Packet Filtering Patents (Class 726/13)
  • Patent number: 12231403
    Abstract: A method implemented by a cloud-based system includes steps of, responsive to connecting to a user device with a user associated with a first tenant of a plurality of tenants, obtaining security policies for the user that are configured for the tenant, wherein the security policies for the user are the same regardless of connection type, location of the user, and device type and operating system of the user device; stream scanning traffic between the user device and the Internet based on the security policies, wherein the security policies are for firewall and intrusion prevention functions; and one of allowing and blocking the traffic based on the stream scanning.
    Type: Grant
    Filed: January 26, 2022
    Date of Patent: February 18, 2025
    Assignee: Zscaler, Inc.
    Inventors: Srikanth Devarajan, Sushil Pangeni, Vladimir Stepanenko, Ravinder Verma, Naresh Kumar Povlavaram Munirathnam
  • Patent number: 12223369
    Abstract: A method comprises collecting message-oriented-middleware system parameters from a plurality of message-oriented-middleware clusters, analyzing the parameters using one or more machine learning algorithms, and predicting, based at least in part on the analyzing, at least one anomaly in a message-oriented-middleware cluster of the plurality of message-oriented-middleware clusters. In the method, message metadata is collected from the message-oriented-middleware cluster, and at least part of the message metadata is transmitted to one or more remaining ones of the plurality of message-oriented-middleware clusters. At least the part of the message metadata corresponds to messaging operations to be transferred from the message-oriented-middleware cluster to the one or more remaining ones of the plurality of message-oriented-middleware clusters.
    Type: Grant
    Filed: July 8, 2021
    Date of Patent: February 11, 2025
    Assignee: Dell Products L.P.
    Inventors: Abhijit Mishra, Krishna Mohan Akkinapalli, Satish Ranjan Das, Bijan Kumar Mohanty, Hung Dinh, Saravanan Kannan, SivaMohan Nimmakayala
  • Patent number: 12192876
    Abstract: The invention relates to the field of wireless mesh communication networks and in particular to methods, networks and nodes (101) for use in such a wireless mesh network (100) for establishing routes in the wireless mesh network (100) by pro-actively regularly sending many-to-one route requests at randomized intervals by wireless network nodes (101) that can operate as a proxy nodes for a mobile wireless device (104) communicating using a first wireless communication protocol and further nodes (102, 103) in the wireless mesh network (100) communicating using a second wireless communication protocol.
    Type: Grant
    Filed: December 7, 2020
    Date of Patent: January 7, 2025
    Assignee: SIGNIFY HOLDING B.V.
    Inventors: Robin Michielsen, Bas Driesen, Gerhardus Engbertus Mekenkamp, Bozena Erdmann
  • Patent number: 12192247
    Abstract: Methods, systems, and computer readable media for network security are described. In some implementations, security tasks and roles can be allocated between an endpoint device and a firewall device based on tag information sent from the endpoint, the tag information including one or more characteristics of a traffic flow, information of resource availability, and/or reputation of a process associated with a traffic flow.
    Type: Grant
    Filed: October 9, 2023
    Date of Patent: January 7, 2025
    Assignee: Sophos Limited
    Inventors: Andy Thomas, Nishit Shah, Daniel Stutz
  • Patent number: 12183174
    Abstract: A network sanitization technology for enforcing a network edge and enforcing particular communication functions for untrusted dedicated-function devices such as internet protocol (IP) cameras. An untrusted network device is isolated from a network by a network sanitization system such that it cannot communicate with the network. Communications from the untrusted device are intercepted by the system and only allowed communications are used. Allowed communications are used to create new communications according to an allowed framework. Sanitization device may be in small two-port package with visual indicia indicating the untrusted device and the network side. The device may use and provide power over Ethernet (POE) to device. Abstract is not to be considered limiting.
    Type: Grant
    Filed: July 14, 2023
    Date of Patent: December 31, 2024
    Inventors: Pierre Racz, Vincent Labrecque
  • Patent number: 12170688
    Abstract: A distributed denial of service attack is detected. In response to detection of the attack, application layer properties of network traffic associated with a web application under attack are analyzed. Changes to distributions of the application layer properties are identified. A signature is generated based, at least in part, on identifying a combination of application layer properties whose distributions have changed, and which identifies traffic increased since onset of the attack. A mitigation rule is generated based, at least in part, on the signature.
    Type: Grant
    Filed: September 30, 2021
    Date of Patent: December 17, 2024
    Assignee: Amazon Technologies, Inc.
    Inventors: Adriana-Maria Horelu, Jeffrey Allen Lyon, Robert Benjamin Lang, Saket Tomer, Krzysztof Jan Pado, John Shields, Ben Sangho Jae, Matthew Hyun Seok Lee
  • Patent number: 12170641
    Abstract: The disclosed technology is generally directed towards monitoring electronic communications to detect content in a communication that is attempting to influence the recipient user in some way. A user can specify influential intent preference data, such as which electronic communications services/applications to monitor for such influential intent content, and the types of the influential intent to monitor for, e.g., political influence types, advertisement influence types, and so on. A user also can specify remedial or other actions to take upon detection, e.g., block such content, alert on detecting such content and so on. An electronic influence manager server and/or application program can perform the monitoring and/or take the actions. Also described is reporting on the communications with influential intent, user actions with respect thereto. Reputation data can also be collected and used with respect to sources of communications with influential intent.
    Type: Grant
    Filed: May 10, 2022
    Date of Patent: December 17, 2024
    Assignee: AT&T Intellectual Property I, L.P.
    Inventors: Nigel Bradley, Eric Zavesky, James Pratt, Ari Craine, Robert Koch
  • Patent number: 12167319
    Abstract: Disclosed herein is a method of operation of a wireless device to provide service gap control in a wireless communication system, comprising: receiving a service gap parameter from a network entity in a mobility management sublayer non-access stratum message, the service gap parameter being indicative of a value for a service gap timer for the wireless device; and enforcing the service gap parameter at the wireless device in a non-access stratum layer. Also disclosed herein is a method of operation of a core network entity in a core network of a wireless communication system to provide service gap control, comprising: obtaining a service gap parameter for a wireless device, the service gap parameter being indicative of a value for a service gap timer for the wireless device; and sending by the core network entity the service gap parameter to the wireless device via a mobility management sublayer non-access stratum message.
    Type: Grant
    Filed: April 28, 2022
    Date of Patent: December 10, 2024
    Assignee: Telefonaktiebolaget LM Ericsson (publ)
    Inventors: Hans Bertil Rönneke, Mikael Wass
  • Patent number: 12160328
    Abstract: Systems and methods for providing multi-perimeter firewalls via a virtual global network are disclosed. In one embodiment the network system may comprise an egress ingress point in communication with a first access point server, a second access point server in communication with the first access point server, an endpoint device in communication with the second access point server, a first firewall in communication with the first access point server, and a second firewall in communication with the second access point server. The first and second firewalls may prevent traffic from passing through their respective access point servers. The first and second may be in communication with each other and exchange threat information.
    Type: Grant
    Filed: March 4, 2022
    Date of Patent: December 3, 2024
    Assignee: UMBRA Technologies Ltd.
    Inventors: Joseph E. Rubenstein, Carlos Eduardo Oré
  • Patent number: 12154105
    Abstract: Example embodiments provide systems and methods for increasing the cryptographic strength of an encryption or message-authentication-code-(MAC) generation technique. According to some embodiments, a MAC may be constructed around a shared secret (such as a random initialization number), thereby increasing strength of the MAC against brute force attacks based on the size of the shared secret. The MAC may be combined with randomized data, and may also be encrypted to further bolster the strength of the code. These elements (shared secret, MAC algorithm, and encryption algorithm) may be employed in various combinations and to varying degrees, depending on the application and desired level of security. At each stage, the cryptographic construct operates on the cyptographically modified data from the previous stage. This layering of cryptographic constructs may increase the strength of the group of contrasts more efficiently than applying any one construct with a larger key size or similar increase in complexity.
    Type: Grant
    Filed: November 3, 2021
    Date of Patent: November 26, 2024
    Assignee: Capital One Services, LLC
    Inventors: Kevin Osborn, Srinivasa Chigurupati, William Duane
  • Patent number: 12155675
    Abstract: A verification method for fast source and path embedded with random authentication is provided. The method includes: generating a corresponding verification structure for an expected path according to a predetermined path strategy, embedding different m pieces of fragment information randomly selected with same possibility from the verification structure for the expected path to a header of a data packet to be transmitted in a data flow, and transmitting the data packet to be transmitted with the embedded fragment information to a next hop of routing node of the expected path, performing a verification on the received data packet by the respective intermediate routing node on the expected path, and forwarding the data packet to the next routing node when the verification passes, performing verification on the received data packet by the data flow destination, performing a parsing verification evaluation on the expected path when the verification passes.
    Type: Grant
    Filed: December 15, 2021
    Date of Patent: November 26, 2024
    Assignee: TSINGHUA UNIVERSITY
    Inventors: Ke Xu, Fan Yang, Bo Wu, Qi Li, Jianping Wu
  • Patent number: 12147880
    Abstract: Behavioral characteristics of at least a first machine component are monitored. A model that represents machine-to-machine interactions between at least the first machine component and at least a further machine component is generated. Using the monitored behavioral characteristics and the generated model, an incongruity of a behavior of at least the first machine component and the machine-to-machine interactions is computed, where the incongruity is predicted based on determining a discordance between an expectation of the system and the behavior and the machine-to-machine interactions, and wherein the predicting is performed without using a previously built normative rule of behavior and machine-to-machine interactions.
    Type: Grant
    Filed: June 14, 2021
    Date of Patent: November 19, 2024
    Inventor: Philippe Baumard
  • Patent number: 12143294
    Abstract: A method for execution by a processor of a host having an external interface for connection to at least one other network element of a packet-based data network, the host storing a routing table and implementing a container connected to a bridge, the container being addressable by an internal address on a bridge network associated with the bridge. The method includes obtaining an indication of a request for the container to join a multicast group. In response to the obtaining, a request is sent via the external interface for the host to join the multicast group. The routing table may be modified so as to make the bridge a next hop for future packets obtained from the external interface and destined for the multicast group. The routing table may also be modified so as to make the external interface a next hop for future packets that are obtained from the bridge, whose source address is the internal address of the container and that are destined for the multicast group.
    Type: Grant
    Filed: October 12, 2023
    Date of Patent: November 12, 2024
    Assignee: GENETEC INC.
    Inventor: Jean Bouchard
  • Patent number: 12132702
    Abstract: A method of Internet Protocol (IP) address control includes receiving a request from a computing device for a new IP address, the request including a Media Access Control (MAC) address of the computing device. A query can be sent to a storage resource for a whitelist of MAC numbers associated with IP addresses and an IP address not present on the whitelist can be selected for use in assigning the new IP address. A new IP/MAC pairing of the selected IP address and the MAC address of the computing device is sent to the storage resource for adding to the whitelist and optionally to a firewall for adding to a firewall whitelist. A confirmation can be sent to the computing device, providing the new IP address.
    Type: Grant
    Filed: December 29, 2021
    Date of Patent: October 29, 2024
    Assignee: MASTERCARD INTERNATIONAL INCORPORATED
    Inventor: Eric Gunn
  • Patent number: 12132764
    Abstract: Security policies can be dynamically updated in response to changes in endpoints associated with those policies. A user can indicate one or more regions or networks from which access is to be granted under a specific security policy. The user can subscribe to receive notifications upon a change relating to those endpoints, such as the addition or removal of one or more endpoints. When a change is detected, new policy information can be generated automatically and published for subscribed policies, which can then have the updates applied automatically or provided for manual review and application. Such a process enables access determinations to be made based upon up-to-date endpoint information.
    Type: Grant
    Filed: May 11, 2023
    Date of Patent: October 29, 2024
    Assignee: Amazon Technologies, Inc.
    Inventor: Justin Paul Yancey
  • Patent number: 12126650
    Abstract: Apparatus, systems, and methods for the detection and remediation of malicious network traffic. Network traffic is received from a network-based device and analyzed the network traffic to identify the network-based device as an infected network-based device. In response to identifying the network-based device as an infected network-based device, a response message is sent to the infected network-based device, the response message triggering a tarpitting effect on the network-based device.
    Type: Grant
    Filed: December 3, 2019
    Date of Patent: October 22, 2024
    Assignee: CHARTER COMMUNICATIONS OPERATING, LLC
    Inventor: Richard A. Compton
  • Patent number: 12115105
    Abstract: Intraocular pressure in an eye is reduced by delivering a high resolution optical coherence tomography (OCT) beam and a high resolution laser beam through the cornea, and the anterior chamber into the irido-corneal angle along an angled beam path. The OCT beam provides OCT imaging for surgery planning and monitoring, while the laser beam is configured to modify tissue or affect ocular fluid by photo-disruptive interaction. In one implementation, a volume of ocular tissue within an outflow pathway in the irido-corneal angle is modified to create a channel opening in one or more layers of the trabecular meshwork. In another implementation, a volume of fluid in the Schlemm's canal is affected by the laser to bring about a pneumatic expansion of the canal. In either implementation, resistance to aqueous flow through the eye is reduced.
    Type: Grant
    Filed: January 10, 2023
    Date of Patent: October 15, 2024
    Assignee: ViaLase, Inc.
    Inventor: Ferenc Raksi
  • Patent number: 12120143
    Abstract: Aspects of the disclosure relate to monitoring virtual desktops accessed by devices at remote locations using machine-learning models to mitigate potential cyber-attacks. In some embodiments, a computing platform may monitor data associated with a series of activities from a virtual desktop accessed by a remote computing device. Subsequently, the computing platform may detect new activity data on the virtual desktop accessed by the remote computing device, and evaluate the new activity data relative to the data associated with the series of activities, wherein evaluating includes applying a machine learning model to the new activity data. Based on evaluating the new activity data, the computing platform may determine if the new activity data is indicative of a potential cyber-attack. In response to determining that the new activity data is indicative of a potential cyber-attack, the computing platform may initiate one or more security response actions.
    Type: Grant
    Filed: May 16, 2023
    Date of Patent: October 15, 2024
    Assignee: Bank of America Corporation
    Inventor: Patrick Lewis
  • Patent number: 12120515
    Abstract: This disclosure provides systems, methods, and apparatuses for wireless sensing. In some aspects, a first wireless communication device may receive a first wireless transmission including a transmit (TX) parameter information element (IE). The first wireless communication device may verify the integrity of the TX parameter IE using a message integrity code (MIC) in the first wireless transmission, discarding the first wireless transmission when the MIC does not verify the integrity of the TX parameter IE. The first wireless device may obtain one or more transmission parameters for one or more second wireless communication devices associated with the TX parameter IE. The first wireless communication device may receive a second wireless transmission from one of the second wireless communication devices and obtain one or more wireless sensing measurements associated with the second wireless transmission and the one or more transmission parameters.
    Type: Grant
    Filed: March 24, 2021
    Date of Patent: October 15, 2024
    Assignee: QUALCOMM Incorporated
    Inventors: Solomon Trainin, Alecsander Eitan, Assaf Kasher
  • Patent number: 12107761
    Abstract: A computing device may receive a first packet addressed to a destination node. The device may check a packet counter to determine if the counter exceeds a threshold, the counter recording a number of packets addressed to the destination node that have been received during a first time period. The device may in response to the packet counter exceeding the threshold: send, by the computing device, a query to an intermediate node; generate, by the device, a query flag in response to sending the query. The query flag can indicate that a query has been sent to the intermediate node. A reply from the intermediate node can be received by the device. The reply can identify a set of processes that the intermediate node is configured to perform on the first packet. The set of processes can be applied by the device to the first packet.
    Type: Grant
    Filed: February 17, 2023
    Date of Patent: October 1, 2024
    Assignee: Oracle International Corporation
    Inventor: Dale Raymond Worley
  • Patent number: 12093902
    Abstract: This disclosure describes systems, methods, and devices related to network outage management. A method may include receiving, by a cloud-based system, a first indication of a first cable system outage; instantiating, by the cloud-based system, a first computing instance associated with generating event data indicative of the first cable system outage; instantiating, by the cloud-based system, a second computing instance associated with a machine learning model; generating, by the cloud-based system, using the event data as inputs to the machine learning model, a score indicative of a probability that the first cable system outage is repairable by a technician; and refrain from sending, by the cloud-based system, based on a comparison of the score to a score threshold, the event data to a first system associated with repairing the first cable system outage.
    Type: Grant
    Filed: July 29, 2021
    Date of Patent: September 17, 2024
    Assignee: Cox Communications, Inc.
    Inventors: Amrit Shaswat, Brian Stublin, Sarah Lau, Brad Demerich
  • Patent number: 12074875
    Abstract: Systems and methods include reception of a request for access to a target domain, the request including a source Internet Protocol (IP) address, determination of whether the source IP address is one of a plurality of IP addresses indicated within stored first data, determination, if it is determined that the source IP address is one of the plurality of stored IP addresses, of whether the target domain is one of a plurality of domains indicated within stored second data, and forwarding, if it is determined that the source IP address is one of the plurality of stored IP addresses and the target domain is one of a plurality of domains indicated within stored second data, of the request to the target domain.
    Type: Grant
    Filed: January 31, 2022
    Date of Patent: August 27, 2024
    Assignee: SAP SE
    Inventor: Stoyan Zhivkov Boshev
  • Patent number: 12069102
    Abstract: Some network architectures include perimeter or edge devices which perform network address translation or otherwise modify data in a network traffic packet header, such as the source address. The modification of the source address prevents downstream devices from knowing the true or original source address from which the traffic originated. To address this issue, perimeter devices can insert the original source address in an X-Forwarded-For field of the packet header. Firewalls and related security services can be programmed to record the original source address in the XFF field in addition to the other packet information and to consider the original source address during security analysis. Using the original source address in the XFF field, services can determine additional characteristics about the traffic, such as geographic origin or associated user accounts, and use these characteristics to identify applicable rules or policies.
    Type: Grant
    Filed: January 3, 2022
    Date of Patent: August 20, 2024
    Assignee: Palo Alto Networks, Inc.
    Inventors: Thomas Arthur Warburton, Ashwath Sreenivasa Murthy, Jeffrey James Fitz-Gerald, Jr.
  • Patent number: 12061693
    Abstract: Disclosed are systems and associated methods for protecting systems against software intended to damage or disable computers and computer systems, commonly called “malware” especially encrypting malware. Both agent-based and agentless implementations allow the identification of malware and the protection of local and cloud-based data by observing changes to filesystem structure and the information content of files, with no need to scan memory or interfere with the processing of individual processes. The data permeability of the protected system can be dynamically changed, allowing user-directed changes to be committed to storage and backed up, while adverse or potentially adverse changes are quarantined.
    Type: Grant
    Filed: April 23, 2020
    Date of Patent: August 13, 2024
    Assignee: Jungle Disk, L.L.C.
    Inventor: Bret Piatt
  • Patent number: 12058177
    Abstract: A system and method for cybersecurity risk analysis and anomaly detection using active and passive external reconnaissance, that identifies critical network entities within a cyber-physical graph, identifies anomalous events within the network, determines the risk of identified anomalies based on the value of the entities involved, and determines an effectiveness score for the network based on the identified risks.
    Type: Grant
    Filed: April 1, 2021
    Date of Patent: August 6, 2024
    Assignee: QOMPLX LLC
    Inventors: Jason Crabtree, Andrew Sellers, Richard Kelley
  • Patent number: 12058138
    Abstract: A method includes creating a secured connection between a home network and a remote corporate network via a smart home gateway; detecting a plurality of devices are connected with the smart home gateway, wherein the plurality of devices are within the home network; determining that a first device of the plurality of devices is indicated as an authorized corporate device; determining that the first device has software updated to a threshold version of software; and based on the indication that the first device is an authorized corporate device or the first device has software update to the threshold version of software, automatically connecting the first device to the remote corporate network.
    Type: Grant
    Filed: August 31, 2021
    Date of Patent: August 6, 2024
    Assignee: AT&T Intellectual Property I, L.P.
    Inventor: Stephen Griesmer
  • Patent number: 12058776
    Abstract: The disclosure provides a method performed by a wireless device for providing capability information. The method comprises: receiving a first message from a base station, the first message comprising an indication of a capability filter; utilizing the capability filter to generate a filtered set of capabilities of the wireless device; applying a hash function to the filtered set of capabilities to generate a hash value; and transmitting a second message to the base station, the second message comprising the hash value.
    Type: Grant
    Filed: February 13, 2020
    Date of Patent: August 6, 2024
    Assignee: Telefonaktiebolaget LM Ericsson (publ)
    Inventors: Christofer Lindheimer, Mikael Wass, Ylva Timner, Alessio Terzani, Malik Wahaj Arshad, Paul Schliwa-Bertling, Henning Wiemann, Mattias Bergström
  • Patent number: 12052231
    Abstract: A logic circuit for managing reception of secure data packets in an industrial controller snoops data being transferred by a Media Access Controller (MAC) between a network port and a shared memory location within the industrial controller. The logic circuit is configured to perform authentication and/or decryption on the data packet as the data packet is being transferred between the port and the shared memory location. The logic circuit performs authentication as the data is being transferred and completes authentication shortly after the MAC has completed transferring the data to the shared memory. The logic circuit coordinates operation with the MAC and signals a Software Packet Processing (SPP) module when authentication is complete. The logic circuit is further configured to decrypt the data packet, if necessary, and to similarly coordinate operation with the MAC and delay signaling the SPP module that data is ready until decryption is complete.
    Type: Grant
    Filed: March 6, 2023
    Date of Patent: July 30, 2024
    Assignee: Rockwell Automation Technologies, Inc.
    Inventor: Kenneth William Batcher
  • Patent number: 12052277
    Abstract: The innovation disclosed and claimed herein, in one aspect thereof, comprises systems and methods of autonomous asset configuration modeling and management. The innovation includes probing elements of a networked architecture to compile information about elements in the networked architecture. The innovation learns a configuration for the at least one element in the environment based on the probing and determines vulnerabilities in the learned configuration. The innovation develops a threat model based on the learned configuration. The innovation applies the threat model to the elements of the networked architecture and deploys a configuration that resolves the vulnerabilities based on the threat model to the elements in the networked architecture. The threat model can be developed over time using machine learning concepts and deep learning of data sources associated with the elements and vulnerabilities.
    Type: Grant
    Filed: October 25, 2022
    Date of Patent: July 30, 2024
    Assignee: Wells Fargo Bank, N.A.
    Inventors: Lawrence T. Belton, Jr., Jon M. Welborn, Gary Simms, Sr., Peter Anatole Makohon, Jacob Lee
  • Patent number: 12028318
    Abstract: A method of monitoring and controlling network traffic within an industrial control system including receiving one or more data packets at a smart network switching system operating software-defined networking, analyzing the one or more data packets at a protocol level within a control plane of the software-defined networking, based on the analysis, determining whether the one or more data packets are authorized data packets, and forwarding a data packet of the one or more data packets to a destination device within a data plane of the software-defined networking upon determining that the data packet is an authorized data packet. The method further includes providing information related to the analysis of the one or more data packets to an out-of-band monitoring and control system for display to a user, and receiving a response communication from the out-of-band monitoring and control system indicating whether the one or more data packets are authorized data packets.
    Type: Grant
    Filed: June 12, 2019
    Date of Patent: July 2, 2024
    Assignee: Battelle Energy Alliance, LLC
    Inventors: Briam Johnson, Michael V. McCarty, Rishi R. Chatterjee, Kristopher Watts
  • Patent number: 12028445
    Abstract: Disclosed in some examples are methods, systems, and machine readable mediums for secure, low end-user effort computing device configuration. In some examples the IoT device is configured via a user's computing device over a short range wireless link of a first type. This short range wireless communication may use a connection establishment that does not require end-user input. For example, the end user will not have to enter, or confirm a PIN number or other authentication information such as usernames and/or passwords. This allows configuration to involve less user input. In some examples, to prevent man-in-the-middle attacks, the power of a transmitter in the IoT device that transmits the short range wireless link is reduced during a configuration procedure so that the range of the transmissions to and from the user's computing device are reduced to a short distance.
    Type: Grant
    Filed: June 3, 2022
    Date of Patent: July 2, 2024
    Assignee: Intel Corporation
    Inventors: Mats Agerstam, Venkata R. Vallabhu
  • Patent number: 12021835
    Abstract: A packet gateway may protect TCP/IP networks by enforcing security policies on in-transit packets that are crossing network boundaries. The policies may include packet filtering rules derived from cyber threat intelligence (CTI). The rapid growth in the volume of CTI and in the size of associated CTI-derived policies, coupled with ever-increasing network link speeds and network traffic volume, may cause the costs of sufficient computational resources to be prohibitive. To efficiently process packets, a packet gateway may be provided with at least one probabilistic data structure, such as a Bloom filter, for testing packets to determine if packet data may match a packet filtering rule. Packet filtering rules may be grouped into subsets of rules, and a data structure may be provided for determining a matching subset of rules associated with a particular packet.
    Type: Grant
    Filed: April 7, 2021
    Date of Patent: June 25, 2024
    Assignee: Centripetal Networks, LLC
    Inventors: Sean Moore, Jonathan R. Rogers, Steven Rogers
  • Patent number: 12021836
    Abstract: Systems and methods for implementing filters within computer networks include obtaining blocklist data that includes blocklist entries for a network. Each of the blocklist entries includes one or more network traffic attributes for identifying traffic to be blocked. In response to receiving the blocklist data, a filter based on a common network traffic attribute shared between at least two of the plurality of blocklist entries is generated. The filter is then deployed to a network device within the network such that the filter may be implemented at the network device to block corresponding traffic.
    Type: Grant
    Filed: June 1, 2023
    Date of Patent: June 25, 2024
    Assignee: Level 3 Communications, LLC
    Inventor: Michael Benjamin
  • Patent number: 12010152
    Abstract: A method for automatically adjusting one or more device security settings includes receiving a plurality of information feeds received over a communications network from a plurality of information sources. The method further includes accessing a particular information feed from the plurality of information feeds and accessing a predefined trigger associated with the particular information feed. The method further includes determining, by comparing the particular information feed with the predefined trigger, whether a security event is predicted to occur. When the security event is predicted to occur, the method generates an alert for display on a user device and sends, over the communications network, one or more instructions to adjust the one or more device security settings.
    Type: Grant
    Filed: December 8, 2021
    Date of Patent: June 11, 2024
    Assignee: Bank of America Corporation
    Inventors: Daniel John Nunn, Sheenagh Alice Meghen
  • Patent number: 12010135
    Abstract: A packet-filtering system configured to filter packets in accordance with packet-filtering rules may receive data indicating network-threat indicators and may configure the packet-filtering rules to cause the packet-filtering system to identify packets comprising unencrypted data, and packets comprising encrypted data. A portion of the unencrypted data may correspond to one or more of the network-threat indicators, and the packet-filtering rules may be configured to cause the packet-filtering system to determine, based on the portion of the unencrypted data, that the packets comprising encrypted data correspond to the one or more network-threat indicators.
    Type: Grant
    Filed: September 19, 2023
    Date of Patent: June 11, 2024
    Assignee: Centripetal Networks, LLC
    Inventors: David K. Ahn, Sean Moore, Douglas M. Disabello
  • Patent number: 12001260
    Abstract: A speech-processing system may provide access to one or more virtual assistants via a voice-controlled device. The system may be activated by detecting a wakeword in speech received by a microphone of the device. The system may process the speech and provide a response in the form of synthetic speech. When a speaker of the device synthetic emits the speech, the microphone may detect some or all of the speech. If the synthetic speech includes a wakeword or words or phrases similar to the wakeword, a wakeword detection component of the device may detect the wakeword and activate an assistant, resulting in a self-wake or cross-wake. Self- or cross-wake may interrupt an action or response currently in progress, which may frustrate the user and result in a poor user experience. This disclosure thus proposes systems and methods for preventing cross-wake and self-wake in a voice-controlled device.
    Type: Grant
    Filed: December 11, 2020
    Date of Patent: June 4, 2024
    Assignee: Amazon Technologies, Inc.
    Inventors: Ravi Chemudugunta, John Ryan Sherritt, David Henry
  • Patent number: 11983125
    Abstract: Described are techniques including a computer-implemented method that comprises defining a respective priority classification for each of a plurality of sockets used for communicating between an initiator computational system and a target computational system. The method further comprises automatically assigning a respective priority classification to each of a plurality of Input/Output (IO) requests based on a type of data associated with each IO request. The method further comprises sending the plurality of IO requests to respective sockets of the plurality of sockets with a matching priority classification.
    Type: Grant
    Filed: July 29, 2021
    Date of Patent: May 14, 2024
    Assignee: International Business Machines Corporation
    Inventors: Bharti Soni, Komal Shailendra Shah, Tej Parkash, Subhojit Roy
  • Patent number: 11979377
    Abstract: A system for managing connection from a smartphone 1 provided to a child to specific connection destinations via the Internet, comprising: a filter server 9 for restricting packet transmission to the Internet based on a destination of the packet and a source IP of the smartphone 1; a VPN server 6 for establishing a tunnel connection 27 between the VPN server 6 and the smartphone 1, wherein the tunnel connection 27 passes all communication traffic from the smartphone 1, and also transmitting to the filter server the packet which passed through the tunnel connection 27; and an API server 8 connected to the VPN server 6 for confirming existence of the tunnel connection 27 at predetermined timing and, when lack of the existence is determined, blocking the Internet connection itself of the information communication device.
    Type: Grant
    Filed: December 10, 2019
    Date of Patent: May 7, 2024
    Assignee: Freebit Co., Ltd.
    Inventors: Hiroshi Oizumi, Akihiro Takehi, Yutaka Ishizaki, Atsuki Ishida
  • Patent number: 11979381
    Abstract: A method including configuring a VPN server to determine, based on requesting data of interest from a host device, that the host device has declined to provide the data of interest; configuring the VPN server to verify, based on determining that the host device has declined to provide the data of interest, an identity of a secondary server with which the VPN server is authorized to establish a secure connection; configuring the VPN server to establish, based on verifying the identity of the secondary server, a secure connection with the secondary server to enable communication of encrypted information; and configuring the VPN server to transmit, to the secondary server, an encrypted message identifying the host device and the data of interest to be retrieved from the host device to enable the secondary server to request the data of interest from the host device is disclosed. Various other aspects are contemplated.
    Type: Grant
    Filed: October 5, 2022
    Date of Patent: May 7, 2024
    Assignee: UAB 360 IT
    Inventors: Karolis Pabijanskas, Darius Simanel
  • Patent number: 11979275
    Abstract: Systems and methods for admitting new nodes into an existing network, for example a MoCA network. As a non-limiting example, various aspects of the present disclosure provide systems and methods for adding a new node to an existing network without requiring on-site manual configuration, for example utilizing communication between the new node and a network coordinator of the existing network prior to admission of the new node to the existing network.
    Type: Grant
    Filed: August 3, 2021
    Date of Patent: May 7, 2024
    Inventors: Yoav Hebron, Na Chen, Ronald Lee
  • Patent number: 11968285
    Abstract: A network device includes one or more ports, and action-select circuitry. The ports are to exchange packets over a network. The act-ion-select circuitry is to determine, for a given packet, a first search key based on a first header field of the given packet, and a second search key based on a second header field of the given packet, to compare the first search key to a first group of compare values, to output a multi-element vector responsively to a match between the first search key and a first compare value, to generate a composite search key by concatenating the second search key and the multi-element vector, to compare the composite search key to a second group of compare values, and, responsively to a match between the composite search key and a second compare value, to output an action indicator for applying to the given packet.
    Type: Grant
    Filed: February 24, 2022
    Date of Patent: April 23, 2024
    Assignee: MELLANOX TECHNOLOGIES, LTD.
    Inventors: Gil Levy, Aviv Kfir
  • Patent number: 11962653
    Abstract: A device monitoring method includes: receiving a message transmitted from a first device to a second device and addressed to the second device; determining whether the message contains a device control command for controlling the second device; if the message contains the device control command, further determining whether to transmit the message to the second device based on a predetermined condition; and when the message is determined to be transmitted to the second device, transmitting the message to the second device. The predetermined condition includes a first condition that the first device is registered as a device having a predetermined function in a device list containing information about whether each of the devices is a device having the predetermined function. The message is determined to be transmitted to the second device when the predetermined condition is satisfied.
    Type: Grant
    Filed: October 27, 2021
    Date of Patent: April 16, 2024
    Assignee: PANASONIC INTELLECTUAL PROPERTY CORPORATION OF AMERICA
    Inventors: Manabu Maeda, Tomoyuki Haga, Yuji Unagami
  • Patent number: 11954227
    Abstract: Mechanisms for generating documents with confidential information are provided, the systems comprising: a memory; and a first collection of at least of one hardware processor coupled to the memory and configured to: receive from a user device a request for a first document with confidential information; generate a second document, that corresponds to the first document, with at least one token corresponding to the confidential information; transmit the second document to a second collection of at least one hardware processor in a computer network that is entitled to access the confidential information; receive from the second collection of at least one hardware processor in the computer network a uniform resource locator (URL) corresponding to the first document; and transmit the URL to the user device. In some of these mechanisms, the user device is in the computer network.
    Type: Grant
    Filed: January 3, 2022
    Date of Patent: April 9, 2024
    Assignee: Institutional Capital Network, Inc.
    Inventors: Michael November, Thomas M. Fortin
  • Patent number: 11949604
    Abstract: A system, method, and computer program product for implementing network state processing is provided. The method includes detecting operational states for ports of a server Internet protocol (IP) data plane component of an integrated switching device. Each operational state is analyzed and matching and action rules associated with the operational states are generated with respect to data packets arriving at the ports. Data describing each operational state is stored within a port cache structure of a port. An incoming data packet is detected at a first port and the matching and action rules are distributed between port engines of the ports. The matching and action rules are executed with respect to the incoming data packet and the incoming data packet is transmitted to a destination port. Operational functionality of the integrated switching device is enabled with respect to execution of the incoming data packet at the destination port.
    Type: Grant
    Filed: October 6, 2021
    Date of Patent: April 2, 2024
    Assignee: Inernational Business Machines Corporation
    Inventors: Renato J. Recio, Eran Gampel, Claude Basso, Gal Sagi, Guy Laden
  • Patent number: 11949658
    Abstract: A cloud-based traffic classification engine maintains a catalog of application-based traffic classes which have been developed based on known applications, and a local traffic classification engine maintains a subset of these classes. Network traffic intercepted by the firewall which cannot be classified by the local engine is forwarded to the cloud-based engine for classification. Upon determination of a class of the traffic, the cloud-based engine forwards the determined class and corresponding signature to the local engine. The firewall maintains a cache which is updated with the signatures corresponding to the class communicated by the cloud-based engine. Subsequent network traffic sent from the application can be determined to correspond to the application and classified according locally at the firewall based on the cached signatures. Localization of the cache to the firewall reduces latency of traffic classification operations as the catalog of classification information stored in the cloud scales.
    Type: Grant
    Filed: February 27, 2023
    Date of Patent: April 2, 2024
    Assignee: Palo Alto Networks, Inc.
    Inventors: Mengying Jiang, Shengming Xu, Menglan Fang, Ho Yu Lam
  • Patent number: 11943618
    Abstract: Described herein are techniques for preventing a user from continuing to access an online service once access rights have been revoked. In some embodiments, the techniques comprise receiving a request to determine a current status of access rights in association with a user and an online service, determining, based on one or more conditions associated with the online service, the current status of access rights, upon determining that the current status of access rights indicates that the user is not authorized to access the online service, identifying at least one user device associated with the user, generating programmatic instructions to cause a session token associated with the online service to be removed from a memory of the at least one user device, and providing the programmatic instructions to the at least one user device.
    Type: Grant
    Filed: December 29, 2020
    Date of Patent: March 26, 2024
    Assignee: T-Mobile USA, Inc.
    Inventor: Kanakrai Chauhan
  • Patent number: 11929987
    Abstract: Techniques are disclosed for a network device to preserve packet flow information across bump-in-the-wire (BITW) firewalls. For example, a method comprises receiving, by a network device, a packet. The method also comprises determining, by the network device, that the packet matches a packet flow that is associated with an action to redirect the packet to a firewall configured as a bump-in-the-wire. The method further comprises, in response to the determination: modifying, by the network device, a Media Access Control (MAC) address field of a layer 2 (L2) packet header with a flow identifier of the packet flow; sending, by the network device, the packet to the firewall; receiving, by the network device, the packet from the firewall; and recovering, by the network device, the packet flow by modifying the packet according to the flow identifier in the packet to restore the L2 packet header of the packet.
    Type: Grant
    Filed: February 25, 2020
    Date of Patent: March 12, 2024
    Assignee: Juniper Networks, Inc.
    Inventors: Pranavadatta D N, Aniket G. Daptari, Carlo Contavalli, Prasad Miriyala, Kiran K N, Prasannaa Vengatesan T S, Venkatesh Velpula
  • Patent number: 11930029
    Abstract: A packet-filtering system configured to filter packets in accordance with packet-filtering rules may receive data indicating network-threat indicators and may configure the packet-filtering rules to cause the packet-filtering system to identify packets comprising unencrypted data, and packets comprising encrypted data. A portion of the unencrypted data may correspond to one or more of the network-threat indicators, and the packet-filtering rules may be configured to cause the packet-filtering system to determine, based on the portion of the unencrypted data, that the packets comprising encrypted data correspond to the one or more network-threat indicators.
    Type: Grant
    Filed: September 19, 2023
    Date of Patent: March 12, 2024
    Assignee: Centripetal Networks, LLC
    Inventors: David K. Ahn, Sean Moore, Douglas M. Disabello
  • Patent number: 11929895
    Abstract: A communication log aggregation device includes: a communicator that obtains flow information including one or more flow records and first statistical information for each flow from each of collection devices, the one or more flow records each including flow identification information included in a message received by at least one observer that is disposed in a control network system, the flow being classified based on the flow identification information, the collection devices each collecting the one or more flow records and the first statistical information for each flow from the message received by the observer; and a flow aggregator that generates aggregated flow information by performing at least one of the following: (i) selecting at least one of the one or more flow records, (ii) adding second statistical information, and (iii) deleting at least one of the one or more flow records, and outputs the aggregated flow information.
    Type: Grant
    Filed: June 30, 2022
    Date of Patent: March 12, 2024
    Assignee: PANASONIC INTELLECTUAL PROPERTY CORPORATION OF AMERICA
    Inventors: Takeshi Kishikawa, Ryo Hirano, Yoshihiro Ujiie
  • Patent number: 11916879
    Abstract: Some embodiments of the invention provide a novel method for performing firewall operations on a computer. The method of some embodiments instantiates first and second firewall processes on the computer. These two processes are two separate processes, which in some embodiments have separate memory allocations in the memory system of the computer. The method uses the first firewall process to examine a data message to determine whether an encryption based firewall policy (e.g., a TLS-based firewall policy) has to be enforced on the data message. Based on a determination that the encryption-based firewall policy has to be enforced on the data message, the method provides metadata, which is produced by the first firewall process in its examination of the data message, to the second firewall process. The second firewall process then uses the provided metadata to perform an encryption-based firewall operation based on the encryption-based firewall policy.
    Type: Grant
    Filed: January 3, 2022
    Date of Patent: February 27, 2024
    Assignee: VMware LLC
    Inventors: Manish Jain, Mani Kancherla