Security Protocols Patents (Class 726/14)
  • Patent number: 10999262
    Abstract: In general, the techniques of this disclosure describe a hub device that is configured to receive data packets from both secured client devices and non-secured client devices. The hub device may send the data packets from the secured client devices to a host device. For the data packets from the non-secured client devices, the hub device may first process the data packets to ensure the integrity of the received non-secure data packets and then send the non-secure data packets to the host device once the hub device determines that the non-secure data packets meet some threshold level of integrity.
    Type: Grant
    Filed: April 23, 2018
    Date of Patent: May 4, 2021
    Assignee: ARCHITECTURE TECHNOLOGY CORPORATION
    Inventors: Ranga Ramanujan, Benjamin L. Burnett
  • Patent number: 10972435
    Abstract: A computing system may include a proxy server application and a database. The proxy server application may provide, to a computing device disposed within a managed network, instructions to identify one or more processes executing on the computing device. The proxy server application may also determine, for a process of the one or more processes, a file system path of a directory associated with the process and, based thereon, select one or more directories to scan for files associated with the process. The computing device may be provided with instructions to (i) scan the one or more directories and (ii) determine a plurality of attributes associated with one or more files discovered therein. The proxy server application may additionally receive results of the scan containing a representation of the plurality of attributes and store, in the database, the results of the scan.
    Type: Grant
    Filed: September 5, 2018
    Date of Patent: April 6, 2021
    Assignee: ServiceNow, Inc.
    Inventors: Noam Biran, Amit Dhuleshia, Sreenevas Subramaniam
  • Patent number: 10965645
    Abstract: A method for a computer or microchip with one or more inner hardware-based access barriers or firewalls that establish one or more private units disconnected from a public unit or units having connection to the public Internet and one or more of the private units have a connection to one or more non-Internet-connected private networks for private network control of the configuration of the computer or microchip using active hardware configuration, including field programmable gate arrays (FPGA). The hardware-based access barriers include a single out-only bus and/or another in-only bus with a single on/off switch.
    Type: Grant
    Filed: June 28, 2019
    Date of Patent: March 30, 2021
    Inventor: Frampton E. Ellis
  • Patent number: 10944590
    Abstract: Example methods are provided for a first endpoint to communicate with a second endpoint over a public network, the second endpoint being in a private network. The method may comprise detecting a chunk of data directly from an application executing on the first endpoint. The virtual adapter may emulate a transport protocol task offload to bypass transport protocol processing by a protocol stack of the first endpoint. The method may comprise processing the chunk of data to generate a chunk of processed data for transfer through a tunnel connecting the virtual adapter over the public network with a gateway associated with the private network and sending the chunk of processed data through a tunnel in a plurality of tunnel segments, wherein the gateway is configured to perform transport protocol processing to generate a plurality of transport protocol segments from the chunk of processed data for transfer to the second endpoint.
    Type: Grant
    Filed: March 14, 2016
    Date of Patent: March 9, 2021
    Assignee: NICIRA, INC.
    Inventors: Vasantha Kumar, Amit Chopra
  • Patent number: 10939363
    Abstract: The disclosure relates to methods, devices, and computer programs in mobile communications for detecting potential system information reference conflicts. In particular, the present disclosure relates to a method (20), performed in a wireless device, for detecting potential system information reference conflicts. The method comprises receiving (S21) first access information from a network node of a first wireless network, the first access information comprising a first system information reference and a first identifier relating to the first wireless network. The method also comprises determining (S23) a potential system information reference conflict based on a comparison of the first access information and second access information. The second access information is received from the first or a second wireless network; and comprises a second system information reference and a second identifier relating to the wireless network from which the second access information is received.
    Type: Grant
    Filed: October 4, 2016
    Date of Patent: March 2, 2021
    Assignee: TELEFONAKTIEBOLAGET LM ERICSSON (PUBL)
    Inventors: Peter Alriksson, Erik Eriksson, Pål Frenger, Johan Rune
  • Patent number: 10929567
    Abstract: Embodiments of the present invention disclose a method, computer program product, and system for parallel access to an electronic design automation (EDA) application. The computer receives a request to access an electronic design automation (EDA) application from at least two user computing device and authenticates a user associated with each of the requests from the at least two user computing devices to access the EDA application. The computer determines a level of access to be granted to each of the user of the at least two user computing devices and creates a parallel connection to each of the at least user computing device based on the determined level of access granted to each of the users. The computer retrieves data to be transmitted to each of the at least user computing device to be displayed on each of the user computing devices and stores the data in a memory unit.
    Type: Grant
    Filed: June 5, 2019
    Date of Patent: February 23, 2021
    Assignee: International Business Machines Corporation
    Inventors: Kerim Kalafala, Douglas Keller, Debjit Sinha, Richard W. Taggart, Natesan Venkateswaran
  • Patent number: 10917406
    Abstract: An access control method, system, and a switch, pertains to the field of network technologies. The access control method includes receiving, by an authentication device, a packet from an access device, where the packet includes a virtual local area network (VLAN) identifier, and authenticating, by the authentication device based on the VLAN identifier and a preconfigured correspondence using an authentication method corresponding to the VLAN identifier, a terminal device sending the packet, where the correspondence includes a mapping from a plurality of VLAN identifiers to at least two authentication methods. Hence, the authentication method of the terminal device is determined based on the VLAN identifier such that different authentication methods may be used for terminal devices in different VLANs. Therefore, an access manner is flexible.
    Type: Grant
    Filed: September 12, 2018
    Date of Patent: February 9, 2021
    Assignee: HUAWEI TECHNOLOGIES CO., LTD.
    Inventor: Yibin Xu
  • Patent number: 10917388
    Abstract: A system that includes a routing device and a proxy server in a private network. The routing device configures itself to route data traffic for a network device within a private network using private links. The routing device forwards an access request requesting access to a destination address in a public network from the network device to the proxy server. The proxy server determines whether the access request satisfies a set of access rules and generates an access request response. The routing device forwards the access request response from the proxy server to the network device. The routing device configures itself to route data traffic between the network device and the destination address using public links in response to receiving an access approval message. The routing device communicates data traffic between the network device and the destination address using public links.
    Type: Grant
    Filed: September 23, 2019
    Date of Patent: February 9, 2021
    Assignee: Bank of America Corporation
    Inventors: Jisoo Lee, Yair Frankel
  • Patent number: 10904249
    Abstract: A terminal management apparatus includes a connection unit that connects, through a network, to a terminal apparatus to be managed, an authentication unit that authenticates the terminal apparatus using predetermined authentication information, a specific state determination unit that determines whether a predetermined specific state, in which a normal connection is not established, has occurred in relation to the terminal apparatus, and a connection controller that controls data communication with the terminal apparatus on a basis of a result of the authentication performed by the authentication unit and a result of the determination made by the specific state determination unit.
    Type: Grant
    Filed: February 8, 2018
    Date of Patent: January 26, 2021
    Assignee: FUJI XEROX CO., LTD.
    Inventors: Eiji Nishi, Keita Sakakura, Ryuichi Ishizuka, Yoshihiro Sekine, Kenji Kuroishi, Takeshi Furuya, Hiroshi Mikuriya
  • Patent number: 10860261
    Abstract: Disclosed are various examples for network printer detection and authentication for managed device deployment. In one example, a computing environment can access a listing of network printers received from a printer discovery service executed in an enterprise device in an intranet behind a firewall. A user group associated with a client device enrolled with a management service can be identified as well as at least one of the network printers assigned to the user group. The client device can be remotely configured to access the at least one of the network printers assigned to the user group.
    Type: Grant
    Filed: August 23, 2016
    Date of Patent: December 8, 2020
    Assignee: AIRWATCH LLC
    Inventor: Adam Michael Hardy
  • Patent number: 10853790
    Abstract: A method of operating a payment device for selectively enabling a payment function according to the validity of a host is provided. The method relates to a method of operating the payment device which includes a near field communication controller (NFCC) and a host communicating with the NFCC. The method selectively enables the payment function according to the validity of the host, thereby preventing illegal or unwanted payment.
    Type: Grant
    Filed: September 1, 2016
    Date of Patent: December 1, 2020
    Assignee: SAMSUNG ELECTRONICS CO., LTD.
    Inventor: Joong Chul Yoon
  • Patent number: 10848463
    Abstract: Control policies are configured to automatically update a whitelist and to permit an application, including its associated computing operations, to execute on the computer system. After the application is installed, initialization and execution of the application is triggered. Concurrently, the application's computing operations are recorded and certain control policies, such as a firewall, are paused from being enforced. The recorded computing operations are classified into at least two different categories, where one category includes computing operations associated with the application and where another category includes computing operations that are not associated with the application but that occurred while the application was running. The first category computing operations are then whitelisted so that they are identified as being permissible computing operations by the control policies.
    Type: Grant
    Filed: August 3, 2018
    Date of Patent: November 24, 2020
    Assignee: MICROSOFT TECHNOLOGY LICENSING, LLC
    Inventors: Michael Zeev Bargury, Yotam Livny, Moshe Israel
  • Patent number: 10826873
    Abstract: A method and system for the policy-based restriction of electronic mail transmissions. A method for classifying electronic mail message transfer requests for policy enforcement can include identifying a source of an incoming electronic message, classifying the source, and applying a message transfer policy associated with the classification for the source. In particular, the identifying step can include identifying a network address for the source. The classifying step by comparison, can include classifying the source as one of a trusted source, a blocked source, and a suspect source. The classifying step also can include classifying the source as one of an authenticated source and an anonymous source. Finally, the classifying step further can include classifying the source as a blocked source where the source appears in a realtime black hole list.
    Type: Grant
    Filed: April 9, 2019
    Date of Patent: November 3, 2020
    Assignee: International Business Machines Corporation
    Inventors: Matthew P. Chant, Peter K. Lyons
  • Patent number: 10819751
    Abstract: A processing device receives an event notification indicating a security configuration change of a cloud computing resource associated with a member account. In response, the processing device identifies a security policy associated with an administrative account corresponding to the member account and evaluates the security policy against the security configuration change to determine compliance with the policy. If not in compliance, the processing device generates a change event indicating a repair to the security configuration of the cloud computing resource to bring the security configuration into compliance with the security policy.
    Type: Grant
    Filed: June 6, 2018
    Date of Patent: October 27, 2020
    Assignee: Amazon Technologies, Inc.
    Inventors: Bryan Mark Benson, Kalyanaraman Prasad, Andrew Chen, Wenchuan Weng, Prashanth Acharya, Andrew L. Thomas, Hatem Mohamed Moustafa Eyada, Venkatesh Vijayaraghavan
  • Patent number: 10805113
    Abstract: Statically configured secure tunnels forward application-level Transmission Control Protocol (“TCP”) application data between servers using a User Datagram Protocol (“UDP”) channel. Applications operating on a server cluster can communicate with other applications on another server in the cluster over the public Internet using secure TCP connection forwarding through a single UDP datagram-oriented communication channel.
    Type: Grant
    Filed: August 6, 2019
    Date of Patent: October 13, 2020
    Assignee: DH2I COMPANY
    Inventors: Thanh Q. Ngo, Samuel Revitch
  • Patent number: 10754845
    Abstract: One embodiment is related to a method for creating a redundancy data chunk for data protection with a chain topology, comprising: transmitting a data chunk of a first frontend zone of a data storage system to a second frontend zone of the data storage system; creating a redundancy data chunk at the second frontend zone of the data storage system based on the data chunk of the first frontend zone and a data chunk of the second frontend zone; passing the redundancy data chunk onto one or more subsequent frontend zones of the data storage system from the second frontend zone, wherein at each subsequent frontend zone the redundancy data chunk is updated based on the received redundancy data chunk and a data chunk of the respective subsequent frontend zone, and wherein the redundancy data chunk is passed through each subsequent frontend zone exactly once; and at a last subsequent frontend zone of the data storage system, forwarding the updated redundancy data chunk to a backend zone of the data storage system for
    Type: Grant
    Filed: June 28, 2017
    Date of Patent: August 25, 2020
    Assignee: EMC IP HOLDING COMPANY LLC
    Inventors: Mikhail Danilov, Konstantin Buinov, Andrey Fomin, Mikhail Malygin, Ivan Tchoub
  • Patent number: 10742679
    Abstract: A method and system for controlling multi-tiered mitigation of cyber-attacks.
    Type: Grant
    Filed: October 18, 2018
    Date of Patent: August 11, 2020
    Assignee: Radware, Ltd.
    Inventors: Ehud Doron, David Aviv, Yotam Ben Ezra, Lev Medvedovsky
  • Patent number: 10735386
    Abstract: Methods, systems, and apparatus for Internet Protocol security (IPsec) selector coalescing for per-host Security Associations (SAs) are disclosed. In one aspect, separate per-host SAs are assigned, by a network communications device including one or more processors, to each of two or more different source communication devices that each communicates with corresponding destination devices. While the separate per-host SAs are assigned to each of the two or more different source communication devices, a group SA is generated. The group SA is assigned, by the network communications device, to all of the two or more different source communication devices. The assignment of the separate per-host SAs is removed from each of the two or more different source communication devices.
    Type: Grant
    Filed: February 1, 2018
    Date of Patent: August 4, 2020
    Assignee: ADTRAN, Inc.
    Inventors: Michael Arnold, Tyler Pearson
  • Patent number: 10691721
    Abstract: The present technology pertains to a organization directory hosted by a synchronized content management system. The corporate directory can provide access to user accounts for all members of the organization to all content items in the organization directory on the respective file systems of the members' client devices. Members can reach any content item at the same path as other members relative to the organization directory root on their respective client device. In some embodiments novel access permissions are granted to maintain path consistency.
    Type: Grant
    Filed: August 31, 2018
    Date of Patent: June 23, 2020
    Assignee: Dropbox, Inc.
    Inventors: Thomas Kleinpeter, Tony Xu, Alex Sydell, Nils Bunger, Sam Jau, Aaron Staley, Sara Lin
  • Patent number: 10673880
    Abstract: Techniques are described for processing anomalies detected using user-specified rules with anomalies detected using machine-learning based behavioral analysis models to identify threat indicators and security threats to a computer network. In an embodiment, anomalies are detected based on processing event data at a network security system that used rules-based anomaly detection. These rules-based detected anomalies are acquired by a network security system that uses machine-learning based anomaly detection. The rules-based detected anomalies are processed along with machine learning detected anomalies to detect threat indicators or security threats to the computer network. The threat indicators and security threats are output as alerts to the network security system that used rules-based anomaly detection.
    Type: Grant
    Filed: September 26, 2016
    Date of Patent: June 2, 2020
    Assignee: SPLUNK INC.
    Inventors: Robert Winslow Pratt, Ravi Prasad Bulusu
  • Patent number: 10673719
    Abstract: A botnet identification module identifies members of one or more botnets based upon network traffic destined to one or more servers over time, and provides sets of botnet sources to a traffic monitoring module. Each set of botnet sources includes a plurality of source identifiers of end stations acting as part of a corresponding botnet. A traffic monitoring module receives the sets of botnet sources from the botnet identification module, and upon a receipt of traffic identified as malicious that was sent by a source identified within one of the sets of botnet sources, activates a protection mechanism with regard to all traffic from all of the sources identified by the one of the sets of botnet sources for an amount of time.
    Type: Grant
    Filed: February 24, 2017
    Date of Patent: June 2, 2020
    Assignee: Imperva, Inc.
    Inventor: Nitzan Niv
  • Patent number: 10649919
    Abstract: In an information processing method, a query including a first encrypted feature value provided with confidential information unique to a user is received. The first encrypted feature value is generated by encrypting a first feature value calculated from privacy data of the user by using inner product encryption. A plurality of inner product values are acquired by computing an inner product of the first encrypted feature value and each of a plurality of second encrypted feature values. Privacy data of a plurality of pieces of privacy data having an inner product value of the first encrypted feature value and a second encrypted feature value with an encrypted reference feature value calculated from the privacy data being equal to or smaller than a predetermined threshold is transmitted. A secret key of the user is identified by using the confidential information when an unauthorized access is detected, and identification information is outputted.
    Type: Grant
    Filed: December 20, 2017
    Date of Patent: May 12, 2020
    Assignee: PANASONIC INTELLECTUAL PROPERTY CORPORATION OF AMERICA
    Inventors: Yuji Unagami, Naohisa Nishida, Shota Yamada, Nuttapong Attrapadung, Takahiro Matsuda, Goichiro Hanaoka
  • Patent number: 10652279
    Abstract: A compliance checker to verify that a device complies with a policy is described. In one embodiment, the compliance checker comprises a compliance checker agent, to initiate the compliance check, in response to receiving the request, and an encryption checker to obtain an original data and a data stored on the storage. The system further comprising a comparator to determine whether known data read from the upper driver is identical to known data read from the lower driver. The compliance checker plug-in in one embodiment verifies the compliance status of the device, based on the data from the comparator.
    Type: Grant
    Filed: March 19, 2017
    Date of Patent: May 12, 2020
    Assignee: ALERTSEC, INC.
    Inventors: Ebba Ulrika Margareta Blitz, Leif Olov Billstrom, Kurt Uno Lennartsson, Hans Fredrik Loevstedt, Erik Magnus Ahlberg
  • Patent number: 10637885
    Abstract: A method for configuring a network monitoring device is provided. One or more performance metrics associated with one or more thresholds to be configured are received from a user. Historical network traffic flow information associated with a previously detected malicious activity is analyzed to identify characteristic values for the one or more performance metrics. Threshold values are automatically configured based on the identified characteristic values.
    Type: Grant
    Filed: November 28, 2016
    Date of Patent: April 28, 2020
    Assignee: Arbor Networks, Inc.
    Inventors: James E. Winquist, William M. Northway, Jr., Ronald G. Hay, Nicholas Scott, Lawrence B. Huston, III
  • Patent number: 10630644
    Abstract: In a computer-implemented method for managing firewall flow records, firewall flow records of a virtual infrastructure including a distributed firewall are received, wherein the firewall flow records are captured according to firewall rules of the distributed firewall, and wherein the firewall flow records each include tuples and at least one field of network traffic data. Responsive to detecting a number of received firewall flow records exceeding a threshold value, it is determined whether the tuples are identical for any of the firewall flow records. Provided the tuples are not identical for any of the firewall flow records, the tuples for the firewall flow records are modified to generate modified firewall flow records. It is determined whether the tuples are identical for any of the modified firewall flow records.
    Type: Grant
    Filed: December 15, 2016
    Date of Patent: April 21, 2020
    Assignee: Nicira, Inc.
    Inventors: Shadab Shah, Kaushal Bansal, Uday Masurekar, Jerry Pereira, Sunitha Krishna
  • Patent number: 10609127
    Abstract: A system for providing an isolated testing model for testing the disaster recovery capabilities of a streamlined backup network backing up a primary network. The primary network provides one or more users access to critical data and critical services. The system is configured to be switched between a production mode and a test mode. When the system is in the test mode, the primary network and the streamlined backup network form a live production environment and the streamlined backup network provides the one or more users access to the critical data and the critical services in the event the primary network is unable to do so. When the system is in the test mode, the streamlined backup network is removed from the live production environment by physically and logically isolating the streamlined backup network from the primary network.
    Type: Grant
    Filed: May 14, 2019
    Date of Patent: March 31, 2020
    Assignee: Hartford Fire Insurance Company
    Inventors: Kerry R. Anderson, John G. Buccetti, Joseph E. Merola, Jr., Kenneth A. Saucier
  • Patent number: 10607021
    Abstract: A computing environment for monitoring usage of an application to identify characteristics and trigger security control includes an application system that performs a query configured to identify any application calls performed in a predetermined period of time within the computing environment; for each identified application call, builds a corresponding application characteristics entry in a database; for each identified application call, identifies a plurality of characteristics of the called application including at least one downstream resource; associates the identified plurality of characteristics with the application characteristics entry in the database, thereby creating an application mapping; identifies security controls associated with each of the applications in the application mapping; associates the identified security controls with the associated application characteristics entry in the application mapping; and automatically triggers assessment of an effectiveness of the security controls in re
    Type: Grant
    Filed: January 26, 2018
    Date of Patent: March 31, 2020
    Assignee: BANK OF AMERICA CORPORATION
    Inventors: Katherine McDonald, Nicolette Boyd
  • Patent number: 10609070
    Abstract: Methods and systems provide network security by associating login credentials with a specific end-point. By doing so, valid user login credentials are not recognized when not used on a device authorized to use those credentials. By creating that association in a secure manner, the protection of confidential information becomes more complete and the leakage or theft of data such as usernames and passwords becomes less critical. Additionally, creating this hard association makes hacking tools such as password crackers and rainbow tables significantly less effective since the possession of a valid username/password is no longer sufficient for bad actors to access assets using this two-factor authentication model.
    Type: Grant
    Filed: March 9, 2017
    Date of Patent: March 31, 2020
    Inventor: Claude M. Farmer, III
  • Patent number: 10599532
    Abstract: Example methods and systems to validate integrity of data and one or more configurations in response to an upgrade in a virtualized computing environment are disclosed. One method may include preparing a first pre-upgrade backup file and a first post-upgrade backup file in response to a data plane upgrade of the virtualized computing environment and validating the integrity of data and one or more configurations based on the first pre-upgrade backup file and the first post-upgrade backup file before upgrading a control plane of the virtualized computing environment.
    Type: Grant
    Filed: March 8, 2018
    Date of Patent: March 24, 2020
    Assignee: NICIRA, INC.
    Inventors: Prashant Shelke, Sharwari Phadnis, Yogesh Vhora, Kartiki Kale, Neha Pratik Dhakate, Ganesh Avachare, Mohammad Siddiqui
  • Patent number: 10599410
    Abstract: An electronic device includes a communication circuit that communicates with an external device, a memory configured to store first setting data corresponding to a first time period, and a processor operatively connected with the communication circuit and the memory. The processor receives second setting data corresponding to a second time period from the external device through the communication circuit if a specified time point is reached, deletes at least a portion of the first setting data based on whether a status of a user is a login status or a logout status, and applies the second setting data to the electronic device.
    Type: Grant
    Filed: December 8, 2016
    Date of Patent: March 24, 2020
    Assignee: Samsung Electronics Co., Ltd.
    Inventors: Young Sik Kim, In Ku Kang, Yu Seung Kim, Tae Hyun Kim, Dong Ho Jang, Eun Jung Hyun
  • Patent number: 10594708
    Abstract: Systems and methods for optimizing system resources by selectively enabling various scanning functions of a network security device are provided. According to one embodiment, information specifying a set of reputable websites deemed to be trustworthy by one or more web filtering services is received by a network security device protecting a private network. One or more directives are received by the network security device from a network administrator via a GUI of the network security device identifying one or more security features that are to be disabled for the set of reputable websites. Network traffic is intercepted by the network security device from an external network. When it is determined by the network security device that the external network is among the set of reputable websites, the network security device foregoes application of the one or more identified security features to the network traffic.
    Type: Grant
    Filed: April 12, 2018
    Date of Patent: March 17, 2020
    Assignee: Fortinet, Inc.
    Inventor: Robert A. May
  • Patent number: 10587512
    Abstract: Some aspects of the methods and systems presented relate to performing stateless address translation between IPv4 capable devices to IPv6 capable networks and devices. Stateless address translation may form a new IPv6 addresses by combining the IPv4 address of a device with an IPv6 prefix address assigned to the translator. The translation may also combine the IPv4 destination address and UDP port information with the new IPv6 address. Existing Domain Name Systems (DNSs) may be leveraged for resolving the IPv4 and IPv6 addresses across different networks.
    Type: Grant
    Filed: May 8, 2017
    Date of Patent: March 10, 2020
    Assignee: Comcast Cable Communications, LLC
    Inventors: John Jason Brzozowski, Joseph Pryszlak
  • Patent number: 10581871
    Abstract: Controlled-environment facility resident electronic communications for controlled-environment facility resident communications and/or data devices disposed within a controlled-environment facility may employ a controlled-environment facility communications processing system, or the like. The controlled-environment facility communications processing system, may be configured to host controlled-environment facility communications access services and accept a Cross-Origin Request Sharing (CORS) request from a non-resident device. These CORS requests may be for access to the controlled-environment facility communications access services for use by a controlled-environment facility communications Application Program Interface (API) running on the non-resident device to communicate with one of the controlled-environment facility resident devices.
    Type: Grant
    Filed: May 4, 2017
    Date of Patent: March 3, 2020
    Assignee: Securus Technologies, Inc.
    Inventor: Nikita Dehoumon
  • Patent number: 10581816
    Abstract: There are provided measures for supporting an authentication to an external packet data network over an untrusted access network, said measures exemplarily comprising authenticating a user equipment to a communication network providing connectivity for the user equipment across an unsecured access network in response to a first authentication request, wherein the authentication request is an authentication request of a key information exchange mechanism and includes authentication data, receiving a second authentication request for authenticating the user equipment towards a packet data network external to the communications network. The measures may further comprise creating a binding update message including the authentication data and identity information of the user received from the user equipment.
    Type: Grant
    Filed: February 8, 2017
    Date of Patent: March 3, 2020
    Assignee: NOKIA TECHNOLOGIES OY
    Inventors: Anders Jan Olof Kall, Gyorgy Tamas Wolfner, Jouni Korhonen
  • Patent number: 10567343
    Abstract: Aspects of this disclosure relate to filtering network data transfers. In some variations, multiple packets may be received. A determination may be made that a portion of the packets have packet header field values corresponding to a packet filtering rule. Responsive to such a determination, an operator specified by the packet filtering rule may be applied to the portion of packets having the packet header field values corresponding to the packet filtering rule. A further determination may be made that one or more of the portion of the packets have one or more application header field values corresponding to one or more application header field criteria specified by the operator. Responsive to such a determination, at least one packet transformation function specified by the operator may be applied to the one or more of the portion of the packets.
    Type: Grant
    Filed: June 6, 2017
    Date of Patent: February 18, 2020
    Assignee: Centripetal Networks, Inc.
    Inventor: Sean Moore
  • Patent number: 10547764
    Abstract: An information processing apparatus includes plural communication interfaces, a specifying unit, a network determining unit, and a transmission controller. The plural communication interfaces are individually connected to plural communication networks having different security levels. The specifying unit specifies a destination terminal to which a file stored in a data memory is to be transmitted. The network determining unit determines a communication network, among the plural communication networks, via which the file is to be transmitted to the destination terminal. The transmission controller prohibits transmission of the file to the destination terminal in a case where a security level set to the file is higher than a security level set to the communication network determined by the network determining unit.
    Type: Grant
    Filed: March 13, 2018
    Date of Patent: January 28, 2020
    Assignee: FUJI XEROX CO., LTD.
    Inventor: Akiko Mochizuki
  • Patent number: 10542014
    Abstract: Unknown and reference signatures are accessed. The unknown and reference signatures indicate patterns that correspond to known threats to resources (such as computer systems and/or computer networks) in a computer environment and comprise a multitude of descriptive elements having information describing different aspects of a corresponding signature. A set of similarity measures is created of the unknown and reference signatures from different perspectives, each perspective corresponding to a descriptive element. The set of similarity measures are integrated to generate an overall similarity metric. The overall similarity metric is used to find appropriate categories in the reference signatures into which the unknown signatures should be placed. The unknown signatures are placed into the appropriate categories to create a mapping from the unknown signatures to the reference signatures.
    Type: Grant
    Filed: May 11, 2016
    Date of Patent: January 21, 2020
    Assignee: International Business Machines Corporation
    Inventors: Xin Hu, Jiyong Jang, Douglas Lee Schales, Marc Philippe Stoecklin, Ting Wang
  • Patent number: 10541872
    Abstract: Example implementations relate to network policy distribution. For example, a system for network policy distribution can include a state engine to determine a change in a state of a network, a policy engine to determine a number of policy changes based on the change in the state of the network, an identification engine to identify a number of network endpoints that correspond to the number of policy changes, and a distribution engine to load instructions based on the number of policy changes to the number of endpoints that correspond to the number of policy changes.
    Type: Grant
    Filed: March 31, 2015
    Date of Patent: January 21, 2020
    Assignee: Hewlett Packard Enterprise Development LP
    Inventors: Duane E. Mentze, Charles F. Clark, Shaun Wackerly
  • Patent number: 10541906
    Abstract: A method includes, with a distributed telecommunication component, providing a plurality of first type nodes, each first type node configured to perform a signaling function. The method further include, with the distributed telecommunication component, providing a plurality of second type nodes, each second type node configured to perform a media bearing function. At least one of the plurality of bearer nodes is geographically separate by a predetermined distance from at least one of the plurality of control nodes.
    Type: Grant
    Filed: October 14, 2016
    Date of Patent: January 21, 2020
    Assignee: GENBAND US LLC
    Inventor: Paul Miller
  • Patent number: 10530811
    Abstract: Example routing systems and methods are disclosed. In one realization, a first routing system and a second routing system are disposed within a vehicle. A computing system disposed within the vehicle is configured to communicate with a remote computing system via a network interface, with the first routing system being coupled to the network interface, the second routing system being coupled to the computing system, and the first routing system and second routing system being coupled via two independent, uncoupled, unidirectional data channels.
    Type: Grant
    Filed: August 11, 2017
    Date of Patent: January 7, 2020
    Assignee: VM-ROBOT, INC.
    Inventors: Alistair Black, Ashitosh Swarup
  • Patent number: 10523665
    Abstract: Authentication can be performed on thin clients using independent mobile devices. Because many users have smart phones or other similar mobile devices that include biometric scanners, such mobile devices can be leveraged to perform authentication of users as part of logging in to a thin client desktop. A mapping can be created on a central server between a user's mobile device and the user's domain identity. A mapping can also be created between the user's domain identity and the user's thin client desktop. Then, when a user desires to log in to his thin client desktop, the user can employ the appropriate biometric scanner on his mobile device to perform authentication. The central server can then rely on this authentication to identify and log the user into his thin client desktop.
    Type: Grant
    Filed: February 3, 2017
    Date of Patent: December 31, 2019
    Assignee: Wyse Technology L.L.C.
    Inventors: Salil Joshi, Puneet Kaushik, Sumit Popli, Suruchi Dubey, Oleg Rombakh, Varun Raghavan
  • Patent number: 10523569
    Abstract: Concepts and technologies disclosed herein are directed to the dynamic creation and management of ephemeral coordinated feedback instances. In accordance with one aspect disclosed herein, a system can receive a feedback instance creation request. The feedback instance creation request can be received from a policy engine in response to the policy engine attempting to satisfy a policy request. The system can examine the feedback instance creation request to determine an objective to be met by a new feedback instance model. The system can build a specification for the new feedback instance model. The specification can be built in accordance with a feedback instance building policy. The system can create the new feedback instance model in accordance with the specification. The system can store the new feedback instance model and a unique identifier associated with the new feedback instance model in a feedback instance model repository.
    Type: Grant
    Filed: September 20, 2018
    Date of Patent: December 31, 2019
    Assignee: AT&T Intellectual Property I, L.P.
    Inventors: James W. Fan, Jeffrey A. Aaron
  • Patent number: 10524124
    Abstract: Example routing systems and methods are described. In one implementation, a first set of routing systems is interfaced with a network connection via a network interface. A second set of routing systems interfaced with a secure system is configured to receive information from the first set of routing systems via a first unidirectional data channel. In some embodiments, the first set of routing systems is configured to receive information from the second set of routing systems via a second unidirectional data channel. The secure system is not visible from the network interface.
    Type: Grant
    Filed: May 23, 2017
    Date of Patent: December 31, 2019
    Assignee: VM-ROBOT, INC.
    Inventors: Alistair Black, Ashitosh Swarup
  • Patent number: 10484334
    Abstract: An application profile is provided to manage security of an application deployed across two or more cloud computing networks. A user can define in the application profile first and second server groups, a cloud chamber as including the first and second server groups, and a computing flow to the cloud chamber. A firewall rule is generated based on the computing flow. The firewall rule is distributed to the first server group of the cloud chamber. A copy of the firewall rule is distributed to the second server group of the cloud chamber. The first server group is in a first cloud computing network that is provided by a first cloud provider. The second server group is in a second cloud computing network that is provided by a second cloud provider, different from the first cloud provider.
    Type: Grant
    Filed: April 13, 2017
    Date of Patent: November 19, 2019
    Assignee: Zentera Systems, Inc.
    Inventors: Jaushin Lee, Hung Chuen Jason Lee
  • Patent number: 10467432
    Abstract: Computer systems and methods for: (1) analyzing electronic correspondence associated with a data subject (e.g., the emails within one or more email in-boxes associated with the data subject); (2) based on the analysis, identifying at least one entity that that the data subject does not actively do business with (e.g., as evidenced by the fact that the data subject no longer opens emails from the entity, and/or has set up a rule to automatically delete emails received from the entity); and (3) in response to identifying the entity as an entity that the data subject no longer does business with, at least substantially automatically populating and/or submitting a data subject access request to the entity (e.g., to delete all personal information being processed by the entity).
    Type: Grant
    Filed: October 13, 2018
    Date of Patent: November 5, 2019
    Assignee: OneTrust, LLC
    Inventors: Kabir A. Barday, Mihir S. Karanjkar, Steven W. Finch, Ken A. Browne, Nathan W. Heard, Aakash H. Patel, Jason L. Sabourin, Richard L. Daniel, Dylan D. Patton-Kuhl, Kevin Jones, Jonathan Blake Brannon
  • Patent number: 10466916
    Abstract: A system including a baseboard management controller (BMC) and a storage device connected to the BMC, for dynamic protection of the storage device. The BMC includes a processor and a non-volatile memory storing a computer executable code. The computer executable code, when executed at the processor, is configured to: perform redirection of the storage device; receive a write protect command including write protect information of the storage device; extract the write protect information from the write protect command; store the write protect information in a data store of the non-volatile memory; and in response to receiving a write command to write data in the storage device, determine whether the data is writable to the storage device based on the write protect information stored in the data store. The data is written to the storage device only if it is determined that the data is writable to the storage device.
    Type: Grant
    Filed: April 28, 2015
    Date of Patent: November 5, 2019
    Assignee: AMERICAN MEGATRENDS INTERNATIONAL, LLC
    Inventor: Satheesh Thomas
  • Patent number: 10460097
    Abstract: A destination server communicates with a computer system using cryptographically protected communications utilizing a first negotiable feature. The destination server detects a triggering event and, in response to the triggering event, causes the cryptographic protected communications with the computer system to change from the first negotiable feature to a second negotiable feature. As a result of stored data indicating that the computer system fails to support the second negotiable feature, the destination server initiates a security measure.
    Type: Grant
    Filed: August 28, 2017
    Date of Patent: October 29, 2019
    Assignee: Amazon Technologies, Inc.
    Inventors: Nima Sharifi Mehr, Eric Desmond Keith Villiers
  • Patent number: 10439890
    Abstract: This disclosure relates to managing Fog computations between a coordinating node and Fog nodes. In one embodiment, a method for managing Fog computations includes receiving a task data and a request for allocation of at least a subset of a computational task. The task data includes data subset and task constraints associated with at least the subset of the computational task. The Fog nodes capable of performing the computational task are characterized with node characteristics to obtain resource data associated with the Fog nodes. Based on the task data and the resource data, an optimization model is derived to perform the computational task by the Fog nodes. The optimization model includes node constraints including battery degradation constraint, communication path loss constraint, and heterogeneous computational capacities of Fog nodes. Based on the optimization model, at least the subset of the computational task is offloaded to a set of Fog nodes.
    Type: Grant
    Filed: July 18, 2017
    Date of Patent: October 8, 2019
    Assignee: Tata Consultancy Services Limited
    Inventors: Ajay Kattepur, Hemant Kumar Rath, Anantha Simha
  • Patent number: 10432732
    Abstract: At least one processor is configured to cause a communication unit to transmit log-in request including an account and designation of a security mode to a service server via a relay device when the security mode is set and to transmit a log-in request including an account and designation of a normal mode to the service server via the relay device when the normal mode is set. The at least one processor is configured to the communication unit to log in the service server when permission of the log-in request is received from the service server via the relay device.
    Type: Grant
    Filed: May 24, 2016
    Date of Patent: October 1, 2019
    Assignee: KYOCERA CORPORATION
    Inventor: Noritake Shiga
  • Patent number: 10419378
    Abstract: A local gateway device receives email across the internet from a sender of the email and forwards it across the internet to an email filtering system. The email filtering system analyzes the email to determine whether it is spam, phishing or contains a virus and sends it back to the local gateway device along with the filtered determination. The local gateway device forwards the received email and the filtered determination to a local junk store which handles the email appropriately. For example, if the email has been determined to be spam, phishing or containing a virus, the junk store can quarantine the email and if the email has been determined to be non-spun and/or not phishing and/or not containing a virus, the junk store can forward the email to a local mail server for delivery.
    Type: Grant
    Filed: June 20, 2017
    Date of Patent: September 17, 2019
    Assignee: SONICWALL INC.
    Inventors: Scott K. Eikenberry, John Gmuender, Akbal Singh Karlcut, MichaelCarl Y. Uy, Boris Yanovsky