Packet Filtering Patents (Class 726/13)
  • Patent number: 11520738
    Abstract: Provided is a system and method for searching for a target key in a database, the method including populating a hash-offset table of a sorted key table with hash-offset table entries, the hash-offset table entries having a hash-value corresponding to a respective key, and a hash offset, sorting the hash-offset table entries based on the hash-values, searching for a target hash-value of the hash-values corresponding to a target key in the hash-offset table, locating a target key-value pair corresponding to the target key based on the target hash-value, and saving a location of the target key-value pair.
    Type: Grant
    Filed: April 1, 2020
    Date of Patent: December 6, 2022
    Assignee: Samsung Electronics Co., Ltd.
    Inventors: Heekwon Park, Ho bin Lee, Ilgu Hong, Yang Seok Ki
  • Patent number: 11509695
    Abstract: Information associated with a controlled-environment facility resident communications and/or data device, such as device location within the controlled-environment facility, may be used to determine whether the resident device is approved for two-way video visitation or restricted to on-way video visitation. Video visitation may be initiated and voice and video captured and streamed by a non-resident communications and/or data device, as well as voice and/or video captured and streamed by the resident device, is received by a controlled-environment facility electronic communications management system. Voice and video captured at the non-resident device is transmitted to the resident device and, if the resident device is permitted two-way video visitation, voice and video captured by the resident device is transmitted to the non-resident device, if the resident device is restricted to one-way video visitation, only voice is transmitted to the non-resident device.
    Type: Grant
    Filed: January 26, 2021
    Date of Patent: November 22, 2022
    Assignee: Securus Technologies, LLC
    Inventors: Ligit Mathew, Daniel Wright, Nikita Dehoumon
  • Patent number: 11503004
    Abstract: The present disclosure provides technical solutions related to distributed IPSec gateway. A control plane and a data plane of the IPSec gateway are divided, a plurality of gateway processing nodes may be run in the data plane to process data packets of incoming ESP/AR traffic and/or data packets of outgoing IP traffic. IKE information interaction may be handled in the control plane and the traffic may be steered on each gateway processing node in the data plane.
    Type: Grant
    Filed: May 1, 2018
    Date of Patent: November 15, 2022
    Assignee: Microsoft Technology Licensing, LLC
    Inventors: Yongqiang Xiong, Chih-Yung Wang, Jeongseok Son
  • Patent number: 11503066
    Abstract: A system and method for holistic computer system cybersecurity evaluation and risk rating that takes into account the operation of the entire computer system environment comprising hardware, software, and the operating system. Not only are the hardware, software, and operating system evaluated separately for cybersecurity concerns, their interaction and operation as a whole are also evaluated and scored. The results of such analyses may be used, for example, by underwriters of cybersecurity insurance policies to determine policy terms and rates.
    Type: Grant
    Filed: November 25, 2020
    Date of Patent: November 15, 2022
    Assignee: QOMPLX, INC.
    Inventors: Jason Crabtree, Andrew Sellers
  • Patent number: 11496377
    Abstract: An approach for detecting anomalous flows in a network using header field entropy. This can be useful in detecting anomalous or malicious traffic that may attempt to “hide” or inject itself into legitimate flows. A malicious endpoint might attempt to send a control message in underutilized header fields or might try to inject illegitimate data into a legitimate flow. These illegitimate flows will likely demonstrate header field entropy that is higher than legitimate flows. Detecting anomalous flows using header field entropy can help detect malicious endpoints.
    Type: Grant
    Filed: April 10, 2020
    Date of Patent: November 8, 2022
    Assignee: CISCO TECHNOLOGY, INC.
    Inventors: Navindra Yadav, Mohammadreza Alizadeh Attar, Shashidhar Gandham, Jackson Ngoc Ki Pang, Roberto Fernando Spadaro
  • Patent number: 11489865
    Abstract: A control device includes a controller configured to instruct a mitigation device executing a defending process against an attack on a network to execute the defending process in response to reception of a defending request indicating a request for executing the defending process. When predetermined specific data included in the received defending request is valid, the controller instructs the mitigation device to execute the defending process at an earlier timing after the reception of the defending request than when the specific data is not valid or the specific data is not included in the defending request.
    Type: Grant
    Filed: August 17, 2018
    Date of Patent: November 1, 2022
    Assignee: NTT Communications Corporation
    Inventor: Kaname Nishizuka
  • Patent number: 11489818
    Abstract: A computer-implemented method for creating a classified token database usable for dynamically redacting confidential information from communications includes performing natural language processing on training input and determining whether a confidentiality level is present in the training input. The method includes, in response to determining that the confidentiality level is present, adding at least one classified token associated with the training input to a classified token database.
    Type: Grant
    Filed: March 26, 2019
    Date of Patent: November 1, 2022
    Assignee: International Business Machines Corporation
    Inventors: John S. Werner, Luke N. Buschmann, Bradley J. Hoover
  • Patent number: 11481493
    Abstract: A device may receive data identifying applications, wherein each application includes files and each file includes functions and lines of code. The device may generate file hashes for the files, line hashes for the lines of code, and function hashes for the functions. The device may store, in a data structure, data identifying one or more of the applications, the files, the lines of code, the functions, the file hashes, the line hashes, and the function hashes. When scanning a new application, the device may generate a hash associated with one of the files of the new application, and may determine that the hash associated with the file of the new application matches one of the file hashes. The device may refrain from performing a scan of the file of the new application based on determining that the hash of the file matches one of the file hashes.
    Type: Grant
    Filed: November 26, 2019
    Date of Patent: October 25, 2022
    Assignee: Verizon Patent and Licensing Inc.
    Inventors: Ignacio D. Pizano, Stephen Pettit
  • Patent number: 11475354
    Abstract: Provided is a deep learning method including a step of each of at least two or more deep learning machines learning a web traffic by using a hexadecimal; a step of the deep learning machines learning the web traffic by using an incremental learning using a weight; a step of, when the web traffic is received, each of the deep learning machines encoding a character string of the web traffic with UTF-8 hexadecimal; a step of each of the deep learning machines converting the character string into an image and deep learning the image.
    Type: Grant
    Filed: January 8, 2019
    Date of Patent: October 18, 2022
    Assignee: Cloudbric Corp
    Inventors: Seung Young Park, Tai Yun Kim, Tae Joon Jung, Eun A Ko
  • Patent number: 11477237
    Abstract: Methods and systems for protecting a secured network are presented. For example, one or more packet security gateways may be associated with a security policy management server. At each packet security gateway, a dynamic security policy may be received from the security policy management server, packets associated with a network protected by the packet security gateway may be received, and at least one of multiple packet transformation functions specified by the dynamic security policy may be performed on the packets.
    Type: Grant
    Filed: October 12, 2018
    Date of Patent: October 18, 2022
    Assignee: Centripetal Networks, Inc.
    Inventors: Steven Rogers, Sean Moore, David K. Ahn, Peter P. Geremia
  • Patent number: 11477208
    Abstract: Systems and methods for providing collaboration rooms with dynamic tenancy and role-based security are disclosed herein. An example method includes establishing a digital collaboration room for an entity, generating a token for a first user, receiving a request to perform an action on a portion of the data, performing a hierarchical permissions analysis to determine if the first user has permission to perform the action and access the portion of the data and determine if the user currently has permission to enter the digital collaboration room. The method includes retrieving the portion of the data from the database for the digital collaboration room and allowing the first user to perform the action when the user currently has permission to enter the digital collaboration room and the user has permission to perform the action and access the portion of the data.
    Type: Grant
    Filed: September 15, 2021
    Date of Patent: October 18, 2022
    Assignee: Cygnvs Inc.
    Inventors: Ana Vallejo Ureña, Sai Avala, Kevin Gaffney
  • Patent number: 11469968
    Abstract: A method and system for automatically classifying protected devices of a protected network to protection groups providing customized protection. The method includes accessing network flow information that includes network statistics processed from observed data obtained by packet interception devices, accessing at least one model that was trained using machine learning and a training data set of the network flow information to classify protected devices having addresses that correspond to destination addresses associated with the training data set to respective protection groups as a function of the network statistics that correspond to the training data set, and classifying a protected device that has an address that corresponds to a destination address associated with a portion of the network flow information to at least one of the protection groups using the at least one model and machine learning and as a function of the network statistics that correspond to the portion of the network flow information.
    Type: Grant
    Filed: July 10, 2020
    Date of Patent: October 11, 2022
    Assignee: Arbor Networks, Inc.
    Inventors: Justin William Haddad, Sean O'Hara
  • Patent number: 11470020
    Abstract: Embodiments of a method and device are disclosed. In an embodiment, an in-vehicle network interface device includes a data port to send and receive data packets, a plurality of packet processing pipelines coupled to the data port, each to inspect a single data packet to determine an action to perform on the single data packet, and a safety module to receive the determined action from each packet processing pipeline and to select one of the determined actions to perform on the single data packet and to cause a selected one of the packet processing pipelines to perform the selected action.
    Type: Grant
    Filed: July 30, 2020
    Date of Patent: October 11, 2022
    Assignee: NXP B.V.
    Inventors: Rajeev Roy, Lucas Pieter Lodewijk Van Dijk, Steffen Müller
  • Patent number: 11461474
    Abstract: The present disclosure relates to a process-based virtualization system comprising a data processing unit. The system comprises a computer readable storage media, wherein a first memory component of the computer readable storage media is configured for access by an OS, secure and non-secure applications and the firmware, and wherein a second memory component of the computer readable storage media is configured for access by the firmware and not by the OS and the non-secure application. The data processing unit is configured to operate in a first mode of operation that executes a non-secure application process using the OS, and to operate in a second mode of operation that executes the secure application using the firmware, thereby executing application code using the second memory component.
    Type: Grant
    Filed: January 24, 2020
    Date of Patent: October 4, 2022
    Assignee: International Business Machines Corporation
    Inventors: Jentje Leenstra, Paul Mackerras, Benjamin Herrenschmidt, Bradly George Frey, John Martin Ludden, Guerney D. H. Hunt, David Campbell
  • Patent number: 11461484
    Abstract: A method by one or more runtime agents protecting a web application for capturing contextual information for data accesses. The method includes determining first metadata associated with a web application layer request sent by a web application firewall to the web application, determining second metadata associated with the web application layer request based on information available to the web application, serializing the first metadata and the second metadata to generate serialized metadata, and adding the serialized metadata to a database query that is to be submitted by the web application to the database server, wherein execution of the database query that includes the serialized metadata by the database server is to cause the database activity monitor to store the serialized metadata and third metadata associated with the database query determined by the database activity monitor in a data storage.
    Type: Grant
    Filed: December 30, 2019
    Date of Patent: October 4, 2022
    Assignee: Imperva, Inc.
    Inventors: Kunal Anand, Brian Anderson, Joe Moore, Ran Rosin, Itsik Mantin, Peter Klimek, Craig Burlingame
  • Patent number: 11456954
    Abstract: A system and a method are described for data packet fragmentation for replicated packet traffic through an SD-WAN. In an example a first packet has an internet protocol identification (IP-ID). The first packet is replicated to create a second packet. The first packet and the second packet are fragmented into fragments for transmission through a tunnel in one or more paths between the source address and the destination address. The IP-ID of the second packet is modified. The fragments of the first packet and the second packet are separately encapsulated. The first and second packet fragments are received through the tunnel at a second node. The second node reassembles the first packet using the first packet fragments and reassembles the second packet using the second packet fragments. The IP-ID of the reassembled second packet is restored to be the IP-ID of the first packet.
    Type: Grant
    Filed: December 20, 2021
    Date of Patent: September 27, 2022
    Assignee: Versa Networks, Inc.
    Inventors: Kapil Bajaj, Chetan Bali, Apurva Mehta
  • Patent number: 11457021
    Abstract: Systems and methods perform selective rate limiting with a distributed set of agents and a remote controller. An agent receives a packet from a client, and inspects the packet using different rules. Each rule may include at least one different (i) rule definition with traffic dimensions identifying a different attack, (ii) signal with which to identify attack traffic matching the rule definition, (iii) threshold specifying a condition, and (iv) action to implement based on the condition of the threshold being satisfied. The agent provides the signal in response to the packet matching the traffic dimensions from the rule definition of a particular rule. The controller updates a value linked to the signal and a client identifier of the client, and implements the action of the particular rule across the distributed set of agents in response to the value satisfying the condition for the particular rule threshold.
    Type: Grant
    Filed: May 13, 2020
    Date of Patent: September 27, 2022
    Assignee: Fastly, Inc.
    Inventors: Nicholas Galbreath, Robert Gibson, Marc Harrison
  • Patent number: 11451509
    Abstract: A data transmission method includes determining that a first network address segment overlaps with a second network address segment, and creating at least two subnets on a virtual private cloud (VPC). The first network address segment is a network address segment of a subnet in which a target server is located, and configured to run on the VPC. The first network address segment belongs to a network address segment of the VPC. The second network address segment is a network address segment of a subnet in which a first electronic device is located. A network address segment of one of the at least two subnets on the VPC does not overlap with the first or second network address segment. Network interfaces in the at least two subnets are configured to sequentially forward a data packet being transmitted between the target server and the first electronic device at least two times.
    Type: Grant
    Filed: July 12, 2021
    Date of Patent: September 20, 2022
    Assignee: HUAWEI TECHNOLOGIES CO., LTD.
    Inventor: Gang Chen
  • Patent number: 11443112
    Abstract: Using a natural language analysis, a current message is classified into a current message class, the current message being a portion of an interaction in narrative text form. For the interaction using a state prediction model, an interaction outcome corresponding to the current message class is forecasted, the forecasting comprising computing a probability that the current message class will result in a successful message class. Using the state prediction model, a set of next message classes and a set of predicted interaction outcomes are determined, each message in the set of next message classes corresponding to the current message class, each predicted interaction outcome in the set of predicted interaction outcomes corresponding to a next message class in the set of next message classes. According to the corresponding predicted interaction outcome, the set of next message classes is ranked.
    Type: Grant
    Filed: September 6, 2019
    Date of Patent: September 13, 2022
    Assignee: INTERNATIONAL BUSINESS MACHINES CORPORATION
    Inventors: Jonathan F. Brunn, Rachael Marie Huston Dickens, Rui Zhang
  • Patent number: 11425089
    Abstract: Systems and methods are provided for near real-time IP user mapping. Such methods may include obtaining IP address assignment data points from different sources including an authentication, authorization, and accounting (AAA) server of a private network, a service provider that provides a computer-based service within the private network, and user devices that have access to the private network. The methods may also include applying an IP mapping rule to the obtained IP address assignment data points to generate IP address mapping.
    Type: Grant
    Filed: December 12, 2019
    Date of Patent: August 23, 2022
    Assignee: Beijing DiDi Infinity Technology and Development Co., Ltd.
    Inventors: Dong Li, Deyu Hu, Jing Chen
  • Patent number: 11411850
    Abstract: A traffic analysis apparatus includes an information amount calculation part that calculates information amounts of a plurality of items of time series data relating to communication traffic and an input information selection part that selects at least one item of time series data based on the information amounts of the plurality of items of time series data.
    Type: Grant
    Filed: March 13, 2019
    Date of Patent: August 9, 2022
    Assignee: NEC CORPORATION
    Inventors: Takanori Iwai, Anan Sawabe, Sweety Suman
  • Patent number: 11412365
    Abstract: A method for wireless communication is provided. In some implementations, the method includes receiving, by a first device, a first packet from a second device in a network. The method further includes comparing, by the first device, a first received signal strength of the first packet to a second received signal strength of a second packet associated with a third device, the third device associated with the first device in the network. The method further includes transmitting, by the first device and based on to the comparing, a third packet to the second device, the third packet indicating a disassociation of the first device with the third device and an association of the first device with the second device.
    Type: Grant
    Filed: April 17, 2020
    Date of Patent: August 9, 2022
    Assignee: C LAN Wireless, Inc.
    Inventor: Paul Kolen
  • Patent number: 11405476
    Abstract: Activity data of a set of tasks as a training set is obtained from a list of communication platforms associated with the tasks. For each of the tasks in the training set, a set of activity metrics is compiled according to a set of predetermined activity categories based on the activity data of each task. The activity metrics of all of the tasks in the training set are aggregated based on the activity categories to generate a data matrix. A principal component analysis is performed on the metrics of its covariance matrix to derive an activity dimension vector, where the activity dimension vector represents a distribution pattern of the activity metrics of the tasks. The activity dimension vector can be utilized to determine an activity score of a particular task, where the activity score of a task can be utilized to estimate a probability of completeness of the task.
    Type: Grant
    Filed: January 6, 2022
    Date of Patent: August 2, 2022
    Assignee: CLARI INC.
    Inventors: Lei Tang, MohamadAli Torkamani, Mahesh Subedi, Kurt Leafstrand
  • Patent number: 11395211
    Abstract: A system described herein may provide techniques for a geographically-based traffic handling policy. An originating device may mark traffic with geographic restriction information, such as in a header of network traffic, indicating a geographic restriction on the propagation of the traffic. The geographic restriction may indicate a geographic region in which the traffic may be forwarded, or a geographic region in which the traffic is prohibited from being forwarded. Network devices in a path between the originating device and a destination device may determine whether to drop the traffic or perform other policy-related actions based on whether such devices are inside the geographic region in which the traffic may be forwarded. In some implementations a destination device may register as an exception to such policies, based on which an originating device or a router may bypass geographically-based traffic handling policies with respect to marked traffic directed to the destination device.
    Type: Grant
    Filed: April 20, 2020
    Date of Patent: July 19, 2022
    Assignee: Verizon Patent and Licensing Inc.
    Inventors: Charles P. Szrom, Kevin Xu, Rashmitha Sirsi, Valerie Feldmann, Robert Belson
  • Patent number: 11388140
    Abstract: A disclosed method may include (1) receiving a packet at a tunnel driver in kernel space on a routing engine of a network device, (2) identifying, at the tunnel driver, metadata of the packet that indicates whether at least one firewall filter had already been correctly applied to the packet before the packet arrived at the tunnel driver, (3) determining, based at least in part on the metadata of the packet, that the firewall filter had not been correctly applied to the packet before the packet arrived at the tunnel driver, and then in response to determining that the firewall filter had not been correctly applied to the packet, (4) invoking at least one firewall filter hook that applies at least one firewall rule on the packet before the packet is allowed to exit kernel space on the routing engine. Various other apparatuses, systems, and methods are also disclosed.
    Type: Grant
    Filed: July 28, 2020
    Date of Patent: July 12, 2022
    Assignee: Juniper Networks, Inc
    Inventors: Prashant Singh, Sreekanth Rupavatharam, Hariprasad Shanmugam, Erin MacNeil
  • Patent number: 11381478
    Abstract: In one embodiment, a method includes providing a first profile to a plurality of edge routers of the SD-WAN, the plurality of edge routers operable to interface a plurality of devices to the SD-WAN. The first profile enables the plurality of edge routers to discover which devices of the plurality of devices support a first application. The method includes receiving, from one or more of the edge routers, information indicating which devices of the plurality of devices support the first application and building a first application fabric based on the information indicating which devices of the plurality of devices support the first application.
    Type: Grant
    Filed: January 4, 2021
    Date of Patent: July 5, 2022
    Assignee: CISCO TECHNOLOGY, INC.
    Inventors: Balaji Sundararajan, Vamsidhar Valluri, Chandramouli Balasubramanian, Anand Oswal, Ram Dular Singh
  • Patent number: 11378929
    Abstract: A threat detection system for industrial controllers, comprising: at least one Programmable Logic Controller (PLC); at least one physical device connected with the PLC; a Deterministic Fictitious Programmable Logic Controller (DFPLC) deterministically programmed to respond with at least one predetermined signal to at least one input signal received; and a monitoring unit connected with the DFPLC; the DFPLC disguised as a PLC; and the monitoring unit configured to send at least one input signal to the DFPLC, receive at least one response from the DFPLC and communicate at least one alert upon the at least one response being other than an expected response according to the deterministic programming of the DFPLC.
    Type: Grant
    Filed: June 17, 2018
    Date of Patent: July 5, 2022
    Assignee: SI-GA DATA SECURITY (2014) LTD.
    Inventors: Ilan Gendelman, Amir Samoiloff
  • Patent number: 11375368
    Abstract: Methods for detecting and preventing an adversarial network entity (e.g., fake base stations, etc.) from tracking a wireless device's location. A wireless device may be equipped with a random value (RAND) database or cache memory RAND values previously received by the wireless device. In response to receiving an authentication request message from a network component, performing AKA procedures and determining that the authentication failed, the wireless device may compare the RAND value included in the received authentication request message to RAND values stored in secure storage memory. The wireless device may generate an authentication response message that includes an error code that is different than standard error code used so that the target wireless device can't be differentiated from other wireless devices thereby preventing tracking in response to determining that the RAND value included in the received authentication request message is included in the RAND secure storage memory.
    Type: Grant
    Filed: September 17, 2019
    Date of Patent: June 28, 2022
    Assignee: QUALCOMM Incorporated
    Inventors: Krishna Ram Budhathoki, Subrato Kumar De, Mattias Kaulard Huber
  • Patent number: 11368440
    Abstract: Various technologies described herein pertain to detecting operation of an autonomous vehicle on an untrusted network. The autonomous vehicle retrieves a beacon token from a data store of the autonomous vehicle. The beacon token comprises an identifier for the autonomous vehicle and an identifier for a server computing device. The autonomous vehicle generates a data packet based upon the beacon token, wherein the data packet includes the identifier for the autonomous vehicle. The autonomous vehicle transmits the data packet to the server computing device. When the data packet is transmitted via a trusted network, networking rules of the trusted network prevent the data packet from being received by the server computing device. When the data packet is transmitted via the untrusted network, the server computing device receives the data packet. Responsive to receiving the data packet, the server computing device generates and transmits an alert to a computing device.
    Type: Grant
    Filed: December 18, 2018
    Date of Patent: June 21, 2022
    Assignee: GM GLOBAL TECHNOLOGY OPERATIONS LLC
    Inventors: Mike Ruth, Timothy Strazzere
  • Patent number: 11368484
    Abstract: Methods to secure against IP address thefts by rogue devices in a virtualized datacenter are provided. Rogue devices are detected and distinguished from a migration of an endpoint in a virtualized datacenter. A first hop network element in a one or more network fabrics intercepts a request that includes an identity of an endpoint and performs a local lookup for the endpoint entity identifier. Based on the lookup not finding the endpoint entity identifier, the first hop network element broadcasts a message such as a remote media access address (MAC) query to other network elements in the one or more network fabrics. Based on the received response, which may include an IP address associated with the MAC address, the first hop network element performs a theft validation process to determine whether the request originated from a migrated endpoint or a rogue device.
    Type: Grant
    Filed: April 26, 2019
    Date of Patent: June 21, 2022
    Assignee: CISCO TECHNOLOGY, INC
    Inventors: Govind Prasad Sharma, Eshwar Rao Yedavalli, Mohammed Javed Asghar, Ashwath Kumar Chandrasekaran, Swapnil Mankar, Umamaheswararao Karyampudi
  • Patent number: 11362996
    Abstract: A packet-filtering network appliance protects networks from threats by enforcing policies on in-transit packets crossing network boundaries. The policies are composed of packet filtering rules derived from cyber threat intelligence (CTI). Logs of rule-matching packets and their flows are sent to cyberanalysis applications located at security operations centers (SOCs). Some cyber threats/attacks, or incidents, are composed of many different flows occurring at a very high rate, generating a flood of logs that may overwhelm computer, storage, network, and cyberanalysis resources, thereby compromising cyber defenses. The present disclosure describes incident logging that efficiently incorporates logs of many flows that comprise the incident, potentially reducing resource consumption while improving the informational/cyberanalytical value for cyberanalysis when compared to the component flow logs. Incident logging vs. flow logging can be automatically and adaptively switched on or off.
    Type: Grant
    Filed: July 20, 2021
    Date of Patent: June 14, 2022
    Assignee: Centripetal Networks, Inc.
    Inventors: John Fenton, Peter Geremia, Richard Goodwin, Sean Moore, Vincent Mutolo, Jess Parnell, Jonathan R. Rogers
  • Patent number: 11363067
    Abstract: Distribution and management of services in virtual environments is described herein. In one or more implementations, a service distribution and management model is implemented in which system services and applications are seamlessly distributed across multiple containers which each implement a different runtime environment. In one or more implementations, a system for distributing access to services in a host operating system of a computing device includes a host operating system configured to implement a host runtime environment, and one or more services implemented by the host operating system. The system further includes a service control manager configured to enable communication between a client stub of a service implemented in a client runtime environment and a service provider of the service that is implemented in a service runtime environment that is separate from the first client runtime environment.
    Type: Grant
    Filed: June 12, 2019
    Date of Patent: June 14, 2022
    Assignee: Microsoft Technology Licensing, LLC
    Inventors: Hari R. Pulapaka, Margarit Simeonov Chenchev, Benjamin M. Schultz, Jonathan David Wiswall, Frederick Justus Smith, John A. Starks, Richard O. Wolcott, Michael Bishop Ebersol
  • Patent number: 11356416
    Abstract: This application discloses a service flow control method and apparatus, to resolve an existing problem of relatively low security. The method includes: generating, by a terminal device, a service flow policy; and sending, by the terminal device, the service flow policy to a routing device, where the service flow policy is used to instruct the routing device to perform data packet filtering on a downlink data packet according to the service flow policy.
    Type: Grant
    Filed: September 6, 2019
    Date of Patent: June 7, 2022
    Assignee: HUAWEI TECHNOLOGIES CO., LTD.
    Inventors: Yu Yin, Caixia Qi
  • Patent number: 11349702
    Abstract: A communication apparatus comprises a rollback control unit that rolls back a first process to a second process; and a storage unit to store one or more network states shared by the first process and the second process, the second process enabled to take over or more network states from the first process; wherein the rollback control unit includes a network state control unit that controls to provide delayed updating of at least one of the one or more network states taken over by the second process.
    Type: Grant
    Filed: July 21, 2016
    Date of Patent: May 31, 2022
    Assignee: NEC CORPORATION
    Inventors: Takayuki Sasaki, Daniele Enrico Asoni, Adrian Perrig
  • Patent number: 11336622
    Abstract: An apparatus for deploying a firewall on a software-defined network (SDN) includes a public key distributor configured to transmit a public key, a resource monitor configured to monitor resources of a network, a host monitor configured to receive a firewall rule of at least one host, which is encrypted by the public key, a decryption unit configured to decrypt information received from the host monitor by using a secret key, a merge unit configured to merge the decrypted information to provide a merged firewall rule, and a firewall deployment unit configured to deploy the merged firewall rule to a switch.
    Type: Grant
    Filed: November 19, 2019
    Date of Patent: May 17, 2022
    Assignee: GWANGJU INSTITUTE OF SCIENCE AND TECHNOLOGY
    Inventors: Hyuk Lim, Sung Hwan Kim, Jargalsaikhan Narantuya, Seung Hyun Yoon
  • Patent number: 11316889
    Abstract: Methods and systems for a two-stage attribution of application layer DDoS attack are provided. In a first table just a hash index is maintained whereas the second stage table keeps the string parameter corresponding to the application layer attribute under attack. A linked list maintains a plurality of rows if there is hash collision in the first table. The second table is aged out and reported periodically with details of large strings.
    Type: Grant
    Filed: May 8, 2018
    Date of Patent: April 26, 2022
    Assignee: Fortinet, Inc.
    Inventor: Hemant Kumar Jain
  • Patent number: 11310111
    Abstract: A method for configuring a firewall equipment in a first communication network managed by an access equipment for accessing a second communication network. Such a method implements: obtaining characteristic information of a user equipment in the first network by analyzing its active interfaces in the network; generating configuration rules for configuring the firewall equipment on the basis of the obtained features and of a predetermined configuration model; and transmitting, to the firewall equipment, an update command message to update a configuration, including the determined configuration rules.
    Type: Grant
    Filed: May 25, 2021
    Date of Patent: April 19, 2022
    Assignee: ORANGE
    Inventors: Xavier Le Guillou, Dimitri Bricheteau
  • Patent number: 11310263
    Abstract: The innovation disclosed and claimed herein, in one aspect thereof, comprises systems and methods of reconfiguring network settings. The systems and methods monitor a network and detect a hacker on a network. The systems and methods can reconfigure network settings of the network upon detecting the hacker. The systems and methods can analyze the hack for severity; and determine a reconfiguration layer based on the severity of the hack. The reconfiguration layer determines a subset of the network settings to be reconfigured. The systems and methods can dismantle the network and generate a replacement network having the reconfigured set of network settings and replace the network with the replacement network.
    Type: Grant
    Filed: April 22, 2020
    Date of Patent: April 19, 2022
    Assignee: WELLS FARGO BANK, N.A.
    Inventors: Matthew J. Block, Jon M. Welborn, Adam Sheesley, David Huehulani Keene, Jennifer A. Holton, Douglas S. Rodgers
  • Patent number: 11277384
    Abstract: Systems and methods for implementing filters within computer networks include obtaining blocklist data that includes blocklist entries for a network. Each of the blocklist entries includes one or more network traffic attributes for identifying traffic to be blocked. In response to receiving the blocklist data, a filter based on a common network traffic attribute shared between at least two of the plurality of blocklist entries is generated. The filter is then deployed to a network device within the network such that the filter may be implemented at the network device to block corresponding traffic.
    Type: Grant
    Filed: November 13, 2019
    Date of Patent: March 15, 2022
    Assignee: Level 3 Communications, LLC
    Inventor: Michael Benjamin
  • Patent number: 11277424
    Abstract: In one embodiment, a monitoring process identifies a set of counters maintained by a networking device by comparing a configuration of the networking device to an object relationship model. The monitoring process obtains counter values from the identified set of counters maintained by the networking device. The monitoring process detects an anomaly by using the obtained counter values as input to a machine learning-based anomaly detector. The monitoring process generates an anomaly detection alert for the detected anomaly.
    Type: Grant
    Filed: March 8, 2019
    Date of Patent: March 15, 2022
    Assignee: Cisco Technology, Inc.
    Inventors: Pengywan Wang, Brian Weis
  • Patent number: 11265293
    Abstract: An apparatus and method is disclosed for the secure access to field instruments. An interface device that includes a built-in firewall, is communicatively coupled between the device manager of an industrial automation process control system and a network of field instruments. The interface device includes at least one processor configured to execute instructions that provides a firewall for the one or more field instruments by blocking one or more user selected commands from being sent to the field instruments from the device manager.
    Type: Grant
    Filed: October 2, 2019
    Date of Patent: March 1, 2022
    Assignee: Honeywell International Inc.
    Inventors: Mohammed Rizwan, Prasad Samudrala, Jayashree Balakrishnan, Ramesh Babu Koniki
  • Patent number: 11252195
    Abstract: The present application is directed a computer-implemented methods and systems implementing Virtual Private Network (VPN) policies created or modified by Software Defined Network (SDN) applications. The VPN policies can be provided to SDN controllers for implementation. An SDN application can handle a request to establish a VPN by transmitting the request to a VPN provider, obtaining credentials for the VPN, and providing a security policy to an SDN controller.
    Type: Grant
    Filed: March 9, 2020
    Date of Patent: February 15, 2022
    Inventors: Michael Jau Chen, Tavaris Jason Thomas
  • Patent number: 11245630
    Abstract: Provided are a network system and a network bandwidth control management method capable of preventing packets that need to preferentially flow from being discarded at a time of high load. A network system includes an external switch that is provided between a virtualization platform and an external network and configured to control a bandwidth amount of packets flowing into an open virtual switch, and an network control management device that is configured to modify a configuration of bandwidth control and priority control of the external switch in response to addition or deletion of a service of the virtualization platform based on information acquired from compute nodes, a network node, and a controller node.
    Type: Grant
    Filed: June 3, 2019
    Date of Patent: February 8, 2022
    Assignee: Nippon Telegraph and Telephone Corporation
    Inventor: Takayuki Akiyama
  • Patent number: 11240258
    Abstract: Embodiments of the present disclose provide a method and apparatus for identifying network attacks. The method can include: acquiring access data within at least two time periods of a target website server, wherein the access data include one or more fields; determining, for each of the at least two time periods, a quantity of access data having same content in at least two of the one or more fields; determining whether the quantities of access data for each of the at least two time periods are the same; and in response to the quantities of access data being the same, determining that at least two access requests of the access data are network attacks.
    Type: Grant
    Filed: May 18, 2018
    Date of Patent: February 1, 2022
    Assignee: Alibaba Group Holding Limited
    Inventor: Xuejian Zheng
  • Patent number: 11240264
    Abstract: Systems and methods are provided for mitigating security attacks by enabling collaboration between security service functions. A Service Function Chaining (SFC) node receives a packet and determines whether to apply a service function to the packet. Responsive to determining that the packet has been treated by the service function, the packet can be reclassified and switched to a different SFC path.
    Type: Grant
    Filed: May 15, 2017
    Date of Patent: February 1, 2022
    Assignee: TELEFONAKTIEBOLAGET LM ERICSSON (PUBL)
    Inventors: Daniel Migault, Makan Pourzandi, Bruno Medeiros de Barros, Tereza Cristina Carvalho, Thiago Rodrigues Meira de Almeida
  • Patent number: 11238153
    Abstract: The technology disclosed relates to securely encrypting a document. In particular, it relates to accessing a key-manager with a triplet of organization identifier, application identifier and region identifier and in response receiving a triplet-key and a triplet-key identifier that uniquely identifies the triplet-key. Also, for a document that has a document identifier (ID), the technology disclosed relates to deriving a per-document key from a combination of the triplet-key, the document ID and a salt. Further, the per-document key is used to encrypt the document.
    Type: Grant
    Filed: September 11, 2018
    Date of Patent: February 1, 2022
    Assignee: Netskope, Inc.
    Inventors: Krishna Narayanaswamy, Steve Malmskog, Arjun Sambamoorthy
  • Patent number: 11240273
    Abstract: In particular embodiments, a data processing data inventory generation system is configured to: (1) generate a data model (e.g., a data inventory) for one or more data assets utilized by a particular organization; (2) generate a respective data inventory for each of the one or more data assets; and (3) map one or more relationships between one or more aspects of the data inventory, the one or more data assets, etc. within the data model. In particular embodiments, a data asset (e.g., data system, software application, etc.) may include, for example, any entity that collects, processes, contains, and/or transfers personal data (e.g., such as a software application, “internet of things” computerized device, database, website, data-center, server, etc.). The system may be configured to identify particular data assets and/or personal data in data repositories using any suitable intelligent identity scanning technique.
    Type: Grant
    Filed: April 5, 2021
    Date of Patent: February 1, 2022
    Assignee: OneTrust, LLC
    Inventors: Kabir A. Barday, Mihir S. Karanjkar, Steven W. Finch, Ken A. Browne, Nathan W. Heard, Aakash H. Patel, Jason L. Sabourin, Richard L. Daniel, Dylan D. Patton-Kuhl, Jonathan Blake Brannon
  • Patent number: 11218429
    Abstract: An artificial intelligence (AI) system which utilizes machine learning algorithm such as deep learning and application is provided. The artificial intelligence (AI) system includes a controlling method of an electronic device for determining a chatbot using an artificial intelligence learning model includes receiving a voice uttered by a user, processing the voice and acquiring text information corresponding to the voice, and displaying the text information on a chat screen, determining a chatbot for providing a response message regarding the voice by inputting the acquired text information and chat history information regarding the chat screen to a model which is trained to determine the chatbot by inputting text information and chat history information, transmitting the acquired text information and the chat history information regarding the chat screen to a server for providing the determined chatbot, and receiving a response message from the server and displaying the response message on the chat screen.
    Type: Grant
    Filed: October 29, 2018
    Date of Patent: January 4, 2022
    Assignee: Samsung Electronics Co., Ltd.
    Inventors: Ji-hwan Yun, Won-ho Ryu, Won-jong Choi
  • Patent number: 11206286
    Abstract: A method for reducing unwanted data traffic in a computer network due to a Distributed Reflection Denial of Service (DRDoS) attack. The method comprises operating a filtering module in a normal mode or a blocking mode to allow or block requests from being communicated within a computer network in response to data from a honeypot device in the computer network. The method allows the honeypot device to continue to monitor further attack requests that are received during the DRDoS attack.
    Type: Grant
    Filed: June 4, 2019
    Date of Patent: December 21, 2021
    Assignee: Qatar Foundation for Education, Science and Community Development
    Inventors: Yury Zhauniarovich, Priyanka Dodia
  • Patent number: 11206240
    Abstract: Certain embodiments of the present disclosure provide a method and apparatus for processing data. The method comprises, at an edge device, parsing a first data packet after receiving the first data packet sent by a client device to obtain a virtual IP address and a destination port that correspond to the first data packet; querying an IP address mapping table according to the virtual IP address to obtain a destination IP address corresponding to the virtual IP address; and sending the first data packet according to the destination IP address and the destination port.
    Type: Grant
    Filed: June 10, 2020
    Date of Patent: December 21, 2021
    Assignee: Wangsu Science & Technology Co., Ltd.
    Inventor: Wenwei Xie