Security Protocols Patents (Class 726/14)
-
Patent number: 12175603Abstract: Aspects of the present disclosure are directed to creating virtual doors within artificial reality (XR) universes for traversal within that XR universe and between other XR universes. Users can create virtual doors that control access to their privately owned property (e.g., world, parcel, house, etc.) in an XR universe. For example, an owner of a virtual door can manually lock the door to prevent any user from entering their property through the virtual door. As another example, an owner of a virtual door can configure door permissions and/or privacy settings that serve as heuristics by which a door access control manager determines whether to authorize a particular user, XR world, and/or XR universe to access. The XR universe traversal system can control an execution environment to smoothly transition between different applications, thereby enabling a user to traverse between different XR universes without having to leave the XR environment.Type: GrantFiled: September 29, 2022Date of Patent: December 24, 2024Assignee: Meta Platforms Technologies, LLCInventors: Rachel Cross, Patricia Dooley, Sarah Barrick, Jean Chin, Katerina Vasiliou, Tiffany Madruga
-
Patent number: 12176078Abstract: A system for communicating health data in a healthcare environment (1) comprises a communication network (4) for communicating health data in the healthcare environment (1), a reporting device (2) for transferring health data via the communication network (4), and a consuming device (3) for receiving health data from the reporting device (2) via a communication channel (41) of the communication network (4). Herein, the consuming device (3), for receiving health data from the reporting device (2), is constituted to send a subscription request message (A1) containing a subscription request to the reporting device (2), and that the reporting device (2) is constituted, upon receiving the subscription request message (A1), to validate the subscription request and to establish the communication channel (41) to transfer health data to the consuming device (3).Type: GrantFiled: September 5, 2018Date of Patent: December 24, 2024Assignee: Fresenius Vial SASInventor: Christophe Reynier
-
Patent number: 12158937Abstract: Systems and methods for uniquely identifying and regularly authenticating users at login are disclosed. A method may include an authentication computer program receiving a user identifier for a user as part of a login attempt from a workstation computer program; communicating a multifactor authentication request to an authenticator application executed on a user mobile electronic device; receiving a response to the multifactor authentication request from the authenticator application; verifying that the response to the multifactor authentication request matches an expected value; and saving user activity data associated with the login attempt, and a user trust computer program calculating a user trust score based on the user activity data; determining that the user trust score is above a threshold; and authorizing the login attempt to the workstation and a user session on the workstation.Type: GrantFiled: June 10, 2022Date of Patent: December 3, 2024Assignee: JPMORGAN CHASE BANK, N.A.Inventors: Meena Abdou, Hima Unnithan, Sunil Atluri, Amit Kumar Meshram, Thien B Le, Atousa Assadihaghi, Rhea Marpu, Rocky J Maufort, Moshe Caplan, Ben Craig, Myna Rai, Srinwantu Dey, Paul Manaloto
-
Patent number: 12149504Abstract: The present application relates to embodiments for detecting firewall drift. In some embodiments, a first set of firewall rules of a first firewall for a first instance of a distributed application, a second set of firewall rules of a second firewall for a second instance of the distributed application, and a mapping of IP addresses to identifiers of services from amongst a first set of services of the first instance and a second set of services of the second instance may be obtained. First connectivity data and second connectivity data may be generated indicating, for each of IP address associated with the first and second set of firewall rules, a respective port number over which communications between a respective IP address are transmitted, and generating comparison data indicating whether firewall drift is detected based on a comparison of the first connectivity data and the second connectivity data.Type: GrantFiled: December 29, 2023Date of Patent: November 19, 2024Assignee: THE BANK OF NEW YORK MELLONInventors: Benjamin Wu, Sridhar M. Seetharaman, Yaroslav Denega
-
Patent number: 12126495Abstract: A virtual network verification service for provider networks that leverages a declarative logic programming language to allow clients to pose queries about their virtual networks as constraint problems; the queries may be resolved using a constraint solver engine. Semantics and logic for networking primitives of virtual networks in the provider network environment may be encoded as a set of rules according to the logic programming language; networking security standards and/or client-defined rules may also be encoded in the rules. A description of a virtual network may be obtained and encoded. A constraint problem expressed by a query may then be resolved for the encoded description according to the encoded rules using the constraint solver engine; the results may be provided to the client.Type: GrantFiled: August 11, 2021Date of Patent: October 22, 2024Assignee: Amazon Technologies, Inc.Inventors: John Cook, Catherine Dodge, Sean McLaughlin
-
Patent number: 12058552Abstract: A system for validating automated vehicle data transmission capabilities of a vehicle is provided. The system includes a vehicle data transmission diagnostics (VDTD) server in communication with the vehicle and a plurality of roadside evaluation units. The VDTD server includes at least one processor and at least one memory device, and is programmed to: (i) determine that a data latency risk evaluation (DLRE) should be performed for the vehicle, (ii) transmit a DLRE request to the vehicle, (iii) receive, from the vehicle, a response to the transmitted DLRE request including trip data, the trip data including a selected route to be taken by the vehicle, (iv) interrogate the plurality of roadside evaluation units based upon the received trip data, and (v) select, based upon the interrogation, one of the plurality of roadside evaluation units to be a data latency evaluation checkpoint for the vehicle during the upcoming trip.Type: GrantFiled: January 27, 2023Date of Patent: August 6, 2024Assignee: State Farm Mutual Automobile Insurance CompanyInventors: Aaron Scott Chan, Kenneth Jason Sanchez
-
Patent number: 12015561Abstract: Systems and techniques are described that are directed to intelligent scheduling of Wi-Fi services for applications, including enhanced dynamic prioritization. A device, such as an access point (AP), can receive data packets from multiple connected devices to dynamically identify an application flow for each data packet, and dynamically identify a user associated with the application flow for each data packet. The AP can generate prioritized candidate lists for selected data packets in queues corresponding to an access category (AC). In response to determining that the identified user associated with the application flow corresponds with a critical user, the AP can select data packets for the prioritized candidate lists based at least in part on priority policies for each of a plurality of applications and based at least in part on dynamic prioritization of applications for each of a plurality of applications; and schedule data packets from the prioritized candidate lists.Type: GrantFiled: December 21, 2020Date of Patent: June 18, 2024Assignee: Hewlett Packard Enterprise Development LPInventors: Hao Lu, Sachin Ganu, Nitin A. Changlani, Xiaoding Shang, Qiang Zhou
-
Patent number: 12010103Abstract: A method performed by a first node implementing a first NF in a visited network (VPLMN) for communicating with a third node implementing a second NF in a home network (HPLMN) is provided. Embodiments include: determining that the third node should be communicated with; sending, towards a second node implementing a Security Edge Protection Proxy (SEPP) in the visited network, a request for a telescopic FQDN for the third node in the home network to be used by the first node in the visited network to communicate with the third node in the home network, which request comprises a FQDN of the third node in the home network; receiving, from the second node, a telescopic FQDN for the third node wherein the FQDN for the third node in the home network is flattened to a single label to be used by the first node to communicate with the third node.Type: GrantFiled: April 7, 2020Date of Patent: June 11, 2024Assignee: Telefonaktiebolaget LM Ericsson (publ)Inventors: Jesus-Angel de-Gregorio-Rodriguez, David Castellanos Zamora, Juha Kujanen
-
Patent number: 12010122Abstract: A system and method for detecting potential lateral movement using cloud keys in a cloud computing environment includes determining a first node in a security graph is a compromised node, wherein the security graph represents cloud entities of the cloud computing environment; detecting a cloud key node connected to the first node, wherein the cloud key node represents a cloud key of the cloud computing environment; and generating a potential lateral movement path, including the first node, and a second node, wherein the second node is connected to the cloud key node.Type: GrantFiled: September 26, 2023Date of Patent: June 11, 2024Assignee: Wiz, Inc.Inventors: Avi Tal Lichtenstein, Ami Luttwak, Daniel Hershko Shemesh
-
Patent number: 12003425Abstract: An integrated circuit includes: a processor; a receiver coupled to the processor; and memory coupled to the processor. The memory stores resource coordinator instructions that, when executed by the processor, cause the processor to: maintain a plurality of active secure sessions; identify a priority session trigger; and allocate receiver resources for incoming packets related to the plurality of active secure sessions based on the priority session trigger.Type: GrantFiled: July 28, 2021Date of Patent: June 4, 2024Assignee: TEXAS INSTRUMENTS INCORPORATEDInventors: Nir Shlomo Gross, Israel Zilbershmidet, Barak Cherches, David Levy
-
Patent number: 11979382Abstract: A method including configuring a VPN server to utilize a first exit IP address to transmit a query to a host device for requesting data of interest; configuring the VPN server to determine that the host device has blocked the first exit IP address; configuring the VPN server to establish, based on determining that the host device has blocked the first exit IP address, a secure connection with a secondary server to enable communication of encrypted information; and configuring the VPN server to transmit, to the secondary server over the secure connection, an encrypted message identifying the host device and the data of interest to be retrieved from the host device to enable the secondary server to transmit a second query to request the data of interest based on utilizing a second exit IP address, different from the first exit IP address is disclosed. Various other aspects are contemplated.Type: GrantFiled: October 5, 2022Date of Patent: May 7, 2024Assignee: UAB 360 ITInventors: Karolis Pabijanskas, Darius Simanel
-
Patent number: 11971992Abstract: Systems and methods for failure characterization of secure programmable logic devices (PLDs) are disclosed. An example system includes a secure PLD including programmable logic blocks (PLBs) arranged in PLD fabric of the secure PLD, and a configuration engine configured to program the PLD fabric according to a configuration image stored in non-volatile memory (NVM) of the secure PLD and/or coupled through a configuration input/output (I/O) of the secure PLD. The secure PLD is configured to receive a failure characterization (FC) command from the PLD fabric or an external system coupled to the secure PLD through the configuration I/O, and to execute the FC command to, at least in part, erase and/or nullify portions of the NVM. The secure PLD may also be configured to boot a debug configuration for the PLD fabric that identifies and/or characterizes operational failures of the secure PLD.Type: GrantFiled: November 9, 2020Date of Patent: April 30, 2024Assignee: Lattice Semiconductor CorporationInventors: Fulong Zhang, Srirama Chandra, Sreepada Hegade, Joel Coplen, Wei Han, Yu Sun
-
Patent number: 11882095Abstract: A computer-implemented method causes data processing hardware to perform operations for training a firewall utilization model. The operations include receiving firewall utilization data for firewall connection requests during a utilization period. The firewall utilization data includes hit counts for each sub-rule associated with at least one firewall rule. The operations also include generating training data based on the firewall utilization data. The training data includes unused sub-rules corresponding to sub-rules having no hits during the utilization period and hit sub-rules corresponding to sub-rules having more than zero hits during the utilization period. The operations also include training a firewall utilization model on the training data. The operations further include, for each sub-rule associated with the at least one firewall rule, determining a corresponding sub-rule utilization probability indicating a likelihood the sub-rule will be used for a future connection request.Type: GrantFiled: April 13, 2021Date of Patent: January 23, 2024Assignee: Google LLCInventors: Firat Kalaycilar, Xiang Wang, Gregory Lee Slaughter
-
Patent number: 11876781Abstract: Systems and methods provide for management of a gateway. In one embodiment, a method includes: in response to a request from a client device, establishing, by a computer system implementing a gateway to a private network, a network tunnel between the client device and the gateway; and starting a firewall service with a set of firewall rules on the computer system for selectively blocking and allowing network traffic between the client device and one or more network devices in the private network.Type: GrantFiled: September 9, 2019Date of Patent: January 16, 2024Assignee: CRYPTZONE NORTH AMERICA, INC.Inventors: Kurt Glazemakers, Per Johan Allansson, Thomas Bruno Emmanuel Cellerier, Kosmas Valianos, Tom Viljo Weber
-
Patent number: 11843453Abstract: This technology allows time synchronization in passive optical networks (“PON”). A first Ethernet device timestamps and transmits a packet to a second Ethernet device via the PON. The first Ethernet device transmits the packet to a small form-factor pluggable (“SFP”) device within the PON and connected to the first Ethernet device. The SFP device determines a transmission time to a second SFP device and modifies a correction field (“CF”) of the packet by subtracting an ingress time and the transmission time from the CF. The packet is transmitted to the second SFP device, which modifies the CF by the addition of an egress time. The modified CF value represents the real-time transmission delay incurred in the SFP devices. The packet is transmitted to a second Ethernet device to synchronize a clock using the timestamp and the CF value in accordance with the PTP/IEEE-1588 standard.Type: GrantFiled: April 7, 2021Date of Patent: December 12, 2023Assignee: Cisco Technology, Inc.Inventors: Prashant Anand, Ashok Chandre Gowda, Ajay Sandhir
-
Patent number: 11831608Abstract: In various examples, firewalls may include machine learning models that are automatically trained and applied to analyze service inputs submitted to input processing services and to identify whether service inputs are desirable (e.g., will result in an undesirable status code if processed by a service). When a service input is determined by a firewall to be desirable, the firewall may push the service input through to the input processing service for normal processing. When a service input is determined by the firewall to be undesirable, the firewall may block or drop the service input before it reaches the input processing service and/or server. This may be used to prevent the service input, which is likely to be undesirable, from touching a server that hosts the input processing service (e.g., preventing a crash).Type: GrantFiled: January 27, 2020Date of Patent: November 28, 2023Assignee: NVIDIA CorporationInventors: Christopher Schneider, William Bartig, Daniel Rohrer, Andrew Woodard
-
Patent number: 11811787Abstract: A system and method for detecting potential lateral movement using cloud keys in a cloud computing environment includes determining a first node in a security graph is a compromised node, wherein the security graph represents cloud entities of the cloud computing environment; detecting a cloud key node connected to the first node, wherein the cloud key node represents a cloud key of the cloud computing environment; and generating a potential lateral movement path, including the first node, and a second node, wherein the second node is connected to the cloud key node.Type: GrantFiled: March 31, 2022Date of Patent: November 7, 2023Assignee: WIZ, INC.Inventors: Avi Tal Lichtenstein, Ami Luttwak, Daniel Hershko Shemesh
-
Patent number: 11811786Abstract: A system and method for detecting potential lateral movement in a cloud computing environment includes detecting a private encryption key and a certificate, each of which further include a hash value of a respective public key, wherein the certificate is stored on a first resource deployed in the cloud computing environment; generating in a security graph: a private key node, a certificate node, and a resource node connected to the certificate node, wherein the security graph is a representation of the cloud computing environment; generating a connection in the security graph between the private key node and the certificate node, in response to determining a match between the hash values of the public key of the private key and the public key of the certificate; and determining that the first resource node is potentially compromised, in response to receiving an indication that an element of the public key is compromised.Type: GrantFiled: March 31, 2022Date of Patent: November 7, 2023Assignee: WIZ, INC.Inventors: Avi Tal Lichtenstein, Ami Luttwak, Yinon Costica
-
Patent number: 11805103Abstract: Examples of dynamically selecting tunnel endpoints are described. In an example, a request for authenticating a client device connected to an edge device via a wired link is received. The request includes information indicative of a port of the edge device at which the client device is connected and a type of the client device. Based on at least one of the port, the type, resource availability of a plurality of network devices, and location of the plurality of network devices, a network device is identified as a tunnel endpoint. A message indicative of a successful authentication of the client device is sent to the edge device. The message includes a network address of the network device identified as the tunnel endpoint.Type: GrantFiled: April 20, 2021Date of Patent: October 31, 2023Assignee: Hewlett Packard Enterprise Development LPInventors: Sasindran Devaraj, Vijayakumar Subramanian, Vinodh Kumar Velur Sukumarran
-
Patent number: 11784832Abstract: A method, system and/or computer usable program product for automatically managing the conveying of messages among multiple communication channels including (i) receiving, from a first computing system, an on-line message addressed to a user, (ii) automatically categorizing the message among a predetermined set of message categories stored in memory, (iii) identifying a set of on-line message channels preselected by the addressee user for receiving messages for each of the predetermined set of message categories, (iv) identifying a set of performance metrics stored in memory for optimizing message channel selection, (v) utilizing the performance metrics to automatically select an optimum message channel from the preselected message channels for sending the categorized message to a second computing system of the addressee user, (vi) automatically formatting the categorized message for the optimum message channel, and (vii) sending the formatted message on-line to the second computing system of the addressee usType: GrantFiled: May 26, 2021Date of Patent: October 10, 2023Assignee: INDEED, INC.Inventors: Michael Lee, Shannon Ohara Boon, Philippe P. Dage, Bassam Mehanni, Scott Warriner, Arun Kumar Gnanamani
-
Patent number: 11782938Abstract: A data monitoring and evaluation system may receive a query associated with a data record from a user. The system obtains target data including a plurality of data presentations associated with the data record. The system identifies a plurality of attributes associated with the data record and maps the same with each of the plurality of data presentations for identifying a data presentation modification. The system may evaluate the data presentation modification to identify a principal data presentation. The system may determine the conformity of the principal data presentation a rule to create a principal data record. The system may determine the conformity of the principal data record to a record acceptance parameter. The system may generate a data modeling result comprising the principal data record conforming to the record acceptance parameter.Type: GrantFiled: October 28, 2020Date of Patent: October 10, 2023Assignee: ACCENTURE GLOBAL SOLUTIONS LIMITEDInventor: Christopher James Stegmaier
-
Patent number: 11777907Abstract: Computer assets within a defined network are identified using scanning services respectively connected to each of a plurality of network zones within the defined network. A plurality of interne protocol (IP) addresses within the particular one of the network zones are identified by a particular scanning service contained within the particular one of the network zones. The particular scanning service collects information associated with each of the plurality of IP addresses and infers, using the collected information, additional information about the plurality of IP addresses. The particular scanning service validates the additional information and presents analytics based upon the collected information and the additional information. Firewalls contained within the particular one of the network zones are configured to allow access by the particular scanning service.Type: GrantFiled: March 24, 2021Date of Patent: October 3, 2023Assignee: INTERNATIONAL BUSINESS MACHINES CORPORATIONInventors: Abhishek Kumar Gautam, Kailash Chandra Verma, Pijush Kanti Biswas
-
Patent number: 11755616Abstract: The present technology pertains to a organization directory hosted by a synchronized content management system. The corporate directory can provide access to user accounts for all members of the organization to all content items in the organization directory on the respective file systems of the members' client devices. Members can reach any content item at the same path as other members relative to the organization directory root on their respective client device. In some embodiments novel access permissions are granted to maintain path consistency.Type: GrantFiled: April 22, 2021Date of Patent: September 12, 2023Assignee: Dropbox, Inc.Inventors: Thomas Kleinpeter, Tony Xu, Akos Albert, Nils Bunger, Sam Jau, Conor Woods, Aaron Staley
-
Patent number: 11748235Abstract: The technology relates to executing a multi-portion web application. A web browser executing on one or more computing devices may load a main portion of a web application into a main window. The web browser may load into a sandboxed environment a feature application. The feature application may include a portion of the web application. A release isolation framework (RIF) executing on the one or more computing devices, may apply one or more patches to the sandboxed environment. The one or more patches may be configured to redirect elements from a window of the sandboxed environment to the main window.Type: GrantFiled: June 29, 2021Date of Patent: September 5, 2023Assignee: Google LLCInventors: Michael Leibman, Yossi Kahlon, Jakub Onufry Wojtaszczyk, Jennifer Bourey
-
Patent number: 11743722Abstract: A method by an AUSF of a home PLMN configured to communicate through an interface with electronic devices is provided. A first authentication request is received from a first PLMN that is authenticating an electronic device. A first security key used for integrity protection of messages delivered from the home PLMN to the electronic device is obtained. A second authentication request is received from a second PLMN that is authenticating the electronic device. A second security key used for integrity protection of the messages delivered from the home PLMN to the electronic device is obtained. A message protection request is received. Which of the first security key and the second security key is a latest security key is determined. The latest security key is used to protect a message associated with the message protection request.Type: GrantFiled: June 2, 2021Date of Patent: August 29, 2023Assignee: Telefonaktiebolaget LM Ericsson (publ)Inventors: Noamen Ben Henda, David Castellanos Zamora, Monica Wifvesson, Vesa Lehtovirta
-
Patent number: 11736417Abstract: A programmable switch includes a plurality of ports for communicating with devices on a network. Circuitry of the programmable switch is configured to receive a series of related messages from a first device on the network via at least one port, and determine whether one or more messages of the series of related messages have been received out-of-order based at least in part on a sequence number included in the one or more messages. The series of related messages are sent by the programmable switch to a second device via one or more ports in an order indicated by sequence numbers included in the series of related messages by delaying at least one message. According to one aspect, a network controller selects a programmable switch between the first device and the second device to serve as a message sequencer for reordering out-of-order messages using a stored network topology.Type: GrantFiled: February 12, 2021Date of Patent: August 22, 2023Assignee: Western Digital Technologies, Inc.Inventors: Marjan Radi, Dejan Vucinic
-
Patent number: 11689563Abstract: Techniques for detecting emails that pertain to Internet services are disclosed. Information about such emails can be recognized by performing a discrete analysis of the email before delivering the email to the user and determining whether a corrective action is warranted. Such emails can be recognized by heuristic pattern analysis that scans incoming emails for patterns known to pertain to certain Internet services. Emails relating to other Internet services can be detected by a machine learning classifier that uses labeled training data. These accesses to Internet services can be written to a database. In many implementations, such discrete analysis is performed after an email has been classified as legitimate by one or both of a spam filter and a malware detector. An aggregate analysis, whose output can also update the database, can provide a broad picture of Internet service usage within a set of email users (e.g., by department).Type: GrantFiled: October 21, 2022Date of Patent: June 27, 2023Assignee: Nudge Security, Inc.Inventors: Russell Spitler, Jaime Blasco
-
Patent number: 11677584Abstract: A datagram-oriented UDP protocol is used for communication between tunnel gateways in a wide area network. Lightweight remote client accesses network services using TCP tunneling. Each remote client maintains one or more UDP/IP+DTLS communication channels to a single member of the gateway group. Gateway servers belonging to the gateway group form some interconnection topology linking each gateway server to each other gateway server, whereby each gateway server maintains a communication channel with every other gateway server in the gateway group.Type: GrantFiled: June 17, 2020Date of Patent: June 13, 2023Assignee: DH2I COMPANYInventors: Thanh Q. Ngo, Samuel Revitch
-
Patent number: 11665142Abstract: A computing system may include a proxy server application and a database. The proxy server application may provide, to a computing device disposed within a managed network, instructions to identify one or more processes executing on the computing device. The proxy server application may also determine, for a process of the one or more processes, a file system path of a directory associated with the process and, based thereon, select one or more directories to scan for files associated with the process. The computing device may be provided with instructions to (i) scan the one or more directories and (ii) determine a plurality of attributes associated with one or more files discovered therein. The proxy server application may additionally receive results of the scan containing a representation of the plurality of attributes and store, in the database, the results of the scan.Type: GrantFiled: March 29, 2021Date of Patent: May 30, 2023Assignee: ServiceNow, Inc.Inventors: Noam Biran, Amit Dhuleshia, Sreenevas Subramaniam
-
Patent number: 11665204Abstract: Methods and systems to manage permissions in a structured user-environment which provide a User Interface (UI) that provides a simple, intuitive administration to apply permissions at the user and group level to data in the structured user-environment. The UI also provides feedback to the administrator as to the inheritance path of each user and/or group as well as links between permissions, allowing the administrator to determine how a user or group was granted or denied access to a permission or resource.Type: GrantFiled: April 21, 2020Date of Patent: May 30, 2023Inventors: Ryan O'Byrne, Allan Yogasingam, Chris Burt
-
Patent number: 11645402Abstract: Methods and devices for determining whether a computing device has been compromised. File tree structure information for the computing device is obtained that details at least a portion of a tree-based structure of folders and files in a memory on the computing device. It is then determined from the file tree structure information that the computing device is compromised and, based on the determination that the computing device has been compromised, an action is taken.Type: GrantFiled: August 15, 2019Date of Patent: May 9, 2023Assignee: BlackBerry LimitedInventors: Chang Fung Yang, Chi Hing Ng, Robert Joseph Lombardi, Johnathan George White
-
Patent number: 11632365Abstract: Various methods, apparatuses/systems, and media for automatically establishing a communication between two or more applications that do not share a compatible authentication model are disclosed. A receiver receives a request from a first application to communicate with a second application, wherein the first application supports a first authentication model and the second application supports a second authentication model which is incompatible with the first authentication model. A processor utilizes a configurable gateway layer, in response to receiving the request, to mediate a communication between the first application and the second application; and routes the request from the first application to the configurable gateway layer. The configurable gateway layer translates the first authentication model to the second authentication model.Type: GrantFiled: May 28, 2021Date of Patent: April 18, 2023Assignee: JPMORGAN CHASE BANK, N.A.Inventors: Kumar Rao Krishnagi, Kevin Carrier, Vineshkumar Dharmalingam, Ritu Shrivastava, Ananth Rajasekaran, Najma Aden, Robert B Grant, Matthew J Porter, Nalini S Boda, Mark Alan Wells, Vijay Kumar Perla, Laxman Dongisharapu
-
Patent number: 11615201Abstract: Methods, systems, and programs are presented for securing user-address information. A first memory is configured according to a first table that does not include information about user identifiers. Each entry in the first table includes a physical location identifier and information about a physical location. A second memory is configured according to a second table, where each entry in the second table includes the physical location identifier and an account identifier of a user for accessing a service. The first and second tables are configured to separate profile information from the address information of the user. Additionally, a firewall is configured to control access to the second memory. The firewall defines an authentication zone including the second memory but not the first memory, where access to the second memory by internal services is allowed and direct access by the user to the second memory is denied.Type: GrantFiled: December 17, 2019Date of Patent: March 28, 2023Assignee: eBay Inc.Inventors: Snezana Sahter, Arumugam Alwarappan, Mahendar Madhavan, Mallikarjuna Potta
-
Patent number: 11611632Abstract: An example method to provide communication between a first computer in a first computer network and a second computer in a second computer network is disclosed. The method includes aliasing the second computer's address in the second computer network to a loopback interface of a third computer in the first computer network and establishing a tunnel between the third computer and a fourth computer in the second computer network. Establishing the tunnel includes configuring the fourth computer to forward traffic received from the tunnel to the second computer. The method further includes configuring routing in the first computer network to direct traffic destined for the second computer network to the third computer, and configuring the first computer to transmit packets destined for the second computer with the second computer's address in the second computer network.Type: GrantFiled: November 3, 2016Date of Patent: March 21, 2023Assignee: NICIRA, INC.Inventors: Andrey Todorov Petrov, Martin Valkanov
-
Patent number: 11611561Abstract: Technologies to facilitate supervision of an online identify include a gateway server to facilitate and monitor access to an online service by a user of a “child” client computer device. The gateway server may include an identity manager to receive a request for access to the online service from the client computing device, retrieve access information to the online service, and facilitate access to the online service for the client computing device using the access information. The access information is kept confidential from the user. The gateway server may also include an activity monitor module to control activity between the client computing device and the online service based on the set of policy rules of a policy database. The gateway server may transmit notifications of such activity to a “parental” client computing device for review and/or approval, which also may be used to update the policy database.Type: GrantFiled: June 26, 2020Date of Patent: March 21, 2023Assignee: Intel CorporationInventors: Alex Nayshtut, Omer Ben-Shalom, Hong Li
-
Patent number: 11601371Abstract: A surgical hub within a surgical hub network may include a controller having a processor, in which the controller may determine a priority of a communication, an interaction, or a processing of information based on a requirement of a device communicating with the hub. The device may be a smart surgical device. The requirement of the surgical device may comprise data processed by a device component of an associated system The controller may prioritize communication of the data processed by the device component of the associate system with the surgical device. A network of surgical hubs may include a plurality of surgical hubs. Each hub may have one of a plurality of controllers, in which a first of the plurality of controllers is configured to distribute an execution of a process and data used by the process among at least a subset of the plurality of surgical hubs.Type: GrantFiled: December 11, 2020Date of Patent: March 7, 2023Assignee: Cilag GmbH InternationalInventor: Frederick E. Shelton, IV
-
Patent number: 11588649Abstract: Methods, systems, and devices are provided for authenticating API messages using PKI-based authentication techniques. A client system can generate a private/public key pair associated with the client system and sign an API message using the private key of the private/public key pair and a PKI-based cryptographic algorithm, before sending the signed API message to a server system. The server system (e.g., operated by a service provider) can authenticate the incoming signed API message using a proxy authenticator located in less trusted zone (e.g., a perimeter network) of the server system. In particular, the proxy authenticator can be configured to verify the signature of the signed API message using the public key corresponding to the private key and the same cryptographic algorithm. The authenticated API message can then be forwarded to a more trusted zone (e.g., an internal network) of the server system for further processing.Type: GrantFiled: July 12, 2021Date of Patent: February 21, 2023Assignee: Visa International Service AssociationInventors: Minghua Xu, Jose Rios Trevino, Ying Hao
-
Patent number: 11570207Abstract: An example network device receives an encapsulated network packet via a network tunnel; extracts IPv6 header information from the encapsulated network packet; extracts IPv4 header information from the encapsulated network packet; determines that the encapsulated network packet is a spoofed network packet based on the IPv6 header information and the IPv4 header information; and in response to detecting the spoofed network packet, transmits a message to a Tunnel Entry Point (TEP) device, the message including data representing the IPv6 header information and IPv4 header information. A tunnel entry point (TEP) device may receive the message and use the message to detect spoofed IPv6 traffic, e.g., when an IPv6 header and an IPv4 header of an encapsulated packet matches the IPv6 header and the IPv4 header specified in the message. In this manner, the TEP device may block, rate limit, or redirect spoofed network traffic.Type: GrantFiled: December 31, 2019Date of Patent: January 31, 2023Assignee: Juniper Networks, Inc.Inventors: Ashish Suresh Ghule, Jagadish Narasimha Grandhi
-
Patent number: 11522835Abstract: A system and method for performing firewall operations on an edge service gateway virtual machine that monitors traffic for a network. The method includes detecting, from a directory service executing on a computing device, a login event on the computing device, obtaining, from the detected login event, login event information comprising an identifier that identifies a user associated with the login event, storing the login event information as one or more context attributes in an attribute table, and applying a firewall rule to a data message that corresponds to the one or more context attributes.Type: GrantFiled: July 3, 2018Date of Patent: December 6, 2022Assignee: VMware, Inc.Inventors: Arijit Chanda, Sirisha Myneni, Arnold Poon, Kausum Kumar, Dhivya Srinivasan
-
Patent number: 11516182Abstract: A firewall intelligence system, includes a data storage storing a set of firewall rules for a network; a recommendation engine that receives, from a log service, traffic logs detailing traffic for the network and firewall logs detailing the usage of firewall rules in response to the traffic for the network, accesses, from the data storage, the set of firewall rules for the network; processes the set of firewall rules to evaluate the firewall rules against a set of quantitative evaluation rules to determine one or more firewall rule recommendations, wherein each firewall rule recommendation is a recommendation to change at least one of the firewall rules in the set of firewall rules; and a front end API that provides data describing the one or more firewall rule recommendations to a user device.Type: GrantFiled: April 10, 2020Date of Patent: November 29, 2022Assignee: Google LLCInventors: Kan Cai, Vikas Aggarwal, Gargi Adhav, Rajendra Yavatkar, Ning Zhao, Vishal Gupta
-
Patent number: 11489909Abstract: Layer 7 protocol (non-HTTP) client applications are executed in the browser. The non-HTTP layer 7 protocol client application connects to a compute server that proxies layer 4 packets to the origin network that has the non-HTTP layer 7 protocol service. As an example, an SSH client (a non-HTTP layer 7 protocol) can execute in the browser and the TCP packets (layer 4 packets) are proxied by a compute server to the origin network that has the appropriate SSH server. The non-HTTP layer 7 protocol client application allows users to run commands or otherwise interact with the client as if they were using a native application (one that is not executed within the browser) without any client-side configuration or agent.Type: GrantFiled: December 22, 2021Date of Patent: November 1, 2022Assignee: CLOUDFLARE, INC.Inventors: Killian Koenig, Dane Orion Knecht, James Royal
-
Patent number: 11477291Abstract: In order to enable a dynamic handshake procedure, a device may be configured with a list of handshake contributors. Contributors with connection handshake properties may be added to the contributor list. To perform handshake, the contributor list is processed to extract the connection handshake properties of each contributor to the handshake. Handlers for handling the connection handshake properties may also be dynamically added and invoked when a handshake is received.Type: GrantFiled: August 31, 2021Date of Patent: October 18, 2022Assignee: Philips North America LLCInventors: Qin Ye, Robert W. Peterson, Thomas T. Wheeler
-
Patent number: 11394812Abstract: Disclosed herein are various systems, apparatuses, software, and methods relating to data diode-TCP proxy with a User Datagram Protocol (UDP) across a wide area network (WAN) comprising providing a WAN data diode using a uni-directional semantics protocol, providing a set of data diode proxies in either end of a point-to-point WAN link, providing a symmetric key encryption semantics to extend the WAN data diode securely across a WAN that is specified, wherein the symmetric key encryption semantics are implemented through the set of data diode proxies on either end of the point-to-point WAN link, employing a unidirectional protocol in communication transmitted using the WAN, and, with data diode proxies, terminating one or more data channels on either end of the point-to-point WAN link or transporting a requisite information across the WAN over the uni-directional protocol.Type: GrantFiled: May 18, 2020Date of Patent: July 19, 2022Assignee: Iotium, Inc.Inventors: Ron Victor, Dhawal Tyagi, Srivatsan Rajagopal, Dhruva Narasimhan
-
Patent number: 11360788Abstract: A configuration control transfer (“CCT”) system controls the transferring of control of configuration information of a device from a current configuration source to a target configuration source. A CCT server of the CCT system may send a request for the configuration information of the device where the configuration information of the device currently under control of the at least one first configuration source. The CCT server may also receive the requested configuration information, determine whether the second configuration source is able to support the configuration information of the first configuration source, and based at least on a determination that the second configuration source is able to support the configuration information, request that the device transfer control of the configuration information from the first configuration source to the second configuration source to unenroll the device with the first configuration source and enroll the device with the second configuration source.Type: GrantFiled: March 31, 2020Date of Patent: June 14, 2022Assignee: Microsoft Technology Licensing, LLCInventors: Tanvir Ahmed, Peter J. Kaufman, Shayak Lahiri, John Chadwell Spaith, Janani Vasudevan, Dennis Edward Flanagan
-
Patent number: 11349833Abstract: Aspects of the present invention disclose a method, computer program product, and system for multi-factor authentication. In response to a request for an action, the method includes one or more processors whether a first authentication credential passes validation. In response to determining that the first authentication credential does pass validation, the method further includes one or more processors determining a second authentication credential, wherein the second authentication credential includes an indication of a wireless connection between a first computing device and a second computing device. The method further includes one or more processors determining whether the second authentication credential passes validation. In response to determining that the second authentication credential passes validation, the method further includes one or more processors allowing execution of the requested response.Type: GrantFiled: March 21, 2020Date of Patent: May 31, 2022Assignee: KYNDRYL, INC.Inventors: Sarin Kumar Thayyilsubramanian, Debasisha Padhi, Anuradha Bhamidipaty, Firas Bouz
-
Patent number: 11334353Abstract: A method for multiparty computation wherein a plurality of parties each compute a preset function without revealing inputs thereof to others, comprises: each of the parties performing a validation step to validate that computation of the function is carried out correctly, wherein the validation step includes: a first step that prepares a plurality of verified multiplication triples and feeds a multiplication triple to a second step when required; and the second step that consumes a randomly selected multiplication triple generated by the first step, wherein the first step performs shuffling of the generated multiplication triples, in at least one of shuffle in a sequence and shuffle of sequences.Type: GrantFiled: May 18, 2017Date of Patent: May 17, 2022Assignees: NEC CORPORATION, BAR-ILAN UNIVERSITYInventors: Toshinori Araki, Kazuma Ohara, Jun Furukawa, Lindell Yehuda, Nof Ariel
-
Patent number: 11323288Abstract: Server cluster communication across the public internet using a single secure User Datagram Protocol (UDP) is facilitated by an intermediary registry server. The intermediary registry server enables servers within a cluster to identify and securely communicate with peer servers in the cluster across disparate locations and through firewalls Using an external address registry shared to each member of a server cluster peer group, individual servers can establish a direct secure channel using a single UDP tunnel.Type: GrantFiled: August 6, 2019Date of Patent: May 3, 2022Assignee: DH2I COMPANYInventors: Thanh Q. Ngo, Samuel Revitch
-
Patent number: 11310285Abstract: Adaptive network security policies can be selected by assigning a number of risk values to security intelligence associated with network traffic, and identifying a number of security policies to implement based on the risk values.Type: GrantFiled: July 2, 2019Date of Patent: April 19, 2022Assignee: Trend Micro IncorporatedInventors: Harry A. Bryson, Malcolm Dodds, Wei Lu, Julian Palmer
-
Patent number: 11288392Abstract: A system includes a data owner interface, a database, a requester interface, an approver interface, a database interface, and a central controller. The data owner interface can provide protected data and data usage rules. The database can store the protected data. The requester interface can provide a request to access the protected data and receive sanitized results. The approver interface can provide approval or disapproval of access to the protected data and receive the data usage rules. The database interface can store the protected data in the database and provide access to the protected data.Type: GrantFiled: August 26, 2020Date of Patent: March 29, 2022Assignee: CAPITAL ONE SERVICES, LLCInventors: Mark Watson, Anh Truong, Vincent Pham, Reza Farivar, Fardin Abdi Taghi Abad, Jeremy Goodsitt, Austin Walters
-
Patent number: 11283842Abstract: A method is described, the method relating to control of a communication between a first device and a second device using a communication protocol including at least a first transaction, and at least one subsequent second transaction. The method can include transmission, by the first device to the second device during the first transaction, of both a maximum acceptable delay between the end of the first transaction and the beginning of the second transaction, as well as an explicit indication of the type of message characterizing the beginning of the second transaction. The second device can then trigger a timer for the delay. The method is applicable to IMS networks.Type: GrantFiled: May 18, 2018Date of Patent: March 22, 2022Assignee: ORANGEInventors: José Doree, Jean-Claude Le Rouzic