Virtual Private Network Or Virtual Terminal Protocol (i.e., Vpn Or Vtp) Patents (Class 726/15)
  • Patent number: 11032177
    Abstract: Methods, systems, and apparatus, including computer programs encoded on computer storage media, for validating network activity. One of the methods includes receiving data identifying network activity for an online account; determining one or more users associated with the online account; determining, for each of the one or more users, a current physical activity in which the user is participating; determining, for each of the current physical activities, a likelihood that the corresponding user initiated the network activity while participating in the current physical activity; determining, for each of the current physical activities, whether the corresponding likelihood satisfies a threshold likelihood; and in response to determining that at least one of the corresponding likelihoods satisfies the threshold likelihood, providing an alert about the network activity to one of the one or more users associated with the online account.
    Type: Grant
    Filed: June 25, 2019
    Date of Patent: June 8, 2021
    Assignee: Alarm.com Incorporated
    Inventors: Matthew Daniel Correnti, Robert Nathan Picardi
  • Patent number: 11032203
    Abstract: A first network device of a network receives first traffic and second traffic, and assigns a first priority to the first traffic and a second priority to the second traffic. The first network device provides, to a second network device, a first message requesting whether the second network device can process the first traffic, and receives, from the second network device, a first response with a first value indicating that the second network device can process the first traffic. The first network device establishes, with the second network device, a path that includes a first security association and a second security association. The first network device provides, to the second network device, the first traffic with the first priority, via the first security association of the path, and the second traffic with the second priority, via the second security association of the path.
    Type: Grant
    Filed: April 26, 2019
    Date of Patent: June 8, 2021
    Assignee: Juniper Networks, Inc.
    Inventors: Umesh Mangla, Johan Andersson
  • Patent number: 11026090
    Abstract: Systems and methods are described wherein sensor devices for gathering sensor data are in communication with a sensor processing application enabled to receive sensor data and to perform a function such as storing, processing, and redistributing sensor data or processed sensor data. A communication network to which the sensor devices are connected comprises a publish-subscribe broker network including a broker adapted to provide publish-subscribe broker services for entities including the sensor devices and the sensor processing application. A key management application distributes keys to entities that are authorized to send or receive on channels established within the broker network. An authorized subscriber entity connected to the broker network via a broker is enabled to receive data on a specific identified channel by subscribing to the channel and receive published data on the channel published by an authorized publisher entity.
    Type: Grant
    Filed: November 15, 2018
    Date of Patent: June 1, 2021
    Assignee: All Purpose Networks, Inc.
    Inventors: Harvey Rubin, John Grossmann
  • Patent number: 10984331
    Abstract: Analyzing a set of policies. A goal comprising a particular outcome is received. An analysis object comprising a data structure maintaining information needed to perform an analysis of the goal is defined. The analysis object is configured to limit a number of calculations needed to achieve the goal. Each member of a set of expressions found in the set of policies has an output. The output is the same for each expression. One of the set of expressions is solved. The solved output is cached in the analysis object such that the solved output is associated with each member of the set of expressions. The analysis object is processed to create a set of values that achieves the goal. Processing includes referencing the cache to retrieve the solved output each time a member of the set of expressions is to be solved during processing of the analysis object.
    Type: Grant
    Filed: January 27, 2014
    Date of Patent: April 20, 2021
    Assignee: The Boeing Company
    Inventors: Paul L. Allen, David J. Finton, Charles Theodore Kitzmiller
  • Patent number: 10979285
    Abstract: The present application relates to the field of communications technologies, and provides a service transmission method, a device, and a system, to resolve a problem that a service of user equipment is interrupted when a user plane network element is faulty. The method includes: obtaining, by a resource management node, an IP address pool; dividing the IP address pool into at least one IP address segment, and determining at least one tunnel endpoint identifier index based on the at least one IP address segment; and allocating the at least one IP address segment and the at least one tunnel endpoint identifier index to at least one user plane network element.
    Type: Grant
    Filed: March 29, 2019
    Date of Patent: April 13, 2021
    Assignee: Huawei Technologies Co., Ltd.
    Inventors: Yu Yin, Caixia Qi
  • Patent number: 10944723
    Abstract: Systems, methods, and apparatuses enable deploying and executing a security policy on endpoints in a network. In an embodiment, a security orchestrator determines a set of endpoints in a network and determines transformed endpoints from the determined set of endpoints through an endpoint transformation process. The security orchestrator determines a connectivity vector for at least a first transformed endpoint and a second transformed endpoint, where the connectivity vector includes properties associated with the corresponding transformed endpoint. Using the properties from the connectivity vector of the first transformed endpoint, a security policy is generated and deployed to the first transformed endpoint. Based on a comparison of the connectivity vectors of the first and second transformed endpoints indicating a similarity between the first and second transformed endpoints, the security policy is further deployed to the second transformed endpoint.
    Type: Grant
    Filed: November 17, 2017
    Date of Patent: March 9, 2021
    Assignee: SHIELDX NETWORKS, INC.
    Inventors: Ratinder Paul Singh Ahuja, Manuel Nedbal, Jitendra Gaitonde, John Parker, Manoj Ahluwalia, Damodar Hegde, Neil Liberman, Rajiv Sreedhar
  • Patent number: 10931465
    Abstract: A proxy server in a cloud-based proxy service receives a secure session request from a client device as a result of a Domain Name System (DNS) request for a domain resolving to the proxy server. The proxy server participates in a secure session negotiation with the client device including transmitting a digital certificate to the client device that is bound to domain and multiple other domains. The proxy server receives an encrypted request from the client device for an action to be performed on a resource that is hosted at an origin server corresponding to the domain. The proxy server decrypts the request and participates in a secure session negotiation with the origin server including receiving a digital certificate from the origin server. The proxy server encrypts the decrypted request using the digital certificate from the origin server and transmits the encrypted request to the origin server.
    Type: Grant
    Filed: March 18, 2019
    Date of Patent: February 23, 2021
    Assignee: CLOUDFLARE, INC.
    Inventors: Matthew Browning Prince, Srikanth N. Rao, Lee Hahn Holloway, Ian Gerald Pye
  • Patent number: 10924449
    Abstract: In one embodiment, a method includes partitioning a block of Internet protocol (IP) addresses into one or more sets of IP addresses. The IP addresses of each set of IP addresses are continuously sequential and corresponds to a geographically-distributed Internet point of presence (PoP). Each of the IP addresses in the block corresponds to one of a number of global services. Each PoP supports one or more of the global services. The method also includes assigning a respective one of the sets of IP addresses to each PoP. A prefix of each set of IP addresses is fixed for each set of IP addresses. The method also includes partitioning each set of IP addresses into a number of subsets of IP addresses. One or more of the subsets of IP addresses each corresponds to a respective global service.
    Type: Grant
    Filed: July 6, 2017
    Date of Patent: February 16, 2021
    Assignee: Facebook, Inc.
    Inventor: Tuomas Juhana Ranta
  • Patent number: 10917383
    Abstract: A management system includes: a first information-processing apparatus connected with the Internet; and a second information-processing apparatus connected with a local network connected to the Internet via a firewall. The first information-processing apparatus transmits communication information and an installer to a request source that has transmitted an installer request. After the mediation program is installed on the second information-processing apparatus, a specific communication mode in which the firewall allows transmission of a specific command from the first information-processing apparatus to the second information-processing apparatus is started using the communication information. The specific command includes a specific instruction for a device connected with the second information-processing apparatus via the local network. The specific command is generated independently of requests that the second information-processing apparatus transmits.
    Type: Grant
    Filed: April 12, 2019
    Date of Patent: February 9, 2021
    Assignee: Brother Kogyo Kabushiki Kaisha
    Inventor: Takashi Nishizaki
  • Patent number: 10911524
    Abstract: The present application is directed to a distributed system that provides multi-cloud aggregation and that includes a cloud-connector server, cloud-connector nodes, and one or more service-provider nodes that cooperate to provide services that are distributed across multiple clouds. A service-provider node obtains tenant-associated information from a virtual data center in which the service-provider node is installed and provides the tenant-associated information to the cloud-connector server.
    Type: Grant
    Filed: April 8, 2019
    Date of Patent: February 2, 2021
    Assignee: VMware, Inc.
    Inventor: Jagannath N. Raghu
  • Patent number: 10893029
    Abstract: A technology is described for a virtual secure region. An example method may include receiving a request for data stored in a secure computing service environment executing on computing resources used to provide a public computing service environment, where the secure computing service environment may be separated from the public computing environment using encryption. In response to the request, a secure region account that corresponds to a public region account may be identified using a translation table that maps the secure region account to the public region account. A storage location for the data may be identified within the secure computing service environment specified by the secure region account, and the data may be obtained from the storage location within the secure computing service environment. The data may then be transferred to the public computing service environment.
    Type: Grant
    Filed: September 8, 2015
    Date of Patent: January 12, 2021
    Assignee: Amazon Technologies, Inc.
    Inventors: Christopher Albert Gorski, Carl Jay Moses
  • Patent number: 10893023
    Abstract: One or more VPN tunnels are established in a site-to-site configuration. A VPN transition subnet is defined and associated with each VPN tunnel. Once the VPN tunnel(s) and the LAN(s) have been configured, a per-application VPN policy can be specified for any applications that require site-to-site VPN access. Whenever a new application is launched, a container is created for executing the VM. The VPN management system reads the VPN policy to determine whether the application is permitted to access any VPN tunnels. If the application is permitted to access a VPN tunnel, a vNIC is generated on the VM for the container of the application and/or a new IP address on the vNIC is assigned to the container. The new IP address and/or the new vNIC are then added to the VPN transition subnet associated with the VPN tunnel to enable the application to access the VPN tunnel.
    Type: Grant
    Filed: January 12, 2018
    Date of Patent: January 12, 2021
    Assignee: VMware, Inc.
    Inventors: Nan Wang, Sam Zhao, Shengbo Teng, Wen Wang, Jingtao Zhang
  • Patent number: 10873451
    Abstract: Content delivery systems and methods are provided. A center node may determine a service domain name to be processed. The center node may obtain configuration parameters corresponding to the service domain name. The center node may generate configuration items based on the obtained configuration parameters. The configuration items may cause a plurality of edge nodes to deploy Hypertext Transfer Protocol Secure (HTTPS) security acceleration for the service domain name. The center node may send, to the edge nodes in the CDN, the configuration items that are based on the corresponding configuration parameters. The configuration item may include comprise a digital certificate providing mode and a back-to-source mode of an origin site. A first configuration parameter may correspond to the digital certificate providing and a second configuration parameter may correspond to a back-to-source mode of the origin site.
    Type: Grant
    Filed: May 11, 2018
    Date of Patent: December 22, 2020
    Assignee: TENCENT TECHNOLOGY (SHENZHEN) COMPANY LIMITED
    Inventors: Bo Liu, Long Liao, Bingqi Huang, Zhiqian Da
  • Patent number: 10873578
    Abstract: Biometric authentication, decentralized learning frameworks, and adaptive security protocols and services for a distributed operator terminals network are described. In some embodiments, the terminals may be hardware terminals, kiosks, or clients. In some embodiments, a security analysis may be performed, and security scores may be determined, for visitors requesting operations at terminals. Security scores may be determined by a vendor, in communication with the operator terminals, based on aggregation of a plurality of factors, wherein each factor may be weighted. The factors may incorporate operator settings or preferences. In one embodiment, the factors include one or more facial recognition factors. The one or more facial recognition factors may be used for biometric authentication. The vendor may use the security scores to determine user privileges or permissions for the operations. The vendor may deliver instructions or messages to the terminals based on the determinations.
    Type: Grant
    Filed: February 26, 2020
    Date of Patent: December 22, 2020
    Inventor: Evan Chase Rose
  • Patent number: 10867052
    Abstract: Generally described, one or more aspects of the present application correspond to techniques for modifying volume encryption status, either by creating an encrypted copy of an unencrypted source volume or by re-encrypting the replica with a different key than the source volume. This can be accomplished using an intermediary transform fleet that stores the encryption key(s) and performs encryption (and decryption, in cases where the source is encrypted). Further, these techniques can implement a state refresh for any client attached to the volume in order to equip the client to handle the different encryption state of the encrypted volume.
    Type: Grant
    Filed: September 25, 2018
    Date of Patent: December 15, 2020
    Assignee: Amazon Technologies, Inc.
    Inventors: Sandeep Kumar, Arvind Chandrasekar, Lalit Jain, Danny Wei, Pavan Kumar Korlepara, Marc Stephen Olson
  • Patent number: 10862854
    Abstract: Described systems and methods allow a selective collection of computer security data from client devices such as personal computers, smartphones, and Internet of Things (IoT) devices. A security application executing on each client device comprises a domain name service (DNS) proxy that tags outgoing DNS messages with a client ID. The DNS server selects a client for to data collection by returning a DNS reply comprising a service activation flag. Some embodiments thus enable a per-DNS-message selectivity of data collection. In some embodiments, subsequent network access requests by the selected clients are re-routed to a security server for analysis.
    Type: Grant
    Filed: May 7, 2019
    Date of Patent: December 8, 2020
    Assignee: Bitdefender IPR Management Ltd.
    Inventor: Daniel A. Mircescu
  • Patent number: 10841215
    Abstract: Aspects of the subject disclosure may include, for example, exchanging messages between a back-end-as-a-service network element and a mobile core network processor to obtain a message exchange responsive to a request for providing a mobile device with access to a back-end service of a remote system without requiring a back-end client resident at the mobile device. The messages are exchanged according to protocols operating at layers below layer five of Open Systems Interconnection (OSI) seven-layer model. Responsive to the message exchange, delivery is facilitated of the back-end service of the remote system to the mobile device. Other embodiments are disclosed.
    Type: Grant
    Filed: September 17, 2019
    Date of Patent: November 17, 2020
    Assignee: AT&T Mobility II LLC
    Inventor: Arturo Maria
  • Patent number: 10819745
    Abstract: Embodiments of the specification provide a URL abnormal field location method. One exemplary method comprising: obtaining a plurality of URL samples comprising a plurality of abnormal URL samples and a plurality of normal URL samples; for each of the plurality of URL samples, obtaining a plurality of feature vectors representing the plurality of fields of the URL sample; assigning a plurality of training labels to the plurality of feature vectors of each of the plurality of URL samples; obtaining, based on a classifier, a plurality of predicted labels for the plurality of feature vectors of each of the plurality of URL samples; updating the plurality of training labels based on the plurality of predicted labels; training the classifier with the plurality of updated training labels; and deploying the trained classifier to identify an abnormal field in a URL.
    Type: Grant
    Filed: May 19, 2020
    Date of Patent: October 27, 2020
    Assignee: ADVANCED NEW TECHNOLOGIES CO., LTD.
    Inventors: Yalin Zhang, Longfei Li
  • Patent number: 10819418
    Abstract: Systems and methods for secure communications over broadband datalinks are provided. In certain implementations, a system for providing secure communications through a communication link includes a first communication unit that includes a processing unit that is configured to execute code that causes the first communication unit to verify messages with a firewall as they are received by the first communication unit; remove encapsulation data that encapsulates a message received from a second communication unit; check a digital signature appended to the message received from a second communication unit through a non-secure communication link; perform an integrity check on the message; and when the message is verified through the digital signature and the integrity check, process the message; wherein removal of the encapsulation data and implementation of the firewall is in a first partition and performance of the integrity check and verification of the digital signature is in a second partition.
    Type: Grant
    Filed: April 26, 2017
    Date of Patent: October 27, 2020
    Assignee: Honeywell International Inc.
    Inventors: Michael L. Olive, Daniel P. Johnson, Thomas D. Judd
  • Patent number: 10812454
    Abstract: The embodiments herein relate to an IoT device, a method performed in the IoT device, a network device and a method performed in the network device for securing communication of the IoT device roaming from a home network to a visited network. The method comprising: receiving a request from the IoT device to set up a VPN tunnel; acknowledging the setting up of the VPN tunnel, and routing data received from the IoT device destined for an IoT service provider via the VPN tunnel. This way the encryption/decryption processes are handled by the visited network.
    Type: Grant
    Filed: February 15, 2018
    Date of Patent: October 20, 2020
    Assignee: TELIA COMPANY AB
    Inventors: Tero Jalkanen, Tomi Sarajisto, Ilkka Keisala
  • Patent number: 10798132
    Abstract: The present application is directed a computer-implemented method for enhancing security and preventing cyber-attacks on a network. The method includes a step of receiving, from a user equipment on the network, information including a source IP address and a destination IP address. The method also includes a step of selecting a first VPN server from a VPN service provider based upon a traffic-type of the user equipment. The method also includes a step of creating, via a graphical user interface, a policy to prevent cyber-attacks such that traffic associated with the information of the user equipment is routed to the first VPN server. The method further includes a step of sending the traffic of the user equipment to the VPN server. The method even further includes a step of provisioning the first VPN server to last a predetermined amount of time base on the created policy.
    Type: Grant
    Filed: April 16, 2019
    Date of Patent: October 6, 2020
    Inventor: Michael J. Chen
  • Patent number: 10785028
    Abstract: A processor core that includes a token generator circuit is to execute a first instruction in response to initialization of a software program that requests access to protected data output by a cryptographic operation. To execute the first instruction, the processor core is to: retrieve a key that is to be used by the cryptographic operation; trigger the token generator circuit to generate an authorization token; cryptographically encode the key and the authorization token within a key handle; store the key handle in memory; and embed the authorization token within a cryptographic instruction that is to perform the cryptographic operation. The cryptographic instruction may be associated with a first logical compartment of the software program that is authorized access to the protected data.
    Type: Grant
    Filed: June 29, 2018
    Date of Patent: September 22, 2020
    Assignee: Intel Corporation
    Inventors: Milind Girkar, Jason W. Brandt, Michael LeMay
  • Patent number: 10785198
    Abstract: A server establishes a secure session with a client device where a private key used in the handshake when establishing the secure session is stored in a different server. During the handshake procedure, the server receives a premaster secret that has been encrypted using a public key bound with a domain for which the client device is attempting to establish a secure session with. The server transmits the encrypted premaster secret to another server for decryption. The server receives the decrypted premaster secret and continues with the handshake procedure including generating a master secret from the decrypted premaster secret and generating one or more session keys that are used in the secure session for encrypting and decrypting communication between the client device and the server.
    Type: Grant
    Filed: November 12, 2018
    Date of Patent: September 22, 2020
    Assignee: CLOUDFLARE, INC.
    Inventors: Sébastien Andreas Henry Pahl, Matthieu Philippe François Tourne, Piotr Sikora, Ray Raymond Bejjani, Dane Orion Knecht, Matthew Browning Prince, John Graham-Cumming, Lee Hahn Holloway, Albertus Strasheim
  • Patent number: 10771563
    Abstract: Provided is a remote operation system for surveying instruments, capable of making surveying instruments execute a necessary operation even when communication with a management server fails.
    Type: Grant
    Filed: February 5, 2019
    Date of Patent: September 8, 2020
    Assignee: TOPCON CORPORATION
    Inventor: Takeshi Kikuchi
  • Patent number: 10757141
    Abstract: The disclosure relates generally to methods, systems, and apparatuses for managing network connections. A method may include identifying a first state of a first endpoint connection of a first networked machine and a second state of a second endpoint connection of a second network machine, and confirming the first state and the second state based on expected states for the first networked machine and the second network machine, wherein the expected states comprise a list of expected connections.
    Type: Grant
    Filed: January 31, 2020
    Date of Patent: August 25, 2020
    Assignee: Snowflake Inc.
    Inventors: James Calvin Armstrong, Jonathan Claybaugh
  • Patent number: 10742683
    Abstract: Techniques applicable to a network orchestration and security platform for a network, such as an industrial control system (ICS) network, are disclosed. Such techniques include, for example, methods to characterize and classify networked industrial devices based upon conversation patterns, generate security zones for ICS networked assets based upon conversation characteristics and patterns, to identify and record ICS networked devices in a non-intrusive way, to create secure conduits between security zones for ICS networked devices with no impact to endpoint hose devices, and systems therefor.
    Type: Grant
    Filed: September 18, 2017
    Date of Patent: August 11, 2020
    Assignee: Veracity Industrial Networks, Inc.
    Inventor: Roger Hill
  • Patent number: 10721219
    Abstract: A method is provided for establishing a communication session in a communications system. The method includes providing a handshake layer functional block in a first communication peer, and providing a data communication layer functional block separate from the handshake layer functional block in the first communication peer. Functionality of the data communication layer is not duplicated in the handshake layer. If the data communication layer is unable to process a received encrypted message; transmitting, by the data communication layer, a configuration request message to the handshake layer, and transmitting, by the handshake layer, in response to the configuration request message, a set channel state message to enable the data communication layer to process application data after a handshake phase of the protocol session is complete. Then, application data can be communicated through the data communication layer functional block of the first communication peer to a second communication peer.
    Type: Grant
    Filed: June 28, 2018
    Date of Patent: July 21, 2020
    Assignee: NXP B.V.
    Inventors: Geoffrey Thorpe, Peter Doliwa, Vakul Garg, Jan René Brands
  • Patent number: 10721061
    Abstract: A method is provided for establishing a secure communication session in a communication system. The method includes providing a handshake layer functional block and providing a record layer functional block separate from the handshake layer functional block. Functionality of the record layer functional block is not duplicated in the handshake layer functional block. The record layer functional block of a first communication peer generates an ephemeral key pair. A public key of the ephemeral key pair is transmitted to the handshake layer functional block of a second communication peer via the handshake layer functional block of the first communication peer. A session key is generated from the public key of the second communication peer and a private key of the first communication peer. Messages communicated between the first communication peer and the second communication peer are protected using the session key.
    Type: Grant
    Filed: June 28, 2018
    Date of Patent: July 21, 2020
    Assignee: NXP B.V.
    Inventors: Peter Doliwa, Vakul Garg
  • Patent number: 10692058
    Abstract: Computer implementation methods of processing transactions to determine the fraud risk of transactions incorporating card issuer bin and cardholder location associated with a multitude of customers. The artificial intelligence models developed with such information provide an output of likelihood of fraud for payment card transactions. Disclosed are the methods of utilizing aggregated payment card transaction data at the card issuer bin and card holder location level to improve fraud detection. The implementation of the method is demonstrated to have boosted the performance of the developed models in detection of fraudulent payment cards.
    Type: Grant
    Filed: September 6, 2017
    Date of Patent: June 23, 2020
    Assignee: Fair Isaac Corporation
    Inventors: Scott Michael Zoldi, Heming Xu
  • Patent number: 10693763
    Abstract: Some embodiments provide a system that allows for the use of direct host return ports (abbreviated “DHR ports”) on managed forwarding elements to bypass gateways in managed networks. The DHR ports provide a direct connection from certain managed forwarding elements in the managed network to remote destinations that are external to the managed network. Managed networks can include both a logical abstraction layer and physical machine layer. At the logical abstraction layer, the DHR port is treated as a port on certain logical forwarding elements. The DHR port transmits the packet to the routing tables of the physical layer machine that hosts the logical forwarding element without any intervening transmission to other logical forwarding elements. The routing tables of the physical layer machine then strip any logical context associated with a packet and forwarding the packet to the remote destination without any intervening forwarding to a physical gateway provider.
    Type: Grant
    Filed: August 25, 2018
    Date of Patent: June 23, 2020
    Assignee: NICIRA, INC.
    Inventors: Ronghua Zhang, Jesse E. Gross, IV
  • Patent number: 10686659
    Abstract: A method for determining compliance of a logical build in a converged infrastructure is provided. The method includes receiving a logical configuration survey in a predefined format, wherein the logical configuration survey represents a specification for a logical build to be implemented in a converged infrastructure. The method includes collecting data from the converged infrastructure regarding the logical build as implemented in the converged infrastructure, wherein the collecting is performed by an automated data collector. The method includes determining, from the collected data, whether the logical build as implemented complies with the logical configuration survey in the predefined format, wherein the determining is performed by a compliance scan engine.
    Type: Grant
    Filed: November 7, 2014
    Date of Patent: June 16, 2020
    Assignee: EMC IP Holding Company LLC
    Inventors: Changbin Gong, Christopher A. Pappas
  • Patent number: 10673629
    Abstract: A server sends a key update request for requesting updating of the key, to a client terminal. The client terminal sends, to a key delivery server, a key delivery request for requesting the delivery of a key to the client terminal. The key delivery server delivers a key to the client terminal. The client terminal sends, to the server, a key reception notice indicating that the delivered key was received. The server sends, to the client terminal, a key-use start notice indicating that the client terminal starts data transmission and reception by using the delivered key with a different client terminal from the aforementioned client terminal. The client terminal performs data transmission and reception with the different client terminal by using the delivered key.
    Type: Grant
    Filed: April 20, 2016
    Date of Patent: June 2, 2020
    Assignee: NIPPON TELEGRAPH AND TELEPHONE CORPORATION
    Inventors: Reo Yoshida, Hitoshi Fuji, Tetsutaro Kobayashi, Tomohide Yamamoto, Yuto Kawahara
  • Patent number: 10659228
    Abstract: A method is provided for establishing a secure communication session in a communications system. The method includes providing a handshake layer functional block and providing a record layer functional block separate from the handshake layer functional block. A first ephemeral key pair is generated by the record layer functional block of a first communication peer. A public key of the first ephemeral key pair is transmitted to a second communication peer. The handshake layer functional block of the first communication peer generates a second ephemeral key pair. A public key of the second ephemeral key pair is transmitted to the second communication peer. The second communication peer generates a third ephemeral key pair. A handshake key is generated from the public key of the second communication peer and a private key of the handshake layer block of the first communication peer.
    Type: Grant
    Filed: June 28, 2018
    Date of Patent: May 19, 2020
    Assignee: NXP B.V.
    Inventors: Vakul Garg, Peter Doliwa
  • Patent number: 10657449
    Abstract: A computer-implemented reservation method and a corresponding system are utilized for controlling execution of a decision process to maintain data access efficiency upon receipt of a computation inquiry. The method comprises associating to a computer backend machine a configuration file containing at least a decision rule that drives the decision process and that is computed at least from a current value of a statistical indicator and a target value of the statistical indicator; periodically obtaining an updated value of the statistical indicator; upon detection that the updated value is differing from the target value, dynamically updating the configuration file and storing in real-time a recomputed decision rule in the configuration file.
    Type: Grant
    Filed: September 26, 2013
    Date of Patent: May 19, 2020
    Assignee: AMADEUS S.A.S.
    Inventors: Norbert Lataille, Alexandre Sbragia, Renaud Arnoux-Prost, Eric Bousquet, David Renaudie
  • Patent number: 10631168
    Abstract: Advanced persistent threats to a mobile device are detected and prevented by leveraging the built-in mandatory access control (MAC) environment in the mobile operating system in a “stateful” manner. To this end, the MAC mechanism is placed in a permissive mode of operation wherein permission denials are logged but not enforced. The mobile device security environment is augmented to include a monitoring application that is instantiated with system privileges. The application monitors application execution parameters of one or more mobile applications executing on the device. These application execution parameters including, without limitation, the permission denials, are collected and used by the monitoring application to facilitate a stateful monitoring of the operating system security environment. By assembling security-sensitive events over a time period, the system identifies an advanced persistent threat (APT) that otherwise leverages multiple steps using benign components.
    Type: Grant
    Filed: March 28, 2018
    Date of Patent: April 21, 2020
    Assignee: International Business Machines Corporation
    Inventors: Suresh Chari, Zhongshu Gu, Heqing Huang, Xiaokui Shu, Jialong Zhang
  • Patent number: 10630507
    Abstract: Methods of and systems for establishing a packet connection between a first application running on a first electronic device located within a local area network (LAN) and a second application running on a second electronic device located outside the LAN. The method comprises: sending, by a messaging client located outside the LAN, a request message to establish a virtual private network (VPN); receiving, by a messaging agent located within the LAN, the request message; causing, by the messaging agent, a VPN client located within the LAN to negotiate, based on the request message, a VPN connection between the VPN client and a VPN server located outside the LAN; assigning, by the VPN server, a network address; provisioning the VPN client with the network address; and commanding the second application to set up the packet connection to the first application based on the network address.
    Type: Grant
    Filed: November 29, 2016
    Date of Patent: April 21, 2020
    Assignee: ALE INTERNATIONAL
    Inventors: Philippe Meyer, Nicolas Pfleger, François Olivier
  • Patent number: 10616818
    Abstract: A mobile application gateway configured to interconnect mobile communication devices on a cellular network with an enterprise network is provided. The mobile application gateway includes a voice and data signaling gateway configured to provide routing functionalities, service functionalities and admission control. A gateway GPRS support node (GGSN) is configured to establish a secure data session between one or more of the mobile communication devices and the enterprise network by establishing a GPRS tunneling protocol (GTP) tunnel between a carrier-hosted serving GPRS support node (SGSN) and the GGSN.
    Type: Grant
    Filed: May 22, 2018
    Date of Patent: April 7, 2020
    Assignee: TANGO NETWORKS, INC.
    Inventor: Andrew Silver
  • Patent number: 10616062
    Abstract: A method for creating a secure network is provided. The method comprises establishing a controller for a plurality of edge nodes in the network; configuring each edge node to perform a discovery operation to discover Network Address Traversal (NAT) information for any NAT device associated with said edge node; and configuring each edge node to transmit any NAT information discovered through said discovery operation to the controller; and configuring the controller to distribute the NAT information received from the plurality of edge node to each edge node.
    Type: Grant
    Filed: April 3, 2018
    Date of Patent: April 7, 2020
    Assignee: Cesco Technology, Inc.
    Inventor: Lars Olof Stefan Olofsson
  • Patent number: 10608986
    Abstract: Methods and related systems are presented that relate to automatically avoiding address conflicts when establishing a secure communications link over a public network between a local computer, associated with a local network, and a remote device, located outside the local network. Local network addresses on the local network reserved for use, and a block of local network addresses that do not conflict with the reserved local network addresses, are identified. At least one local network address is selected from the block and assigned as an address of the local device for use in communicating with the remote device securely over the public network. Communication is facilitated with the remote device using the network driver based on the assigned at least one local network address.
    Type: Grant
    Filed: April 15, 2015
    Date of Patent: March 31, 2020
    Assignee: VirnetX, Inc.
    Inventors: Robert Dunham Short, Victor Larson, Michael Williamson
  • Patent number: 10601779
    Abstract: Embodiments presented herein disclose a VPN service which includes a cluster of VPN appliances that requires only an eventually consistent database to share VPN session data among cluster nodes. Doing so provides a VPN service that can scale both horizontally (i.e., the VPN service can support large numbers of VPN appliances) as well as geographically (i.e., nodes of the cluster do not need to be physically proximate to one another in order to satisfy latency requirements). Thus, the VPN service can provide regional endpoints to VPN clients that do not share common points of failure or administrative burdens.
    Type: Grant
    Filed: June 21, 2016
    Date of Patent: March 24, 2020
    Assignee: Amazon Technologies, Inc.
    Inventors: Nicholas Channing Matthews, Bashuman Deb
  • Patent number: 10594699
    Abstract: Systems and methods for providing access to a remote network via an external endpoint are provided. A client establishes a secure connection between an external endpoint and a remote network. Transmissions from clients to the external endpoint are supplemented with additional information regarding handling within the remote network, and then transmitted to an internal endpoint within the remote network. The internal endpoint processes the transmission based on the supplemental information and returns a response to the external endpoint. A response is then returned to the client. Access policies may be created by authorized users to establish processing of client transmissions. These policies may be stored and enforced by the internal endpoint or the external endpoint.
    Type: Grant
    Filed: June 4, 2018
    Date of Patent: March 17, 2020
    Assignee: Amazon Technologies, Inc.
    Inventor: Eric Jason Brandwine
  • Patent number: 10581861
    Abstract: Aspects of the present invention disclose a method, computer program product, and system for determining whether an endpoint meets compliance standards. The method includes one or more processors receiving an endpoint certificate associated with an endpoint device that is requesting to access a resource, wherein the endpoint certificate includes a device fingerprint. The method further includes one or more processors determining compliance level of the endpoint device. The method further includes one or more processors validating credentials of the endpoint device. The method further includes one or more processors determining whether the endpoint device meets compliance standards based on the endpoint certificate, the determined compliance level, and the credentials of the endpoint device.
    Type: Grant
    Filed: September 12, 2017
    Date of Patent: March 3, 2020
    Assignee: International Business Machines Corporation
    Inventors: Yunfei Bai, Ken Yian Chow, Christopher Hockings, Guoguang Jason Lu, Codur S. Pranam, Roy Soumyajit, Chuxin Zhao
  • Patent number: 10572226
    Abstract: The present disclosure relates to methods and systems for accelerating the development and distribution of data science workloads, including a consistent, portable and pre-configured data science workspace for development of data science containers allowing for the creation of a standardized, modular and reusable library of data science containers that can be maintained, extended and reused in a clear and repeatable manner. The containers may be submitted to a build and deployment process that ensures consistency across multiple environments in terms of the application code and the operating system environment. Runtime execution may be managed through the authoring of definitions which detail aspects of how the workload should operate within a certain environment.
    Type: Grant
    Filed: December 19, 2017
    Date of Patent: February 25, 2020
    Assignee: AON GLOBAL OPERATIONS LTD (SINGAPORE BRANCH)
    Inventors: Bernhard Biskup, Mark Carey, Simon Lewis
  • Patent number: 10574659
    Abstract: A network security management system which manages an object node belonging to an intranet, including: an information collecting device, a type determining device and an event management device; the information collecting device being configured to collect domain information, computer name information and account information of each object node which is transmitted when each object node performs a login operation; the type determining device being configured to perform a comparison between the node information received by the information collection device and a node management list to determine a node type belonging to each object node; the event management device being configured to decide whether the object node has an operating privilege, or to give to the object node the operating privilege corresponding to the node type of the object node based on the compared result from the type determining device.
    Type: Grant
    Filed: January 13, 2018
    Date of Patent: February 25, 2020
    Assignee: SOFNET CORPORATION
    Inventor: Kun-Jung Lee
  • Patent number: 10565001
    Abstract: In general, techniques are described for configuring and managing virtual networks. For example, a distributed virtual network controller is described that configures and manages an overlay network within a physical network formed by plurality of switches. A plurality of servers are interconnected by the switch fabric, each of the servers comprising an operating environment executing one or more virtual machines in communication via the overlay networks. The servers comprises a set of virtual switches that extends the overlay network as a virtual network to the operating environment of the virtual machines.
    Type: Grant
    Filed: February 14, 2018
    Date of Patent: February 18, 2020
    Assignee: Juniper Networks, Inc.
    Inventors: Harshad Bhaskar Nakil, Ankur Singla, Pedro R. Marques
  • Patent number: 10560425
    Abstract: Methods and related systems are presented that relate to automatically avoiding address conflicts when establishing a secure communications link over a public network between a local computer, associated with a local network, and a remote device, located outside the local network. Local network addresses on the local network reserved for use, and a block of local network addresses that do not conflict with the reserved local network addresses, are identified. At least one local network address is selected from the block and assigned as an address of the local device for use in communicating with the remote device securely over the public network. Communication is facilitated with the remote device using the network driver based on the assigned at least one local network address.
    Type: Grant
    Filed: April 15, 2015
    Date of Patent: February 11, 2020
    Assignee: VirnetX, Inc.
    Inventors: Robert Dunham Short, Victor Larson, Michael Williamson
  • Patent number: 10541863
    Abstract: A portal application interface can access and provision hosted services configured to operate in a hosted system of a hybrid unified communications system, the hybrid system also including at least one premise-based system. A connection management service (CMS) can store CMS provisioning data in a hosted configuration database of the hosted system in response to a user input via the portal application interface to configure a given premise trunk group of the premise-based system for operation in the hybrid system to provision a session border controller to control at least one connection between the premise trunk group and a hosted trunk group of the hosted system based on the CMS provisioning data. The CMS can update the hosted configuration database to configure the hosted trunk group and cause premise configuration data for the given premise trunk group to be stored in the premise system.
    Type: Grant
    Filed: April 22, 2016
    Date of Patent: January 21, 2020
    Assignee: Mitel Networks, Inc.
    Inventors: Amy Pendleton, Brian Leipprandt
  • Patent number: 10523979
    Abstract: Methods, apparatuses, and embodiments related to streaming live video. A celebrity plans to live stream an interaction with a fan to a large number of her fans. The celebrity uses a device to capture and stream live video to her fans. The celebrity selects a fan and begins to interact with the fan, who uses a device to live stream a question. To enable a more natural interaction, the celebrity utilizes a platform with reduced latency of communication. With other platforms, latencies of between 6 to 30 seconds may occur in interactions between the celebrity and the fan. The platform utilizes one or more techniques to achieve reduced latency, such as not performing error checks on the live streamed data, not reordering packets while they are being relayed between devices, etc. A TCP tunnel that utilizes raw sockets is used to enable customized techniques for reducing communication latency.
    Type: Grant
    Filed: December 21, 2017
    Date of Patent: December 31, 2019
    Assignee: Vyu Labs, Inc.
    Inventor: Srinivasa M. Dharmaji
  • Patent number: 10516550
    Abstract: A CNC includes a processor configured to import a VPN-specific service model for a VPN service and map the VPN-specific service model to one or more TE-specific parameters. The CNC includes a memory coupled to the processor and configured to store a mapping between a VPN ID of the VPN service and a tunnel ID of a TE tunnel established for the VPN service. The TE tunnel satisfies the one or more TE-specific parameters.
    Type: Grant
    Filed: February 26, 2018
    Date of Patent: December 24, 2019
    Assignee: Futurewei Technologies, Inc.
    Inventors: Young Lee, Dhruv Dhody, Haomian Zheng, Ricard Vilalta
  • Patent number: 10506082
    Abstract: Systems and methods for providing an HA IPsec VPN client. According to one embodiment, an IPsec tunnel is established by a client with a VPN gateway through a first interface. An IP address of the first interface is bound as the local endpoint of the tunnel and the IP address of the VPN gateway is bound as the remote endpoint of the tunnel. Responsive to detection by the client that a second interface of the client machine has been selected to serve as the local endpoint, an IP address of the second interface is bound as the local endpoint. An IP packet is transmitted by the client machine to the VPN gateway by generating an ESP packet including an encrypted form of the IP packet and encapsulating the ESP packet with an outer IP header including the IP address of the second interface.
    Type: Grant
    Filed: March 9, 2017
    Date of Patent: December 10, 2019
    Assignee: Fortinet, Inc.
    Inventors: GangGang Zhang, Weining Wu, Jinhai Yang