Packet Filtering Patents (Class 726/13)
  • Patent number: 12380218
    Abstract: Systems and methods are provided for inspecting, identifying, blocking, and combatting browser security vulnerabilities. In various embodiments, an inspection module may execute on a browser accessing a web domain on a first computing device. Inspection modules may dynamically analyze a set of scripts associated with the web domain to identify privacy vulnerabilities. Such vulnerabilities may be blocked and/or combatted to prevent communications of private information to one or more third-, fourth-, . . . , nth-party sites and applications. Embodiments may generate a customized privacy plan directed to one or more privacy vulnerabilities and execute on a graphical user interface on a computing device.
    Type: Grant
    Filed: October 14, 2022
    Date of Patent: August 5, 2025
    Inventors: Ian Cohen, Jeremy Barnett, Peter Joles
  • Patent number: 12381773
    Abstract: Disclosed herein are systems and methods for reducing or mitigation alert fatigue from real-time alerts in cyber-physical systems or other types of edge computing systems are provided. In one or more examples, the edge computing system monitor can look for one or more patterns within received data that can indicate malicious activity or other conditions that may warrant a real-time or near-real time response from the operator. In one or more examples, a detection of any of the specified patterns in the streaming data can trigger an alert to the operator of the edge computing system. In one or more examples, the alerts can be suppressed until the number of alerts associated with a particular pattern crosses a pre-determined threshold. Additionally or alternatively, alerts can be suppressed based on a duration that the alerts have been generated. The suppression of alerts can be configured to reduce operator alert fatigue.
    Type: Grant
    Filed: July 11, 2022
    Date of Patent: August 5, 2025
    Assignee: The MITRE Corporation
    Inventors: Suresh K. Damodaran, Jesus N. Abelarde, Jr., Benjamin Robert Schmidt, Peter Malinovsky, Bryan Lewis Quinn
  • Patent number: 12368697
    Abstract: Systems and methods include, connecting to a first service edge node in a cloud-based system and obtaining one or more addresses each for one or more service edge nodes in the cloud-based system, wherein the one or more service edge nodes include public service edge nodes and private service edge nodes; connecting to a second service edge node of the one or more service edge nodes using the corresponding address; providing a request for an application to the second service edge node; and responsive to policy and accessibility determined via the cloud-based system, receiving access to the application via a connector adjacent to the application.
    Type: Grant
    Filed: June 21, 2021
    Date of Patent: July 22, 2025
    Assignee: Zscaler, Inc.
    Inventors: John A. Chanak, Ale A. Mansoor, Maxim Perepelitsyn, Deepak Khungar, William Fehring
  • Patent number: 12368741
    Abstract: The embodiments relate to a system, a computer-implemented method, and a computer program product for performing bot detection using a velocity framework. For example, embodiments include a policy decision engine that can receive requests from a source, wherein each of the requests comprise velocity data including one or more attributes. The policy decision engine can monitor an occurrence of the velocity data in each request, and determine a velocity data rate for the velocity data in each request. Further, the policy decision engine can determine whether the request is a bot request based at least in part on the determined velocity data rate, and transmit a notification to the source of the request based at least in part on the determination of the bot request, wherein the notification indicates whether a bot request has been identified in the request.
    Type: Grant
    Filed: September 9, 2022
    Date of Patent: July 22, 2025
    Assignee: Walmart Apollo, LLC
    Inventors: Jiawei Zhang, Neeraj Prasad, Jayakanthan Durairaj
  • Patent number: 12368695
    Abstract: A system for compacting traffic separation policies in campus networks, the system comprising an access layer switch and a campus border switch. The access layer switch is configured to receive a definition of one or more policies; responsive to receiving a packet, determine whether any of the policies apply to the packet; responsive to determining that none of the policies apply, cause a tag to be inserted into a communication header of the packet and forward the packet; and responsive to determining that one of the policies applies, forward or drop the packet according to the applicable policy and omit the tag. The campus border switch is configured to, responsive to receiving a packet from the access layer switch, determine whether the packet includes the tag, and responsive to determining that the packet includes the tag, apply a traffic separation policy associated with the tag to the packet.
    Type: Grant
    Filed: January 30, 2023
    Date of Patent: July 22, 2025
    Assignee: Hewlett Packard Enterprise Development LP
    Inventors: Vinayak Joshi, Venkata Varadhan Devarajan, Rajib Majila, Sathyanarayana Gopal, Hari Anil Kumar
  • Patent number: 12360953
    Abstract: A multi-node, multi-container cluster system that generates, aggregates, and manages log files from services and components to be used for audit logs and to debug and perform other serviceability tasks provided by a vendor of the cluster system. Logs are collected from all components of the system and aggregated using a central persistent volume for non-critical applications and additional dedicated persistent volumes for critical tasks. The logs are implemented to minimize the risk of losing log lines and reduce resource overheads. Logs are formatted to provide a consistent logging format utilizing industry standard data formats, such as timestamps. Log files are stored persistently outside of pods to ensure high availability for any audit log management needs.
    Type: Grant
    Filed: December 27, 2023
    Date of Patent: July 15, 2025
    Assignee: Dell Products L.P.
    Inventors: Vishal Tiwary, Philip Shilane
  • Patent number: 12361146
    Abstract: Methods, systems, and apparatus, including computer programs encoded on a computer storage medium, for receiving location data representative of a location of a mobile device of a user. Determining that a scenario is occurring within an Internet-of-Things (IoT) system at least partially based on the location data, In response, implementing a security/privacy measure to prohibit at least a portion of data transfer from at least one IoT device of the IoT system to an external network.
    Type: Grant
    Filed: May 15, 2019
    Date of Patent: July 15, 2025
    Assignee: United Services Automobile Association (USAA)
    Inventors: Sumita T. Jonak, Thomas Bret Buckingham, Darrius M. Jones, Dustin Starr Trimmier, Soon Fatt Hoo
  • Patent number: 12363138
    Abstract: Methods and apparatus for dynamic adaption of anti-replay window (ARW) management with enhanced security. According to aspects of the method, pre-ARW block employing a pre-ARW sliding window and an ARW block employing an ARW sliding window are maintained for an associated IPsec security association (SA). A determination is made to whether a received packet passes a pre-ARW check using the pre-ARW sliding window. When it does, the pre-ARW sliding window is advanced, encrypted content in the packet is decrypted, and processing is forwarded to the ARW block which performs an ARW check and advances the ARW sliding window when the ARW check is passed. Packets that do not pass the pre-ARW check may be buffered in queues and subsequently rechecked against the ARW sliding window. Under solutions provided herein, ARW checks and updates are decoupled from the decryption processes, enabling decryption to be performed in parallel and/or offloaded to a hardware accelerator.
    Type: Grant
    Filed: March 14, 2022
    Date of Patent: July 15, 2025
    Assignee: Intel Corporation
    Inventors: Ravikumar Aimangala Nagaraja Setty, Rajakumar Chidambaram, Balaji Chintalapalle, Deepak Khandelwal, Joy Devassykutty Pullokaran, Joseph Maria Jaison Vincent Solomon
  • Patent number: 12348538
    Abstract: Possible Denial of Service (DOS) activity is detected and remediated based on an initial heartbeat failure from a network asset, followed by externally directed network traffic from the network asset. In general, an interruption of the heartbeat can signal the possible presence of malware on the network asset, and the externally directed network traffic, and particularly certain patterns of traffic such as a high volume of traffic toward an address with a known, good reputation, can signal the possible presence of a DoS bot on the network asset that is sourcing the network traffic.
    Type: Grant
    Filed: May 23, 2024
    Date of Patent: July 1, 2025
    Assignee: Sophos Limited
    Inventor: Kenneth D. Ray
  • Patent number: 12348530
    Abstract: A secure remote worker (SRW) application that executes in a hypervisor of a user's personal computing device to analyze data and determine if the data is destined for a corporate remote access system or other location. The SRW may perform a security analysis of the data to determine if the data itself or a location associated with the data is known malware. The SRW may be remotely managed to enable and configured.
    Type: Grant
    Filed: May 25, 2023
    Date of Patent: July 1, 2025
    Assignee: Amzetta Technologies, LLC
    Inventor: Shankar Subramonian
  • Patent number: 12348551
    Abstract: A system includes a first electronic device having a display and an electronic processor configured to: determine an execution log including fuzzed data, extract text information from the execution log, generate an input vector from the extracted text information, provide the input vector to a trained neural network to generate an output vector, provide the output vector to a second trained machine learning model to determine output variables indicative of (i) a likelihood that the fuzzed data triggers the vulnerability in a second electronic device and (ii) a classification associated with the vulnerability, generate a display payload based on the output variables, generate revised computer executable instructions configured to prevent the second electronic device from malfunctioning in response to the second electronic device receiving data similar to the fuzzed data, and send the revised computer executable instructions to the second electronic device.
    Type: Grant
    Filed: March 17, 2023
    Date of Patent: July 1, 2025
    Assignee: Robert Bosch GmbH
    Inventors: Zachariah Thomas Pelletier, Golam Kayas, Timothy S. Arntson
  • Patent number: 12341814
    Abstract: A system includes one or more “BotMagnet” modules that are exposed to infection by malicious code. The BotMagnets may include one or more virtual machines hosting operating systems in which malicious code may be installed and executed without exposing sensitive data or other parts of a network. In particular, outbound traffic may be transmitted to a Sinkhole module that implements a service requested by the outbound traffic and transmits responses to the malicious code executing within the BotMagnet. Credentials for services implemented by a BotSink may be planted in an active directory (AD) server. The BotSink periodically uses the credentials thereby creating log entries indicating use thereof. When an attacker accesses the services using the credentials, the BotSink engages and monitors an attacker system and may generate an alert. Decoy services may be assigned to a domain and associated with names according to a naming convention of the domain.
    Type: Grant
    Filed: January 24, 2024
    Date of Patent: June 24, 2025
    Assignee: SENTINELONE, INC.
    Inventors: Venu Vissamsetty, Nitin Jyoti, Pavan Patel, Prashanth Srinivas Mysore
  • Patent number: 12341743
    Abstract: Provided herein are systems and methods for providing concurrent connection maximization. Operations include repeatedly increasing a quantity of logical connections between a source email sender and a destination email recipient server and tracking a quantity of logical connections; receiving a connection refusal signal and recording the tracked quantity of logical connections as active upon receipt; storing in a recipient status data set the active quantity of logical connections; and upon initiation of a new message send request to a recipient at the destination email recipient server, configuring a plurality of concurrent connections to the destination email recipient server based on the tracked quantity of logical connections and stored for the destination email recipient server; and sending messages over a portion of the plurality of concurrent connections within a threshold indicated by the tracked quantity of logical connections stored for the destination email recipient server.
    Type: Grant
    Filed: August 9, 2023
    Date of Patent: June 24, 2025
    Assignee: HUBSPOT, INC.
    Inventors: Michael O'Brien, Kevin Baker, James Kebinger, Michael Axiak
  • Patent number: 12335408
    Abstract: Embodiments are directed to an apparatus, comprising: a microcontroller configured as a Universal Field Panel. The microcontroller provides channels that (i) couple to a digital encrypted security interface (DESI) via a digital communications interface and/or couple to a sensor comprising an analog signal, and wherein the analog sensor comprises one or more resistors coupled with one or more switches to monitor Boolean status from sensors (ii) wherein the digital encrypted security interface (DESI) couples to a sensor input and/or couples to a control output where signals to command a relay are authenticated prior to execution, (iii) authenticate and encrypt the sensor or control output. The control output is a programmable relay or solid-state device that features a Form-C control interface for providing authentication from command-and-control platforms to the devices and/or signals they are controlling.
    Type: Grant
    Filed: June 23, 2021
    Date of Patent: June 17, 2025
    Assignee: Prometheus Security Group Global
    Inventors: Jeremy Freeze-Skret, Daniel Skret
  • Patent number: 12323311
    Abstract: A packet capture system for capturing packets flowing in a capture target network, and a plurality of stages of packet distribution devices for capturing packet of a specific flow are cascade-connected, packet distribution devices identify a capture target flow by analyzing inputted packets, packet distribution devices other than a last-stage packet distribution device are configured to distribute packets to capture packets of a flow to be captured and output packets of a flow not to be captured to a next-stage packet distribution device, and the last-stage packet distribution device is configured to filter the packets of the flow to be captured and to discard the packets of the flow not to be captured.
    Type: Grant
    Filed: December 9, 2020
    Date of Patent: June 3, 2025
    Assignee: NIPPON TELEGRAPH AND TELEPHONE CORPORATION
    Inventors: Saki Hatta, Hiroyuki Uzawa, Shuhei Yoshida, Koyo Nitta
  • Patent number: 12323318
    Abstract: A network management device (100) is disclosed, which includes a transceiver circuit (110), a memory (120), and a processor (130). The processor (130) executes following steps: detecting multiple second packet processing rules respectively corresponding to each of multiple packet sets; respectively for each of the multiple packet sets, updating a packet processing rule table (121) by utilizing the second packet processing rules being different from multiple first packet processing rules, and calculating an average rule quantity of the second packet processing rules being different from the multiple first packet processing rules; and determining whether to stop updating the packet processing rule table (121) based on the multiple average rule quantities.
    Type: Grant
    Filed: March 6, 2024
    Date of Patent: June 3, 2025
    Assignee: TXONE NETWORKS INC.
    Inventor: Wen-Yen Tsai
  • Patent number: 12323372
    Abstract: A chatbot server that provides an instant messaging service using a relay chatbot linked to multiple chatbots includes a receiving unit that receives, from a messenger server, a question message relevant to a service selected from multiple services and service account information corresponding to the selected service; a derivation unit that derives an answer to the question message using the relay chatbot corresponding to the service account information; and a transmission unit that transmits the answer to the messenger server, wherein the relay chatbot relays a user device to the multiple chatbots linked to the relay chatbot to derive the answer through at least one of the multiple chatbots.
    Type: Grant
    Filed: December 14, 2018
    Date of Patent: June 3, 2025
    Assignee: KAKAO CORP.
    Inventors: Yu Mi Kim, No Suk Myung, Ji Soo Hwang
  • Patent number: 12314746
    Abstract: An automation application is described herein. The automation application executes on a computing device and accesses a macro for a target application. The macro has been generated based upon a sequence of inputs from a user received by the target application that causes the target application to perform an action, screen states of the target application as the target application receives the sequence of inputs from the user, operating system processes that are performed by an operating system as the target application receive the sequence of inputs from the user, and evidence events representing information obtained from the operating system processes. The automation application executes the macro, wherein executing the macro causes the automation application to mimic the sequence of inputs to the target application, thereby causing the target application to perform the action.
    Type: Grant
    Filed: October 5, 2023
    Date of Patent: May 27, 2025
    Assignee: Hyland Software, Inc.
    Inventors: Edward Hinton, Frank Pulito, Greg Giannone, Jonathan Ferrin, Zachary Chupka
  • Patent number: 12316519
    Abstract: Disclosed is a vehicle-mounted relay device that relays data flowing through a vehicle-mounted network mounted in a vehicle, including a control unit that controls processing relating to relaying of the data, wherein the control unit derives a threshold relating to a state of the vehicle-mounted network, and determines, based on the derived threshold, whether or not there is an abnormality in the vehicle-mounted network.
    Type: Grant
    Filed: November 2, 2020
    Date of Patent: May 27, 2025
    Assignees: AutoNetworks Technologies, Ltd., Sumitomo Wiring Systems, Ltd., Sumitomo Electric Industries, Ltd.
    Inventor: Naoki Adachi
  • Patent number: 12301574
    Abstract: Outbound traffic of a host application may be received from a host device having a host processor. The secure resource may be configured to provide a secure transaction based on the outbound network traffic. Using a second processor different than the host processor, it may be determined whether the host application is authorized to provide the outbound network traffic to the secure resource. The outbound network traffic may be allowed to be forwarded to the secure resource if the host application is authorized. The outbound network traffic may be disallowed to be forwarded to the secure resource if the host application is not authorized.
    Type: Grant
    Filed: September 6, 2023
    Date of Patent: May 13, 2025
    Assignee: CUPP Computing AS
    Inventor: Shlomo Touboul
  • Patent number: 12301578
    Abstract: Systems, devices, and methods are discussed for forward testing rule sets at a granularity that is less than all activity on the network. In some cases, the granularity is that of an individual application.
    Type: Grant
    Filed: August 4, 2023
    Date of Patent: May 13, 2025
    Assignee: Fortinet, Inc.
    Inventors: Rajiv Sreedhar, Manuel Nedbal, Manoj Ahluwalia, Damodar K. Hegde, Jitendra B. Gaitonde, Suresh Rajanna, Mark Lubeck, Gary Nool
  • Patent number: 12294614
    Abstract: Disclosed are systems, apparatuses, methods, and computer-readable media for providing security postures for a service provided by a heterogenous system. A method for verifying trust by a service node includes receiving a request for a security information of the service node from a client device, wherein the request includes information identifying a service to receive from the service node, identifying a related node to communicate with the service node based on the service, after identifying the related node, requesting a security information of the related node, generating a composite security information from the security information of the service node and the security information of the related node, and sending the composite security information to the client device. The composite security information provides security claims for a service implemented by a heterogenous devices that have different trusted execution environments.
    Type: Grant
    Filed: January 25, 2022
    Date of Patent: May 6, 2025
    Assignee: Cisco Technology, Inc.
    Inventors: Eric Voit, Pradeep Kumar Kathail, Avinash Kalyanaraman
  • Patent number: 12294636
    Abstract: A network device includes one or more ports, and action-select circuitry. The ports are to exchange packets over a network. The action-select circuitry is to determine, for a given packet, a first search key based on a first header field of the given packet, and a second search key based on a second header field of the given packet, to compare the first search key to a first group of compare values, to output a multi-element vector responsively to a match between the first search key and a first compare value, to generate a composite search key by concatenating the second search key and the multi-element vector, to compare the composite search key to a second group of compare values, and, responsively to a match between the composite search key and a second compare value, to output an action indicator for applying to the given packet.
    Type: Grant
    Filed: February 26, 2024
    Date of Patent: May 6, 2025
    Assignee: Mellanox Technologies, Ltd
    Inventors: Gil Levy, Aviv Kfir
  • Patent number: 12289325
    Abstract: A network device may be configured to receive a file stream associated with an file. The network device may be configured to identify, based on receiving the file stream, an initial portion of the file. The network device may be configured to process the initial portion of the file to determine one or more features of the file. The network device may be configured to generate, based on the one or more features of the file, a determination as to whether the file is malicious. The network device may be configured to block or allow, based on the determination, the file stream.
    Type: Grant
    Filed: December 3, 2021
    Date of Patent: April 29, 2025
    Assignee: Juniper Networks, Inc.
    Inventors: Paul Randee Dilim Kimayong, Mounir Hahad
  • Patent number: 12287711
    Abstract: A computer-implemented method includes translating into a routing configuration, tenant-specific preferences for primary and secondary datacenter locations. A service mesh is set up for communication between services within and across the primary and secondary datacenter locations. Service persistencies with endpoints in datacenter locations are used to configure replication agents between the service persistencies. Using service endpoints, configuring Virtual Services that implement the service mesh. An Ingress Gateway is configured to route end user requests into the service mesh to a first service instance in the tenant-selected primary datacenter. According to the tenant-specific preferences, data replication is configured to copy data to redundant storage. Using endpoints of persistent storage replication agents for each service persistence in the tenant-selected primary datacenter, configuring persistent storage replication agents for each service persistence in the tenant-selected primary datacenter.
    Type: Grant
    Filed: April 15, 2024
    Date of Patent: April 29, 2025
    Assignee: SAP SE
    Inventor: Peter Eberlein
  • Patent number: 12289225
    Abstract: Systems, methods, and related technologies for parsing network traffic are described. Network traffic transmitted by a set of devices communicatively coupled to a network is obtained. The network traffic is parsed to determine a set of field values from the network traffic based on the set of protocol fields. The set of field values are transmitted to the set of processing engines.
    Type: Grant
    Filed: September 13, 2023
    Date of Patent: April 29, 2025
    Assignee: Forescout Technologies, Inc.
    Inventor: Samuel Groot
  • Patent number: 12277221
    Abstract: One aspect of the present disclosure provides a computer-implemented method of automatically securing a computer system or network against a suspect binary file (SBF) by, in response to detection of the SBF, initiating an automatic defence strategy. The automatic defence strategy includes a first action known to mitigate a known threat posed by a known malicious binary file (KMBF); and a further action predicted to mitigate a predicted threat posed by a discrepant function present in the SBF but not the KMBF. Further aspects of the present disclosure relate to corresponding data processing systems, computer programs, computer-readable data carriers and data carrier signals.
    Type: Grant
    Filed: June 10, 2021
    Date of Patent: April 15, 2025
    Assignee: BRITISH TELECOMMUNICATIONS PUBLIC LIMITED COMPANY
    Inventor: Fadi El-Moussa
  • Patent number: 12267344
    Abstract: Similar geographically proximate infrastructures are identified from a received compromised Internet protocol (IP) address of a compromised infrastructure. The geographic location of the compromised infrastructure is determined from the compromised IP address. The geographic locations of other infrastructures are determined from their respective exposed IP addresses. Geographically proximate infrastructures are identified from among the other infrastructures, with the geographically proximate infrastructures having geographic locations that are within a predetermined distance of the geographic location of the compromised infrastructure. Similar geographically proximate infrastructures are identified from among the geographically proximate infrastructures, with the similar geographically proximate infrastructures having a same industrial purpose as the compromised infrastructure.
    Type: Grant
    Filed: January 26, 2023
    Date of Patent: April 1, 2025
    Assignee: Trend Micro Incorporated
    Inventors: Numaan Mehryar Huq, Roel Sotto Reyes, Morton Gregory Swimmer, Vincenzo Ciancaglini
  • Patent number: 12267326
    Abstract: A system and method for performing authorization based active inspection of network paths for a resource, deployed in a cloud computing environment, includes receiving at least one network path to access the resource, wherein the resource is a cloud object deployed in the cloud computing environment, and potentially accessible from a network which is external to the cloud computing environment; and actively inspecting the at least one network path to determine if the resource is accessible through the at least one network path from a network external to the cloud computing environment and requires access authorization.
    Type: Grant
    Filed: April 13, 2022
    Date of Patent: April 1, 2025
    Assignee: Wiz, Inc.
    Inventors: Matilda Lidgi, Shai Keren, Raaz Herzberg, Avi Tal Lichtenstein, Ami Luttwak, Roy Reznik
  • Patent number: 12267404
    Abstract: A network appliance is configured to provide inline traffic inspection for all flow through the device, to selectively intercept based on traffic content or policy, and to modify intercepted traffic content, all without connection termination and re-origination. Content modification may involve substitution of traffic content with smaller or larger content, in which case the device provides appropriate sequence number translations for acknowledgements to the endpoints. This streaming rewrite may occur on a byte-at-a-time basis, while keeping the session alive and without a need to proxy it. The appliance enables transmitted TCP data to be modified inline and then reliably delivered without the overhead of forwarding packets through a full-blown TCP stack. Rather, the approach relies upon an initiator entity's TCP stack for congestion control, as well as the receiving entity's re-transmission behavior to determine how the device manages packets internally.
    Type: Grant
    Filed: July 1, 2019
    Date of Patent: April 1, 2025
    Assignee: INTERNATIONAL BUSINESS MACHINES CORPORATION
    Inventors: Gregory Lyle Galloway, Paul Coccoli, David Allen Dennerline, Steven Ashley Mazur
  • Patent number: 12259986
    Abstract: Technologies are provided for detection and mitigation of high-risk online activity. The detection and mitigation can be implemented in real-time. In some embodiments, a computing system can determine that a risk assessment for an online activity is unavailable from an in-memory storage. The computing system can obtain the risk assessment for the online activity from a second computing system configured to apply a prediction model to data defining the online activity. The risk assessment can comprise a risk score and a risk category. The computing system can update the in-memory storage to incorporate the data and the risk assessment, and can determine that the risk assessment is indicative of the online activity being high-risk activity. The computing system can then cause denial of access to a computing platform to a user device associated with the online activity.
    Type: Grant
    Filed: March 15, 2022
    Date of Patent: March 25, 2025
    Assignee: QlikTech International AB
    Inventors: Mina Aslani, José Francisco Díaz López
  • Patent number: 12261856
    Abstract: A network apparatus maintains a database of a plurality of virtual private network (VPN) protocols and respective VPN providers. A VPN protocol detection process is performed for determining a VPN protocol used by a computing device based on analyzing network traffic data and the database. In response to detecting the VPN protocol detection process failing or detecting a need to identify a respective VPN provider, an endpoint detection process for determining the VPN usage of the computing device is performed. In response to detecting the endpoint detection process failing or detecting a need to identify VPN usage time information, a traffic pattern search process for determining the VPN usage of the computing device is performed. Further action is taken to protect the computing device in response to detecting the VPN usage on the basis of the VPN protocol detection process, the endpoint detection process, and/or the traffic pattern search process.
    Type: Grant
    Filed: June 9, 2022
    Date of Patent: March 25, 2025
    Assignee: Cujo LLC
    Inventors: Filip Savin, Leonardas Marozas
  • Patent number: 12255898
    Abstract: There is provided a method of automatically managing access to authorized service computing environments, comprising: monitoring data sources generated by user identities of the target computing environment accessing service computing environments, analyzing the data sources to identify communication between user identities of the target computing environment and the service computing environments, according to the analyzing, mapping connections between the user identities of the target computing environment and the service computing environment, including connections between first user identities that are authorized to access authorized service computing environments, second user identities that are non-authorized to access the authorized service computing environments, and third user identities that are non-authorized to access non-authorized service computing environments, and automatically blocking access of the second user identities to the authorized service computing environments that they are non-auth
    Type: Grant
    Filed: September 5, 2024
    Date of Patent: March 18, 2025
    Assignee: Grip Security Ltd
    Inventors: Lior Chaim Yaari, Idan Pinchas Fast, Alon Shenkler
  • Patent number: 12255926
    Abstract: A computer performs dynamic address isolation. The computer comprises an application associated with an application address, a network interface coupled to receive incoming data packets from and transmit outgoing data packets to an external network, a network address translation engine configured to translate between the application address and a public address, and a driver for automatically forwarding the outgoing data packets to the network address translation engine to translate the application address to the public address, and for automatically forwarding the incoming data packets to the network address translation engine to translate the public address to the application address. The computer may communicate with a firewall configured to handle both network-level security and application-level security.
    Type: Grant
    Filed: September 7, 2023
    Date of Patent: March 18, 2025
    Assignee: CUPP Computing AS
    Inventor: Shlomo Touboul
  • Patent number: 12244648
    Abstract: A plurality of security rule processing nodes is configured for network traffic of a set of sources and destinations. Respective subsets of configuration information of the sources and destinations, including security rules, are transmitted to the nodes. Respective addresses of at least a subset of the nodes are transmitted to a packet processing intermediary. The intermediary requests evaluation of applicable security rules with respect to packet flows by selected nodes prior to initiating routing actions for packets of the flows.
    Type: Grant
    Filed: May 12, 2023
    Date of Patent: March 4, 2025
    Assignee: Amazon Technologies, Inc.
    Inventors: Dheerendra Talur, Venkat Maithreya Paritala, Abhishek Chhajer, Charlie Jahchan, Yogeshkumar Kuite
  • Patent number: 12231403
    Abstract: A method implemented by a cloud-based system includes steps of, responsive to connecting to a user device with a user associated with a first tenant of a plurality of tenants, obtaining security policies for the user that are configured for the tenant, wherein the security policies for the user are the same regardless of connection type, location of the user, and device type and operating system of the user device; stream scanning traffic between the user device and the Internet based on the security policies, wherein the security policies are for firewall and intrusion prevention functions; and one of allowing and blocking the traffic based on the stream scanning.
    Type: Grant
    Filed: January 26, 2022
    Date of Patent: February 18, 2025
    Assignee: Zscaler, Inc.
    Inventors: Srikanth Devarajan, Sushil Pangeni, Vladimir Stepanenko, Ravinder Verma, Naresh Kumar Povlavaram Munirathnam
  • Patent number: 12223369
    Abstract: A method comprises collecting message-oriented-middleware system parameters from a plurality of message-oriented-middleware clusters, analyzing the parameters using one or more machine learning algorithms, and predicting, based at least in part on the analyzing, at least one anomaly in a message-oriented-middleware cluster of the plurality of message-oriented-middleware clusters. In the method, message metadata is collected from the message-oriented-middleware cluster, and at least part of the message metadata is transmitted to one or more remaining ones of the plurality of message-oriented-middleware clusters. At least the part of the message metadata corresponds to messaging operations to be transferred from the message-oriented-middleware cluster to the one or more remaining ones of the plurality of message-oriented-middleware clusters.
    Type: Grant
    Filed: July 8, 2021
    Date of Patent: February 11, 2025
    Assignee: Dell Products L.P.
    Inventors: Abhijit Mishra, Krishna Mohan Akkinapalli, Satish Ranjan Das, Bijan Kumar Mohanty, Hung Dinh, Saravanan Kannan, SivaMohan Nimmakayala
  • Patent number: 12192876
    Abstract: The invention relates to the field of wireless mesh communication networks and in particular to methods, networks and nodes (101) for use in such a wireless mesh network (100) for establishing routes in the wireless mesh network (100) by pro-actively regularly sending many-to-one route requests at randomized intervals by wireless network nodes (101) that can operate as a proxy nodes for a mobile wireless device (104) communicating using a first wireless communication protocol and further nodes (102, 103) in the wireless mesh network (100) communicating using a second wireless communication protocol.
    Type: Grant
    Filed: December 7, 2020
    Date of Patent: January 7, 2025
    Assignee: SIGNIFY HOLDING B.V.
    Inventors: Robin Michielsen, Bas Driesen, Gerhardus Engbertus Mekenkamp, Bozena Erdmann
  • Patent number: 12192247
    Abstract: Methods, systems, and computer readable media for network security are described. In some implementations, security tasks and roles can be allocated between an endpoint device and a firewall device based on tag information sent from the endpoint, the tag information including one or more characteristics of a traffic flow, information of resource availability, and/or reputation of a process associated with a traffic flow.
    Type: Grant
    Filed: October 9, 2023
    Date of Patent: January 7, 2025
    Assignee: Sophos Limited
    Inventors: Andy Thomas, Nishit Shah, Daniel Stutz
  • Patent number: 12183174
    Abstract: A network sanitization technology for enforcing a network edge and enforcing particular communication functions for untrusted dedicated-function devices such as internet protocol (IP) cameras. An untrusted network device is isolated from a network by a network sanitization system such that it cannot communicate with the network. Communications from the untrusted device are intercepted by the system and only allowed communications are used. Allowed communications are used to create new communications according to an allowed framework. Sanitization device may be in small two-port package with visual indicia indicating the untrusted device and the network side. The device may use and provide power over Ethernet (POE) to device. Abstract is not to be considered limiting.
    Type: Grant
    Filed: July 14, 2023
    Date of Patent: December 31, 2024
    Inventors: Pierre Racz, Vincent Labrecque
  • Patent number: 12170688
    Abstract: A distributed denial of service attack is detected. In response to detection of the attack, application layer properties of network traffic associated with a web application under attack are analyzed. Changes to distributions of the application layer properties are identified. A signature is generated based, at least in part, on identifying a combination of application layer properties whose distributions have changed, and which identifies traffic increased since onset of the attack. A mitigation rule is generated based, at least in part, on the signature.
    Type: Grant
    Filed: September 30, 2021
    Date of Patent: December 17, 2024
    Assignee: Amazon Technologies, Inc.
    Inventors: Adriana-Maria Horelu, Jeffrey Allen Lyon, Robert Benjamin Lang, Saket Tomer, Krzysztof Jan Pado, John Shields, Ben Sangho Jae, Matthew Hyun Seok Lee
  • Patent number: 12170641
    Abstract: The disclosed technology is generally directed towards monitoring electronic communications to detect content in a communication that is attempting to influence the recipient user in some way. A user can specify influential intent preference data, such as which electronic communications services/applications to monitor for such influential intent content, and the types of the influential intent to monitor for, e.g., political influence types, advertisement influence types, and so on. A user also can specify remedial or other actions to take upon detection, e.g., block such content, alert on detecting such content and so on. An electronic influence manager server and/or application program can perform the monitoring and/or take the actions. Also described is reporting on the communications with influential intent, user actions with respect thereto. Reputation data can also be collected and used with respect to sources of communications with influential intent.
    Type: Grant
    Filed: May 10, 2022
    Date of Patent: December 17, 2024
    Assignee: AT&T Intellectual Property I, L.P.
    Inventors: Nigel Bradley, Eric Zavesky, James Pratt, Ari Craine, Robert Koch
  • Patent number: 12167319
    Abstract: Disclosed herein is a method of operation of a wireless device to provide service gap control in a wireless communication system, comprising: receiving a service gap parameter from a network entity in a mobility management sublayer non-access stratum message, the service gap parameter being indicative of a value for a service gap timer for the wireless device; and enforcing the service gap parameter at the wireless device in a non-access stratum layer. Also disclosed herein is a method of operation of a core network entity in a core network of a wireless communication system to provide service gap control, comprising: obtaining a service gap parameter for a wireless device, the service gap parameter being indicative of a value for a service gap timer for the wireless device; and sending by the core network entity the service gap parameter to the wireless device via a mobility management sublayer non-access stratum message.
    Type: Grant
    Filed: April 28, 2022
    Date of Patent: December 10, 2024
    Assignee: Telefonaktiebolaget LM Ericsson (publ)
    Inventors: Hans Bertil Rönneke, Mikael Wass
  • Patent number: 12160328
    Abstract: Systems and methods for providing multi-perimeter firewalls via a virtual global network are disclosed. In one embodiment the network system may comprise an egress ingress point in communication with a first access point server, a second access point server in communication with the first access point server, an endpoint device in communication with the second access point server, a first firewall in communication with the first access point server, and a second firewall in communication with the second access point server. The first and second firewalls may prevent traffic from passing through their respective access point servers. The first and second may be in communication with each other and exchange threat information.
    Type: Grant
    Filed: March 4, 2022
    Date of Patent: December 3, 2024
    Assignee: UMBRA Technologies Ltd.
    Inventors: Joseph E. Rubenstein, Carlos Eduardo Oré
  • Patent number: 12154105
    Abstract: Example embodiments provide systems and methods for increasing the cryptographic strength of an encryption or message-authentication-code-(MAC) generation technique. According to some embodiments, a MAC may be constructed around a shared secret (such as a random initialization number), thereby increasing strength of the MAC against brute force attacks based on the size of the shared secret. The MAC may be combined with randomized data, and may also be encrypted to further bolster the strength of the code. These elements (shared secret, MAC algorithm, and encryption algorithm) may be employed in various combinations and to varying degrees, depending on the application and desired level of security. At each stage, the cryptographic construct operates on the cyptographically modified data from the previous stage. This layering of cryptographic constructs may increase the strength of the group of contrasts more efficiently than applying any one construct with a larger key size or similar increase in complexity.
    Type: Grant
    Filed: November 3, 2021
    Date of Patent: November 26, 2024
    Assignee: Capital One Services, LLC
    Inventors: Kevin Osborn, Srinivasa Chigurupati, William Duane
  • Patent number: 12155675
    Abstract: A verification method for fast source and path embedded with random authentication is provided. The method includes: generating a corresponding verification structure for an expected path according to a predetermined path strategy, embedding different m pieces of fragment information randomly selected with same possibility from the verification structure for the expected path to a header of a data packet to be transmitted in a data flow, and transmitting the data packet to be transmitted with the embedded fragment information to a next hop of routing node of the expected path, performing a verification on the received data packet by the respective intermediate routing node on the expected path, and forwarding the data packet to the next routing node when the verification passes, performing verification on the received data packet by the data flow destination, performing a parsing verification evaluation on the expected path when the verification passes.
    Type: Grant
    Filed: December 15, 2021
    Date of Patent: November 26, 2024
    Assignee: TSINGHUA UNIVERSITY
    Inventors: Ke Xu, Fan Yang, Bo Wu, Qi Li, Jianping Wu
  • Patent number: 12147880
    Abstract: Behavioral characteristics of at least a first machine component are monitored. A model that represents machine-to-machine interactions between at least the first machine component and at least a further machine component is generated. Using the monitored behavioral characteristics and the generated model, an incongruity of a behavior of at least the first machine component and the machine-to-machine interactions is computed, where the incongruity is predicted based on determining a discordance between an expectation of the system and the behavior and the machine-to-machine interactions, and wherein the predicting is performed without using a previously built normative rule of behavior and machine-to-machine interactions.
    Type: Grant
    Filed: June 14, 2021
    Date of Patent: November 19, 2024
    Inventor: Philippe Baumard
  • Patent number: 12143294
    Abstract: A method for execution by a processor of a host having an external interface for connection to at least one other network element of a packet-based data network, the host storing a routing table and implementing a container connected to a bridge, the container being addressable by an internal address on a bridge network associated with the bridge. The method includes obtaining an indication of a request for the container to join a multicast group. In response to the obtaining, a request is sent via the external interface for the host to join the multicast group. The routing table may be modified so as to make the bridge a next hop for future packets obtained from the external interface and destined for the multicast group. The routing table may also be modified so as to make the external interface a next hop for future packets that are obtained from the bridge, whose source address is the internal address of the container and that are destined for the multicast group.
    Type: Grant
    Filed: October 12, 2023
    Date of Patent: November 12, 2024
    Assignee: GENETEC INC.
    Inventor: Jean Bouchard
  • Patent number: 12132764
    Abstract: Security policies can be dynamically updated in response to changes in endpoints associated with those policies. A user can indicate one or more regions or networks from which access is to be granted under a specific security policy. The user can subscribe to receive notifications upon a change relating to those endpoints, such as the addition or removal of one or more endpoints. When a change is detected, new policy information can be generated automatically and published for subscribed policies, which can then have the updates applied automatically or provided for manual review and application. Such a process enables access determinations to be made based upon up-to-date endpoint information.
    Type: Grant
    Filed: May 11, 2023
    Date of Patent: October 29, 2024
    Assignee: Amazon Technologies, Inc.
    Inventor: Justin Paul Yancey
  • Patent number: 12132702
    Abstract: A method of Internet Protocol (IP) address control includes receiving a request from a computing device for a new IP address, the request including a Media Access Control (MAC) address of the computing device. A query can be sent to a storage resource for a whitelist of MAC numbers associated with IP addresses and an IP address not present on the whitelist can be selected for use in assigning the new IP address. A new IP/MAC pairing of the selected IP address and the MAC address of the computing device is sent to the storage resource for adding to the whitelist and optionally to a firewall for adding to a firewall whitelist. A confirmation can be sent to the computing device, providing the new IP address.
    Type: Grant
    Filed: December 29, 2021
    Date of Patent: October 29, 2024
    Assignee: MASTERCARD INTERNATIONAL INCORPORATED
    Inventor: Eric Gunn