Virtual Private Network Or Virtual Terminal Protocol (i.e., Vpn Or Vtp) Patents (Class 726/15)
-
Patent number: 12101301Abstract: The present technology can allow a user to use the OpenID Connect protocol to login to an account that has an anonymous user account ID. More specifically, the present technology can programmatically combine information received from an OpenID provider during the OpenID Connect protocol with a random value to yield a unique anonymous user account ID. The present technology also makes use of the ability within the OpenID Connect protocol to embed a chosen nonce into the token signed by the OpenID provider. This allows for embedding hashes of cryptographic keys, like signature verification keys, into ID tokens received from the OpenID provider that authenticates the user. Subsequently, the user can sign messages that can be verified using the verification key bound to the ID token from the OpenID provider.Type: GrantFiled: July 17, 2023Date of Patent: September 24, 2024Assignee: Mysten Labs, Inc.Inventors: Konstantinos Chalkias, Arnab Roy, Sai Krishna Deepak Maram, Joy Wang, Adeniyi Abiodun, Lola Oyelayo-Pearson, Ben Riva, Jonas Lindstrøm, Jordan Gensler, Pavlos Chrysochoidis
-
Patent number: 12101297Abstract: A computer system and method designed to support and enable a dual obfuscated virtual private network (VPN) for routing data. A plurality of servers is configured with hardware elements in a hardware layer, and an operatively coupled operating system layer with a first virtual private server (VPS) operatively coupled to a second VPS. The first VPS is configured to generate an OpenVPN certificate and the second VPS is configured to generate a WireGuard certificate. Communication tunnels encrypted with a combination of OpenVPN and WireGuard are created to establish the dual obfuscated VPN to support data encryption.Type: GrantFiled: September 2, 2021Date of Patent: September 24, 2024Assignee: Rowan Holding, LLCInventor: Alexander Purta
-
Patent number: 12068959Abstract: Techniques for automatically providing per tenant weighted DCMP over shared transport interfaces and automated flow has load balancing are described. The techniques may include onboarding the tenant to the local multi-tenant edge device associated with a tenant, where the resource profile defines a traffic allowance per transport interface for the tenant. Local weight per transport interface is applied. Information including local weight per transport interface is transmitted to a remote device via an SD-WAN controller. Information including a remote weight per transport interface of the remote device is received via the SD-WAN controller. Traffic is routed from the tenant based on local weight per transport interface of the local device and remote weight per transport interface of the remote device.Type: GrantFiled: July 24, 2023Date of Patent: August 20, 2024Assignee: Cisco Technology, Inc.Inventors: Ganesh Devendrachar, Ajeet Pal Singh Gill, Balaji Sundararajan, Srilatha Tangirala, Satish Varadarajula, Satyajit Das
-
Patent number: 12069025Abstract: Techniques for providing a networking and security split architecture are disclosed. In some embodiments, a system, process, and/or computer program product for providing a networking and security split architecture includes receiving a flow at a security service; processing the flow at a network layer of the security service to perform one or more networking functions; and offloading the flow to a security layer of the security service to perform security enforcement based on a policy.Type: GrantFiled: December 22, 2021Date of Patent: August 20, 2024Assignee: Palo Alto Networks, Inc.Inventors: Thomas Arthur Warburton, Hao Long, Shu Lin, Mingfei Peng
-
Patent number: 12022284Abstract: A user equipment and wireless provisioning method and system associated with a first wireless network are provided. The wireless provisioning system includes a processor, a network interface in communication with the first wireless network, and a non-transitory memory storing a first set and a second set of information of a profile related to operation of a UE on a second wireless network. The processor transmits the first set of information to the UE for provisioning to the UE files associated with authorization and authentication of the UE on the second wireless network. The processor validates that the first set of information was provisioned to the UE and transmits the second set of information to the UE for provisioning to the UE pointer updates for updating pointers on the UE to point to the first set of information. The processor transmits an instruction for the UE to reboot.Type: GrantFiled: September 19, 2022Date of Patent: June 25, 2024Assignee: T-Mobile Innovations LLCInventor: Maksym Siryy
-
Patent number: 12010024Abstract: A method includes identifying a middlebox receiving network flow and communicating with one or more backend virtual machines. The method also includes receiving flow statistics corresponding to the network flow of the middlebox and determining whether the flow statistics satisfy an offload rule. The offload rule indicates when to migrate the network flow from the middlebox to an end host. When the flow statistics satisfy the offload rule, the method also includes migrating the network flow from the middlebox to the end host.Type: GrantFiled: June 28, 2021Date of Patent: June 11, 2024Assignee: Google LLCInventors: David Schultz, Shuang Guan, Srinivas Krishnan, Eran Gal, Doron Shaharabani, Yossi Richter, Md Ahsan Arefin
-
Patent number: 11997124Abstract: Methods, apparatus, and processor-readable storage media for out-of-band management security analysis and monitoring are provided herein. An example computer-implemented method includes generating control state configuration profiles for hardware components of at least one out-of-band server management controller, collecting data from the at least one out-of-band management controller via one or more interfaces, analyzing the collected data by comparing the collected data to the one or more control state configuration profiles and applying at least one rule-based engine to the collected data, and generating a notification of one or more security vulnerabilities associated with the at least one out-of-band server management controller based at least in part on the analyzing of the collected data, wherein the notification is to be utilized in connection with one or more security-related actions on at least a portion of at least one server.Type: GrantFiled: April 30, 2019Date of Patent: May 28, 2024Assignee: EMC IP Holding Company LLCInventors: Viswanath Ponnuru, Raveendra Babu Madala, Santosh Hanamant Gore, Shuva Brata Deb
-
Patent number: 11989317Abstract: A system and a method are disclosed for receiving a request for a user to perform a plurality of activities with respect to a secure document, a given activity of the plurality activities being assigned based on a known parameter of the user. The system transmits the request to the user, and responsive to detecting an interaction with the request, determines that the known parameter has changed. The system responsively determines requirements for performing the plurality of activities based on a replacement parameter of the user, determines a replacement activity based on the requirements, and transmits a new request to the user, the new request replacing the given activity with the replacement activity.Type: GrantFiled: August 19, 2020Date of Patent: May 21, 2024Assignee: DOCUSIGN, INC.Inventors: Ronald Hirson, Darren Hon Kit Louie, Olivier Pin, Thibault de Valroger, Ryan James Cox, Michael Yatsko
-
Patent number: 11962606Abstract: A system and methods for protecting a serverless application, the system including: (a) a serverless application firewall configured to inspect input of the serverless function so as to ascertain whether the input contains malicious, suspicious or abnormal data; and (b) a behavioral protection engine configured to monitor behaviors and actions of the serverless functions during execution thereof.Type: GrantFiled: October 16, 2018Date of Patent: April 16, 2024Assignee: Twistlock Ltd.Inventors: Avraham Shulman, Ory Segal, Shaked Yosef Zin
-
Patent number: 11962503Abstract: An edge synchronization platform that facilitates mesh network routing via dynamic routing tables is disclosed. A node in the mesh network obtains a network communication. The node performs a wrapping operation on the network communication to generate a wrapped data packet. The wrapped data packet includes a destination indicator. The node identifies a recipient node for the wrapped data packet using a dynamic routing table. The node then sends the wrapped data packet to the recipient node.Type: GrantFiled: August 25, 2023Date of Patent: April 16, 2024Assignee: DITTOLIVE INCORPORATEDInventors: Adam Brandon John Fish, Thomas Karpiniec, Connor Maurice Power
-
Patent number: 11956216Abstract: A security system for individually-owned electronic devices includes a network operations center with an enrollment system, device management system, network layer security system, personal information monitoring system, detection and response system, and monitoring and alert system. An individually-owned electronic device communicates with the network operations center in order to receive and install a configuration file and a security application, as well as to configure a virtual private network connection. These components operate independently and collectively to identify and address security threats to the individually-owned electronic devices.Type: GrantFiled: January 11, 2022Date of Patent: April 9, 2024Assignee: AGENCY CYBER INC.Inventor: Amir Tarighat
-
Patent number: 11949602Abstract: An endpoint group (EPG) can be stretched between the sites so that endpoints at different sites can be assigned to the same stretched EPG. Because the sites can use different bridge domains when establishing the stretched EPGs, the first time a site transmits a packet to an endpoint in a different site, the site learns or discovers a path to the destination endpoint. The site can use BGP to identify the site with the host and use a multicast tunnel to reach the site. A unicast tunnel can be used to transmit future packets to the destination endpoint. Additionally, a stretched EPG can be segmented to form a micro-stretched EPG. Filtering criteria can be used to identify a subset of the endpoints in the stretched EPG that are then assigned to the micro-stretched EPG, which can have different policies than the stretched EPG.Type: GrantFiled: September 21, 2021Date of Patent: April 2, 2024Assignee: Cisco Technology, Inc.Inventors: Javed Asghar, Sridhar Vallepalli, Umamaheswararao Karyampudi, Srinivas Kotamraju
-
Patent number: 11940965Abstract: Embodiments of the present disclosure provide a data migration method and apparatus. The method includes: receiving a migration task of migrating data in a first system to a second system; and calling upper-layer interfaces corresponding to the migration task, and calling underlying operation interfaces of the first system and the second system by the upper-layer interfaces through an abstract interface class to migrate the data of the first system to the second system. Bidirectional data transmission and migration can be implemented between any two data ends. Bidirectional data transmission and migration between any data terminals.Type: GrantFiled: April 15, 2022Date of Patent: March 26, 2024Assignee: Alibaba Group Holding LimitedInventor: Yizhe Chen
-
Patent number: 11943202Abstract: A method including receiving, at a VPN server from a user device during an established VPN connection between the VPN server and the user device, a data request for the VPN server to retrieve data of interest from a host device; utilizing, by the VPN server during the established VPN connection, a first exit IP address to transmit a query to the host device for retrieving the data of interest; determining, by the VPN server based on transmitting the query, that the first exit IP address is blocked by the host device; and transmitting, by the VPN server during the established VPN connection and based on determining that the first exit IP address is blocked, the data request to a secondary server to enable retransmission of the query to the host device by utilizing a second exit IP address is disclosed. Various other aspects are contemplated.Type: GrantFiled: September 15, 2022Date of Patent: March 26, 2024Assignee: UAB 360 ITInventors: Karolis Pabijanskas, Justinas Tubis
-
Patent number: 11893145Abstract: In one preferred form of the present invention, show in in FIGS. 1 to 3, there is provided a computer implemented security method (10) comprising: providing users (14) with first virtual machines (12), the first virtual machines (12) for being displayed on first electronic devices (18); and providing the users with virtual keyboards (22), the virtual keyboards (22) for providing user input to control the first virtual machines (12), the virtual keyboards (22) for being displayed on second electronic devices (24) that are different to the first electronic devices (18) to reduce the effectiveness of possible malware loggers on the first electronic devices (18).Type: GrantFiled: April 18, 2018Date of Patent: February 6, 2024Assignee: BANKVAULT PTY LTDInventors: Neil Richardson, Graeme Speak
-
Patent number: 11886565Abstract: A method for controlling an operation of a virtual machine on a cloud by a server is provided. The method includes: (a) receiving, from a terminal device of a user having only a usage authority for a specific virtual machine resource among a plurality of virtual machine resources, a request for allocating or deallocating at least some of the plurality of virtual machine resources to the terminal device; and (b) based on a control condition of the user for the at least some of the plurality of virtual machine resources being recognized, supporting to perform allocation or deallocation of the virtual machine resource by generating a process corresponding to the at least some of the plurality of virtual machine resources and loading the process on a memory or deleting the process from the memory according to the request.Type: GrantFiled: August 11, 2022Date of Patent: January 30, 2024Assignee: National Agricultural Cooperative FederationInventors: Docheol Kim, Byungmu Chun, Dongheon Kim, Dongkwan Yuk, Se Young Kim, Wooho Chi
-
Patent number: 11876827Abstract: Systems, methods, and related technologies for improving classification use multiple classification resources. The method includes accessing network traffic from a network comprising a plurality of entities, and determining, based on the network traffic, one or more values associated with one or more properties of an entity of the plurality of entities. The method also includes determining, by a processing device, a first classification result of the entity based on the one or more values and at least one local profile, and determining a second classification result of the entity, wherein the second classification result of the entity is based on the one or more values and at least one remote profile.Type: GrantFiled: September 22, 2022Date of Patent: January 16, 2024Assignee: FORESCOUT TECHNOLOGIES, INC.Inventor: Yang Zhang
-
Patent number: 11870691Abstract: In one embodiment, an electronic device maintains one or more tunnel-based overlays for a communication network. The communication network includes two or more physical provider networks. The device maintains a mapping between a particular application and the one or more overlays for the communication network. The device adjusts the mapping between the particular application and the one or more overlays for the communication network. The device causes one or more routers in the communication network to route traffic for the particular application according to the adjusted mapping between the application and the one or more overlays for the communication network.Type: GrantFiled: March 18, 2022Date of Patent: January 9, 2024Assignee: CISCO TECHNOLOGY, INC.Inventors: Dana L. Blair, Michael L. Sullenberger, Solomon T. Lucas, Steven W. Wood, Anand Oswal
-
Patent number: 11863532Abstract: A method including establishing, by a first device, a virtual private network (VPN) connection with a VPN server; establishing, by the first device during the established VPN connection, a meshnet connection with a second device in a mesh network; determining, by the first device, whether the second device is a destination associated with a transmission packet to be transmitted by the first device; and transmitting, by the processor, the transmission packet by utilizing the VPN connection or by utilizing the meshnet connection based at least in part on determining whether the second device is the destination associated with the transmission packet. Various other aspects are contemplated.Type: GrantFiled: December 21, 2021Date of Patent: January 2, 2024Assignee: UAB 360 ITInventors: Mantas Jonytis, Rytis Karpu{hacek over (s)}ka
-
Patent number: 11863514Abstract: Some embodiments provide a method of load balancing data message flows across multiple secure connections. The method receives a data message having source and destination addresses formatted according to a first protocol. Based on the source and destination addresses, the method selects one of the multiple secure connections for the data message. Each of the secure connections handles a first set of connections formatted according to the first protocol and a second set of connections formatted according to a second protocol that is an alternative to the first protocol. The method securely encapsulates the data message and forwards the encapsulated data message onto a network. The encapsulation includes an identifier for the selected secure connection.Type: GrantFiled: April 7, 2022Date of Patent: January 2, 2024Assignee: VMWARE, INC.Inventor: Sudesh Pawar
-
Patent number: 11854404Abstract: A system computes a timing interval between high-capacity vehicles (HCVs) for each of a plurality of HCV corridors within a geographic region, each respective HCV corridor of the plurality of HCV corridors including a start area. For each respective HCV corridor, the system transmits, via a network communication interface, (i) first data to a first computing device associated with a first HCV, the first data indicating the start area of the respective HCV corridor, and a first start time for the first HCV, and (ii) second data to a second computing device associated with a second HCV, the second data indicating the start area of the respective HCV corridor and a second start time for the second HCV, wherein the first start time for the first HCV and the second start time for the second HCV are based on the computed timing interval for the respective HCV corridor.Type: GrantFiled: July 7, 2022Date of Patent: December 26, 2023Assignee: Uber Technologies, Inc.Inventors: Kenneth Kuhn, Eoin O'Mahony, Miraj Ramhematpura, Mustafa Sahin, Lior Seeman, Philippe Sekine, Vishnu Srinivasan Sundaresan, Meisam Vosoughpour, Danhua Guo, Robert Paine
-
Patent number: 11838272Abstract: The present invention relates to a system for establishing a secure connection between a mobile device container and a number of virtual private networks.Type: GrantFiled: December 2, 2020Date of Patent: December 5, 2023Assignee: MATERNA VIRTUAL SOLUTION GMBHInventors: Oliver Mihatsch, Falko Lehmann-Carpzov
-
Patent number: 11811764Abstract: Identification of an electronic communication containing specific information is provided. Content of the electronic communication may be evaluated by a machine-learning model, and based on an evaluation of the content, it may be determined that the electronic communication contains the specific information. The electronic communication may be tagged with tag information indicating that the electronic communication contains the specific information, and transmission of the electronic communication may be blocked based on the tag information.Type: GrantFiled: January 17, 2020Date of Patent: November 7, 2023Assignee: Truist BankInventors: Amy Rose, Justin Dubs, Joseph Aguayo
-
Patent number: 11799834Abstract: A request for a virtual private network (VPN) server that is an optimal VPN server for a user device is received. Respective penalty scores for VPN servers including the optimal VPN server are calculated. A respective penalty score of a VPN server is calculated based on whether the VPN server is in a same country as the user device and a proximity of the VPN server to an international Internet exchange hub. The optimal VPN is server is selected based on the respective penalty scores. An internet protocol (IP) address of the optimal VPN server is transmitted to the user device.Type: GrantFiled: January 21, 2022Date of Patent: October 24, 2023Assignee: 360 IT, UABInventors: Kazimieras Celiesius, Mindaugas Valkaitis
-
Patent number: 11784979Abstract: A method including configuring a first server to receive, from a second server, an encrypted authentication packet to enable the first server and the second server to conduct an authentication process, the encrypted authentication packet including a crypted code field indicating a type associated with the encrypted authentication packet and a crypted payload including one or more encrypted fields; and configuring the first server to transmit, to the second server, a response based at least in part on determining the type associated with the encrypted authentication packet and on decrypting the one or more encrypted fields. Various other aspects are contemplated.Type: GrantFiled: November 22, 2021Date of Patent: October 10, 2023Assignee: UAB 360 ITInventors: Karolis Pabijanskas, And{umlaut over (z)}ej Val{hacek over (c)}ik, Ramūnas Keliuotis
-
Patent number: 11777718Abstract: Provided herein are systems, devices and methods for opening a connection in a gateway of a cloud based network for a client device connected via two different network links to the gateway and to a Software Defined Perimeter (SDP) controller of a cloud based network. The SDP controller may receive a request from a client device to connect to a gateway of the cloud based network, generate a one-time SPA key for the client device (after authenticated), transmit the SPA key to the gateway, and transmit, via the first network link, the SPA key to the client device. The client device may transmit the SPA key to the gateway via the second network link and the gateway may be configured to open a connection for the client device via the second network link in case the SPA key is valid.Type: GrantFiled: December 12, 2022Date of Patent: October 3, 2023Assignee: Perimeter 81 LTDInventors: Amit Bareket, Sagi Gidali
-
Patent number: 11770364Abstract: Methods and apparatus for private network peering in virtual network environments in which peerings between virtual client private networks on a provider network may be established by clients via an API to a peering service. The peering service and API 104 may allow clients to dynamically establish and manage virtual network transit centers on the provider network at which virtual ports may be established and configured, virtual peerings between private networks may be requested and, if accepted, established, and routing information for the peerings may be specified and exchanged. Once a virtual peering between client private networks is established, packets may be exchanged between the respective client private networks via the peering over the network substrate according to the overlay network technology used by the provider network, for example an encapsulation protocol technology.Type: GrantFiled: January 8, 2021Date of Patent: September 26, 2023Assignee: Amazon Technologies, Inc.Inventors: Bashuman Deb, Andrew Bruce Dickinson, Christopher Ian Hendrie
-
Patent number: 11765133Abstract: A method including configuring a first server to determine an encrypted authentication packet, the configuring including, configuring the first server to determine a crypted code field to indicate a type associated with the encryption authentication packet and that at least a portion of the encryption authentication packet is encrypted, and configuring the first server to determine a crypted payload based at least in part on encrypting one or more fields of an initial authentication packet; and configuring the first server to transmit, to a second server, the encrypted authentication packet to enable the first server and the second server to conduct an authentication process. Various other aspects are contemplated.Type: GrantFiled: November 22, 2021Date of Patent: September 19, 2023Assignee: UAB 360 ITInventors: Karolis Pabijanskas, And{umlaut over (z)}ej Val{hacek over (c)}ik, Ramũnas Keliuotis
-
Patent number: 11757842Abstract: A method including determining, by a first server, an encrypted authentication packet, the determining including, determining a crypted code field to indicate a type associated with the encryption authentication packet and that at least a portion of the encryption authentication packet is encrypted, and determining a crypted payload based at least in part on encrypting one or more fields of an initial authentication packet; and transmitting, by the first server to a second server, the encrypted authentication packet to enable the first server and the second server to conduct an authentication process. Various other aspects are contemplated.Type: GrantFiled: November 18, 2021Date of Patent: September 12, 2023Assignee: UAB 360 ITInventors: Karolis Pabijanskas, And{umlaut over (z)}ej Val{hacek over (c)}ik, Ramũnas Keliuotis
-
Patent number: 11736445Abstract: The techniques herein are directed generally to personalized secure communication session management, such as for virtual private networks (VPNs). In one embodiment, a user is authenticated at a client device to verify that the user is present at the client device and authorized to access one or more secured resources, and in response, a secure communication session is established for the client device to access the secured resources. At a later time during the secure communication session, it is determined whether the user is still authenticated at the client device, such that if so, access to the one or more secured resources is maintained on the secure communication session, or else access is restricted to the one or more secured resources (e.g., the session is terminated, or access is otherwise limited).Type: GrantFiled: March 12, 2021Date of Patent: August 22, 2023Assignee: Journey.aiInventors: Michael Joseph Frendo, Robert Taylor Bartlett, Alexander John Shockley, James M. Behmke
-
Patent number: 11700239Abstract: Various techniques for split tunneling based on content type to exclude certain network traffic from a tunnel (e.g., VPN tunnel) are disclosed. In some embodiments, a system, process, and/or computer program product for split tunneling based on content type to exclude certain network traffic from a tunnel includes monitoring session traffic received at a data appliance; determining if the session traffic is associated with a first content type; and redirecting the session traffic if the session traffic is associated with the first content type based on a policy.Type: GrantFiled: December 7, 2021Date of Patent: July 11, 2023Assignee: Palo Alto Networks, Inc.Inventors: Yongjie Yin, Joby Menon, Andrey Tverdokhleb, Kevin Yao
-
Patent number: 11665141Abstract: Virtual private network (VPN) service provider infrastructure (SPI) receives a request to access a VPN from a client device. The VPN SPI selects an Internet Protocol (IP) address for access to the VPN by the client device from a pool of IP addresses. The VPN SPI provides access to the VPN for the client device via the IP address. The VPN SPI receives one or more handshake notifications from the client device. The VPN SPI determines that a threshold time period has passed since a latest-in-time handshake notification of the one or more handshake notifications. The VPN SPI disconnects the client device from the VPN in response to determining that the threshold time period has passed. The VPN SPI adds the IP address to the pool of IP addresses in response to disconnecting the client device from the VPN.Type: GrantFiled: March 4, 2022Date of Patent: May 30, 2023Assignee: Oversec, UABInventors: Darjus Ilcevic, Gvidas Uzkuras
-
Patent number: 11658940Abstract: A client-side virtual private network (VPN) chaining architecture can provision multiple sessions for multiple VPN clients that are configured to communicate packet traffic in parallel between an end-user device and one or more destinations. The client-side chaining architecture can capture packet traffic per specific users/apps and process (e.g., drop) or reroute the captured packet traffic for different VPN clients. For example, packet traffic can be rerouted from a main VPN client to a secondary VPN client. As such, there can be multiple VPN clients that are simultaneously chained in various ways to the same end-user device.Type: GrantFiled: October 7, 2022Date of Patent: May 23, 2023Assignee: OSOM PRODUCTS, INC.Inventor: Oliver Scott
-
Patent number: 11652747Abstract: Techniques for load balancing encrypted traffic based on security parameter index (SPI) values of packet headers and sets of 5-tuple values of the packet headers are described herein. Additionally, techniques for including quality of service (QoS)-type information in SPI value fields of packet headers are also described herein. The QoS-type information may indicate a particular traffic class according to which the packet is to be handled. Further, techniques for pre-configuring a backend host such that encrypted traffic may be migrated to the backend host from another backend host without causing temporary service disruptions are also described herein.Type: GrantFiled: February 9, 2021Date of Patent: May 16, 2023Assignee: Cisco Technology, Inc.Inventors: Grzegorz Boguslaw Duraj, Leonardo Rangel Augusto, Kyle Andrew Donald Mestery
-
Patent number: 11647001Abstract: A method including assigning, based establishing a VPN connection with the user device, a first exit IP address to be utilized for retrieving information requested by the user device; determining, during the established VPN connection, a host device that is likely to block communication from the first exit IP address; modifying, based on determining the host device, associated DNS settings to return communication information associated with the VPN server itself when the information is to be retrieved from the host device; receiving, during the established VPN connection, the information retrieved from the host device based on utilizing a second exit IP address associated with a secondary server; and transmitting, during the established VPN connection, the information to the user device in accordance with the modified DNS settings is disclosed. Various other aspects are contemplated.Type: GrantFiled: October 3, 2022Date of Patent: May 9, 2023Assignee: UAB 360 ITInventor: Karolis Pabijanskas
-
Patent number: 11637771Abstract: Technologies for managing network traffic through heterogeneous fog network segments of a fog network include a fog node deployed in a fog network segment. The fog node is configured to receive a fog frame that includes control instructions. The fog node is further configured to perform a route selection action to identify a preferred target fog node based on the control instructions, perform action(s) based on the control instructions and network characteristic(s) of the fog network segment relative to corresponding network characteristic(s) of the different fog network segment, and generate updated control instructions based on at least one network characteristic of the different fog network segment. Additionally, the fog node is configured to replace the original control instructions of the received fog frame with the updated control instructions and transmit the received fog frame with the updated control instructions to the preferred target fog node. Other embodiments are described and claimed.Type: GrantFiled: January 18, 2022Date of Patent: April 25, 2023Assignee: Intel CorporationInventors: Keith Nolan, Mark Kelly, Michael McGrath, Heather King, Charlie Sheridan
-
Patent number: 11617217Abstract: A radio network equipment central unit (20, 1700) receives a message (15) that indicates an update to a transport layer address of a radio network equipment distributed unit (10, 1600) from an old transport layer address (12A) to a new transport layer address (12B). The message (15) indicates the old transport layer address (12A) and indicates the new transport layer address (12B). The message (15) may be received from the radio network equipment distributed unit (10, 1600), or from a distributed unit of an integrated access backhaul donor. Regardless, for each of multiple user plane bearers or transport layer tunnels that are associated with the old transport layer address (12A), the radio network equipment central unit (20, 1700) may update a transport layer address of that bearer or tunnel from the old transport layer address (12A) to the new transport layer address (12B).Type: GrantFiled: August 23, 2019Date of Patent: March 28, 2023Assignee: Telefonaktiebolaget LM Ericsson (publ)Inventors: Oumer Teyeb, Lian Araujo, Matteo Fiorani, Gunnar Mildh
-
Patent number: 11617076Abstract: The present disclosure is directed to systems and methods for clientless virtual private network (VPN) roaming with 802.1x authentication and includes one or more processors and one or more computer-readable non-transitory storage media coupled to the one or more processors and comprising instructions that, when executed by the one or more processors, cause one or more components to perform operations including, receiving, at a local proxy, an 802.1x communication including authentication information from a remote device wirelessly connected to a visited network, wherein the remote device requests access to an enterprise network; authenticating the remote device with the enterprise network using the authentication information; establishing an encrypted tunnel between the visited network and the enterprise network; and transmitting data between the remote device and the enterprise network through the encrypted tunnel.Type: GrantFiled: June 15, 2020Date of Patent: March 28, 2023Assignee: CISCO TECHNOLOGY, INC.Inventors: Jeffrey Napper, Alessandro Duminuco, Hendrikus G. P. (Peter) Bosch
-
Patent number: 11604892Abstract: Disclosed are systems, methods, and non-transitory computer-readable media for standard compliant collection of sensitive data during a communication session. A standard compliant data collection system is used to provide the standard compliant collection of sensitive data. For example, in response to receiving an indication that a user is to provide sensitive data during an active communication session between the user and an agent, a standard compliant data collection mode is invoked. As a result, communication within the active communication session is routed between the user and the standard compliant data collection system via a secure connection, during which sensitive data is collected in a standard compliant manner. Once collection of the user's sensitive data has been completed, the standard compliant data collection mode is ended, and communication within the active communication session is routed between the user and the agent.Type: GrantFiled: May 28, 2020Date of Patent: March 14, 2023Assignee: Twilio Inc.Inventors: Krishnaprasad Gutta, Christer Jan Erik Fahlgren
-
Patent number: 11601467Abstract: Methods and systems are disclosed for service provider based advanced threat protection. A service provider network may include one or more network devices. The service provider network may be configured to determine network isolation configuration information for a client device, on a local area network (LAN), associated with a client account. The network isolation configuration information may include an identification of trusted network destination and/or untrusted network destinations for the client device. The service provider network may send the network isolation configuration information to the client device. The service provider network may be configured to authenticate a segregated memory space operating on the client device.Type: GrantFiled: August 22, 2018Date of Patent: March 7, 2023Assignee: L3 Technologies, Inc.Inventors: Glenn Coleman, Peter Martz, Kenneth Moritz
-
Patent number: 11589412Abstract: The present invention relates to methods and apparatus for providing backhaul communications. An exemplary method embodiment includes the steps of: determining, by a first wireless base station of a first wireless network, whether a first backhaul connection path between the first wireless base station and a core network entity of a first service provider includes a communications link which is part of a second network being operated by a different service provider; determining, by the first wireless base station, data transmission latency between the first wireless base station and the core network entity using the first backhaul connection path; establishing, by the first wireless base station, a second backhaul connection path between the first wireless base station and the core network entity, said second backhaul connection including a wireless connection to a second wireless base station which is part of the first wireless network.Type: GrantFiled: May 10, 2021Date of Patent: February 21, 2023Assignee: Charter Communications Operating, LLCInventor: Volkan Sevindik
-
Patent number: 11576013Abstract: Apparatuses, methods, and systems for internet-enabled data for transparent application consumption over unstructured supplementary service data are disclosed. One method includes generating, by an application, IP (internet protocol) packets, encapsulating, by a proxy interface, the IP packets into protocol data units (PDUs), generating frames of data for facilitating communication through a wireless link, wherein the frames include data slots and control information slots, identifying, by the base station, unused control information slots of the frames of data, scheduling transmission of a stream of the PDUs over the unused control information slots for a full-time duration of the unused control information slots, inserting the PDUs into one or more of the scheduled control information slots of the frames of data as specified by the scheduling, and transmitting, by the computing device, the frames of data through the wireless link to the base station on the scheduled control information slots.Type: GrantFiled: February 25, 2021Date of Patent: February 7, 2023Assignee: META PLATFORMS, INC.Inventor: Abhishek Bose-Kolanu
-
Patent number: 11575757Abstract: A datagram oriented UDP protocol is used for communication between tunnel gateways in a wide area network. Lightweight remote client accesses network services using TCP tunneling. Each remote client maintains one or more UDP/IP+DTLS communication channels to a single member of the gateway group. Gateway servers belonging to the gateway group form some interconnection topology linking each gateway server to each other gateway server, whereby each gateway server maintains a communication channel with every other gateway server in the gateway group. Through the links between gateway servers, a remote client may access any application provided by any gateway server within the gateway group regardless of which gateway server it is connected to, which serves to cloak its communication patterns.Type: GrantFiled: December 28, 2020Date of Patent: February 7, 2023Assignee: DH2I COMPANYInventors: Thanh Q. Ngo, Samuel Revitch
-
Patent number: 11575654Abstract: A method including determining, by a first device having an established virtual private network (VPN) connection with a VPN server and an established meshnet connection with a second device in a mesh network, that a destination associated with a transmission packet to be transmitted by the device is the second device in the mesh network; and transmitting, by the first device, the transmission packet utilizing the meshnet connection based at least in part on determining that the destination is the second device in the mesh network. Various other aspects are contemplated.Type: GrantFiled: December 20, 2021Date of Patent: February 7, 2023Assignee: UAB 360 ITInventors: Mantas Jonytis, Rytis Karpu{hacek over (s)}ka
-
Patent number: 11558184Abstract: Provided herein are systems, devices and methods for opening a connection in a gateway of a cloud based network for a client device connected via two different network links to the gateway and to a Software Defined Perimeter (SDP) controller of a cloud based network. The SDP controller may receive a request from a client device to connect to a gateway of the cloud based network, generate a one-time SPA key for the client device (after authenticated), transmit the SPA key to the gateway, and transmit, via the first network link, the SPA key to the client device. The client device may transmit the SPA key to the gateway via the second network link and the gateway may be configured to open a connection for the client device via the second network link in case the SPA key is valid.Type: GrantFiled: August 9, 2020Date of Patent: January 17, 2023Assignee: Perimeter 81 LTDInventors: Amit Bareket, Sagi Gidali
-
Patent number: 11556364Abstract: Methods, systems, and devices for enabling public key infrastructure (PKI) in the generic could environment and the network function virtualization (NFV) environment. A host device may receive, from an orchestrator of a computer network environment, an indication of a workload to be executed by a virtual machine (VM) hosted on the host device, where the indication includes an identifier of the workload. The VM may transmit a request for a certificate to a hardware security module associated with the host device including the identifier of the workload. After transmitting the request for the certificate, the VM may receive the requested certificate from the HSM. In some cases, the VM may determine a private key associated with the workload and include the private key within the request for the certificate. Additionally or alternatively, the HSM may determine the private key. Here, the HSM may include the private key within the certificate.Type: GrantFiled: September 19, 2019Date of Patent: January 17, 2023Assignee: Cable Television Laboratories, Inc.Inventors: Igor Faynberg, Steven J. Goeringer
-
Patent number: 11546225Abstract: A system and method for network planning with certain guarantees is disclosed. The system receives data characterizing various aspects of a backbone network, such as the nodes of the backbone network, how the nodes are connected by network links, the maximum available capacities of the network assets, network costs, and network asset reliability information. The system also receives data characterizing the requirements of different data communications, or flows, within the backbone network. For example, the backbone network may need to provide a flow a minimum amount of bandwidth or throughput, and the flow may have a minimum required uptime or availability. Based on the network data and flow data, the system generates a network plan that describes how capacity should be provided by different components of the network in a manner that guarantees satisfying flow requirements while balancing other considerations, such as network costs.Type: GrantFiled: June 8, 2020Date of Patent: January 3, 2023Assignee: Meta Platforms, Inc.Inventors: Satyajeet Singh Ahuja, Yury Smirnov, Alexander Ilo Nikolaidis, Gayathrinath Nagarajan, Steve Politis, Srivatsan Balasubramanian
-
Patent number: 11546244Abstract: In general, the disclosure describes a method that includes partitioning resources of a computing device into a first namespace comprising a first physical network interface and a second namespace comprising a second physical network interface; creating, by a test agent executing as a process in the second namespace, a test agent child in the second namespace; migrating the test agent to execute as a process in the first namespace; communicating, by the test agent child via the second physical network interface, test packets; obtaining, by the test agent, network performance measurement data that is based at least on the test packets; and outputting, by the test agent while executing as a process in the first namespace, an indication of the network performance measurement data.Type: GrantFiled: October 8, 2021Date of Patent: January 3, 2023Assignee: Juniper Networks, Inc.Inventors: Fredrik Anders Kers, John Clementi Hedges
-
Patent number: 11544180Abstract: A provisional page to be filled with data is allocated in an in-memory database system in which pages are loaded into memory and having associated physical disk storage a provisional page to be filled with data. Thereafter, the provisional page is filled with data. The provisional page is register after the provisional page has been filled with data such that consistent changes in the database are not required for the provisional page prior to the registering.Type: GrantFiled: May 3, 2018Date of Patent: January 3, 2023Assignee: SAP SEInventors: Dirk Thomsen, Thorsten Glebe
-
Patent number: 11522899Abstract: Embodiments herein provide a system, method and an apparatus for vulnerability management for connected devices on a network. The proposed method includes identifying vulnerability in a device. The method includes determining whether the vulnerability affects the device by applying one or more rules. Further, the method includes calculating vulnerability score by assigning weights to impact metric and exploitability metric. In various embodiments, the method includes predicting security incident for the device based on the computed vulnerability score, security capabilities of the device and various anomalies on the device.Type: GrantFiled: March 30, 2019Date of Patent: December 6, 2022Assignee: Asimily, INC.Inventors: Shankar Somasundaram, Hithesh Nama