Virtual Private Network Or Virtual Terminal Protocol (i.e., Vpn Or Vtp) Patents (Class 726/15)
  • Patent number: 10673629
    Abstract: A server sends a key update request for requesting updating of the key, to a client terminal. The client terminal sends, to a key delivery server, a key delivery request for requesting the delivery of a key to the client terminal. The key delivery server delivers a key to the client terminal. The client terminal sends, to the server, a key reception notice indicating that the delivered key was received. The server sends, to the client terminal, a key-use start notice indicating that the client terminal starts data transmission and reception by using the delivered key with a different client terminal from the aforementioned client terminal. The client terminal performs data transmission and reception with the different client terminal by using the delivered key.
    Type: Grant
    Filed: April 20, 2016
    Date of Patent: June 2, 2020
    Assignee: NIPPON TELEGRAPH AND TELEPHONE CORPORATION
    Inventors: Reo Yoshida, Hitoshi Fuji, Tetsutaro Kobayashi, Tomohide Yamamoto, Yuto Kawahara
  • Patent number: 10659228
    Abstract: A method is provided for establishing a secure communication session in a communications system. The method includes providing a handshake layer functional block and providing a record layer functional block separate from the handshake layer functional block. A first ephemeral key pair is generated by the record layer functional block of a first communication peer. A public key of the first ephemeral key pair is transmitted to a second communication peer. The handshake layer functional block of the first communication peer generates a second ephemeral key pair. A public key of the second ephemeral key pair is transmitted to the second communication peer. The second communication peer generates a third ephemeral key pair. A handshake key is generated from the public key of the second communication peer and a private key of the handshake layer block of the first communication peer.
    Type: Grant
    Filed: June 28, 2018
    Date of Patent: May 19, 2020
    Assignee: NXP B.V.
    Inventors: Vakul Garg, Peter Doliwa
  • Patent number: 10657449
    Abstract: A computer-implemented reservation method and a corresponding system are utilized for controlling execution of a decision process to maintain data access efficiency upon receipt of a computation inquiry. The method comprises associating to a computer backend machine a configuration file containing at least a decision rule that drives the decision process and that is computed at least from a current value of a statistical indicator and a target value of the statistical indicator; periodically obtaining an updated value of the statistical indicator; upon detection that the updated value is differing from the target value, dynamically updating the configuration file and storing in real-time a recomputed decision rule in the configuration file.
    Type: Grant
    Filed: September 26, 2013
    Date of Patent: May 19, 2020
    Assignee: AMADEUS S.A.S.
    Inventors: Norbert Lataille, Alexandre Sbragia, Renaud Arnoux-Prost, Eric Bousquet, David Renaudie
  • Patent number: 10630507
    Abstract: Methods of and systems for establishing a packet connection between a first application running on a first electronic device located within a local area network (LAN) and a second application running on a second electronic device located outside the LAN. The method comprises: sending, by a messaging client located outside the LAN, a request message to establish a virtual private network (VPN); receiving, by a messaging agent located within the LAN, the request message; causing, by the messaging agent, a VPN client located within the LAN to negotiate, based on the request message, a VPN connection between the VPN client and a VPN server located outside the LAN; assigning, by the VPN server, a network address; provisioning the VPN client with the network address; and commanding the second application to set up the packet connection to the first application based on the network address.
    Type: Grant
    Filed: November 29, 2016
    Date of Patent: April 21, 2020
    Assignee: ALE INTERNATIONAL
    Inventors: Philippe Meyer, Nicolas Pfleger, François Olivier
  • Patent number: 10631168
    Abstract: Advanced persistent threats to a mobile device are detected and prevented by leveraging the built-in mandatory access control (MAC) environment in the mobile operating system in a “stateful” manner. To this end, the MAC mechanism is placed in a permissive mode of operation wherein permission denials are logged but not enforced. The mobile device security environment is augmented to include a monitoring application that is instantiated with system privileges. The application monitors application execution parameters of one or more mobile applications executing on the device. These application execution parameters including, without limitation, the permission denials, are collected and used by the monitoring application to facilitate a stateful monitoring of the operating system security environment. By assembling security-sensitive events over a time period, the system identifies an advanced persistent threat (APT) that otherwise leverages multiple steps using benign components.
    Type: Grant
    Filed: March 28, 2018
    Date of Patent: April 21, 2020
    Assignee: International Business Machines Corporation
    Inventors: Suresh Chari, Zhongshu Gu, Heqing Huang, Xiaokui Shu, Jialong Zhang
  • Patent number: 10616062
    Abstract: A method for creating a secure network is provided. The method comprises establishing a controller for a plurality of edge nodes in the network; configuring each edge node to perform a discovery operation to discover Network Address Traversal (NAT) information for any NAT device associated with said edge node; and configuring each edge node to transmit any NAT information discovered through said discovery operation to the controller; and configuring the controller to distribute the NAT information received from the plurality of edge node to each edge node.
    Type: Grant
    Filed: April 3, 2018
    Date of Patent: April 7, 2020
    Assignee: Cesco Technology, Inc.
    Inventor: Lars Olof Stefan Olofsson
  • Patent number: 10616818
    Abstract: A mobile application gateway configured to interconnect mobile communication devices on a cellular network with an enterprise network is provided. The mobile application gateway includes a voice and data signaling gateway configured to provide routing functionalities, service functionalities and admission control. A gateway GPRS support node (GGSN) is configured to establish a secure data session between one or more of the mobile communication devices and the enterprise network by establishing a GPRS tunneling protocol (GTP) tunnel between a carrier-hosted serving GPRS support node (SGSN) and the GGSN.
    Type: Grant
    Filed: May 22, 2018
    Date of Patent: April 7, 2020
    Assignee: TANGO NETWORKS, INC.
    Inventor: Andrew Silver
  • Patent number: 10608986
    Abstract: Methods and related systems are presented that relate to automatically avoiding address conflicts when establishing a secure communications link over a public network between a local computer, associated with a local network, and a remote device, located outside the local network. Local network addresses on the local network reserved for use, and a block of local network addresses that do not conflict with the reserved local network addresses, are identified. At least one local network address is selected from the block and assigned as an address of the local device for use in communicating with the remote device securely over the public network. Communication is facilitated with the remote device using the network driver based on the assigned at least one local network address.
    Type: Grant
    Filed: April 15, 2015
    Date of Patent: March 31, 2020
    Assignee: VirnetX, Inc.
    Inventors: Robert Dunham Short, Victor Larson, Michael Williamson
  • Patent number: 10601779
    Abstract: Embodiments presented herein disclose a VPN service which includes a cluster of VPN appliances that requires only an eventually consistent database to share VPN session data among cluster nodes. Doing so provides a VPN service that can scale both horizontally (i.e., the VPN service can support large numbers of VPN appliances) as well as geographically (i.e., nodes of the cluster do not need to be physically proximate to one another in order to satisfy latency requirements). Thus, the VPN service can provide regional endpoints to VPN clients that do not share common points of failure or administrative burdens.
    Type: Grant
    Filed: June 21, 2016
    Date of Patent: March 24, 2020
    Assignee: Amazon Technologies, Inc.
    Inventors: Nicholas Channing Matthews, Bashuman Deb
  • Patent number: 10594699
    Abstract: Systems and methods for providing access to a remote network via an external endpoint are provided. A client establishes a secure connection between an external endpoint and a remote network. Transmissions from clients to the external endpoint are supplemented with additional information regarding handling within the remote network, and then transmitted to an internal endpoint within the remote network. The internal endpoint processes the transmission based on the supplemental information and returns a response to the external endpoint. A response is then returned to the client. Access policies may be created by authorized users to establish processing of client transmissions. These policies may be stored and enforced by the internal endpoint or the external endpoint.
    Type: Grant
    Filed: June 4, 2018
    Date of Patent: March 17, 2020
    Assignee: Amazon Technologies, Inc.
    Inventor: Eric Jason Brandwine
  • Patent number: 10581861
    Abstract: Aspects of the present invention disclose a method, computer program product, and system for determining whether an endpoint meets compliance standards. The method includes one or more processors receiving an endpoint certificate associated with an endpoint device that is requesting to access a resource, wherein the endpoint certificate includes a device fingerprint. The method further includes one or more processors determining compliance level of the endpoint device. The method further includes one or more processors validating credentials of the endpoint device. The method further includes one or more processors determining whether the endpoint device meets compliance standards based on the endpoint certificate, the determined compliance level, and the credentials of the endpoint device.
    Type: Grant
    Filed: September 12, 2017
    Date of Patent: March 3, 2020
    Assignee: International Business Machines Corporation
    Inventors: Yunfei Bai, Ken Yian Chow, Christopher Hockings, Guoguang Jason Lu, Codur S. Pranam, Roy Soumyajit, Chuxin Zhao
  • Patent number: 10574659
    Abstract: A network security management system which manages an object node belonging to an intranet, including: an information collecting device, a type determining device and an event management device; the information collecting device being configured to collect domain information, computer name information and account information of each object node which is transmitted when each object node performs a login operation; the type determining device being configured to perform a comparison between the node information received by the information collection device and a node management list to determine a node type belonging to each object node; the event management device being configured to decide whether the object node has an operating privilege, or to give to the object node the operating privilege corresponding to the node type of the object node based on the compared result from the type determining device.
    Type: Grant
    Filed: January 13, 2018
    Date of Patent: February 25, 2020
    Assignee: SOFNET CORPORATION
    Inventor: Kun-Jung Lee
  • Patent number: 10572226
    Abstract: The present disclosure relates to methods and systems for accelerating the development and distribution of data science workloads, including a consistent, portable and pre-configured data science workspace for development of data science containers allowing for the creation of a standardized, modular and reusable library of data science containers that can be maintained, extended and reused in a clear and repeatable manner. The containers may be submitted to a build and deployment process that ensures consistency across multiple environments in terms of the application code and the operating system environment. Runtime execution may be managed through the authoring of definitions which detail aspects of how the workload should operate within a certain environment.
    Type: Grant
    Filed: December 19, 2017
    Date of Patent: February 25, 2020
    Assignee: AON GLOBAL OPERATIONS LTD (SINGAPORE BRANCH)
    Inventors: Bernhard Biskup, Mark Carey, Simon Lewis
  • Patent number: 10565001
    Abstract: In general, techniques are described for configuring and managing virtual networks. For example, a distributed virtual network controller is described that configures and manages an overlay network within a physical network formed by plurality of switches. A plurality of servers are interconnected by the switch fabric, each of the servers comprising an operating environment executing one or more virtual machines in communication via the overlay networks. The servers comprises a set of virtual switches that extends the overlay network as a virtual network to the operating environment of the virtual machines.
    Type: Grant
    Filed: February 14, 2018
    Date of Patent: February 18, 2020
    Assignee: Juniper Networks, Inc.
    Inventors: Harshad Bhaskar Nakil, Ankur Singla, Pedro R. Marques
  • Patent number: 10560425
    Abstract: Methods and related systems are presented that relate to automatically avoiding address conflicts when establishing a secure communications link over a public network between a local computer, associated with a local network, and a remote device, located outside the local network. Local network addresses on the local network reserved for use, and a block of local network addresses that do not conflict with the reserved local network addresses, are identified. At least one local network address is selected from the block and assigned as an address of the local device for use in communicating with the remote device securely over the public network. Communication is facilitated with the remote device using the network driver based on the assigned at least one local network address.
    Type: Grant
    Filed: April 15, 2015
    Date of Patent: February 11, 2020
    Assignee: VirnetX, Inc.
    Inventors: Robert Dunham Short, Victor Larson, Michael Williamson
  • Patent number: 10541863
    Abstract: A portal application interface can access and provision hosted services configured to operate in a hosted system of a hybrid unified communications system, the hybrid system also including at least one premise-based system. A connection management service (CMS) can store CMS provisioning data in a hosted configuration database of the hosted system in response to a user input via the portal application interface to configure a given premise trunk group of the premise-based system for operation in the hybrid system to provision a session border controller to control at least one connection between the premise trunk group and a hosted trunk group of the hosted system based on the CMS provisioning data. The CMS can update the hosted configuration database to configure the hosted trunk group and cause premise configuration data for the given premise trunk group to be stored in the premise system.
    Type: Grant
    Filed: April 22, 2016
    Date of Patent: January 21, 2020
    Assignee: Mitel Networks, Inc.
    Inventors: Amy Pendleton, Brian Leipprandt
  • Patent number: 10523979
    Abstract: Methods, apparatuses, and embodiments related to streaming live video. A celebrity plans to live stream an interaction with a fan to a large number of her fans. The celebrity uses a device to capture and stream live video to her fans. The celebrity selects a fan and begins to interact with the fan, who uses a device to live stream a question. To enable a more natural interaction, the celebrity utilizes a platform with reduced latency of communication. With other platforms, latencies of between 6 to 30 seconds may occur in interactions between the celebrity and the fan. The platform utilizes one or more techniques to achieve reduced latency, such as not performing error checks on the live streamed data, not reordering packets while they are being relayed between devices, etc. A TCP tunnel that utilizes raw sockets is used to enable customized techniques for reducing communication latency.
    Type: Grant
    Filed: December 21, 2017
    Date of Patent: December 31, 2019
    Assignee: Vyu Labs, Inc.
    Inventor: Srinivasa M. Dharmaji
  • Patent number: 10516550
    Abstract: A CNC includes a processor configured to import a VPN-specific service model for a VPN service and map the VPN-specific service model to one or more TE-specific parameters. The CNC includes a memory coupled to the processor and configured to store a mapping between a VPN ID of the VPN service and a tunnel ID of a TE tunnel established for the VPN service. The TE tunnel satisfies the one or more TE-specific parameters.
    Type: Grant
    Filed: February 26, 2018
    Date of Patent: December 24, 2019
    Assignee: Futurewei Technologies, Inc.
    Inventors: Young Lee, Dhruv Dhody, Haomian Zheng, Ricard Vilalta
  • Patent number: 10506082
    Abstract: Systems and methods for providing an HA IPsec VPN client. According to one embodiment, an IPsec tunnel is established by a client with a VPN gateway through a first interface. An IP address of the first interface is bound as the local endpoint of the tunnel and the IP address of the VPN gateway is bound as the remote endpoint of the tunnel. Responsive to detection by the client that a second interface of the client machine has been selected to serve as the local endpoint, an IP address of the second interface is bound as the local endpoint. An IP packet is transmitted by the client machine to the VPN gateway by generating an ESP packet including an encrypted form of the IP packet and encapsulating the ESP packet with an outer IP header including the IP address of the second interface.
    Type: Grant
    Filed: March 9, 2017
    Date of Patent: December 10, 2019
    Assignee: Fortinet, Inc.
    Inventors: GangGang Zhang, Weining Wu, Jinhai Yang
  • Patent number: 10506463
    Abstract: A system, method, and computer program product are provided for sharing data based on a combined bandwidth consumption. In use, a first sharing action is received. Next, a first bandwidth consumption is received. Further, a second bandwidth consumption is received. Additionally, it is determined whether a combination of the first bandwidth consumption and the second bandwidth consumption surpasses a predefined threshold. Lastly, the first sharing action is conditionally allowed based on the determination. Additional systems, methods, and computer program products are also presented.
    Type: Grant
    Filed: May 9, 2018
    Date of Patent: December 10, 2019
    Assignee: DUELIGHT LLC
    Inventors: William Rivard, Brian Kindle, Adam Feder
  • Patent number: 10498646
    Abstract: Systems and methods for supporting inter subnet control plane protocol for consistent multicast membership and connectivity across multiple subnets in a high performance computing environment. In accordance with an embodiment, by associating a multicast group with an inter-subnet partition, and enforcing a dedicated router port for the multicast group, multicast loop avoidance can be provided for between connected subnets. Because only a single router port is selected as being capable of handling the MC packet, no other router port in the subnet can then pass a multicast packet back to the originating subnet.
    Type: Grant
    Filed: January 24, 2017
    Date of Patent: December 3, 2019
    Assignee: ORACLE INTERNATIONAL CORPORATION
    Inventors: Bjørn Dag Johnsen, Bartosz Bogdański, Ankita Bhandary, Line Holen
  • Patent number: 10496972
    Abstract: Implementations of the present disclosure involve an apparatus, device, component, and/or method for a networking component for use in creating a virtual secured point-of-sale (POS) transaction over a network. In one embodiment, the networking component is a virtual router that is located logically between a retailer and a payment processing company for processing a POS transaction. To facilitate the POS transaction, the virtual router communicates with one or more virtual private networks (VPNs) to establish secured communication tunnels over which information and network traffic may be broadcast that prevent unauthorized access to the information from an outside source or third party. In this manner, a secured end-to-end security communication tunnel (including encryption of the transmitted data) may be created over a network from the originating point of sale (retailer) to the payment processing company.
    Type: Grant
    Filed: September 9, 2014
    Date of Patent: December 3, 2019
    Assignee: VCE IP Holding Company LLC
    Inventors: Barbara J. Anderson, Marion L. Johnson, III
  • Patent number: 10484281
    Abstract: In one illustrative example, a router may be configured to provide a plurality of virtual private network (VPN) instances for a plurality of VPNs associated with a plurality of IDs. Each VPN instance may comprise a forwarding table instance for storing a plurality of host-to-router mappings for the VPN. The router may be further configured to provide a virtual VPN instance for a virtual VPN associated with an ID of a remote extranet VPN. The virtual VPN instance may comprise a map-cache for storing a host-to-router mapping for the remote extranet VPN. The virtual VPN instance has no corresponding forwarding table instance for user plane traffic associated with the remote extranet VPN, but rather serves as part of a control plane interface for control signaling associated with the remote extranet VPN. Accordingly, the router may provide multiple updates to host-to-router mappings in forwarding table instances of the VPNs in accordance with a change in the host-to-router mapping in the virtual VPN instance.
    Type: Grant
    Filed: June 25, 2018
    Date of Patent: November 19, 2019
    Assignee: Cisco Technology, Inc.
    Inventors: Brent P. Mucci, Marc Portoles Comeras, Vrushali Ashtaputre, Victor M. Moreno, Hatem Mohammad R.A. Abouzeid
  • Patent number: 10484336
    Abstract: The present disclosure is directed towards systems and methods for rewriting a HTTP response transmitted via a clientless SSL VPN session. An intermediary device may identify, in a HTTP response transmitted via a clientless SSL VPN session, an absolute URL that includes a first hostname of the server. The device may provide a unique string corresponding to the first hostname of the server. The device may generate a URL segment by combining the unique string with a second hostname of the device. The device may rewrite the absolute URL by replacing the first hostname in the absolute URL with the generated URL segment. A domain name system (DNS) server for the client may be configured with a DNS entry comprising a wildcard combined with the second hostname, to cause the DNS server to resolve the rewritten absolute URL to an IP address of the device.
    Type: Grant
    Filed: May 13, 2016
    Date of Patent: November 19, 2019
    Assignee: CITRIX SYSTEMS, INC.
    Inventors: Pintu Kumar, Punit Gupta, Vignesh Rajendran
  • Patent number: 10484331
    Abstract: A technology is provided for security appliance provisioning. In one example, a method includes providing a variety of types of physical security appliances in a service provider environment. A selection may be received identifying a selected security appliance from among the variety of types of physical security appliances for use in a customer virtual infrastructure within the service provider environment. The selected security appliance may be provisioned for use at an edge location of the customer virtual infrastructure. The selected security appliance may be configured to enforce a security policy defined for the customer virtual infrastructure.
    Type: Grant
    Filed: June 28, 2016
    Date of Patent: November 19, 2019
    Assignee: Amazon Technologies, Inc.
    Inventor: Hart Matthew Rossman
  • Patent number: 10452384
    Abstract: Disclosed are systems that provide for secure and reliable remote management. Cryptographic health tickets provided by a management server are provided to a protected process executing on a computing device. In some examples, the health tickets reset an authenticated watchdog timer that resets the computing device if the timer expires. In some examples, the computing device may contact the management server prior to loading an operating system to receive instructions, but may omit contacting the management server if a valid health ticket is found.
    Type: Grant
    Filed: February 5, 2018
    Date of Patent: October 22, 2019
    Assignee: Microsoft Technology Licensing, LLC
    Inventor: Paul England
  • Patent number: 10433234
    Abstract: A SDN controlled Overlay Network. Embodiments disclosed herein relate to multi-RAT (Radio Access Technology) wireless communication network and more particularly to a SDN (Software Defined Networking) controlled network overlaid on a multi-RAT wireless communication network. Embodiments herein enhance relay functionality in wireless communication networks using overlay networks, wherein the overlay network is controlled and managed by a SDN (Software Defined Networking) controller.
    Type: Grant
    Filed: March 20, 2018
    Date of Patent: October 1, 2019
    Assignee: INDIAN INSTITUTE OF TECHNOLOGY BOMBAY
    Inventors: Abhay Karandikar, Pranav Kumar Jha, Akshatha Nayak M, Pon Nidhya Elango
  • Patent number: 10397211
    Abstract: Disclosed is a system comprising: an authentication datastore; a device presence engine; a traffic monitor engine; an authentication presence monitor engine; an authentication server selection engine; and a traffic routing engine. In operation: the device presence engine is configured to detect presence of a user device on a trusted network; the traffic monitor engine is configured to monitor, in response to the detection, traffic on the trusted network from the device; the authentication presence monitor engine is configured to evaluate onboarding characteristics of the user device in response to the monitoring; the authentication server selection engine is configured to select one of a plurality of authentication servers to authenticate the user device to the trusted network, the selecting based on the onboarding characteristics; and the traffic routing engine is configured to route traffic from the user device to the selected authentication server.
    Type: Grant
    Filed: March 15, 2018
    Date of Patent: August 27, 2019
    Assignee: Aerohive Networks, Inc.
    Inventors: Xu Zou, Kenshin Sakura, Mingliang Li
  • Patent number: 10381870
    Abstract: Systems, methods and apparatus for electric power grid element and network management are disclosed. At least one grid element constructed and configured for electrical connection and for internet protocol (IP)-based network communication with a server operatively coupled with a memory. The at least one grid element is automatically and/or autonomously transformed into at least one active grid element after automatically communicating an initial message to the server for registration. The at least one active grid element functions actively within the electric power grid. The at least one active grid element has a profile comprising an energy usage pattern or an energy supply pattern. The at least one active grid element sends and receives messages to and from the server.
    Type: Grant
    Filed: August 7, 2017
    Date of Patent: August 13, 2019
    Assignee: CAUSAM ENERGY, INC.
    Inventor: Joseph W. Forbes, Jr.
  • Patent number: 10375700
    Abstract: A method, a device, and a non-transitory storage medium are described in which a resource allocation service is provided in relation to a virtual device. The resource allocation service calculates an allocation of a shared processor and a shared memory in support of the virtual device based on whether packet loss is permitted or not. The calculation of the processor allocated to the virtual device may be based on buffer memory allocation. Alternatively, the calculation of the processor allocated to the virtual device may be based on a packet loss ratio and a buffer memory allocation.
    Type: Grant
    Filed: April 19, 2018
    Date of Patent: August 6, 2019
    Assignee: Verizon Patent and Licensing Inc.
    Inventor: Mehmet Toy
  • Patent number: 10356619
    Abstract: A user equipment receives an Extensible Authentication Protocol Authentication and Key Agreement Prime (EAP AKA?) message, from an authentication server related to the user equipment, in an authentication procedure being part of setting up a connection from the user equipment through an access network. The user equipment sets up an IP Security tunnel between the user equipment and an evolved Packet Data Gateway responsive to the EAP AKA? message indicating that the access network is untrusted.
    Type: Grant
    Filed: March 13, 2018
    Date of Patent: July 16, 2019
    Assignee: TELEFONAKTIEBOLAGET LM ERICSSON (PUBL)
    Inventors: Mats Näslund, Jari Arkko, Rolf Blom, Vesa Petteri Lehtovirta, Karl Norrman, Stefan Rommer, Bengt Sahlin
  • Patent number: 10345782
    Abstract: A communication system according to an embodiment of the present invention includes a robot control device, a programmable logic controller for establishing communication with the robot control device, and a communication setting device that is loaded with a configuration file to define communication parameters used in the communication. The communication setting device sets the communication parameters to the programmable logic controller. The robot control device includes a file output unit for outputting the configuration file depending on an internal state of the robot control device.
    Type: Grant
    Filed: December 7, 2016
    Date of Patent: July 9, 2019
    Assignee: FANUC CORPORATION
    Inventors: Shunichi Ozaki, Hiroji Nishi
  • Patent number: 10348746
    Abstract: A system that detects any unauthorized communication without imposing a processing load on a control device is provided. In the incident detection system configured to detect any security incident, a gateway device includes: an ID generation unit that generates its own gateway device identification information; a detection packet generation unit that generates a detection packet including control information transmitted from a control device and path information obtained by adding its own gateway device identification information to a communication packet; a log generation unit that generates log information including the detection packet; and a device communication unit that transmits the log information to a management server connected to the gateway device over a network or transmits the detection packet to a control device controlled based on the control information.
    Type: Grant
    Filed: December 24, 2015
    Date of Patent: July 9, 2019
    Assignee: Hitachi, Ltd.
    Inventors: Hiroki Uchiyama, Toru Owada, Makoto Kayashima, Yusuke Fujihara, Satoshi Ohkubo, Jun Hamanaka
  • Patent number: 10341484
    Abstract: A communication device and system are disclosed for providing communication and data services to residents of a controlled facility. The device can be restricted to communicating only using an internet protocol so as to restrict the device communication to an internal intranet. Wireless access points may be disposed throughout the environment to route calls and data between the device and a central processing center. By converting a protocol of the communications received from the device to a protocol used by the central processing center, minimal modifications to the central processing center are needed to support a wireless communication infrastructure. Many restrictions and safeguards may be implemented within the phone and system in order to prevent improper use.
    Type: Grant
    Filed: February 6, 2018
    Date of Patent: July 2, 2019
    Assignee: Global Tel*Link Corporation
    Inventors: Stephen Hodge, Garth Johnson, Christopher McNitt
  • Patent number: 10338937
    Abstract: A server computing system provides a web application graphical user interface (GUI) that has a first pane and a second pane. The first pane includes data items of the web application. When a user selects multiple data items in the first pane, the second pane identifies the actions that are available for the data items that are selected in the first pane. When an action is selected in the second pane, the data items in the first pane are modified in response to the selection without a web browser refreshing or reloading a corresponding web page. The server computing system receives a user request for additional information for a data item in the first pane and provides the additional information in a third pane that is together with the first pane in the GUI without the web browser refreshing or reloading the corresponding web page.
    Type: Grant
    Filed: November 30, 2011
    Date of Patent: July 2, 2019
    Assignee: Red Hat, Inc.
    Inventors: Jason E. Rist, Shannon Ray Hughes
  • Patent number: 10333827
    Abstract: A network system includes a first network access device having an input/output (IO) module of a firewall to capture a packet of a network session originated from a first node associated with the first network access device, a first security device having a firewall processing module to determine based on the captured packet whether the first node is a destination node that is receiving VM migration from a second node that is associated with a second network access device. The first security device is to update a first flow table within the first network access device. The network system further includes a second security device to receive a message from the first security device concerning the VM migration to update a second flow table of the second network access device, such that further network traffic of the network session is routed to the first node without interrupting the network session.
    Type: Grant
    Filed: April 10, 2013
    Date of Patent: June 25, 2019
    Assignee: VARMOUR NETWORKS, INC.
    Inventors: Meng Xu, Yi Sun, Hsisheng Wang, Choung-Yaw Shieh
  • Patent number: 10333899
    Abstract: Systems and methods for protecting private data behind a privacy firewall are disclosed. A system for implementing a privacy firewall to determine and provide non-private information from private electronic data includes a data storage repository, a processing device, and a non-transitory, processor-readable storage medium. The storage medium includes programming instructions that, when executed, cause the processing device to analyze a corpus of private electronic data to identify a first one or more portions of the data having non-private information and a second one or more portions of the data having private information, tag the first one or more portions of the data as allowed for use, determine whether the second one or more portions of the data includes non-private elements, and if the second one or more portions of the data comprises non-private elements, extract the non-private elements and tag the non-private elements as information allowed for use.
    Type: Grant
    Filed: October 7, 2015
    Date of Patent: June 25, 2019
    Assignee: LexisNexis, a division of Reed Elsevier Inc.
    Inventor: William Kilgallon
  • Patent number: 10324745
    Abstract: Systems herein include thin clients that operate with managed profile-based virtual machines. This can allow users to utilize personal user devices in an enterprise environment without subjecting sensitive enterprise credentials to the user device. A management server can determine a profile associated with the user device. Based on the profile, a virtual machine can be instantiated at a thin server, remotely from the thin client. The profile-specific virtual machine can include a particular guest operating system, guest applications, security features, or functionality. The instance of the virtual machine can communicate graphics information from a guest application to the thin client, and the thin client can communicate user interface events to the instance for controlling the guest application.
    Type: Grant
    Filed: February 1, 2016
    Date of Patent: June 18, 2019
    Assignee: AirWatch, LLC
    Inventors: Kar Fai Tse, Ketan Bhardwaj, Erich Stuntebeck
  • Patent number: 10320644
    Abstract: A traffic analyzer of a provider network identifies endpoint categories into which traffic directed to or from a first isolated virtual network of the provider network is to be classified. A first endpoint category includes an endpoint configured in a second isolated virtual network. Using packet-level metrics collected at virtualization management components of virtualization hosts, the traffic analyzer determines the amount of data transmitted between the first isolated virtual network and the various endpoint categories during selected time intervals. The traffic analyzer provides the categorized traffic amounts as input to a predictive model, and stores expected future traffic trends generated by the model.
    Type: Grant
    Filed: September 14, 2015
    Date of Patent: June 11, 2019
    Assignee: Amazon Technologies, Inc.
    Inventors: Po-Chun Chen, Kyle Tailor Akers, Kevin Christopher Miller, Michael Brooke Furr, Christopher Ian Hendrie
  • Patent number: 10313136
    Abstract: A method for verifying the authenticity of a certificate in a web browser using an SSL/TLS protocol in an encrypted Internet connection to an HTTPS website includes establishing an encrypted connection to the HTTPS website using the web browser on a user's terminal device. A certificate including a public key of the HTTPS website and signed by a trusted certificate authority is sent to the user's web browser from the web server using the Internet connection. The certificate authority that signed the certificate is compared against the list of trusted certificate authorities. The certificate authority is verified as being included in the list. The thumbprint of the certificate is sent as an additional security check key using a second messaging channel, external to the Internet connection between HTTPS website and web browser of the user's terminal device, and the contact data in the customer register. The additional security check key is compared with the thumbprint received by the web.
    Type: Grant
    Filed: October 26, 2016
    Date of Patent: June 4, 2019
    Assignee: ONLINE SOLUTIONS OY
    Inventor: Jyrki Salmi
  • Patent number: 10275328
    Abstract: A technique for providing fault tolerance for virtual machines in a hybrid cloud computing system is discussed. When a primary virtual machine (VM) in a private data center is configured for fault tolerance, a secondary VM is instantiated in a public cloud computing system. Changes to the execution state of the primary VM are recorded and relayed to the secondary VM by way of caching modules, which provide acknowledgements messages back to the primary VM. A technique for failback from the public cloud computing system to the private data center is also discussed.
    Type: Grant
    Filed: July 3, 2015
    Date of Patent: April 30, 2019
    Assignee: VMWARE, INC.
    Inventors: Jinto Antony, Madhusudhanan Gangadharan, Sudhish P. T., Sreekanth Pillalamarri
  • Patent number: 10237609
    Abstract: A method of delivering video content. The method may comprise receiving a request for a first video from a video-playing device that is coupled to a network, determining whether to include a second video, generating a playlist comprising the first video and the second video, and transmitting the playlist to the Internet video-playing device. The second video may comprise a video advertisement. Additionally, a system for delivering video content is described. The system may include a processor, storage, an operating system, a logging module, one or more network interfaces capable of communicating with a plurality of video advertising networks, and a scripting engine.
    Type: Grant
    Filed: March 13, 2013
    Date of Patent: March 19, 2019
    Assignee: Vidillion, Inc.
    Inventors: Dennis M. Nugent, Dan Lovy, Mario Hebert
  • Patent number: 10229520
    Abstract: Provided is a feature-value display system which can display a feature value of a node for accurate prediction of a state of the node in a graph structure or a network structure. The feature-value display system 1 displays the feature value of the current node, considering information generated on the basis of attribute information associated with the nodes adjacent to or closer to a current node in the graph structure or the network structure, as the feature value of the current node itself.
    Type: Grant
    Filed: June 3, 2015
    Date of Patent: March 12, 2019
    Assignee: NEC Corporation
    Inventors: Yusuke Muraoka, Ryohei Fujimaki
  • Patent number: 10205638
    Abstract: A computer-implemented method for configuring a network topology within a cloud computing environment is disclosed. The method includes providing a user interface (UI) to a user to configure a selection of network topology features. The UI enables the user to specify network topology features at the physical device level. Available cloud computing resources that are associated with the cloud computing environment are detected and the configured network topology is mapped to the available cloud computing resources. The user may then access the mapped cloud resources as a virtual network.
    Type: Grant
    Filed: October 23, 2014
    Date of Patent: February 12, 2019
    Assignee: NS3I, LLC.
    Inventors: Yogesh Angrish, Suleman Alam
  • Patent number: 10193865
    Abstract: Techniques described herein convert mobile traffic between different types of VPN protocols, including IP and Transport. In an embodiment, a security proxy associated with a server receives a packet associated with a client app on a device, the packet including a source identifier and a destination identifier. The security proxy reassigns a tunnel identifier as the source and a node identifier as the destination, then stores a correlation of the tunnel identifier, the source identifier, and the destination identifier. The security proxy forwards the packet to the node inside the security proxy, and determines the destination identifier based on the correlation. The node then forwards the packet to the destination. This allows for multiple devices to use a same source identifier, e.g., same IP address. In some embodiments, a secure connection is established and/or the device and server are mutually authenticated prior to the processing of the packets.
    Type: Grant
    Filed: March 17, 2016
    Date of Patent: January 29, 2019
    Assignee: MOBILE IRON, INC.
    Inventors: Kumara Das Karunakaran, Alexei Volkov, Pranav Desai, Victor Pavlov
  • Patent number: 10193889
    Abstract: In one embodiment, a system includes a processing circuit and logic integrated with and/or executable by the processing circuit. The logic is configured to cause the processing circuit to collect all data socket descriptor databases from individual servers operating in a data center, each data socket descriptor database storing attributes of a base socket and one or more data socket descriptors used by an application or application instance operating on an individual server. The logic is also configured to cause the processing circuit to store data from the data socket descriptor databases for all applications and application instances operating in the data center in a central data socket descriptor database, the central data socket descriptor database being configured to store attributes of all data socket descriptors used by all applications or application instances operating in the data center.
    Type: Grant
    Filed: June 14, 2016
    Date of Patent: January 29, 2019
    Assignee: Avocado Systems Inc.
    Inventor: Keshav Govind Kamble
  • Patent number: 10187365
    Abstract: The present invention relates to a method that may be used in a digital data communication system comprising a communication network constituted of a plurality of nodes, and a plurality of subscriber equipment units each connected to a node, includes: a transmission phase (P1) including the steps of limiting of the size of each frame to be transmitted, adding identification-authentication credentials, and transmitting the frames with a predetermined transmission interval; and a transmission phase (P2) including the steps of monitoring-checking for compliance with the input conditions; removal of each frame that is non-compliant, replicating each frame that is compliant, monitoring-checking for compliance with the output conditions, removing each frame that is non-compliant, transmitting each frame that is compliant, and recording and storing of the identification-authentication credential for each frame transmitted.
    Type: Grant
    Filed: December 9, 2015
    Date of Patent: January 22, 2019
    Assignee: THALES
    Inventors: Patrice Georges Paul Toillon, Paul Marie Boivin-Champeaux, David José Faura, Michael André Templier, William Terroy
  • Patent number: 10187299
    Abstract: The present invention enables the selection of network routes based on a combination of traditional route table entries and identity policy information determined dynamically for each network session. This enables a network operator to apply different policies to network entities presenting differing identity credentials. It also allows network operators to block access to networks and network resources when identity credentials are not provided or are unauthorized.
    Type: Grant
    Filed: April 22, 2016
    Date of Patent: January 22, 2019
    Assignee: BlackRidge Technology Holdings, Inc.
    Inventor: John W. Hayes
  • Patent number: 10187376
    Abstract: Authentication of a networked device with limited computational resources for secure communications over a network. Authentication of the device begins with the supplicant node transmitting a signed digital certificate with its authentication credentials to a proxy node. Upon verifying the certificate, the proxy node then authenticates the supplicant's credentials with an authentication server accessible over the network, acting as a proxy for the supplicant node. Typically, this verification includes decryption according to a public/private key scheme. Upon successful authentication, the authentication server creates a session key for the supplicant node and communicates it to the proxy node. The proxy node encrypts the session key with a symmetric key, and transmits the encrypted session key to the supplicant node which, after decryption, uses the session key for secure communications. In some embodiments, the authentication server encrypts the session key with the symmetric key.
    Type: Grant
    Filed: July 28, 2016
    Date of Patent: January 22, 2019
    Assignee: TEXAS INSTRUMENTS INCORPORATED
    Inventors: Kumaran Vijayasankar, Oliver Shih, Arvind K. Raghu, Ramanuja Vedantham, Xiaolin Lu
  • Patent number: 10182075
    Abstract: A request message is generated with a trusted network entity executing trusted code on a first network layer. The request message to target a non-trusted network entity executing non-trusted code on a second network layer. The request message is transmitted from the trusted network entity to the non-trusted network entity through at least a policy enforcement entity. The policy enforcement entity applies one or more network traffic rules to enforce a unidirectional flow of traffic from the first network layer to the second network layer. A response check message is generated with the trusted network entity. The response check message to determine whether response information is available on the non-trusted network entity in response to the request message. The response check message is transmitted from the trusted network entity to the non-trusted network entity through at least the policy enforcement entity.
    Type: Grant
    Filed: March 31, 2016
    Date of Patent: January 15, 2019
    Assignee: salesforce.com, inc.
    Inventors: Benjamin Fry, Timothy Kral, Simon Chen, Andrey Falko