Virtual Private Network Or Virtual Terminal Protocol (i.e., Vpn Or Vtp) Patents (Class 726/15)
  • Patent number: 11362920
    Abstract: Systems, methods, and apparatus, including computer-readable media, for enhanced network communication using multiple network connections. In some implementations, a networking apparatus concurrently maintains connectivity to a network through each of multiple network transports. The networking apparatus receives one or more packets to be transmitted over the network and classifies the one or more packets to determine a class of service. The networking apparatus selects one of the multiple network transports to transmit the one or more packets based on (i) the class of service for the one or more packets and (ii) measures of expected latency for transmission of the one or more packets over the respective multiple network transports. The networking apparatus transmits the one or more packets using the selected network transport.
    Type: Grant
    Filed: June 12, 2020
    Date of Patent: June 14, 2022
    Assignee: Hughes Network Systems, LLC
    Inventor: Douglas Dillon
  • Patent number: 11362999
    Abstract: There is disclosed in one example a computing apparatus, including: a hardware platform, including a processor and a memory; and executable instructions encoded in the memory to provide a client-only virtual private network (VPN) including a VPN client and a VPN server on a single physical device, wherein the VPN client is configured to communicatively couple to the VPN server and to provide proxied Internet protocol (IP) communication services via the VPN server.
    Type: Grant
    Filed: March 29, 2019
    Date of Patent: June 14, 2022
    Assignee: McAfee, LLC
    Inventor: Lior Rudnik
  • Patent number: 11336516
    Abstract: A method in a virtual private network (VPN) service environment, the method including receiving, from a user device, device information indicating parameters associated with the user device during an established VPN connection, determining, based at least in part on the device information, a VPN server for providing one or more VPN services to the user device during the established VPN connection, determining, based at least in part on the device information and server information associated with the VPN server, respective durations of time associated with performing each of a plurality of processes related to configuring the VPN connection, configuring a progress indicator configured to indicate an amount of time remaining to configure the VPN connection, and transmitting, to the user device, information associated with the progress indicator to enable display of the progress indicator on a screen associated with the user device. Various other aspects are contemplated.
    Type: Grant
    Filed: September 27, 2021
    Date of Patent: May 17, 2022
    Assignee: Netflow, UAB
    Inventors: Eligijus Birgiolas, Karolis Kaciulis
  • Patent number: 11336629
    Abstract: Certain embodiments described herein are generally directed to systems and methods for deterministic load balancing of processing encapsulated encrypted data packets at a destination tunnel endpoint. For example, certain embodiments described herein relate to configuring a destination tunnel endpoint (TEP) with an encapsulating security payload (ESP) receive side scaling (RSS) mode to assign each incoming packet, received from a certain source endpoint (EP), to a certain RSS queue based on an identifier that is encoded in an SPI value included the packet.
    Type: Grant
    Filed: February 27, 2020
    Date of Patent: May 17, 2022
    Assignee: VMWARE, INC.
    Inventors: Yong Wang, Awan Kumar Sharma, Manmeet Khurana, Shailesh Urhekar, Sourabh Bhattacharya
  • Patent number: 11323445
    Abstract: A method of accessing a network comprises providing, via a first container establishing a first tunnel between a computing device and a network server, a health-check status of the computing device to the network server, and accessing, via a second container establishing a second tunnel between the computing device and the network server, the network at a level of access based on the health-check status of the computing device.
    Type: Grant
    Filed: December 3, 2019
    Date of Patent: May 3, 2022
    Assignee: BlackBerry Limited
    Inventor: Robert Scott Mitchell
  • Patent number: 11310258
    Abstract: Systems, methods, and related technologies for determining a risk associated with a network portion are described. The determination of risk associated with a network portion may include accessing network traffic from a network and determining an entity type associated with at least one entity communicatively coupled to the network. A network portion associated with the at least one entity can be determined. A risk associated with the at least one entity can be determined. A risk associated with the network portion associated with the at least one entity can be determined based on the risk associated with the at least one entity. The risk associated with the network portion can then be stored.
    Type: Grant
    Filed: September 25, 2019
    Date of Patent: April 19, 2022
    Inventors: Arun Raghuramu, Aveek Kumar Das, Yang Zhang
  • Patent number: 11297039
    Abstract: A method for providing a notification system in a virtual private network (VPN), the method comprising configuring a VPN server to receive, from a user device, an indication that data of interest is to be requested, the indication including domain information associated with a host device capable of providing the data of interest; and configuring the VPN server to transmit, based at least in part on the domain information, a notification indicating to the user device that the data of interest to be received from the host device potentially includes harmful content. Various other aspects are contemplated.
    Type: Grant
    Filed: August 13, 2021
    Date of Patent: April 5, 2022
    Assignee: OVERSEC, UAB
    Inventor: Kazimieras Celiesius
  • Patent number: 11297034
    Abstract: An example embodiment may include a computational instance and a computing device within a remote network management platform. The computing device may be configured to: receive, from a client device of the managed network, a request to redirect, to a second URL, future requests addressed to a first URL; provide, to the client device, instructions to generate a certificate that binds an identity of the entity that operates the managed network to the first URL; receive, from the client device, the certificate; store the certificate and a corresponding cryptographic key; and generate a mapping between the first URL and the second URL. The computational instance may be configured to, in response to receiving a content request referencing the destination, generate a content response containing content from the destination, where any hyperlinks to the second URL in the content are replaced with hyperlinks to the first URL.
    Type: Grant
    Filed: December 16, 2019
    Date of Patent: April 5, 2022
    Assignee: ServiceNow, Inc.
    Inventors: Subbaraya Kumar Deverakonda Venkata, Kai Xu, Scott Kaufmann, Silas A. Smith
  • Patent number: 11289443
    Abstract: A secured system includes at least one semiconductor chip comprising information processing circuitry. An array of contact pads is disposed on a surface of the chip and is electrically coupled to the information processing circuitry. The secured system includes one or more semiconductor chiplets. Each chiplet comprises at least a portion of at least one hardware trusted platform module that cryptographically secures the information processing circuitry. An array of electrically conductive microsprings is disposed on a surface of the chiplet and is electrically coupled between the hardware trusted platform module and the contact pads.
    Type: Grant
    Filed: April 20, 2017
    Date of Patent: March 29, 2022
    Assignee: Palo Alto Research Center Incorporated
    Inventors: Warren B. Jackson, Vanishree Rao, Eugene M. Chow
  • Patent number: 11290377
    Abstract: In one embodiment, an electronic device maintains one or more tunnel-based overlays for a communication network. The communication network includes two or more physical provider networks. The device maintains a mapping between a particular application and the one or more overlays for the communication network. The device adjusts the mapping between the particular application and the one or more overlays for the communication network. The device causes one or more routers in the communication network to route traffic for the particular application according to the adjusted mapping between the application and the one or more overlays for the communication network.
    Type: Grant
    Filed: September 11, 2020
    Date of Patent: March 29, 2022
    Assignee: Cisco Technology, Inc.
    Inventors: Dana L. Blair, Michael L. Sullenberger, Solomon T. Lucas, Steven W. Wood, Anand Oswal
  • Patent number: 11288133
    Abstract: A manager for providing services to clients includes persistent storage and an orchestration manager. The persistent storage includes protection policies. The orchestration manager obtains a backup from a client of the clients based on a protection policy of the protection policies; makes a determination that an application catalog associated with the client is not stored in backup storages; in response to making the determination: obtains the application catalog from the client; stores the application catalog in the backup storages; and stores the obtained backup in the backup storages.
    Type: Grant
    Filed: November 1, 2019
    Date of Patent: March 29, 2022
    Assignee: EMC IP Holding Company LLC
    Inventors: Asif Khan, Amith Ramachandran, Amarendra Behera, Deepika Nagabushanam, Ashish Kumar, Pati Mohan, Tushar Dethe, Himanshu Arora, Gururaj Soma, Sapna Chauhan, Soumen Acharya, Reshmee Jawed, Shelesh Chopra, Yasemin Ugur-Ozekinci
  • Patent number: 11277391
    Abstract: A method includes obtaining, by a first network device comprising a processor, characteristic information from an encrypted packet received from a second network device based on a determination that the first network device cannot decrypt the encrypted packet. The first network device is free from having an internet protocol security (IPsec) security association (SA), and the second network device has the IPsec SA. The method also includes generating, by the first network device, generating an informational exchange packet when the first network device obtains, based on the characteristic information, an internet key exchange (IKE) SA corresponding to the characteristic information. The informational exchange packet instructs the second network device to delete the IPsec SA on the second network device. The method further includes sending, by the first network device, the informational exchange packet to the second network device.
    Type: Grant
    Filed: December 11, 2019
    Date of Patent: March 15, 2022
    Inventors: Lihua Mao, Bizhen Liu, Xueming Mei, Yulei Zhang, Bing Ni
  • Patent number: 11258772
    Abstract: An apparatus includes a non-volatile memory (NVM) device coupled to a host, the NVM device including a processing device to: receive a communication packet from a server via the host computing system that is coupled to the NVM device and communicatively coupled to the server, the communication packet comprising clear text data that requests to initiate secure communications; perform a secure handshake with the server, via communication through the host computing system, using a secure protocol that generates a session key; receive data, via the host computing system, from the server within a secure protocol packet, wherein the data is inaccessible to the host computing system; authenticate the data using secure protocol metadata of the secure protocol packet; optionally decrypt, using the session key, the data to generate plaintext data; and store the plaintext data in NVM storage elements of the NVM device.
    Type: Grant
    Filed: June 4, 2019
    Date of Patent: February 22, 2022
    Assignee: Cypress Semiconductor Corporation
    Inventors: Sergey Ostrikov, Stephan Rosner, Cliff Zitlaw
  • Patent number: 11252631
    Abstract: Systems and methods herein recognize that form factors executing personal computer (PC) operating systems experience limited connectivity when traveling between WiFi connections and/or wired connections. Not only does this limit research capabilities of the PC form factor while between WiFi and/or wired connections, but the limitations place data integrity at risk. Systems and methods herein monitor for conditions that cause data integrity risks and seamlessly implement solutions that resolve, reduce, and/or manage identified data integrity risk conditions at least by simplifying a user's ability to identify and connect to networks, which offer data integrity risk solutions.
    Type: Grant
    Filed: February 27, 2020
    Date of Patent: February 15, 2022
    Assignee: Microsoft Technology Licensing, LLC
    Inventors: Wael Jendli, Jeffrey J. Malvern, Anand Muthurajan
  • Patent number: 11245670
    Abstract: The present embodiment relates to method and system for dynamically identifying the optimal servers from among a plurality of VPN servers. The method and system to score or rank the plurality of VPN servers through mathematical operations to produce a scored list of servers. The servers are dynamically scored based on several server conditions including but not limited to server location, server hub score, server creation time, server load, and other like information. The method and system further calculate server penalty scores for a plurality of VPN servers and dynamically identifies optimal servers based on the least server penalty score. Further, the method and system provide means for the VPN service provider to direct their users to connect with the optimal servers consistently.
    Type: Grant
    Filed: December 17, 2020
    Date of Patent: February 8, 2022
    Assignee: 360 IT, UAB
    Inventors: Kazimieras Celiesius, Mindaugas Valkaitis
  • Patent number: 11233823
    Abstract: The present disclosure generally relates to enabling efficient implementation of honeypot devices in a honeypot service environment. Each honeypot device can be implemented as a virtualized device, executing software modified from a production version of a device such that interactions with the honeypot device closely match interactions with a production device. By using virtualization, each honeypot device can be reset to a known good state when a potential security breach occurs. Because network-based attacks are often wide-spread, the honeypot service environment can deduplicate attacks that occur at a large number of devices, discarding duplicate attack traffic to reduce overall load on the environment. While deduplication can be inappropriate for production environments (given the corresponding data loss), deduplication in a honeypot environment can reduce load while still enabling detection of a network attack.
    Type: Grant
    Filed: December 9, 2019
    Date of Patent: January 25, 2022
    Assignee: Amazon Technologies, Inc.
    Inventors: Eknath Venkataramani, Daniel J. Miller, Swati Kulkarni
  • Patent number: 11233647
    Abstract: A system and associated methods provide digital identity and strong authentication management services for Internet users. The system includes a central, cloud-based, online service, referred to as a central service, which can manage user accounts. The system also includes dedicated, always-on, always-connected, cryptographically unique devices, referred to as beacons, located within the physical residences of its users. The central service associates each beacon with the residence address of its user by physically sending a unique address verification code by postal mail to the user's residence. The user presents the unique code to the beacon, and the beacon cryptographically confirms its identity and the unique code sent to the residence address back to the central service. The beacons can attest to users' identities and provide seamless strong authentication to third-party online service providers on behalf of those users.
    Type: Grant
    Filed: April 15, 2019
    Date of Patent: January 25, 2022
    Inventor: Jean-Emmanuel Fontaine
  • Patent number: 11201858
    Abstract: Method, systems, and devices for providing a multi-function router. A router may receive, process, and forward data packets between a physical network interface and a logical network interface. The router may also run a virtualized machine that uses the logical network interface mapped statically or dynamically to the physical network interface.
    Type: Grant
    Filed: May 31, 2018
    Date of Patent: December 14, 2021
    Assignee: KCT HOLDINGS, LLC
    Inventor: Keiron Christopher Tomasso
  • Patent number: 11190491
    Abstract: The present embodiment relates to method and system for establishing, by an individual VPN customer or a plurality of VPN customers, a multi-path failure-resistant connectivity to a VPN service while ensuring no unencrypted customer traffic is ever exposed in a public network. The additional aspects of the method and system disclosed is the constant connectivity assessment executed and the automatically triggered recovery mechanism incorporated.
    Type: Grant
    Filed: December 31, 2020
    Date of Patent: November 30, 2021
    Assignee: Netflow, UAB
    Inventors: Karolis Kaciulis, Donatas Budvytis
  • Patent number: 11176573
    Abstract: Online entities oftentimes desire to ascertain information about their audience members. To determine information about audience members and their activities, online transactions including information about transactions performed by audience members are collected. One or more audience analysis processes are applied to the online transactions to determine the collection of online transactions performed by a given audience member. With an accurate assignment of online transaction to the audience member, the audience member and associated transactions may be classified as a legitimate or illegitimate.
    Type: Grant
    Filed: July 16, 2019
    Date of Patent: November 16, 2021
    Assignee: KOUNT INC.
    Inventor: Timothy P. Barber
  • Patent number: 11178052
    Abstract: Systems and methods for supporting inter subnet control plane protocol for consistent multicast membership and connectivity across multiple subnets in a high performance computing environment. In accordance with an embodiment, by associating a multicast group with an inter-subnet partition, and enforcing a dedicated router port for the multicast group, multicast loop avoidance can be provided for between connected subnets. Because only a single router port is selected as being capable of handling the MC packet, no other router port in the subnet can then pass a multicast packet back to the originating subnet.
    Type: Grant
    Filed: November 15, 2019
    Date of Patent: November 16, 2021
    Inventors: Bjørn Dag Johnsen, Bartosz Bogdański, Ankita Bhandary, Line Holen
  • Patent number: 11178236
    Abstract: Certain embodiments herein are directed to enabling service interoperability functionality for wireless fidelity (WiFi) Direct devices connected to a network via a wireless access point. A WiFi Direct device may identify various other WiFi Direct devices on a WiFi network for performing a requested service, such as printing content or displaying content to a screen. In so doing, the device may share information associated with an access point to which the device is connected with the other devices, which may also share information associated with an access point to which they are connected. In this way, WiFi Direct devices may discover their connectivity with respect to other devices to utilize a broader array of connection options for implementing a desired service, and hence, may leverage application programming interface (API) modules directed at providing service interoperability functionality between software applications and services requested by the software applications.
    Type: Grant
    Filed: August 17, 2020
    Date of Patent: November 16, 2021
    Assignee: Intel Corporation
    Inventors: Emily H. Qi, Carlos Cordiero, Ganesh Venkatesan, Bahareh Sadeghi
  • Patent number: 11157897
    Abstract: Disclosed herein are methods, devices, and apparatuses, including computer programs stored on computer-readable media for managing access to an account in a blockchain system. One of the methods includes: receiving, from a first account of the blockchain system, a request for accessing a second account of the blockchain system; determining an account level of the first account based on the request; determining an account level of the second account; determining whether the account level of the first account satisfies an account condition based on the account level of the second account; and permitting the request for accessing the second account based on a determination that the account level of the first account satisfies the account condition.
    Type: Grant
    Filed: January 27, 2020
    Date of Patent: October 26, 2021
    Assignee: Advanced New Technologies Co., Ltd.
    Inventor: Zhongxiao Yao
  • Patent number: 11159574
    Abstract: The disclosure relates generally to methods, systems, and apparatuses for managing network connections. A system for managing network connections includes a storage component, a decoding component, a rule manager component, and a notification component. The storage component is configured to store a list of expected connections for a plurality of networked machines, wherein each connection in the list of expected connections defines a start point and an end point for the connection. The decoding component is configured to decode messages from the plurality of networked machines indicating one or more connections for a corresponding machine. The rule manager component is configured to identify an unexpected presence or absence of a connection on at least one of the plurality of network machines based on the list of expected connections. The notification component is configured to provide a notification or indication of the unexpected presence or absence.
    Type: Grant
    Filed: July 29, 2020
    Date of Patent: October 26, 2021
    Assignee: Snowflake Inc.
    Inventors: James Calvin Armstrong, Jonathan Claybaugh
  • Patent number: 11153080
    Abstract: A network and a device can support secure sessions with both (i) a post-quantum cryptography (PQC) key encapsulation mechanism (KEM) and (ii) forward secrecy. The device can generate (i) an ephemeral public key (ePK.device) and private key (eSK.device) and (ii) send ePK.device with first KEM parameters to the network. The network can (i) conduct a first KEM with ePK.device to derive a first asymmetric ciphertext and first shared secret, and (ii) generate a first symmetric ciphertext for PK.server and second KEM parameters using the first shared secret. The network can send the first asymmetric ciphertext and the first symmetric ciphertext to the device. The network can receive (i) a second symmetric ciphertext comprising “double encrypted” second asymmetric ciphertext for a second KEM with SK.server, and (ii) a third symmetric ciphertext. The network can decrypt the third symmetric ciphertext using the second asymmetric ciphertext.
    Type: Grant
    Filed: February 3, 2021
    Date of Patent: October 19, 2021
    Inventor: John A. Nix
  • Patent number: 11153118
    Abstract: A technique for executing a service in a local area network through a wide area communication network by way of an access gateway. This access gateway allows devices of the local area network to access the wide area communication network. A service tunnel is configured between the access gateway and a tunnels termination point. This termination point conveys data originating from the local area network and received by using the tunnel to an instance of the service specific to the local area network and conveys data received from this instance to the local area network by using the tunnel. The service is thereafter executed by this instance in the guise of device of the local area network.
    Type: Grant
    Filed: April 26, 2018
    Date of Patent: October 19, 2021
    Assignee: ORANGE
    Inventors: Marc Giovanni, Pierre Guigues, Vincent Huet
  • Patent number: 11144676
    Abstract: A security object management system may include a management module including a device processor and a non-transitory computer readable medium including instructions stored thereon, and executable by the processor, for performing the following steps: accessing a database having stored therein data regarding a plurality of security objects, wherein the data includes ownership data regarding the assignment of rights associated with the security objects; and receiving user input to change the reassignment of rights of at least one of the security objects from one user to another user of the system.
    Type: Grant
    Filed: February 28, 2019
    Date of Patent: October 12, 2021
    Assignee: United Services Automobile Association (USAA)
    Inventors: Martin Christopher Palmer, Paul Joseph Oncale, III, Tammy Sue O'Neal, Maria Carmelite Langley
  • Patent number: 11146959
    Abstract: In some embodiments, a method receives address information for two or more paths between a first network device and a second network device. A connection is established between the first network device and the second network device to determine one or more security keys for the first network device and the second network device. Then, the method installs the one or more security keys with the address information for the two or more paths. The one or more security keys are used to provide a security service on one or more packets that are sent or received between the first network device and the second network device using the address information for the two or more paths.
    Type: Grant
    Filed: October 29, 2019
    Date of Patent: October 12, 2021
    Assignee: Arista Networks, Inc.
    Inventors: Adhip Gupta, Rajagopalan Ammanur, Sreedhar Ganjikunta, Uday Srinivasan
  • Patent number: 11134060
    Abstract: Example implementations relate to mobile virtual private network (mVPN) configuration. For example, a system for mVPN configuration may include a configuration selector to intercept an internet protocol (IP) packet in a mobile virtual private network (mVPN) and select a mVPN configuration for the IP packet using a lookup table. The system may further include a configuration adapter to adapt the IP packet according to the selected mVPN configuration.
    Type: Grant
    Filed: January 29, 2016
    Date of Patent: September 28, 2021
    Assignee: Hewlett Packard Enterprise Development LP
    Inventors: Syed Rafiul Hussain, Kyu-Han Kim
  • Patent number: 11120141
    Abstract: The invention relates to a computer-implemented system and method for selective dynamic encryption and decryption of data. The method may comprise the steps of identifying confidential data elements in a data table (e.g., confidential columns in a table) that contain confidential information; storing in a metastore behind a firewall the locations of the confidential data elements; intercepting a query to the database to add unencrypted confidential data elements; encrypting the unencrypted confidential data elements in computer memory; and transmitting to the public cloud the data table including the encrypted specific data elements and other data elements that have not been encrypted. The reverse process can be implemented for retrieving and selectively decrypting data stored in the cloud.
    Type: Grant
    Filed: June 29, 2018
    Date of Patent: September 14, 2021
    Inventors: Manjunath Sargur Krishnamurthy, Karthigeyan Kuppan
  • Patent number: 11119804
    Abstract: Some embodiments provide novel methods for performing services for machines operating in one or more datacenters. For instance, for a group of related guest machines (e.g., a group of tenant machines), some embodiments define two different forwarding planes: (1) a guest forwarding plane and (2) a service forwarding plane. The guest forwarding plane connects to the machines in the group and performs L2 and/or L3 forwarding for these machines. The service forwarding plane (1) connects to the service nodes that perform services on data messages sent to and from these machines, and (2) forwards these data messages to the service nodes. In some embodiments, the guest machines do not connect directly with the service forwarding plane. For instance, in some embodiments, each forwarding plane connects to a machine or service node through a port that receives data messages from, or supplies data messages to, the machine or service node.
    Type: Grant
    Filed: June 18, 2019
    Date of Patent: September 14, 2021
    Assignee: VMWARE, INC.
    Inventors: Saahil Gokhale, Camille Lecuyer, Rajeev Nair, Kantesh Mundaragi, Rahul Mishra, Pierluigi Rolando, Jayant Jain, Raju Koganty
  • Patent number: 11115387
    Abstract: Systems, methods, and computer-readable storage media are provided for managing application traffic. A routing policy defines the data flow path between the client device (which uses a virtual private network (VPN) client) and the appropriate network-based service. Based on various factors associated with the user, the client device, and the destination (e.g. network-based service), the routing policy will direct the VPN client to communicate with either a public DNS (via the public Internet) or to a private DNS (via the private Intranet). The resulting IP addresses will be used to establish a particular route (either over a public Internet or private Intranet) between the client device and the network-based service in accordance to the routing policy.
    Type: Grant
    Filed: April 2, 2019
    Date of Patent: September 7, 2021
    Assignee: Cisco Technology, Inc.
    Inventors: Peter Bosch, Alessandro Duminuco, Jeffrey Napper, Sape Jurrien Mullender, David Delano Ward
  • Patent number: 11102186
    Abstract: Example methods are provided for a network device to perform packet capture in a software-defined networking (SDN) environment. One example method may comprise detecting an egress packet that includes an inner header addressed from a first node to a second node; and identifying a security policy applicable to the egress packet by comparing one or more fields in the inner header with one or more match fields specified by the security policy. The method may further comprise: based on the security policy, capturing the egress packet in an unencrypted form; performing encryption on the egress packet to generate an encrypted packet that includes the egress packet in an encrypted form; and sending the encrypted packet to the second node.
    Type: Grant
    Filed: April 26, 2018
    Date of Patent: August 24, 2021
    Assignee: VMWARE, INC.
    Inventors: Yong Wang, Xinhua Hong, Kai-Wei Fan
  • Patent number: 11093234
    Abstract: An automatic updating system includes an off-line management server, an in-line management server, a production management server configured to calculate a non-operating time in each time period, and a data analysis server. The off-line management server installs update-software transmitted from a manufacturer server in a corresponding off-line robot based on the transmitted update-software, evaluates the installed update-software, and determines whether or not it is possible to update the in-line robot by the update-software based on the evaluation. The data analysis server schedules the timing of the update of the software so that the update by the update-software, which has been determined to be updatable, is carried out within the non-operating time of the in-line robot. The in-line management server updates the software of the in-line robot at the timing scheduled by the data analysis server.
    Type: Grant
    Filed: February 20, 2020
    Date of Patent: August 17, 2021
    Inventor: Shun Sato
  • Patent number: 11089119
    Abstract: Systems and methods for providing application services to a customer are provided. Customer-managed computing resources on a customer network may facilitate the provision of application services to a client device coupled to the customer network. Application instances providing the application services may execute either on the customer-managed computing resources or on computing resources managed by the service provider. Application services may be rendered to the customer while sensitive customer data maintains residency on storage resources on the customer network. Application instances may receive requests for services from the customer, and generate corresponding requests for particular data of the sensitive customer data. These requests may be conveyed to the endpoints on customer network capable of fulfilling the requests.
    Type: Grant
    Filed: July 30, 2020
    Date of Patent: August 10, 2021
    Inventors: Zakiul Islam, Noah Wasmer
  • Patent number: 11070566
    Abstract: An information handling system includes a processor, a baseboard management controller (BMC) agent that establishes a Transport Layer Security (TLS) session including a first cryptographic parameter shared between the BMC and the BMC agent, receives a request to register the BMC agent with the BMC via the TLS session, and provides a second cryptographic parameter to the BMC agent. The BMC establishes a second TLS session including a third cryptographic parameter, determines that the second TLS session is suspected of being from a malicious agent, and renegotiates with the BMC agent using the second cryptographic parameter within the TLS session to share a fourth cryptographic parameter between the BMC and the first BMC agent in response to determining that the second TLS session is suspect.
    Type: Grant
    Filed: March 29, 2019
    Date of Patent: July 20, 2021
    Assignee: Dell Products L.P.
    Inventors: Faizal Saidalavi Nabeesa, Parmeshwr Prasad, Rajib Saha
  • Patent number: 11057366
    Abstract: Provided is a process that establishes user identities within a decentralized data store, like a blockchain. A user's mobile device may establish credential values within a trusted execution environment of the mobile device. Representations of those credentials may be generated on the mobile device and transmitted for storage in association with an identity of the user established on the blockchain. Similarly, one or more key-pairs may be generated or otherwise used by the mobile device for signatures and signature verification. Private keys may remain resident on the device (or known and input by the user) while corresponding public keys may be stored in association with the user identity on the blockchain. A private key is used to sign representations of credentials and other values as a proof of knowledge of the private key and credential values for authentication of the user to the user identity on the blockchain.
    Type: Grant
    Filed: April 2, 2019
    Date of Patent: July 6, 2021
    Assignee: HYPR Corp.
    Inventors: George Avetisov, Roman Kadinsky, Robert Panebianco, Bojan Simic
  • Patent number: 11044270
    Abstract: A distributed security system and method are disclosed that enable access to known threat events from threat intelligence feeds when the system includes public cloud components. A cloud-based security policy system stores observable events for security incidents detected by and sent from user devices within an enterprise network. The observable events include observable indicators for characterizing the observable events. The threat events within the feeds include threat indicators for characterizing the threat events. An on-premises connector within the enterprise network downloads the observable indicators from the security policy system and the threat indicators from the feeds. In response to determining that any observable indicators match any threat indicators, the on-premises connector provides access to the threat events and/or the observable events having the matching indicators.
    Type: Grant
    Filed: March 13, 2017
    Date of Patent: June 22, 2021
    Assignee: Carbon Black, Inc.
    Inventors: Jeffrey Albin Kraemer, Sanket Choksey, Ranganathan Gopalan
  • Patent number: 11038923
    Abstract: In a communication system comprising a first network operatively coupled to a second network, wherein the first network comprises a first security edge protection proxy element operatively coupled to a second security edge protection proxy element of the second network; the method comprises configuring at least a given one of the first and second security edge protection proxy elements to apply application layer security to one or more information elements in a received message from a network function before sending the message to the other one of the first and second security edge protection proxy elements.
    Type: Grant
    Filed: June 21, 2018
    Date of Patent: June 15, 2021
    Assignee: Nokia Technologies Oy
    Inventors: Nagendra S. Bykampadi, Suresh P. Nair, Anja Jerichow
  • Patent number: 11032203
    Abstract: A first network device of a network receives first traffic and second traffic, and assigns a first priority to the first traffic and a second priority to the second traffic. The first network device provides, to a second network device, a first message requesting whether the second network device can process the first traffic, and receives, from the second network device, a first response with a first value indicating that the second network device can process the first traffic. The first network device establishes, with the second network device, a path that includes a first security association and a second security association. The first network device provides, to the second network device, the first traffic with the first priority, via the first security association of the path, and the second traffic with the second priority, via the second security association of the path.
    Type: Grant
    Filed: April 26, 2019
    Date of Patent: June 8, 2021
    Assignee: Juniper Networks, Inc.
    Inventors: Umesh Mangla, Johan Andersson
  • Patent number: 11032177
    Abstract: Methods, systems, and apparatus, including computer programs encoded on computer storage media, for validating network activity. One of the methods includes receiving data identifying network activity for an online account; determining one or more users associated with the online account; determining, for each of the one or more users, a current physical activity in which the user is participating; determining, for each of the current physical activities, a likelihood that the corresponding user initiated the network activity while participating in the current physical activity; determining, for each of the current physical activities, whether the corresponding likelihood satisfies a threshold likelihood; and in response to determining that at least one of the corresponding likelihoods satisfies the threshold likelihood, providing an alert about the network activity to one of the one or more users associated with the online account.
    Type: Grant
    Filed: June 25, 2019
    Date of Patent: June 8, 2021
    Assignee: Incorporated
    Inventors: Matthew Daniel Correnti, Robert Nathan Picardi
  • Patent number: 11026090
    Abstract: Systems and methods are described wherein sensor devices for gathering sensor data are in communication with a sensor processing application enabled to receive sensor data and to perform a function such as storing, processing, and redistributing sensor data or processed sensor data. A communication network to which the sensor devices are connected comprises a publish-subscribe broker network including a broker adapted to provide publish-subscribe broker services for entities including the sensor devices and the sensor processing application. A key management application distributes keys to entities that are authorized to send or receive on channels established within the broker network. An authorized subscriber entity connected to the broker network via a broker is enabled to receive data on a specific identified channel by subscribing to the channel and receive published data on the channel published by an authorized publisher entity.
    Type: Grant
    Filed: November 15, 2018
    Date of Patent: June 1, 2021
    Assignee: All Purpose Networks, Inc.
    Inventors: Harvey Rubin, John Grossmann
  • Patent number: 10984331
    Abstract: Analyzing a set of policies. A goal comprising a particular outcome is received. An analysis object comprising a data structure maintaining information needed to perform an analysis of the goal is defined. The analysis object is configured to limit a number of calculations needed to achieve the goal. Each member of a set of expressions found in the set of policies has an output. The output is the same for each expression. One of the set of expressions is solved. The solved output is cached in the analysis object such that the solved output is associated with each member of the set of expressions. The analysis object is processed to create a set of values that achieves the goal. Processing includes referencing the cache to retrieve the solved output each time a member of the set of expressions is to be solved during processing of the analysis object.
    Type: Grant
    Filed: January 27, 2014
    Date of Patent: April 20, 2021
    Assignee: The Boeing Company
    Inventors: Paul L. Allen, David J. Finton, Charles Theodore Kitzmiller
  • Patent number: 10979285
    Abstract: The present application relates to the field of communications technologies, and provides a service transmission method, a device, and a system, to resolve a problem that a service of user equipment is interrupted when a user plane network element is faulty. The method includes: obtaining, by a resource management node, an IP address pool; dividing the IP address pool into at least one IP address segment, and determining at least one tunnel endpoint identifier index based on the at least one IP address segment; and allocating the at least one IP address segment and the at least one tunnel endpoint identifier index to at least one user plane network element.
    Type: Grant
    Filed: March 29, 2019
    Date of Patent: April 13, 2021
    Assignee: Huawei Technologies Co., Ltd.
    Inventors: Yu Yin, Caixia Qi
  • Patent number: 10944723
    Abstract: Systems, methods, and apparatuses enable deploying and executing a security policy on endpoints in a network. In an embodiment, a security orchestrator determines a set of endpoints in a network and determines transformed endpoints from the determined set of endpoints through an endpoint transformation process. The security orchestrator determines a connectivity vector for at least a first transformed endpoint and a second transformed endpoint, where the connectivity vector includes properties associated with the corresponding transformed endpoint. Using the properties from the connectivity vector of the first transformed endpoint, a security policy is generated and deployed to the first transformed endpoint. Based on a comparison of the connectivity vectors of the first and second transformed endpoints indicating a similarity between the first and second transformed endpoints, the security policy is further deployed to the second transformed endpoint.
    Type: Grant
    Filed: November 17, 2017
    Date of Patent: March 9, 2021
    Inventors: Ratinder Paul Singh Ahuja, Manuel Nedbal, Jitendra Gaitonde, John Parker, Manoj Ahluwalia, Damodar Hegde, Neil Liberman, Rajiv Sreedhar
  • Patent number: 10931465
    Abstract: A proxy server in a cloud-based proxy service receives a secure session request from a client device as a result of a Domain Name System (DNS) request for a domain resolving to the proxy server. The proxy server participates in a secure session negotiation with the client device including transmitting a digital certificate to the client device that is bound to domain and multiple other domains. The proxy server receives an encrypted request from the client device for an action to be performed on a resource that is hosted at an origin server corresponding to the domain. The proxy server decrypts the request and participates in a secure session negotiation with the origin server including receiving a digital certificate from the origin server. The proxy server encrypts the decrypted request using the digital certificate from the origin server and transmits the encrypted request to the origin server.
    Type: Grant
    Filed: March 18, 2019
    Date of Patent: February 23, 2021
    Assignee: CLOUDFLARE, INC.
    Inventors: Matthew Browning Prince, Srikanth N. Rao, Lee Hahn Holloway, Ian Gerald Pye
  • Patent number: 10924449
    Abstract: In one embodiment, a method includes partitioning a block of Internet protocol (IP) addresses into one or more sets of IP addresses. The IP addresses of each set of IP addresses are continuously sequential and corresponds to a geographically-distributed Internet point of presence (PoP). Each of the IP addresses in the block corresponds to one of a number of global services. Each PoP supports one or more of the global services. The method also includes assigning a respective one of the sets of IP addresses to each PoP. A prefix of each set of IP addresses is fixed for each set of IP addresses. The method also includes partitioning each set of IP addresses into a number of subsets of IP addresses. One or more of the subsets of IP addresses each corresponds to a respective global service.
    Type: Grant
    Filed: July 6, 2017
    Date of Patent: February 16, 2021
    Assignee: Facebook, Inc.
    Inventor: Tuomas Juhana Ranta
  • Patent number: 10917383
    Abstract: A management system includes: a first information-processing apparatus connected with the Internet; and a second information-processing apparatus connected with a local network connected to the Internet via a firewall. The first information-processing apparatus transmits communication information and an installer to a request source that has transmitted an installer request. After the mediation program is installed on the second information-processing apparatus, a specific communication mode in which the firewall allows transmission of a specific command from the first information-processing apparatus to the second information-processing apparatus is started using the communication information. The specific command includes a specific instruction for a device connected with the second information-processing apparatus via the local network. The specific command is generated independently of requests that the second information-processing apparatus transmits.
    Type: Grant
    Filed: April 12, 2019
    Date of Patent: February 9, 2021
    Assignee: Brother Kogyo Kabushiki Kaisha
    Inventor: Takashi Nishizaki
  • Patent number: 10911524
    Abstract: The present application is directed to a distributed system that provides multi-cloud aggregation and that includes a cloud-connector server, cloud-connector nodes, and one or more service-provider nodes that cooperate to provide services that are distributed across multiple clouds. A service-provider node obtains tenant-associated information from a virtual data center in which the service-provider node is installed and provides the tenant-associated information to the cloud-connector server.
    Type: Grant
    Filed: April 8, 2019
    Date of Patent: February 2, 2021
    Assignee: VMware, Inc.
    Inventor: Jagannath N. Raghu
  • Patent number: 10893029
    Abstract: A technology is described for a virtual secure region. An example method may include receiving a request for data stored in a secure computing service environment executing on computing resources used to provide a public computing service environment, where the secure computing service environment may be separated from the public computing environment using encryption. In response to the request, a secure region account that corresponds to a public region account may be identified using a translation table that maps the secure region account to the public region account. A storage location for the data may be identified within the secure computing service environment specified by the secure region account, and the data may be obtained from the storage location within the secure computing service environment. The data may then be transferred to the public computing service environment.
    Type: Grant
    Filed: September 8, 2015
    Date of Patent: January 12, 2021
    Assignee: Amazon Technologies, Inc.
    Inventors: Christopher Albert Gorski, Carl Jay Moses