Security Protocols Patents (Class 726/14)
  • Patent number: 11360788
    Abstract: A configuration control transfer (“CCT”) system controls the transferring of control of configuration information of a device from a current configuration source to a target configuration source. A CCT server of the CCT system may send a request for the configuration information of the device where the configuration information of the device currently under control of the at least one first configuration source. The CCT server may also receive the requested configuration information, determine whether the second configuration source is able to support the configuration information of the first configuration source, and based at least on a determination that the second configuration source is able to support the configuration information, request that the device transfer control of the configuration information from the first configuration source to the second configuration source to unenroll the device with the first configuration source and enroll the device with the second configuration source.
    Type: Grant
    Filed: March 31, 2020
    Date of Patent: June 14, 2022
    Assignee: Microsoft Technology Licensing, LLC
    Inventors: Tanvir Ahmed, Peter J. Kaufman, Shayak Lahiri, John Chadwell Spaith, Janani Vasudevan, Dennis Edward Flanagan
  • Patent number: 11349833
    Abstract: Aspects of the present invention disclose a method, computer program product, and system for multi-factor authentication. In response to a request for an action, the method includes one or more processors whether a first authentication credential passes validation. In response to determining that the first authentication credential does pass validation, the method further includes one or more processors determining a second authentication credential, wherein the second authentication credential includes an indication of a wireless connection between a first computing device and a second computing device. The method further includes one or more processors determining whether the second authentication credential passes validation. In response to determining that the second authentication credential passes validation, the method further includes one or more processors allowing execution of the requested response.
    Type: Grant
    Filed: March 21, 2020
    Date of Patent: May 31, 2022
    Assignee: KYNDRYL, INC.
    Inventors: Sarin Kumar Thayyilsubramanian, Debasisha Padhi, Anuradha Bhamidipaty, Firas Bouz
  • Patent number: 11334353
    Abstract: A method for multiparty computation wherein a plurality of parties each compute a preset function without revealing inputs thereof to others, comprises: each of the parties performing a validation step to validate that computation of the function is carried out correctly, wherein the validation step includes: a first step that prepares a plurality of verified multiplication triples and feeds a multiplication triple to a second step when required; and the second step that consumes a randomly selected multiplication triple generated by the first step, wherein the first step performs shuffling of the generated multiplication triples, in at least one of shuffle in a sequence and shuffle of sequences.
    Type: Grant
    Filed: May 18, 2017
    Date of Patent: May 17, 2022
    Assignees: NEC CORPORATION, BAR-ILAN UNIVERSITY
    Inventors: Toshinori Araki, Kazuma Ohara, Jun Furukawa, Lindell Yehuda, Nof Ariel
  • Patent number: 11323288
    Abstract: Server cluster communication across the public internet using a single secure User Datagram Protocol (UDP) is facilitated by an intermediary registry server. The intermediary registry server enables servers within a cluster to identify and securely communicate with peer servers in the cluster across disparate locations and through firewalls Using an external address registry shared to each member of a server cluster peer group, individual servers can establish a direct secure channel using a single UDP tunnel.
    Type: Grant
    Filed: August 6, 2019
    Date of Patent: May 3, 2022
    Assignee: DH2I COMPANY
    Inventors: Thanh Q. Ngo, Samuel Revitch
  • Patent number: 11310285
    Abstract: Adaptive network security policies can be selected by assigning a number of risk values to security intelligence associated with network traffic, and identifying a number of security policies to implement based on the risk values.
    Type: Grant
    Filed: July 2, 2019
    Date of Patent: April 19, 2022
    Assignee: Trend Micro Incorporated
    Inventors: Harry A. Bryson, Malcolm Dodds, Wei Lu, Julian Palmer
  • Patent number: 11288392
    Abstract: A system includes a data owner interface, a database, a requester interface, an approver interface, a database interface, and a central controller. The data owner interface can provide protected data and data usage rules. The database can store the protected data. The requester interface can provide a request to access the protected data and receive sanitized results. The approver interface can provide approval or disapproval of access to the protected data and receive the data usage rules. The database interface can store the protected data in the database and provide access to the protected data.
    Type: Grant
    Filed: August 26, 2020
    Date of Patent: March 29, 2022
    Assignee: CAPITAL ONE SERVICES, LLC
    Inventors: Mark Watson, Anh Truong, Vincent Pham, Reza Farivar, Fardin Abdi Taghi Abad, Jeremy Goodsitt, Austin Walters
  • Patent number: 11283842
    Abstract: A method is described, the method relating to control of a communication between a first device and a second device using a communication protocol including at least a first transaction, and at least one subsequent second transaction. The method can include transmission, by the first device to the second device during the first transaction, of both a maximum acceptable delay between the end of the first transaction and the beginning of the second transaction, as well as an explicit indication of the type of message characterizing the beginning of the second transaction. The second device can then trigger a timer for the delay. The method is applicable to IMS networks.
    Type: Grant
    Filed: May 18, 2018
    Date of Patent: March 22, 2022
    Assignee: ORANGE
    Inventors: José Doree, Jean-Claude Le Rouzic
  • Patent number: 11252184
    Abstract: An anti-attack data transmission method and an apparatus thereof are provided. The method includes obtaining a communication protocol message to be transmitted; performing an anti-attack pre-processing for data on information bit(s) located at a message header in the communication protocol message, and generating processing information; storing the processing information in extension bit(s) at the message header of the communication protocol message to obtain a converted communication protocol message, wherein the message header of the communication protocol message includes the information bit(s) and the extension bit(s); and sending the converted communication protocol message to a receiving device. The present disclosure solves the problem of false negatives associated with normally transmitted data flow caused by existing anti-attack methods.
    Type: Grant
    Filed: April 27, 2018
    Date of Patent: February 15, 2022
    Assignee: Alibaba Group Holding Limited
    Inventors: Yifan Tu, Zhao Zhang, Jiarui Zhu
  • Patent number: 11240661
    Abstract: A secure Simultaneous Authentication of Equals (SAE) anti-clogging mechanism may be provided. A public key of an access point may be provided from the access point to a client attempting to connect with a network via the access point. The access point may receive from the client a first anti-clogging token and a public key of the client. The first anti-clogging token may be generated by the first client using a shared secret based on a private key of the client and the public key of the access point and a multiplier. The access point may generate a second anti-clogging token using a shared secret based on a private key of the access point and the public key of the client and the multiplier. The access point may then verify the first anti-clogging token and the second anti-clogging token match to authenticate the client.
    Type: Grant
    Filed: September 3, 2019
    Date of Patent: February 1, 2022
    Assignee: CISCO TECHNOLOGY, INC.
    Inventors: Abhishek Dhammawat, Mansi Jain
  • Patent number: 11228563
    Abstract: Systems and methods for implementing a micro firewall in a mobile application are provided here. Firewall logic can be injected or provided to a mobile application. The firewall logic can provide one or more rules for processing network traffic from application programming interfaces (APIs) of the mobile application. The mobile application having the firewall logic can be made available for installation on a mobile device. The mobile application having the firewall logic can be provided or installed on to a mobile device. During execution of the mobile application, the firewall logic of the mobile application can hook a plurality of API calls of the mobile application relevant to network traffic. The firewall logic can apply one or more rules of the firewall logic to process network traffic corresponding to an API call of the plurality of API calls of the mobile application.
    Type: Grant
    Filed: December 18, 2018
    Date of Patent: January 18, 2022
    Assignee: CITRIX SYSTEMS, INC.
    Inventor: Jeffrey David Wisgo
  • Patent number: 11212312
    Abstract: Techniques for polluting phishing campaign responses with content that includes fake sensitive information of a type that is being sought in phishing messages. Embodiments disclosed herein identify phishing messages that are designed to fraudulently obtain sensitive information. Rather than simply quarantining these phishing messages from users' accounts to prevent users from providing “real” sensitive information, embodiments disclosed herein analyze these phishing messages to determine what type(s) of information is being sought and then respond to these phishing messages with “fake” sensitive information of these type(s). For example, if a phishing message is seeking sensitive credit card and/or banking account information, some fake information of this type(s) may be generated and sent in response to the phishing message. In various implementations, a natural language processing (NLP) model may be used to analyze the phishing message and/or generate a response thereto.
    Type: Grant
    Filed: August 9, 2018
    Date of Patent: December 28, 2021
    Assignee: MICROSOFT TECHNOLOGY LICENSING, LLC
    Inventor: Brian Michael Wilcox
  • Patent number: 11178105
    Abstract: Techniques for implementing a secure enclave-based guest firewall are provided. In one set of embodiments, a host system can load a policy enforcer for a firewall into a secure enclave of a virtual machine (VM) running on the host system, where the secure enclave corresponds to a region of memory in the VM's guest memory address space that is inaccessible by processes running in other regions of the guest memory address space (including privileged processes that are part of the VM's guest operating system (OS) kernel). The policy enforcer can then, while running within the secure enclave: (1) obtain one or more security policies from a policy manager for the firewall, (2) determine that an event has occurred pertaining to a new or existing network connection between the VM and another machine, and (3) apply the one or more security policies to the network connection.
    Type: Grant
    Filed: June 17, 2019
    Date of Patent: November 16, 2021
    Assignee: VMWARE, INC.
    Inventors: Shirish Vijayvargiya, Alok Nemchand Kataria, Deep Shah
  • Patent number: 11178186
    Abstract: A method, apparatus, system, and computer program product for evaluating enforcement decisions on an asset using a policy. Rules in the policy are applied by a computer system to the asset taking into account a context for a request to access the asset in response receiving to the request to access the asset, and wherein the rules in the policy determine whether access to the asset is allowed. A determination is made by the computer system as to whether a conflict is present in an initial decision made using the rules in the policy. A set of conflict resolution processes are applied by the computer system when the conflict is present such that a final decision is made on the request to access the asset.
    Type: Grant
    Filed: March 19, 2020
    Date of Patent: November 16, 2021
    Assignee: International Business Machines Corporation
    Inventors: Roger C. Raphael, Rajesh M. Desai, Ety Khaitzin, Shalu Agrawal, Angineh Aghakiant
  • Patent number: 11153278
    Abstract: A method for information interaction includes: when an access request sent by a webpage to a preset domain name is received by a browser component, resolving the preset domain name into a designated access address, the access request being sent by the webpage when the webpage is required to interact with an operating system of a terminal, and the designated access address being an access address that has not been occupied; sending the access request to the designated access address as a destination address; and when a firewall detects that the destination address of the access request is the designated access address, redirecting the access request to a local web service, the local web service being configured for information interaction with the operating system of the terminal.
    Type: Grant
    Filed: March 13, 2019
    Date of Patent: October 19, 2021
    Assignee: BEIJING XIAOMI MOBILE SOFTWARE CO., LTD.
    Inventors: Junjie Dong, Shun Chen, Hongguang Dong
  • Patent number: 11151272
    Abstract: A computing environment for monitoring usage of an application to identify characteristics and trigger security control includes an application system that performs a query configured to identify any application calls performed in a predetermined period of time within the computing environment; for each identified application call, builds a corresponding application characteristics entry in a database; for each identified application call, identifies a plurality of characteristics of the called application including at least one downstream resource; associates the identified plurality of characteristics with the application characteristics entry in the database, thereby creating an application mapping; identifies security controls associated with each of the applications in the application mapping; associates the identified security controls with the associated application characteristics entry in the application mapping; and automatically triggers assessment of an effectiveness of the security controls in re
    Type: Grant
    Filed: January 24, 2020
    Date of Patent: October 19, 2021
    Assignee: BANK OF AMERICA CORPORATION
    Inventors: Katherine McDonald, Nicolette Boyd
  • Patent number: 11144672
    Abstract: A method useful for implementing an enterprise risk and compliance automation engine comprises the step of obtaining an information technology (IT) security policy standard. The method comprises normalizing the IT security policy standard into a machine-readable format. The method comprises templatizing the machine-readable format version of the IT security policy standard. Each template comprises a collection of controls. Each control comprises a statement that describes a condition that a transaction or activity an IT system is required to perform by IT security policy standard; discovering a set of configurations of the IT system. The method comprises comparing the set of configurations of the IT system with the collection of controls of each template. The method comprises generating a validation report that comprises a report of whether the set of configurations of the IT system satisfies the collection of controls of each template.
    Type: Grant
    Filed: August 12, 2018
    Date of Patent: October 12, 2021
    Assignee: International Business Machines Corporation
    Inventors: Ramamurthy Vaidhyanathan, Prabakar Sundarrajan, Janga Aliminati
  • Patent number: 11144302
    Abstract: A method and system for contraindicating firmware and driver updates. Specifically, the disclosed method and system entail discerning whether installation of a hardware device firmware and/or device driver update, targeting a hardware device on a host device, would succeed or fail given a set of features (or indicators) reflective of the current host device state and metadata respective to the hardware device update. Further, the determination may employ predictive machine learning techniques.
    Type: Grant
    Filed: October 31, 2019
    Date of Patent: October 12, 2021
    Assignee: EMC IP Holding Company LLC
    Inventors: Rajeev Arakkal, Sajna N Shetty, Felix Stephen Anthuvan, Jagadeesh Nerambol Voovaiah, Shrinidhi Katte, Sachin Kumar
  • Patent number: 11140545
    Abstract: The present disclosure relates to methods, apparatus, and systems for protecting data in a communications system. One example method includes obtaining, by a core network node, information associated with a service of a terminal device, and determining, by the core network node and based on the information associated with the service, a network node that is to perform security protection on data of the service.
    Type: Grant
    Filed: July 25, 2019
    Date of Patent: October 5, 2021
    Assignee: Huawei Technologies Co., Ltd.
    Inventors: Kai Pan, He Li, Jing Chen, Li Hu
  • Patent number: 11140178
    Abstract: A method and system for collecting information on responses and their interpretation on a client device that requests access to a server. A request to access the server is received. If there was a response by the server for this request, then the response is being intercepted and is being injected with a client side language script to be executed by the requesting client side device. Information is collected at the server side from the execution of the injected client side language script by the client device.
    Type: Grant
    Filed: September 16, 2010
    Date of Patent: October 5, 2021
    Assignee: F5 Networks, Inc.
    Inventors: Shlomo Yona, Ron Talmor
  • Patent number: 11134066
    Abstract: To provide secure communication over end-to-end data paths or segments of end-to-end paths in a timed deterministic packet network including a plurality of packet engines that perform packet handling, cipher engines are provided separately from the packet engines. The cipher engines are operative to perform at least one cyber security function. A cipher engine and key manager provides central control for the plurality of cipher engines. A centralized packet flow path manager, PFPM, may set up endpoint nodes and intermediate transit nodes of the end-to-end data paths of the packet network.
    Type: Grant
    Filed: September 9, 2019
    Date of Patent: September 28, 2021
    Assignee: ABB Power Grids Switzerland AG
    Inventors: Wolfgang Spahn, Jon Duri Sarott
  • Patent number: 11129226
    Abstract: Two devices can be connected for communication by a wireless connection, where those devices will function as master and slave devices with respect to that connection. A slave device to a connection can perform changes to the connection on behalf of an application, subsystem, or other such source on either the slave device or a master device. These changes can include changes to connection parameter values, or can include state changes such as to perform a disconnect action. Enabling the slave device to perform these actions can help to bypass any restrictions that would otherwise prevent these actions being performed from a master device to the connection.
    Type: Grant
    Filed: May 6, 2020
    Date of Patent: September 21, 2021
    Assignee: Fitbit, Inc.
    Inventors: Gilles Luc Jean Francois Boccon-Gibod, Andrew Scott Branscomb, Irvin Owens, Hsiao-Kai Wang, Sylvain Pierre Christophe Rebaud, Samuel Cordes Vaughan
  • Patent number: 11128600
    Abstract: A method of defining distributed firewall rules in a group of datacenters is provided. Each datacenter includes a group of data compute nodes (DCNs). The method sends a set of security tags from a particular datacenter to other datacenters. The method, at each datacenter, associates a unique identifier of one or more DCNs of the datacenter to each security tag. The method associates one or more security tags to each of a set of security group at the particular datacenter and defines a set of distributed firewall rules at the particular datacenter based on the security tags. The method sends the set of distributed firewall rules from the particular datacenter to other datacenters. The method, at each datacenter, translates the firewall rules by mapping the unique identifier of each DCN in a distributed firewall rule to a corresponding static address associated with the DCN.
    Type: Grant
    Filed: December 21, 2016
    Date of Patent: September 21, 2021
    Assignee: NICIRA, INC.
    Inventors: Kaushal Bansal, Uday Masurekar
  • Patent number: 11115441
    Abstract: A method and a proxy server for selecting an input server of an IMS communication network in order to register a terminal in the IMS communication network. Following receipt from the terminal of an SIP registration message, the proxy server obtains a value of at least one field of the SIP registration message, the field being representative of a characteristic belonging to the terminal, and selects an input server using the at least one value obtained. Then, the proxy server sends, to the terminal, an SIP redirection message including an IP address of the selected input server.
    Type: Grant
    Filed: February 10, 2017
    Date of Patent: September 7, 2021
    Assignee: ORANGE
    Inventors: Bertrand Bouvet, Stephane Boizard
  • Patent number: 11108823
    Abstract: A method, an apparatus, a system, and a computer program product for handling security threats in a network data processing system. A computer system determines a connection type for a connection in response to detecting the connection between a target resource in the network data processing system and a requestor. The computer system redirects the connection to a virtual resource in place of the target resource when the connection type is a threat connection, wherein the requestor originating the connection to the target resource is unable to perceive a redirection of the connection to the virtual resource. The computer system records information in the connection redirected to the virtual resource to form recorded information. The computer system adjusts a security policy for handling connections in the network data processing system using the recorded information, wherein the security threats in the network data processing system are decreased using the security policy.
    Type: Grant
    Filed: July 31, 2018
    Date of Patent: August 31, 2021
    Assignee: International Business Machines Corporation
    Inventors: Sheng Yan Sun, Shuo Li, Xiaobo Wang, Hong Mei Zhang, Yu Wang
  • Patent number: 11106785
    Abstract: A cloud-based fleet of sandboxes is scalable along two tiers. Additional sandboxes may be added to a particular sandbox network in a particular sandbox stack, or additional sandbox stacks may be added. Isolation of individual sandboxes within a sandbox network is provided by virtual switches or routers, and subnetting. Isolation of sandbox networks is provided by network or port address translation, and by running hypervisors in respective infrastructure-as-a-service virtual machines. Provisioning efficiency can be provided by the two-tiered architecture, by use of differencing disks, by use of virtual machine scale sets, and by hybrid core-count sandboxes. Sandboxes may be secured but still have outgoing internet connectivity. Workloads run in the sandbox may include builds, tests of development code, investigations of possible malware, and other tasks.
    Type: Grant
    Filed: October 22, 2018
    Date of Patent: August 31, 2021
    Assignee: Microsoft Technology Licensing, LLC
    Inventors: Sajay Antony, Bin Du, Bradley Thomas Haverstein, Eric Hotinger, Nagalakshmi Duggaraju, Steven M. Lasker
  • Patent number: 11102179
    Abstract: A system and method for anonymous message broadcasting uses secret shares of a first vector of size i and a second vector of size j from each client device with a message in an anonymity set of client devices. Each secret share of the first and second vectors is received at each of a plurality of message broadcasting servers to construct a matrix M of i and j dimensions, which is added to a matrix A of i and j dimensions maintained at that message broadcasting server. The matrix A at each message broadcasting server is shared with the other message broadcasting servers and a final matrix A is constructed using the shared matrices A at each message broadcasting server, wherein the final matrix A includes the messages from the client devices in the anonymity set. The messages in the final matrix A are broadcasted from the message broadcasting servers.
    Type: Grant
    Filed: January 21, 2020
    Date of Patent: August 24, 2021
    Assignee: VMware, Inc.
    Inventors: Avishay Yanai, Ittai Abraham
  • Patent number: 11100218
    Abstract: Systems and methods for analyzing SQL queries for constraint violations for injection attacks. Tokenizing a SQL query generates a token stream. A parse tree is constructed by iterating over lexical nodes of the token stream. The parse tree is compared to a SQL schema and access configuration for a database in order to analyze the SQL query for constraint violations. Evaluation flaws are also detected. A step-wise, bottom-up approach is employed to walk through the parse tree to detect types and to ascertain from those types whether the condition for SQL execution is static or dynamic. SQL request security engine logic refers to predetermined protective action data and takes the particular type of action specified by the predetermined protective action data. Security is further enhanced by limiting service of requests to requests of one or more specific, accepted data types. Each request is parsed into individual data elements, each an associated key-value pair.
    Type: Grant
    Filed: June 22, 2018
    Date of Patent: August 24, 2021
    Assignee: PREVOTY, INC.
    Inventor: Kunal Anand
  • Patent number: 11095687
    Abstract: Apparatus to enforce network policy based on identity authentication at a network endpoint device by offloading the authentication to a network attached authentication devices is disclosed. The authentication device may use Statistical Object Identification to perform the authentication. The present invention greatly reduces the resources needed by the network endpoint device to perform the authentication and eliminates the topological restrictions found in traditional network appliance based approaches.
    Type: Grant
    Filed: July 24, 2018
    Date of Patent: August 17, 2021
    Assignee: Blue Armor Technologies, LLC
    Inventors: Charles Andrew Gram, John William Hayes
  • Patent number: 11088853
    Abstract: Methods, systems, and devices are provided for authenticating API messages using PKI-based authentication techniques. A client system can generate a private/public key pair associated with the client system and sign an API message using the private key of the private/public key pair and a PKI-based cryptographic algorithm, before sending the signed API message to a server system. The server system (e.g., operated by a service provider) can authenticate the incoming signed API message using a proxy authenticator located in less trusted zone (e.g., a perimeter network) of the server system. In particular, the proxy authenticator can be configured to verify the signature of the signed API message using the public key corresponding to the private key and the same cryptographic algorithm. The authenticated API message can then be forwarded to a more trusted zone (e.g., an internal network) of the server system for further processing.
    Type: Grant
    Filed: November 6, 2018
    Date of Patent: August 10, 2021
    Assignee: Visa International Service Association
    Inventors: Minghua Xu, Jose Rios Trevino, Ying Hao
  • Patent number: 11082431
    Abstract: Technologies to facilitate supervision of an online identify include a gateway server to facilitate and monitor access to an online service by a user of a “child” client computer device. The gateway server may include an identity manager to receive a request for access to the online service from the client computing device, retrieve access information to the online service, and facilitate access to the online service for the client computing device using the access information. The access information is kept confidential from the user. The gateway server may also include an activity monitor module to control activity between the client computing device and the online service based on the set of policy rules of a policy database. The gateway server may transmit notifications of such activity to a “parental” client computing device for review and/or approval, which also may be used to update the policy database.
    Type: Grant
    Filed: August 5, 2019
    Date of Patent: August 3, 2021
    Assignee: Intel Corporation
    Inventors: Alex Nayshtut, Omer Ben-Shalom, Hong Li
  • Patent number: 11082556
    Abstract: A system and method for determining spoofing of at least one identifier are described, the identifier being intended for the use of a communication device, during communication between a first communication terminal and a second communication terminal. The method can be implemented by a device for determining spoofing of at least one identifier. The method can include receiving a signaling message of the communication from the first communication terminal and intended for the second communication terminal, the signaling message including at least one identifier and at least one first item of certification data, obtaining at least one second item of certification data on the basis of the at least one received identifier, comparing the at least one first item of certification data with said at least one second item of certification data, and transmitting at least the message to the second terminal on the basis of the result of the comparison.
    Type: Grant
    Filed: June 18, 2020
    Date of Patent: August 3, 2021
    Assignee: ORANGE
    Inventor: Bertrand Bouvet
  • Patent number: 11064355
    Abstract: The subject matter describes devices, networks, systems, media, and methods to create secure communications between wireless devices and cellular networks, where the wireless devices communicate with the cellular networks via multi-hopping methods in non-cellular networks.
    Type: Grant
    Filed: January 21, 2020
    Date of Patent: July 13, 2021
    Assignee: M87, Inc.
    Inventors: Vidur Bhargava, Eric Kord Henderson, Peter Matthew Feldman
  • Patent number: 11038910
    Abstract: A smart home includes Internet of things (IOT) devices that are paired with an IOT gateway. A backend system is in communication with the IOT gateway to receive IOT operating data of the IOT devices. The backend system generates a machine learning model for an IOT device. The machine learning model is consulted with IOT operating data of the IOT device to detect anomalous operating behavior of the IOT device. The machine learning model is updated as more and newer IOT operating data of the IOT device are received by the backend system.
    Type: Grant
    Filed: January 25, 2019
    Date of Patent: June 15, 2021
    Assignee: Trend Micro Incorporated
    Inventors: Yi-Li Cheng, Yao-Tang Chang, Peng-Shih Pu, Che-Fu Yeh, Shih-Han Hsu, Tsung-Fu Lin, Ming-Hung Chen, Yu-Min Chang
  • Patent number: 11039312
    Abstract: A method by an AUSF of a home PLMN configured to communicate through an interface with electronic devices is provided. A first authentication request is received from a first PLMN that is authenticating an electronic device. A first security key used for integrity protection of messages delivered from the home PLMN to the electronic device is obtained. A second authentication request is received from a second PLMN that is authenticating the electronic device. A second security key used for integrity protection of the messages delivered from the home PLMN to the electronic device is obtained. A message protection request is received. Which of the first security key and the second security key is a latest security key is determined. The latest security key is used to protect a message associated with the message protection request.
    Type: Grant
    Filed: January 20, 2021
    Date of Patent: June 15, 2021
    Assignee: TELEFONAKTIEBOLAGET LM ERICSSON (PUBL)
    Inventors: Vesa Lehtovirta, Noamen Ben Henda, David Castellanos Zamora, Monica Wifvesson
  • Patent number: 11032315
    Abstract: An apparatus for mitigating a DDoS attack in a networked computing system includes at least one detector coupled with a corresponding router in the networked computing system. The detector is configured: to obtain network flow information from the router regarding current data traffic to at least one host; to compare the current data traffic to the host with stored traffic patterns associated with at least one prior DDoS attack; and to generate an output indicative of a match between the current data traffic and at least one of the stored traffic patterns. The apparatus further includes at least one mitigation unit coupled with the at least one detector. The mitigation unit is configured: to receive the output indicative of the match between the current data traffic and at least one of the stored traffic patterns; and to initiate a DDoS attack mitigation action in response to the received output.
    Type: Grant
    Filed: January 25, 2018
    Date of Patent: June 8, 2021
    Assignee: CHARTER COMMUNICATIONS OPERATING, LLC
    Inventor: Richard A. Compton
  • Patent number: 11005865
    Abstract: An exemplary apparatus for mitigating a distributed denial-of-service (DDoS) attack includes a controller configured: to receive an output signal from a detector in a networked computing system, the output signal indicating a probability of a DDoS attack based at least in part on a threat level corresponding to an Autonomous System Number (ASN) associated with a source Internet Protocol address of received data packets when a volume of the received data packets exceeds a prescribed threshold value; to obtain action information correlating a specific ASN to at least one corresponding action for mitigating a DDoS attack; and to generate at least one control signal for initiating at least one action for mitigating the DDoS attack as a function of the obtained action information. The apparatus further includes at least one mitigation device for performing at least one action for mitigating the DDoS attack in response to the control signal.
    Type: Grant
    Filed: August 31, 2017
    Date of Patent: May 11, 2021
    Assignee: CHARTER COMMUNICATIONS OPERATING, LLC
    Inventor: Richard A. Compton
  • Patent number: 11005938
    Abstract: Methods and apparatus for publisher-independent auxiliary communications in data router-mediated publisher/subscriber transmission architectures provide faster processing of actionable information by subscribers and increased flexibility to add publishers to a system. Publisher-originated information in a publisher-specific format is used by either the publisher, or a data router coupled to the publisher, to generate information, based on the publisher-originated information, in a publisher-independent format recognized by subscribers, and provided by the data router to subscribers. Publishers may include analyzers such as blood, immuno-assay, and clinical chemistry analyzers, IoT devices, and automation systems.
    Type: Grant
    Filed: January 25, 2019
    Date of Patent: May 11, 2021
    Assignee: Siemens Healthcare Diagnostics Inc.
    Inventor: Michael Heydlauf
  • Patent number: 10999262
    Abstract: In general, the techniques of this disclosure describe a hub device that is configured to receive data packets from both secured client devices and non-secured client devices. The hub device may send the data packets from the secured client devices to a host device. For the data packets from the non-secured client devices, the hub device may first process the data packets to ensure the integrity of the received non-secure data packets and then send the non-secure data packets to the host device once the hub device determines that the non-secure data packets meet some threshold level of integrity.
    Type: Grant
    Filed: April 23, 2018
    Date of Patent: May 4, 2021
    Assignee: ARCHITECTURE TECHNOLOGY CORPORATION
    Inventors: Ranga Ramanujan, Benjamin L. Burnett
  • Patent number: 10972435
    Abstract: A computing system may include a proxy server application and a database. The proxy server application may provide, to a computing device disposed within a managed network, instructions to identify one or more processes executing on the computing device. The proxy server application may also determine, for a process of the one or more processes, a file system path of a directory associated with the process and, based thereon, select one or more directories to scan for files associated with the process. The computing device may be provided with instructions to (i) scan the one or more directories and (ii) determine a plurality of attributes associated with one or more files discovered therein. The proxy server application may additionally receive results of the scan containing a representation of the plurality of attributes and store, in the database, the results of the scan.
    Type: Grant
    Filed: September 5, 2018
    Date of Patent: April 6, 2021
    Assignee: ServiceNow, Inc.
    Inventors: Noam Biran, Amit Dhuleshia, Sreenevas Subramaniam
  • Patent number: 10965645
    Abstract: A method for a computer or microchip with one or more inner hardware-based access barriers or firewalls that establish one or more private units disconnected from a public unit or units having connection to the public Internet and one or more of the private units have a connection to one or more non-Internet-connected private networks for private network control of the configuration of the computer or microchip using active hardware configuration, including field programmable gate arrays (FPGA). The hardware-based access barriers include a single out-only bus and/or another in-only bus with a single on/off switch.
    Type: Grant
    Filed: June 28, 2019
    Date of Patent: March 30, 2021
    Inventor: Frampton E. Ellis
  • Patent number: 10944590
    Abstract: Example methods are provided for a first endpoint to communicate with a second endpoint over a public network, the second endpoint being in a private network. The method may comprise detecting a chunk of data directly from an application executing on the first endpoint. The virtual adapter may emulate a transport protocol task offload to bypass transport protocol processing by a protocol stack of the first endpoint. The method may comprise processing the chunk of data to generate a chunk of processed data for transfer through a tunnel connecting the virtual adapter over the public network with a gateway associated with the private network and sending the chunk of processed data through a tunnel in a plurality of tunnel segments, wherein the gateway is configured to perform transport protocol processing to generate a plurality of transport protocol segments from the chunk of processed data for transfer to the second endpoint.
    Type: Grant
    Filed: March 14, 2016
    Date of Patent: March 9, 2021
    Assignee: NICIRA, INC.
    Inventors: Vasantha Kumar, Amit Chopra
  • Patent number: 10939363
    Abstract: The disclosure relates to methods, devices, and computer programs in mobile communications for detecting potential system information reference conflicts. In particular, the present disclosure relates to a method (20), performed in a wireless device, for detecting potential system information reference conflicts. The method comprises receiving (S21) first access information from a network node of a first wireless network, the first access information comprising a first system information reference and a first identifier relating to the first wireless network. The method also comprises determining (S23) a potential system information reference conflict based on a comparison of the first access information and second access information. The second access information is received from the first or a second wireless network; and comprises a second system information reference and a second identifier relating to the wireless network from which the second access information is received.
    Type: Grant
    Filed: October 4, 2016
    Date of Patent: March 2, 2021
    Assignee: TELEFONAKTIEBOLAGET LM ERICSSON (PUBL)
    Inventors: Peter Alriksson, Erik Eriksson, Pål Frenger, Johan Rune
  • Patent number: 10929567
    Abstract: Embodiments of the present invention disclose a method, computer program product, and system for parallel access to an electronic design automation (EDA) application. The computer receives a request to access an electronic design automation (EDA) application from at least two user computing device and authenticates a user associated with each of the requests from the at least two user computing devices to access the EDA application. The computer determines a level of access to be granted to each of the user of the at least two user computing devices and creates a parallel connection to each of the at least user computing device based on the determined level of access granted to each of the users. The computer retrieves data to be transmitted to each of the at least user computing device to be displayed on each of the user computing devices and stores the data in a memory unit.
    Type: Grant
    Filed: June 5, 2019
    Date of Patent: February 23, 2021
    Assignee: International Business Machines Corporation
    Inventors: Kerim Kalafala, Douglas Keller, Debjit Sinha, Richard W. Taggart, Natesan Venkateswaran
  • Patent number: 10917406
    Abstract: An access control method, system, and a switch, pertains to the field of network technologies. The access control method includes receiving, by an authentication device, a packet from an access device, where the packet includes a virtual local area network (VLAN) identifier, and authenticating, by the authentication device based on the VLAN identifier and a preconfigured correspondence using an authentication method corresponding to the VLAN identifier, a terminal device sending the packet, where the correspondence includes a mapping from a plurality of VLAN identifiers to at least two authentication methods. Hence, the authentication method of the terminal device is determined based on the VLAN identifier such that different authentication methods may be used for terminal devices in different VLANs. Therefore, an access manner is flexible.
    Type: Grant
    Filed: September 12, 2018
    Date of Patent: February 9, 2021
    Assignee: HUAWEI TECHNOLOGIES CO., LTD.
    Inventor: Yibin Xu
  • Patent number: 10917388
    Abstract: A system that includes a routing device and a proxy server in a private network. The routing device configures itself to route data traffic for a network device within a private network using private links. The routing device forwards an access request requesting access to a destination address in a public network from the network device to the proxy server. The proxy server determines whether the access request satisfies a set of access rules and generates an access request response. The routing device forwards the access request response from the proxy server to the network device. The routing device configures itself to route data traffic between the network device and the destination address using public links in response to receiving an access approval message. The routing device communicates data traffic between the network device and the destination address using public links.
    Type: Grant
    Filed: September 23, 2019
    Date of Patent: February 9, 2021
    Assignee: Bank of America Corporation
    Inventors: Jisoo Lee, Yair Frankel
  • Patent number: 10904249
    Abstract: A terminal management apparatus includes a connection unit that connects, through a network, to a terminal apparatus to be managed, an authentication unit that authenticates the terminal apparatus using predetermined authentication information, a specific state determination unit that determines whether a predetermined specific state, in which a normal connection is not established, has occurred in relation to the terminal apparatus, and a connection controller that controls data communication with the terminal apparatus on a basis of a result of the authentication performed by the authentication unit and a result of the determination made by the specific state determination unit.
    Type: Grant
    Filed: February 8, 2018
    Date of Patent: January 26, 2021
    Assignee: FUJI XEROX CO., LTD.
    Inventors: Eiji Nishi, Keita Sakakura, Ryuichi Ishizuka, Yoshihiro Sekine, Kenji Kuroishi, Takeshi Furuya, Hiroshi Mikuriya
  • Patent number: 10860261
    Abstract: Disclosed are various examples for network printer detection and authentication for managed device deployment. In one example, a computing environment can access a listing of network printers received from a printer discovery service executed in an enterprise device in an intranet behind a firewall. A user group associated with a client device enrolled with a management service can be identified as well as at least one of the network printers assigned to the user group. The client device can be remotely configured to access the at least one of the network printers assigned to the user group.
    Type: Grant
    Filed: August 23, 2016
    Date of Patent: December 8, 2020
    Assignee: AIRWATCH LLC
    Inventor: Adam Michael Hardy
  • Patent number: 10853790
    Abstract: A method of operating a payment device for selectively enabling a payment function according to the validity of a host is provided. The method relates to a method of operating the payment device which includes a near field communication controller (NFCC) and a host communicating with the NFCC. The method selectively enables the payment function according to the validity of the host, thereby preventing illegal or unwanted payment.
    Type: Grant
    Filed: September 1, 2016
    Date of Patent: December 1, 2020
    Assignee: SAMSUNG ELECTRONICS CO., LTD.
    Inventor: Joong Chul Yoon
  • Patent number: 10848463
    Abstract: Control policies are configured to automatically update a whitelist and to permit an application, including its associated computing operations, to execute on the computer system. After the application is installed, initialization and execution of the application is triggered. Concurrently, the application's computing operations are recorded and certain control policies, such as a firewall, are paused from being enforced. The recorded computing operations are classified into at least two different categories, where one category includes computing operations associated with the application and where another category includes computing operations that are not associated with the application but that occurred while the application was running. The first category computing operations are then whitelisted so that they are identified as being permissible computing operations by the control policies.
    Type: Grant
    Filed: August 3, 2018
    Date of Patent: November 24, 2020
    Assignee: MICROSOFT TECHNOLOGY LICENSING, LLC
    Inventors: Michael Zeev Bargury, Yotam Livny, Moshe Israel
  • Patent number: 10826873
    Abstract: A method and system for the policy-based restriction of electronic mail transmissions. A method for classifying electronic mail message transfer requests for policy enforcement can include identifying a source of an incoming electronic message, classifying the source, and applying a message transfer policy associated with the classification for the source. In particular, the identifying step can include identifying a network address for the source. The classifying step by comparison, can include classifying the source as one of a trusted source, a blocked source, and a suspect source. The classifying step also can include classifying the source as one of an authenticated source and an anonymous source. Finally, the classifying step further can include classifying the source as a blocked source where the source appears in a realtime black hole list.
    Type: Grant
    Filed: April 9, 2019
    Date of Patent: November 3, 2020
    Assignee: International Business Machines Corporation
    Inventors: Matthew P. Chant, Peter K. Lyons