Security Protocols Patents (Class 726/14)
  • Patent number: 10649919
    Abstract: In an information processing method, a query including a first encrypted feature value provided with confidential information unique to a user is received. The first encrypted feature value is generated by encrypting a first feature value calculated from privacy data of the user by using inner product encryption. A plurality of inner product values are acquired by computing an inner product of the first encrypted feature value and each of a plurality of second encrypted feature values. Privacy data of a plurality of pieces of privacy data having an inner product value of the first encrypted feature value and a second encrypted feature value with an encrypted reference feature value calculated from the privacy data being equal to or smaller than a predetermined threshold is transmitted. A secret key of the user is identified by using the confidential information when an unauthorized access is detected, and identification information is outputted.
    Type: Grant
    Filed: December 20, 2017
    Date of Patent: May 12, 2020
    Assignee: PANASONIC INTELLECTUAL PROPERTY CORPORATION OF AMERICA
    Inventors: Yuji Unagami, Naohisa Nishida, Shota Yamada, Nuttapong Attrapadung, Takahiro Matsuda, Goichiro Hanaoka
  • Patent number: 10652279
    Abstract: A compliance checker to verify that a device complies with a policy is described. In one embodiment, the compliance checker comprises a compliance checker agent, to initiate the compliance check, in response to receiving the request, and an encryption checker to obtain an original data and a data stored on the storage. The system further comprising a comparator to determine whether known data read from the upper driver is identical to known data read from the lower driver. The compliance checker plug-in in one embodiment verifies the compliance status of the device, based on the data from the comparator.
    Type: Grant
    Filed: March 19, 2017
    Date of Patent: May 12, 2020
    Assignee: ALERTSEC, INC.
    Inventors: Ebba Ulrika Margareta Blitz, Leif Olov Billstrom, Kurt Uno Lennartsson, Hans Fredrik Loevstedt, Erik Magnus Ahlberg
  • Patent number: 10637885
    Abstract: A method for configuring a network monitoring device is provided. One or more performance metrics associated with one or more thresholds to be configured are received from a user. Historical network traffic flow information associated with a previously detected malicious activity is analyzed to identify characteristic values for the one or more performance metrics. Threshold values are automatically configured based on the identified characteristic values.
    Type: Grant
    Filed: November 28, 2016
    Date of Patent: April 28, 2020
    Assignee: Arbor Networks, Inc.
    Inventors: James E. Winquist, William M. Northway, Jr., Ronald G. Hay, Nicholas Scott, Lawrence B. Huston, III
  • Patent number: 10630644
    Abstract: In a computer-implemented method for managing firewall flow records, firewall flow records of a virtual infrastructure including a distributed firewall are received, wherein the firewall flow records are captured according to firewall rules of the distributed firewall, and wherein the firewall flow records each include tuples and at least one field of network traffic data. Responsive to detecting a number of received firewall flow records exceeding a threshold value, it is determined whether the tuples are identical for any of the firewall flow records. Provided the tuples are not identical for any of the firewall flow records, the tuples for the firewall flow records are modified to generate modified firewall flow records. It is determined whether the tuples are identical for any of the modified firewall flow records.
    Type: Grant
    Filed: December 15, 2016
    Date of Patent: April 21, 2020
    Assignee: Nicira, Inc.
    Inventors: Shadab Shah, Kaushal Bansal, Uday Masurekar, Jerry Pereira, Sunitha Krishna
  • Patent number: 10609070
    Abstract: Methods and systems provide network security by associating login credentials with a specific end-point. By doing so, valid user login credentials are not recognized when not used on a device authorized to use those credentials. By creating that association in a secure manner, the protection of confidential information becomes more complete and the leakage or theft of data such as usernames and passwords becomes less critical. Additionally, creating this hard association makes hacking tools such as password crackers and rainbow tables significantly less effective since the possession of a valid username/password is no longer sufficient for bad actors to access assets using this two-factor authentication model.
    Type: Grant
    Filed: March 9, 2017
    Date of Patent: March 31, 2020
    Inventor: Claude M. Farmer, III
  • Patent number: 10607021
    Abstract: A computing environment for monitoring usage of an application to identify characteristics and trigger security control includes an application system that performs a query configured to identify any application calls performed in a predetermined period of time within the computing environment; for each identified application call, builds a corresponding application characteristics entry in a database; for each identified application call, identifies a plurality of characteristics of the called application including at least one downstream resource; associates the identified plurality of characteristics with the application characteristics entry in the database, thereby creating an application mapping; identifies security controls associated with each of the applications in the application mapping; associates the identified security controls with the associated application characteristics entry in the application mapping; and automatically triggers assessment of an effectiveness of the security controls in re
    Type: Grant
    Filed: January 26, 2018
    Date of Patent: March 31, 2020
    Assignee: BANK OF AMERICA CORPORATION
    Inventors: Katherine McDonald, Nicolette Boyd
  • Patent number: 10609127
    Abstract: A system for providing an isolated testing model for testing the disaster recovery capabilities of a streamlined backup network backing up a primary network. The primary network provides one or more users access to critical data and critical services. The system is configured to be switched between a production mode and a test mode. When the system is in the test mode, the primary network and the streamlined backup network form a live production environment and the streamlined backup network provides the one or more users access to the critical data and the critical services in the event the primary network is unable to do so. When the system is in the test mode, the streamlined backup network is removed from the live production environment by physically and logically isolating the streamlined backup network from the primary network.
    Type: Grant
    Filed: May 14, 2019
    Date of Patent: March 31, 2020
    Assignee: Hartford Fire Insurance Company
    Inventors: Kerry R. Anderson, John G. Buccetti, Joseph E. Merola, Jr., Kenneth A. Saucier
  • Patent number: 10599532
    Abstract: Example methods and systems to validate integrity of data and one or more configurations in response to an upgrade in a virtualized computing environment are disclosed. One method may include preparing a first pre-upgrade backup file and a first post-upgrade backup file in response to a data plane upgrade of the virtualized computing environment and validating the integrity of data and one or more configurations based on the first pre-upgrade backup file and the first post-upgrade backup file before upgrading a control plane of the virtualized computing environment.
    Type: Grant
    Filed: March 8, 2018
    Date of Patent: March 24, 2020
    Assignee: NICIRA, INC.
    Inventors: Prashant Shelke, Sharwari Phadnis, Yogesh Vhora, Kartiki Kale, Neha Pratik Dhakate, Ganesh Avachare, Mohammad Siddiqui
  • Patent number: 10599410
    Abstract: An electronic device includes a communication circuit that communicates with an external device, a memory configured to store first setting data corresponding to a first time period, and a processor operatively connected with the communication circuit and the memory. The processor receives second setting data corresponding to a second time period from the external device through the communication circuit if a specified time point is reached, deletes at least a portion of the first setting data based on whether a status of a user is a login status or a logout status, and applies the second setting data to the electronic device.
    Type: Grant
    Filed: December 8, 2016
    Date of Patent: March 24, 2020
    Assignee: Samsung Electronics Co., Ltd.
    Inventors: Young Sik Kim, In Ku Kang, Yu Seung Kim, Tae Hyun Kim, Dong Ho Jang, Eun Jung Hyun
  • Patent number: 10594708
    Abstract: Systems and methods for optimizing system resources by selectively enabling various scanning functions of a network security device are provided. According to one embodiment, information specifying a set of reputable websites deemed to be trustworthy by one or more web filtering services is received by a network security device protecting a private network. One or more directives are received by the network security device from a network administrator via a GUI of the network security device identifying one or more security features that are to be disabled for the set of reputable websites. Network traffic is intercepted by the network security device from an external network. When it is determined by the network security device that the external network is among the set of reputable websites, the network security device foregoes application of the one or more identified security features to the network traffic.
    Type: Grant
    Filed: April 12, 2018
    Date of Patent: March 17, 2020
    Assignee: Fortinet, Inc.
    Inventor: Robert A. May
  • Patent number: 10587512
    Abstract: Some aspects of the methods and systems presented relate to performing stateless address translation between IPv4 capable devices to IPv6 capable networks and devices. Stateless address translation may form a new IPv6 addresses by combining the IPv4 address of a device with an IPv6 prefix address assigned to the translator. The translation may also combine the IPv4 destination address and UDP port information with the new IPv6 address. Existing Domain Name Systems (DNSs) may be leveraged for resolving the IPv4 and IPv6 addresses across different networks.
    Type: Grant
    Filed: May 8, 2017
    Date of Patent: March 10, 2020
    Assignee: Comcast Cable Communications, LLC
    Inventors: John Jason Brzozowski, Joseph Pryszlak
  • Patent number: 10581816
    Abstract: There are provided measures for supporting an authentication to an external packet data network over an untrusted access network, said measures exemplarily comprising authenticating a user equipment to a communication network providing connectivity for the user equipment across an unsecured access network in response to a first authentication request, wherein the authentication request is an authentication request of a key information exchange mechanism and includes authentication data, receiving a second authentication request for authenticating the user equipment towards a packet data network external to the communications network. The measures may further comprise creating a binding update message including the authentication data and identity information of the user received from the user equipment.
    Type: Grant
    Filed: February 8, 2017
    Date of Patent: March 3, 2020
    Assignee: NOKIA TECHNOLOGIES OY
    Inventors: Anders Jan Olof Kall, Gyorgy Tamas Wolfner, Jouni Korhonen
  • Patent number: 10581871
    Abstract: Controlled-environment facility resident electronic communications for controlled-environment facility resident communications and/or data devices disposed within a controlled-environment facility may employ a controlled-environment facility communications processing system, or the like. The controlled-environment facility communications processing system, may be configured to host controlled-environment facility communications access services and accept a Cross-Origin Request Sharing (CORS) request from a non-resident device. These CORS requests may be for access to the controlled-environment facility communications access services for use by a controlled-environment facility communications Application Program Interface (API) running on the non-resident device to communicate with one of the controlled-environment facility resident devices.
    Type: Grant
    Filed: May 4, 2017
    Date of Patent: March 3, 2020
    Assignee: Securus Technologies, Inc.
    Inventor: Nikita Dehoumon
  • Patent number: 10567343
    Abstract: Aspects of this disclosure relate to filtering network data transfers. In some variations, multiple packets may be received. A determination may be made that a portion of the packets have packet header field values corresponding to a packet filtering rule. Responsive to such a determination, an operator specified by the packet filtering rule may be applied to the portion of packets having the packet header field values corresponding to the packet filtering rule. A further determination may be made that one or more of the portion of the packets have one or more application header field values corresponding to one or more application header field criteria specified by the operator. Responsive to such a determination, at least one packet transformation function specified by the operator may be applied to the one or more of the portion of the packets.
    Type: Grant
    Filed: June 6, 2017
    Date of Patent: February 18, 2020
    Assignee: Centripetal Networks, Inc.
    Inventor: Sean Moore
  • Patent number: 10547764
    Abstract: An information processing apparatus includes plural communication interfaces, a specifying unit, a network determining unit, and a transmission controller. The plural communication interfaces are individually connected to plural communication networks having different security levels. The specifying unit specifies a destination terminal to which a file stored in a data memory is to be transmitted. The network determining unit determines a communication network, among the plural communication networks, via which the file is to be transmitted to the destination terminal. The transmission controller prohibits transmission of the file to the destination terminal in a case where a security level set to the file is higher than a security level set to the communication network determined by the network determining unit.
    Type: Grant
    Filed: March 13, 2018
    Date of Patent: January 28, 2020
    Assignee: FUJI XEROX CO., LTD.
    Inventor: Akiko Mochizuki
  • Patent number: 10541872
    Abstract: Example implementations relate to network policy distribution. For example, a system for network policy distribution can include a state engine to determine a change in a state of a network, a policy engine to determine a number of policy changes based on the change in the state of the network, an identification engine to identify a number of network endpoints that correspond to the number of policy changes, and a distribution engine to load instructions based on the number of policy changes to the number of endpoints that correspond to the number of policy changes.
    Type: Grant
    Filed: March 31, 2015
    Date of Patent: January 21, 2020
    Assignee: Hewlett Packard Enterprise Development LP
    Inventors: Duane E. Mentze, Charles F. Clark, Shaun Wackerly
  • Patent number: 10542014
    Abstract: Unknown and reference signatures are accessed. The unknown and reference signatures indicate patterns that correspond to known threats to resources (such as computer systems and/or computer networks) in a computer environment and comprise a multitude of descriptive elements having information describing different aspects of a corresponding signature. A set of similarity measures is created of the unknown and reference signatures from different perspectives, each perspective corresponding to a descriptive element. The set of similarity measures are integrated to generate an overall similarity metric. The overall similarity metric is used to find appropriate categories in the reference signatures into which the unknown signatures should be placed. The unknown signatures are placed into the appropriate categories to create a mapping from the unknown signatures to the reference signatures.
    Type: Grant
    Filed: May 11, 2016
    Date of Patent: January 21, 2020
    Assignee: International Business Machines Corporation
    Inventors: Xin Hu, Jiyong Jang, Douglas Lee Schales, Marc Philippe Stoecklin, Ting Wang
  • Patent number: 10541906
    Abstract: A method includes, with a distributed telecommunication component, providing a plurality of first type nodes, each first type node configured to perform a signaling function. The method further include, with the distributed telecommunication component, providing a plurality of second type nodes, each second type node configured to perform a media bearing function. At least one of the plurality of bearer nodes is geographically separate by a predetermined distance from at least one of the plurality of control nodes.
    Type: Grant
    Filed: October 14, 2016
    Date of Patent: January 21, 2020
    Assignee: GENBAND US LLC
    Inventor: Paul Miller
  • Patent number: 10530811
    Abstract: Example routing systems and methods are disclosed. In one realization, a first routing system and a second routing system are disposed within a vehicle. A computing system disposed within the vehicle is configured to communicate with a remote computing system via a network interface, with the first routing system being coupled to the network interface, the second routing system being coupled to the computing system, and the first routing system and second routing system being coupled via two independent, uncoupled, unidirectional data channels.
    Type: Grant
    Filed: August 11, 2017
    Date of Patent: January 7, 2020
    Assignee: VM-ROBOT, INC.
    Inventors: Alistair Black, Ashitosh Swarup
  • Patent number: 10524124
    Abstract: Example routing systems and methods are described. In one implementation, a first set of routing systems is interfaced with a network connection via a network interface. A second set of routing systems interfaced with a secure system is configured to receive information from the first set of routing systems via a first unidirectional data channel. In some embodiments, the first set of routing systems is configured to receive information from the second set of routing systems via a second unidirectional data channel. The secure system is not visible from the network interface.
    Type: Grant
    Filed: May 23, 2017
    Date of Patent: December 31, 2019
    Assignee: VM-ROBOT, INC.
    Inventors: Alistair Black, Ashitosh Swarup
  • Patent number: 10523569
    Abstract: Concepts and technologies disclosed herein are directed to the dynamic creation and management of ephemeral coordinated feedback instances. In accordance with one aspect disclosed herein, a system can receive a feedback instance creation request. The feedback instance creation request can be received from a policy engine in response to the policy engine attempting to satisfy a policy request. The system can examine the feedback instance creation request to determine an objective to be met by a new feedback instance model. The system can build a specification for the new feedback instance model. The specification can be built in accordance with a feedback instance building policy. The system can create the new feedback instance model in accordance with the specification. The system can store the new feedback instance model and a unique identifier associated with the new feedback instance model in a feedback instance model repository.
    Type: Grant
    Filed: September 20, 2018
    Date of Patent: December 31, 2019
    Assignee: AT&T Intellectual Property I, L.P.
    Inventors: James W. Fan, Jeffrey A. Aaron
  • Patent number: 10523665
    Abstract: Authentication can be performed on thin clients using independent mobile devices. Because many users have smart phones or other similar mobile devices that include biometric scanners, such mobile devices can be leveraged to perform authentication of users as part of logging in to a thin client desktop. A mapping can be created on a central server between a user's mobile device and the user's domain identity. A mapping can also be created between the user's domain identity and the user's thin client desktop. Then, when a user desires to log in to his thin client desktop, the user can employ the appropriate biometric scanner on his mobile device to perform authentication. The central server can then rely on this authentication to identify and log the user into his thin client desktop.
    Type: Grant
    Filed: February 3, 2017
    Date of Patent: December 31, 2019
    Assignee: Wyse Technology L.L.C.
    Inventors: Salil Joshi, Puneet Kaushik, Sumit Popli, Suruchi Dubey, Oleg Rombakh, Varun Raghavan
  • Patent number: 10484334
    Abstract: An application profile is provided to manage security of an application deployed across two or more cloud computing networks. A user can define in the application profile first and second server groups, a cloud chamber as including the first and second server groups, and a computing flow to the cloud chamber. A firewall rule is generated based on the computing flow. The firewall rule is distributed to the first server group of the cloud chamber. A copy of the firewall rule is distributed to the second server group of the cloud chamber. The first server group is in a first cloud computing network that is provided by a first cloud provider. The second server group is in a second cloud computing network that is provided by a second cloud provider, different from the first cloud provider.
    Type: Grant
    Filed: April 13, 2017
    Date of Patent: November 19, 2019
    Assignee: Zentera Systems, Inc.
    Inventors: Jaushin Lee, Hung Chuen Jason Lee
  • Patent number: 10467432
    Abstract: Computer systems and methods for: (1) analyzing electronic correspondence associated with a data subject (e.g., the emails within one or more email in-boxes associated with the data subject); (2) based on the analysis, identifying at least one entity that that the data subject does not actively do business with (e.g., as evidenced by the fact that the data subject no longer opens emails from the entity, and/or has set up a rule to automatically delete emails received from the entity); and (3) in response to identifying the entity as an entity that the data subject no longer does business with, at least substantially automatically populating and/or submitting a data subject access request to the entity (e.g., to delete all personal information being processed by the entity).
    Type: Grant
    Filed: October 13, 2018
    Date of Patent: November 5, 2019
    Assignee: OneTrust, LLC
    Inventors: Kabir A. Barday, Mihir S. Karanjkar, Steven W. Finch, Ken A. Browne, Nathan W. Heard, Aakash H. Patel, Jason L. Sabourin, Richard L. Daniel, Dylan D. Patton-Kuhl, Kevin Jones, Jonathan Blake Brannon
  • Patent number: 10466916
    Abstract: A system including a baseboard management controller (BMC) and a storage device connected to the BMC, for dynamic protection of the storage device. The BMC includes a processor and a non-volatile memory storing a computer executable code. The computer executable code, when executed at the processor, is configured to: perform redirection of the storage device; receive a write protect command including write protect information of the storage device; extract the write protect information from the write protect command; store the write protect information in a data store of the non-volatile memory; and in response to receiving a write command to write data in the storage device, determine whether the data is writable to the storage device based on the write protect information stored in the data store. The data is written to the storage device only if it is determined that the data is writable to the storage device.
    Type: Grant
    Filed: April 28, 2015
    Date of Patent: November 5, 2019
    Assignee: AMERICAN MEGATRENDS INTERNATIONAL, LLC
    Inventor: Satheesh Thomas
  • Patent number: 10460097
    Abstract: A destination server communicates with a computer system using cryptographically protected communications utilizing a first negotiable feature. The destination server detects a triggering event and, in response to the triggering event, causes the cryptographic protected communications with the computer system to change from the first negotiable feature to a second negotiable feature. As a result of stored data indicating that the computer system fails to support the second negotiable feature, the destination server initiates a security measure.
    Type: Grant
    Filed: August 28, 2017
    Date of Patent: October 29, 2019
    Assignee: Amazon Technologies, Inc.
    Inventors: Nima Sharifi Mehr, Eric Desmond Keith Villiers
  • Patent number: 10439890
    Abstract: This disclosure relates to managing Fog computations between a coordinating node and Fog nodes. In one embodiment, a method for managing Fog computations includes receiving a task data and a request for allocation of at least a subset of a computational task. The task data includes data subset and task constraints associated with at least the subset of the computational task. The Fog nodes capable of performing the computational task are characterized with node characteristics to obtain resource data associated with the Fog nodes. Based on the task data and the resource data, an optimization model is derived to perform the computational task by the Fog nodes. The optimization model includes node constraints including battery degradation constraint, communication path loss constraint, and heterogeneous computational capacities of Fog nodes. Based on the optimization model, at least the subset of the computational task is offloaded to a set of Fog nodes.
    Type: Grant
    Filed: July 18, 2017
    Date of Patent: October 8, 2019
    Assignee: Tata Consultancy Services Limited
    Inventors: Ajay Kattepur, Hemant Kumar Rath, Anantha Simha
  • Patent number: 10432732
    Abstract: At least one processor is configured to cause a communication unit to transmit log-in request including an account and designation of a security mode to a service server via a relay device when the security mode is set and to transmit a log-in request including an account and designation of a normal mode to the service server via the relay device when the normal mode is set. The at least one processor is configured to the communication unit to log in the service server when permission of the log-in request is received from the service server via the relay device.
    Type: Grant
    Filed: May 24, 2016
    Date of Patent: October 1, 2019
    Assignee: KYOCERA CORPORATION
    Inventor: Noritake Shiga
  • Patent number: 10419378
    Abstract: A local gateway device receives email across the internet from a sender of the email and forwards it across the internet to an email filtering system. The email filtering system analyzes the email to determine whether it is spam, phishing or contains a virus and sends it back to the local gateway device along with the filtered determination. The local gateway device forwards the received email and the filtered determination to a local junk store which handles the email appropriately. For example, if the email has been determined to be spam, phishing or containing a virus, the junk store can quarantine the email and if the email has been determined to be non-spun and/or not phishing and/or not containing a virus, the junk store can forward the email to a local mail server for delivery.
    Type: Grant
    Filed: June 20, 2017
    Date of Patent: September 17, 2019
    Assignee: SONICWALL INC.
    Inventors: Scott K. Eikenberry, John Gmuender, Akbal Singh Karlcut, MichaelCarl Y. Uy, Boris Yanovsky
  • Patent number: 10412216
    Abstract: One embodiment relates to a processing method for a communication intended for at least one receiving terminal. The method may comprise receiving a communication intended for the at least one receiving terminal and obtaining a certified identifier and an uncertified identifier of a sender of the communication, the identifiers being comprised in a signal message for the communication. The method may further comprise comparing the certified identifier with the uncertified identifier and processing the communication including a process for searching for the certified identifier in a list containing certified identifiers for senders associated with uncertified identifiers of those senders; the processing process being based on the results of the comparison process and the searching process.
    Type: Grant
    Filed: June 10, 2016
    Date of Patent: September 10, 2019
    Assignee: ORANGE
    Inventors: Bertrand Bouvet, Fran├žois Toutain
  • Patent number: 10412057
    Abstract: A service access method and an apparatus. A secure transmission proxy apparatus performs verification and management on service permission, which reduces networking costs of a service server side and workload of reconstruction and maintenance of the service server side, and enhances communication security. A solution includes: decrypting, by a secure transmission proxy apparatus, a service request message sent by a client, where the service request message includes a service type; performing verification on service permission of a decrypted service request message according to the service type; performing protocol conversion on the decrypted service request message if the service permission verification succeeds; and sending a service request message obtained after the protocol conversion to a service server side, so that the service server side executes a corresponding service according to the service request message obtained after the protocol conversion.
    Type: Grant
    Filed: December 27, 2016
    Date of Patent: September 10, 2019
    Assignee: HUAWEI TECHNOLOGIES CO., LTD.
    Inventor: Cheng Liu
  • Patent number: 10402048
    Abstract: System and method for preventing undesirable smart device communications. A system includes memory for storing a list of contacts, the memory integrated into a smart device; and a locking application configured to permit a user to select and lock one or more contacts included within said list of contacts such that the user is unable to communicate with the selected one or more contacts via said smart device. The locking application may be further configured to permit a user to select a pre-established time period during which the one or more selected contacts remain locked. Challenges may be presented to the user to unlock the contacts in advance of the lockout time expiring. Optional features include GPS tracking, rewards, ride and networking modules.
    Type: Grant
    Filed: October 8, 2015
    Date of Patent: September 3, 2019
    Assignee: Colossus Mobile Applications LLC
    Inventor: Eric Carman
  • Patent number: 10396995
    Abstract: A method of providing a hash value for a piece of data is disclosed, where the hash value provides for a time-stamp for the piece of data upon verification, for limiting a risk of collisions between hash values. The method comprises collecting one or more root time-stamps for a root of a hash tree structure defining a hash function, wherein the root-time stamp is a root time-stamp from the past, determining whether a nonce may be received from a server, and upon failure to receive the nonce from the server, providing the hash value by a hash function of the root time-stamp and the piece of data, or upon success in receiving the nonce from the server, providing the hash value by the hash function of the root time-stamp, the piece of data and the nonce. An electronic device and a computer program are also disclosed.
    Type: Grant
    Filed: January 18, 2016
    Date of Patent: August 27, 2019
    Assignee: TELEFONAKTIEBOLAGET LM ERICSSON (publ)
    Inventors: Alexander Maximov, Martin Hell, Bernard Smeets
  • Patent number: 10367963
    Abstract: The second connector of the image forming apparatus behind the firewall connects to the first connector of the management server to establish a session. The web browser of the personal computer sends an HTTP request to the first compressor on the basis of an instruction from a user, a destination of the HTTP request being the web server unit of the image forming apparatus. The first compressor of the management server compresses the HTTP request received from the web browser to generate first compressed data, and sends the generated first compressed data to the second decompressor of the image forming apparatus through a communication path established between the first connector and the second connector. The second decompressor of the image forming apparatus decompresses the first compressed data received from the first compressor to reproduce the original HTTP request, and sends the HTTP request to the web server unit.
    Type: Grant
    Filed: September 15, 2017
    Date of Patent: July 30, 2019
    Assignee: KYOCERA DOCUMENT SOLUTIONS INC.
    Inventor: Takanao Kawai
  • Patent number: 10360376
    Abstract: A method is supplied for operating a computer unit, wherein on the computer unit an application can be executed which can access the functions of a crypto API, wherein the functions of the crypto API can be supplied by at least one crypto implementation on the computer unit. The method therein includes the following steps of: executing the application on the computer unit; checking what crypto implementations are available on the computer unit; and selecting one of the available crypto implementations as that crypto implementation which supplies the functions of the crypto API.
    Type: Grant
    Filed: December 14, 2015
    Date of Patent: July 23, 2019
    Assignee: GIESECKE+DEVRIENT MOBILE SECURITY GMBH
    Inventors: Laszlo Marton, Oliver Mihatsch
  • Patent number: 10346367
    Abstract: An access node of a distributed service collects workload data pertaining to at least one peer group of access nodes established for handling client requests. During a particular load shedding analysis, the access node uses the collected metrics to detect that a triggering condition for load shedding with respect to a set of persistent client connections has been met. Each persistent client connection is set up to be usable for a plurality of client requests. The access node initiates a phased termination of at least one selected persistent client connection. The phased termination comprises allowing completion of in-flight requests on the connection and rejecting new requests on the connection.
    Type: Grant
    Filed: April 30, 2015
    Date of Patent: July 9, 2019
    Assignee: Amazon Technologies, Inc.
    Inventors: Jacob David Luszcz, Jacob A. Strauss
  • Patent number: 10341299
    Abstract: In a computer-implemented method for collecting firewall flow records, firewall flow records are received from a plurality of data end nodes of a virtualized infrastructure comprising a distributed firewall according to a collection schedule, wherein the collection schedule defines which data end nodes of the plurality of data end nodes from which firewall flow records are collected, a frequency of collection of firewall flow records from the data end nodes, and an amount of firewall flow records collected from the data end nodes. Firewall flow records received at a firewall flow record collection queue are processed, such that the received firewall flow records are prepared for storage at a flow record data store.
    Type: Grant
    Filed: December 15, 2016
    Date of Patent: July 2, 2019
    Assignee: Nicira, Inc.
    Inventors: Kaushal Bansal, Medhavi Dhawan, Jerry Pereira, Shadab Shah, Sameer Kurkure
  • Patent number: 10341432
    Abstract: Optimizing web page loading by condensing web requests for files of a certain kind, format, or style. A system for web page loading may incorporate an embedded device having a processor, a web browser, and a web server for the embedded device connected to the web browser. One or more requests to the web server for files may be made by the web browser. Grouping a number of files of modules into one or a smaller number of files may speed up loading the files or requests for a web page. The one or more requests made by the web browser or the grouping the number of files into one or more files may be effected by a processor. The embedded device may combine resources on the fly, during runtime or dynamically into fewer resources when a request to do so is made.
    Type: Grant
    Filed: April 27, 2015
    Date of Patent: July 2, 2019
    Assignee: Honeywell International Inc.
    Inventor: Gareth Johnson
  • Patent number: 10333942
    Abstract: Methods, computing systems and computer program products implement embodiments of the present invention that include associating one or more client domains with a computer executing an LDAP client, defining one or more client roles for each of one or more client domains, and associating one or more privileges with each of the client roles. Upon detecting a login of a client user having a client user name, the client user name is conveyed to an LDAP server, and in response, one or more client groups are received from the LDAP server, each given client group comprising a server role and a server domain. For each received client group having a respective server domain matching a given client domain, the respective server role is matched to a given client role, and the one or more privileges associated with the given client role is assigned to the client user.
    Type: Grant
    Filed: July 8, 2014
    Date of Patent: June 25, 2019
    Assignee: INTERNATIONAL BUSINESS MACHINES CORPORATION
    Inventor: Ron S. Shapiro
  • Patent number: 10313423
    Abstract: A method and an apparatus for realizing web service. An apparatus having a binary web service interface to communicate with nodes operationally connected to the apparatus using a binary web service, the nodes having one or more resources, the binary web service interface being configured to receive information from a node whenever a resource of a node changes or whenever a pre-configured event regarding a resource occurs. The apparatus also has an interface for communicating with web applications making use of the resources and ap component for receiving subscriptions regarding the information received from the nodes and providing the subscribed information.
    Type: Grant
    Filed: February 20, 2017
    Date of Patent: June 4, 2019
    Assignee: Arm Finland OY
    Inventors: Zachary Shelby, Sampo Ukkola
  • Patent number: 10305972
    Abstract: A system for providing an isolated testing model for testing the disaster recovery capabilities of a streamlined backup network backing up a primary network. The primary network provides one or more users access to critical data and critical services. The system is configured to be switched between a production mode and a test mode. When the system is in the test mode, the primary network and the streamlined backup network form a live production environment and the streamlined backup network provides the one or more users access to the critical data and the critical services in the event the primary network is unable to do so. When the system is in the test mode, the streamlined backup network is removed from the live production environment by physically and logically isolating the streamlined backup network from the primary network.
    Type: Grant
    Filed: April 23, 2018
    Date of Patent: May 28, 2019
    Assignee: Hartford Fire Insurance Company
    Inventors: Kerry R Anderson, John G Buccetti, Joseph E Merola, Jr., Kenneth A Saucier
  • Patent number: 10264019
    Abstract: A device such as a smartphone may communicate with a server or other network entity using encrypted communications, making it difficult to examine such communications for purposes of identifying communication issues that may affect user QoE (quality of experience). In certain embodiments, an application may be modified to log communication data before encryption and after decryption. For example, the application program may be decompiled and logging instructions may be inserted before portion that result in data encryption and after portions where received data is decrypted. The modified application program may then be recompiled and executed on a device to produce an unencrypted log of data. In other embodiments, elements of the device operating system may be modified to log data before encryption and after decryption.
    Type: Grant
    Filed: October 6, 2017
    Date of Patent: April 16, 2019
    Assignee: T-Mobile USA, Inc.
    Inventor: Peter P. Myron
  • Patent number: 10218675
    Abstract: Devices, methods, systems, and computer-readable media for legacy device securitization within a microgrid system are described herein. One or more embodiments include a system having a microgrid network with at least one remote network connection to a non-local network device and the network having at least one local legacy device in communication with the non-local network device and a bump-in-the-wire (BITW) security device between the local legacy device and the at least one remote connection.
    Type: Grant
    Filed: April 27, 2015
    Date of Patent: February 26, 2019
    Assignee: Honeywell International Inc.
    Inventors: Apurva Mohan, Himanshu Khurana, Gregory Brainard, Scott Fischer
  • Patent number: 10154005
    Abstract: The invention presented herein is a system and method for automatically discovering communication capabilities for direct communication between endpoints across one or more unknown networks, the system comprising: a plurality of network enabled endpoints configured with a module in wireless communication with a management database, the module configured to establish a communication path for direct communication between the network-enabled endpoints, independent of a NAT router.
    Type: Grant
    Filed: January 19, 2018
    Date of Patent: December 11, 2018
    Inventors: Gary Mitchell, Scott Whittle, Kurt Quasebarth
  • Patent number: 10146964
    Abstract: Embodiments herein relate to a die to form a system-on-chip (SOC) with one or more other dies, with a policy arbitrator disposed on the die to manage security policies of the plurality of dies of the SOC, where the PA is to receive information about a security policy and a die type from a first of the one or more other dies, compare at least the received information about the security policy and the die type of the first other die with a security policy and a die type of the die, determine, based on the comparison, a common security policy for the plurality of dies of the SOC, and transmit the determined common security policy and the die type of the die to at least a second of the one or more other dies.
    Type: Grant
    Filed: June 6, 2017
    Date of Patent: December 4, 2018
    Assignee: INTEL CORPORATION
    Inventors: Neel Shah, Michael Neve De Mevergnies
  • Patent number: 10140447
    Abstract: Implementations of the present disclosure include methods, systems, and computer-readable storage mediums for receiving parameters defining a detection technique, an attack scenario, and detection logic, receiving configuration data that is specific to a target system that is to be monitored, providing an attack pattern based on the parameters and the configuration data, monitoring the target system based on the attack pattern and data provided by one or more logs of the target system, and selectively generating, based on monitoring, an alert indicating a potential end-to-end intrusion into the target system.
    Type: Grant
    Filed: December 11, 2015
    Date of Patent: November 27, 2018
    Assignee: SAP SE
    Inventors: Mohammad Ashiqur Rahaman, Cedric Hebert, Juergen Frank
  • Patent number: 10135793
    Abstract: Methods and a system are provided that, in turn, are for providing security between a user device and a computer related device. A method includes providing a distributed registry service that specifies a plurality of services available to support communications between the user device and the computer related device. The method further includes at least one of dynamically constructing and altering one or more multi-node transient processing pathways between the user device and the computer related device based on respective selected ones of the plurality of services. For at least one node in each of the one or more transient processing pathways, an address thereof and a time period the at least one node is active and capable of being used is set or changed, based on at least one of an application programming interface type and a data request type implicated by a received packet.
    Type: Grant
    Filed: June 26, 2015
    Date of Patent: November 20, 2018
    Assignee: INTERNATIONAL BUSINESS MACHINES CORPORATION
    Inventors: Timothy Durniak, Robert R. Friedlander, James R. Kraemer, Jeb Linton
  • Patent number: 10136311
    Abstract: The subject matter describes devices, networks, systems, media, and methods to create secure communications between wireless devices and cellular networks, where the wireless devices communicate with the cellular networks via multi-hopping methods in non-cellular networks.
    Type: Grant
    Filed: December 12, 2014
    Date of Patent: November 20, 2018
    Assignee: M87, INC.
    Inventors: Vidur Bhargava, Eric Kord Henderson, Peter Matthew Feldman
  • Patent number: 10129156
    Abstract: Concepts and technologies disclosed herein are directed to the dynamic creation and management of ephemeral coordinated feedback instances. In accordance with one aspect disclosed herein, a system can receive a feedback instance creation request. The feedback instance creation request can be received from a policy engine in response to the policy engine attempting to satisfy a policy request. The system can examine the feedback instance creation request to determine an objective to be met by a new feedback instance model. The system can build a specification for the new feedback instance model. The specification can be built in accordance with a feedback instance building policy. The system can create the new feedback instance model in accordance with the specification. The system can store the new feedback instance model and a unique identifier associated with the new feedback instance model in a feedback instance model repository.
    Type: Grant
    Filed: March 31, 2015
    Date of Patent: November 13, 2018
    Assignee: AT&T Intellectual Property I, L.P.
    Inventors: James W. Fan, Jeffrey A. Aaron
  • Patent number: 10122622
    Abstract: A method implemented by a network element (NE), comprising receiving a classification message comprising a classification rule for identifying a service function chain (SFC) in a network, wherein the SFC comprises an ordered set of service functions (SFs) that provides services to an application, and a dynamic application-specific contextual data associated with an operation of the application, receiving a first of a plurality of application data packets, determining that the first of the application data packets matches the classification rule, generating a first SFC packet by adding the dynamic application-specific contextual data to the first of the application data packets according to the classification rule to enable communication of the dynamic application-specific contextual data to at least one of the SFs in the SFC, and sending the first SFC packet towards a next NE according to an SF path in the network associated with the SFC.
    Type: Grant
    Filed: May 29, 2015
    Date of Patent: November 6, 2018
    Assignee: Futurewei Technologies, Inc.
    Inventors: Xiaobo Wang, Hong Zhang