connection establishment request, and establishing a connection with the second node using a radio of the plurality of radios based on the radio resource availability. In some cases, the radio resource availability may include a number of active connections associated with one or more radios of the plurality of radios of the first node.
    Type: Grant
    Filed: May 9, 2017
    Date of Patent: September 1, 2020
    Assignee: Vivint Wireless, Inc.
    Inventors: Bjorn Ulf Anders Sihlbom, Michael John Hart, Stephen John Haynes, Jason Hruban, Andreas Wolfgang
  • Patent number: 10743390
    Abstract: The present invention is related to verifying an installed lighting system (300), in particular an Ethernet-based lighting system (300), without it being necessary to employ a designated lighting controller and without it being necessary to completely commission the installed lighting system (300). According to an aspect of the invention, this is achieved by providing a network switch (200) that comprises a plurality of ports for coupling luminaires (312A, 312B, 312C, 312D) and sensors and/or actuators (314A, 314B) of the lighting system (300) to the network switch (200); and by setting the network switch (200) such that a signal received at a first port (e.g. port 4) of the plurality of ports is only forwarded to pre-selected ports (e.g. ports 2,3,5,6 and 7) of the plurality of ports.
    Type: Grant
    Filed: August 20, 2019
    Date of Patent: August 11, 2020
    Assignee: SIGNIFY HOLDING B.V.
    Inventors: Xiangyu Wang, Emmanuel David Lucas Michael Frimout, Aloys Hubbers
  • Patent number: 10735378
    Abstract: Embodiments relate to systems, computer readable media, devices, and computer-implemented methods for providing improved network security by receiving a network packet, applying a filter rule in a first instance of a distributed reputation database to the network packet, determining, using a network interface card with a field programmable gate array, to drop or modify the network packet based on the applying, and transmitting reputation data to a security control center that includes a second instance of the distributed reputation database, where the reputation data includes information corresponding to the network packet that was dropped or modified.
    Type: Grant
    Filed: June 15, 2017
    Date of Patent: August 4, 2020
    Assignee: VERISIGN, INC.
    Inventors: John Bosco, Kenneth Ryan, Dow Summers
  • Patent number: 10735453
    Abstract: Implementations disclosed herein provide a managed security service that distributes processing tasks among a number of network security modules working in parallel to process component portions of a replayed network traffic stream. If a network security module detects a potential security threat, the network security module may generate a delivery request specifying other information potentially useful in further investigation of the potential security threat. The delivery request is communicated to a plurality of other processing entities, such as the other network security modules, and any processing entity currently receiving the requested information may respond to the delivery request. Once a source of the requested information is determined, the requested information is routed to the origin of the request.
    Type: Grant
    Filed: March 1, 2019
    Date of Patent: August 4, 2020
    Assignee: Verizon Patent and Licensing Inc.
    Inventors: Eugene B. Stevens, IV, Eric J. Stevens, Benjamin E. Kornmeier, Joshua J. Hollander, Antonis Papadogiannakis
  • Patent number: 10723587
    Abstract: An elevator system stores, in a server, information on an elevator installed in a building that is communicably connected to a data center in which the server is installed, the building and the data center being communicable independently via a first network and a second network, respectively, wherein the building includes: an information collection device configured to collect information on the elevator; a sorting device configured to determine which of the first network and the second network is to be used as a transmission path via which the information on the elevator collected by the information collection device is to be transmitted to the data center; and a communication device configured to transmit the information on the elevator collected by the information collection device to the data center via the transmission path determined by the sorting device.
    Type: Grant
    Filed: March 14, 2016
    Date of Patent: July 28, 2020
    Assignee: Mitsubishi Electric Corporation
    Inventor: Tomohiro Hattori
  • Patent number: 10715466
    Abstract: According to one aspect, a system for locating application-specific data that includes a server, a broker, and an agent. An operator may define a command using the server, and this command may be sent to the broker. The broker may then send the command to the agent operating on an end-point system. The agent may then conduct an application-specific data search on the end-point system in respect of the user command. Search results may then be sent to the broker. The broker may then sent the search results to the server.
    Type: Grant
    Filed: September 20, 2018
    Date of Patent: July 14, 2020
    Assignee: MAGNET FORENSICS INC.
    Inventors: Nicholas Bruce Alexander Cosentino, Tayfun Uzun
  • Patent number: 10701036
    Abstract: A method for containing a threat in network environment using dynamic firewall policies is provided. In one example embodiment, the method can include detecting a threat originating from a first node having a source address in a network, applying a local firewall policy to block connections with the source address, and broadcasting an alert to a second node in the network. In more particular embodiments, an alert may be sent to a network administrator identifying the source address and providing remedial information. In yet other particular embodiments, the method may also include applying a remote firewall policy to the first node blocking outgoing connections from the first node.
    Type: Grant
    Filed: June 27, 2016
    Date of Patent: June 30, 2020
    Assignee: McAfee, LLC
    Inventors: Manabendra Paul, Praveen Ravichandran Sudharma
  • Patent number: 10691795
    Abstract: This document describes a system and method for quantitatively unifying and assimilating all unstructured, unlabelled and/or fragmented real-time and non-real-time cyber threat data generated by a plurality of sources. These sources may include cyber-security surveillance systems that are equipped with machine learning capabilities.
    Type: Grant
    Filed: October 24, 2016
    Date of Patent: June 23, 2020
    Assignee: Certis Cisco Security Pte Ltd
    Inventor: Keng Leng Albert Lim