公开(公告)号：US12022008B2

公开(公告)日：2024-06-25

申请号：US17604716

申请日：2020-04-15

申请人： connectFree Corporation

发明人： Kristopher Andrew Tate

IPC分类号： H04L9/40 ,  H04L9/32

CPC分类号： H04L9/3263 ,  H04L63/0823

摘要： A network system including a plurality of devices can acquire authenticated location information of a device and provides various services using the authenticated location information. Each of the plurality of devices includes: a communication unit for performing data communication with another device; a storage unit that stores a digital certificate including a public key for determining an IP address of the device; and a determination unit that determines an IP address of another device based on a public key included in a digital certificate received from the another device. The digital certificate includes location information associated with a corresponding device.

公开(公告)号：US12021873B2

公开(公告)日：2024-06-25

申请号：US17487124

申请日：2021-09-28

申请人： Sonrai Security Inc.

发明人： Ben A. Wuest ,  Willam A. Bird ,  Brad J. Peters ,  Dasharath P. Chavda ,  Gregory A. Davis

IPC分类号： H04L9/40 ,  G06F21/45 ,  G06F21/62

CPC分类号： H04L63/102 ,  G06F21/45 ,  G06F21/62 ,  H04L63/0823 ,  H04L63/0876 ,  H04L63/101 ,  H04L63/108

摘要： A network-accessible service provides an enterprise with a view of identity and data activity in the enterprise's cloud accounts. The service enables distinct cloud provider management models to be normalized with centralized analytics and views across large numbers of cloud accounts. Using a domain-specific query language, the system enables rapid interrogation of a complete and centralized data model of all data and identity relationships. The data model also supports a cloud “least privilege and access” framework. Least privilege is a set of minimum permissions that are associated to a given identity; least access is a minimal set of persons that need to have access to given piece data. The framework maps an identity to one or more actions collected in cloud audit logs, and dynamically-build a compete view of an identity's effective permissions. The resulting least privilege and access policies are then applied natively to a given cloud environment to manage access.

公开(公告)号：US20240205222A1

公开(公告)日：2024-06-20

申请号：US18539800

申请日：2023-12-14

申请人： BULL SAS

发明人： Christophe GUIONNEAU ,  Mamuye SAMUEL

IPC分类号： H04L9/40

CPC分类号： H04L63/0876 ,  H04L63/0435 ,  H04L63/0823

摘要： The invention relates to a method (200) for authenticating a user in a first device comprising the following steps:



sending (212), by an authentication client of said first device or said application, to an authentication server (308), an authentication request,
in response to said authentication request, sending (216) by the authentication server (308) a first message comprising an authentication URL and a transaction identifier,
opening (218) said URL in a web browser running on a second user device (310), previously enrolled with said authentication server (308),
verifying (222) the identity of said user by said second user device (310), and
when said verification is successful, providing (224) by said second user device (310) to said authentication server (308), a proof of enrollment stored in said second device (310) during the enrollment of said second device (310), in order to authenticate said user.




The invention also relates to a computer program and a system implementing such a method.

公开(公告)号：US20240205198A1

公开(公告)日：2024-06-20

申请号：US18288955

申请日：2022-03-25

申请人： Intel Corporation

发明人： Kapil Sood ,  Srinivasa Addepalli ,  Dong Guo ,  Sakari Poussa ,  Kailun Qin ,  Ismo Puustinen ,  Veronika Karperko

IPC分类号： H04L9/40

CPC分类号： H04L63/0428 ,  H04L63/0823

摘要： Various methods, systems, and use cases for securely managing, generating, and controlling access to keys in a service mesh are discussed herein. In various examples, key protection operations include service mesh signing key protection and service mesh communication key protection, for a secure transport session between services such as conducted with mutual transport layer security (mTLS). For instance, such key protection operations may be used to establish communications between the service host and another entity within the service mesh, in a secure transport session, based on use of a private key (secured using a confidential computing technology) in a secure enclave or other secure compute environment to sign one or more keys for the secure transport session.

公开(公告)号：US20240205028A1

公开(公告)日：2024-06-20

申请号：US18587476

申请日：2024-02-26

申请人： McAfee, LLC

发明人： Tirumaleswar Reddy Konda ,  Shashank Jain ,  Piyush Pramod Joshi ,  Himanshu Srivastava

IPC分类号： H04L9/32 ,  G06F21/57 ,  H04L9/08 ,  H04L9/40 ,  H04L12/66 ,  H04W12/069

CPC分类号： H04L9/3268 ,  G06F21/57 ,  H04L9/0891 ,  H04L12/66 ,  H04L63/20 ,  H04W12/069 ,  H04L63/0823

摘要： There is disclosed a system and method of providing services on a home gateway, including providing a set of security scans for traffic to and from a plurality of devices on a home network; cryptographically verifying that a secured device from the plurality of devices provides for itself internal security services; and based on the cryptographic verification, skipping at least one security scan of the set of security scans for traffic of the secured device.

公开(公告)号：US20240195783A1

公开(公告)日：2024-06-13

申请号：US18079933

申请日：2022-12-13

申请人： AT&T Intellectual Property I, L.P.

发明人： Jae-Sun Chin ,  Barry Elia ,  Sridhar Narahari ,  Michael Satterlee ,  John Gibbons

IPC分类号： H04L9/40

CPC分类号： H04L63/0272 ,  H04L63/0236 ,  H04L63/0823

摘要： Concepts and technologies disclosed herein are directed to zero trust network access (“ZTNA”) and virtual private network (“VPN”) client offloading. According to one aspect, a user device can establish a private network session to access a private network resource in a private network. The user device can receive a request to offload the private network session from the user device to a secure router. In response to the request, the user device can offload the private network session to the secure router.

公开(公告)号：US20240189611A1

公开(公告)日：2024-06-13

申请号：US18582388

申请日：2024-02-20

申请人： West Affum Holdings DAC

发明人： Steven E. Sjoquist ,  David P. Finch ,  Erick M. Roane ,  Zoie R. Engman ,  Jonathan P. Niegowski ,  Dusan Beblavy ,  Martin Pribula ,  Peter Curila ,  Martin Kolesár

IPC分类号： A61N1/39 ,  A61B5/00 ,  A61B5/024 ,  A61B5/361 ,  A61B5/363 ,  A61N1/04 ,  A61N1/372 ,  G06F21/33 ,  H04L9/32 ,  H04L9/40

CPC分类号： A61N1/3904 ,  A61B5/02438 ,  A61N1/046 ,  A61N1/0484 ,  A61N1/3987 ,  A61N1/3993 ,  G06F21/33 ,  H04L9/3268 ,  H04L63/0823 ,  A61B5/361 ,  A61B5/363 ,  A61B5/6805 ,  A61B5/74 ,  A61N1/37258 ,  A61N1/3925

摘要： Disclosed are embodiments directed to security methods applied to connections between components in a distributed (networked) system including medical and non-medical devices, providing secure authentication, authorization, patient and device data transfer, and patient data association and privacy for components of the system.

公开(公告)号：US12010116B2

公开(公告)日：2024-06-11

申请号：US18320320

申请日：2023-05-19

申请人： ZPE Systems, Inc.

发明人： Arnaldo Zimmermann ,  Livio Ceci

IPC分类号： H04L9/40

CPC分类号： H04L63/0869 ,  H04L63/0823

摘要： A cloud-based communication framework. A first secure channel may be established for communication between an IT device and a cloud-computing platform. A request for a device user interface may be received over the first secure channel. A second secure channel for communication between the IT device and the cloud-computing platform may be established in response to the request for the device user interface. The device user interface may then be forwarded over the second secure channel to the cloud-computing platform.

公开(公告)号：US11997106B2

公开(公告)日：2024-05-28

申请号：US17216415

申请日：2021-03-29

申请人： Huawei Cloud Computing Technologies, Co., Ltd.

发明人： Jintao Zhu

IPC分类号： H04L9/40 ,  H04L9/32 ,  H04W4/06 ,  H04W4/40 ,  G07C5/00 ,  G07C5/08

CPC分类号： H04L63/123 ,  H04L9/3268 ,  H04L63/0823 ,  H04W4/06 ,  H04W4/40 ,  G07C5/008 ,  G07C5/0841

摘要： A communication method implemented by a communications apparatus that is configured with a control rule parameter, where the control rule parameter includes a signature verification rule parameter, a message aggregation rule parameter, and a reporting control rule parameter, and the method includes receiving a first message, performing signature verification processing on the first message based on the signature verification rule parameter, performing, based on the message aggregation rule parameter, message aggregation processing on the first message after performing the signature verification processing to obtain a second message, and sending the second message to a server based on the reporting control rule parameter.

公开(公告)号：US11995206B2

公开(公告)日：2024-05-28

申请号：US18179376

申请日：2023-03-07

申请人： UpGuard, Inc.

发明人： Alan James Sharp-Paul ,  Christopher Robert Vickery ,  Jonathan David Hendren ,  Gregory Ford Pollock ,  Daniel Bradbury ,  Christian Alan Kiely ,  Gavin Richard Turner ,  Michael Franz Baukes

IPC分类号： G06F21/62 ,  G06F16/22 ,  G06F16/2457 ,  G06F21/60 ,  H04L9/40

CPC分类号： G06F21/6218 ,  G06F16/22 ,  G06F16/24578 ,  G06F21/604 ,  H04L63/0823 ,  H04L63/083

摘要： A breach detection engine detects and mitigates the effects of breaches across one or more data sources. An index is generated based on one or more data sources and the index is queried using keywords indicative of potential breaches. A database of potential breaches is populated based on the query of the index. The potential breach database is queried using keywords associated with a system identity (e.g., a third party). A likelihood of a candidate breach is identified based on a set of breach criteria weights. A network node associated with a candidate breach determined to be an actual breach is identified for isolation or for the performance of one or more additional security actions.