公开(公告)号：US12132705B2

公开(公告)日：2024-10-29

申请号：US17275921

申请日：2019-09-27

Applicant: New H3C Security Technologies Co., Ltd.

Inventor： Xiaohong Zhang

IPC: G06F21/00 ,  H04L9/40

CPC classification number: H04L63/0254 ,  H04L63/0236 ,  H04L63/0263 ,  H04L63/20

Abstract: Disclosed are a packet processing method and apparatus applicable to a network device. The method comprises: receiving a first packet; determining the number of second packets received within a preset duration after the first packet passes basic detection successfully, wherein packet information of the second packet is identical to first packet information of the first packet; determining whether the number of the second packets received is greater than a preset number threshold; if so, removing a first table entry from a fast forwarding table, wherein the first table entry contains second packet information of the first packet; and performing attack detection on the first packet. With the application of the technical solution provided by an example of the present disclosure, the security risk in a network device is efficiently reduced.

公开(公告)号：US12130870B2

公开(公告)日：2024-10-29

申请号：US17581459

申请日：2022-01-21

Applicant: AutoConnect Holdings LLC

Inventor： Christopher P. Ricci

IPC: H04W48/04 ,  A61B5/00 ,  A61B7/04 ,  B60C1/00 ,  B60H1/00 ,  B60K35/00 ,  B60N2/02 ,  B60Q9/00 ,  B60R25/00 ,  B60R25/01 ,  B60R25/10 ,  B60R25/102 ,  B60R25/20 ,  B60R25/25 ,  B60W50/08 ,  B60W50/10 ,  B60W50/14 ,  G01C21/34 ,  G01C21/36 ,  G01S19/42 ,  G05D1/00 ,  G05D23/19 ,  G06F3/01 ,  G06F3/0481 ,  G06F3/0482 ,  G06F3/04842 ,  G06F3/04886 ,  G06F3/06 ,  G06F9/451 ,  G06F16/182 ,  G06F16/2457 ,  G06F16/25 ,  G06F16/583 ,  G06F16/951 ,  G06F21/00 ,  G06F21/31 ,  G06F21/32 ,  G06Q10/00 ,  G06Q10/02 ,  G06Q10/20 ,  G06Q30/00 ,  G06Q30/012 ,  G06Q30/0251 ,  G06Q30/0601 ,  G06Q30/0645 ,  G06Q50/40 ,  G06V20/59 ,  G06V40/16 ,  G06V40/20 ,  G07C5/02 ,  G07C5/08 ,  G07C9/00 ,  G08B13/196 ,  G08B21/02 ,  G08B21/06 ,  G08B21/18 ,  G08B25/01 ,  G08B29/18 ,  G08G1/00 ,  G08G1/01 ,  G08G1/07 ,  G08G1/0967 ,  G08G1/0968 ,  G08G1/16 ,  G09G5/37 ,  H04L9/40 ,  H04L51/02 ,  H04L67/10 ,  H04L67/12 ,  H04L67/306 ,  H04L67/55 ,  H04N21/2225 ,  H04N21/226 ,  H04N21/239 ,  H04N21/258 ,  H04N21/436 ,  H04N21/4363 ,  H04N21/454 ,  H04N21/6408 ,  H04N21/643 ,  H04W4/021 ,  H04W4/12 ,  H04W4/21 ,  H04W4/30 ,  H04W4/40 ,  H04W4/48 ,  H04W4/60 ,  H04W4/70 ,  H04W4/80 ,  H04W12/06 ,  H04W12/088 ,  H04W36/34 ,  H04W76/11 ,  H04W76/19 ,  H04W84/18 ,  B60K35/10 ,  B60K35/20 ,  B60K35/28 ,  B60K35/81 ,  B60Q1/52 ,  B60R11/04 ,  B60W50/00 ,  G02B27/00 ,  G06F3/0488 ,  G06V40/10 ,  H04L67/00 ,  H04N7/18 ,  H04W12/68 ,  H04W84/00

CPC classification number: G06F16/951 ,  A61B5/0077 ,  A61B5/4809 ,  A61B5/6808 ,  A61B5/7405 ,  A61B5/742 ,  A61B7/04 ,  B60C1/00 ,  B60H1/00742 ,  B60K35/00 ,  B60N2/0244 ,  B60Q9/00 ,  B60R25/00 ,  B60R25/01 ,  B60R25/1004 ,  B60R25/102 ,  B60R25/20 ,  B60R25/25 ,  B60W50/085 ,  B60W50/10 ,  B60W50/14 ,  G01C21/3484 ,  G01C21/365 ,  G01C21/3667 ,  G01C21/3691 ,  G01C21/3697 ,  G01S19/42 ,  G05D1/0016 ,  G05D1/0276 ,  G05D23/1917 ,  G06F3/013 ,  G06F3/017 ,  G06F3/0481 ,  G06F3/0482 ,  G06F3/04842 ,  G06F3/04886 ,  G06F3/0622 ,  G06F3/0637 ,  G06F3/0673 ,  G06F9/451 ,  G06F16/183 ,  G06F16/24575 ,  G06F16/25 ,  G06F16/252 ,  G06F16/583 ,  G06F21/00 ,  G06F21/31 ,  G06F21/32 ,  G06Q10/00 ,  G06Q10/02 ,  G06Q10/20 ,  G06Q30/00 ,  G06Q30/012 ,  G06Q30/0265 ,  G06Q30/0266 ,  G06Q30/0633 ,  G06Q30/0639 ,  G06Q30/0641 ,  G06Q30/0645 ,  G06Q50/40 ,  G06V20/59 ,  G06V20/593 ,  G06V40/166 ,  G06V40/168 ,  G06V40/172 ,  G06V40/20 ,  G06V40/28 ,  G07C5/02 ,  G07C5/08 ,  G07C5/0825 ,  G07C5/0833 ,  G07C9/00563 ,  G08B13/19647 ,  G08B21/0205 ,  G08B21/06 ,  G08B21/18 ,  G08B25/016 ,  G08B29/188 ,  G08G1/01 ,  G08G1/07 ,  G08G1/096725 ,  G08G1/096741 ,  G08G1/096775 ,  G08G1/0968 ,  G08G1/096805 ,  G08G1/096811 ,  G08G1/096844 ,  G08G1/164 ,  G08G1/207 ,  G09G5/37 ,  H04L51/02 ,  H04L63/0236 ,  H04L63/0428 ,  H04L63/102 ,  H04L67/10 ,  H04L67/12 ,  H04L67/306 ,  H04L67/55 ,  H04N21/2225 ,  H04N21/2265 ,  H04N21/2393 ,  H04N21/25816 ,  H04N21/43615 ,  H04N21/43637 ,  H04N21/454 ,  H04N21/6408 ,  H04N21/64322 ,  H04W4/021 ,  H04W4/12 ,  H04W4/21 ,  H04W4/30 ,  H04W4/40 ,  H04W4/48 ,  H04W4/60 ,  H04W4/70 ,  H04W4/80 ,  H04W12/06 ,  H04W12/088 ,  H04W36/34 ,  H04W48/04 ,  H04W76/11 ,  H04W76/19 ,  H04W84/18 ,  A61B2503/04 ,  B60K35/10 ,  B60K35/20 ,  B60K35/28 ,  B60K35/81 ,  B60K2360/11 ,  B60K2360/146 ,  B60Q1/52 ,  B60R11/04 ,  B60R25/2081 ,  B60R25/257 ,  B60W2050/0067 ,  B60W2050/0085 ,  G01C21/362 ,  G02B27/0093 ,  G05D1/021 ,  G06F3/0488 ,  G06F2203/04803 ,  G06V40/15 ,  G06V40/16 ,  G09G2380/10 ,  H04L67/34 ,  H04N7/181 ,  H04W12/68 ,  H04W84/005

Abstract: The vehicle control system/method for adapting a control function based on a user profile may comprise: a gesture recognition module; a user profile module; a function control module; a processor; a non-transitory storage element coupled to the processor; encoded instructions stored in the non-transitory storage element, wherein the encoded instructions when implemented by the processor, configure the system to: identify a user; retrieve a user profile for the identified user; receive at a gesture recognition module, an input indicating a gesture from the user; identify a control function request corresponding to the gesture input; send a verification of the control function request; and receive at a function control module characteristics parsed from the user profile that effect the control function request by the user profile module to adapt a control function command for an adapted control function output by the function control module.

公开(公告)号：US20240356896A1

公开(公告)日：2024-10-24

申请号：US18755276

申请日：2024-06-26

Applicant: Level 3 Communications, LLC

Inventor： Christopher Smith ,  Michael Benjamin ,  Peter Brecl

IPC: H04L9/40

CPC classification number: H04L63/0236 ,  H04L63/1416 ,  H04L63/1425 ,  H04L63/1441

Abstract: Examples of the present disclosure describe systems and methods for providing enhanced security in edge computing environments. A first aspect describes a method for moving security features dynamically applied to an application at a first deployment location to an application at a second deployment location. A second aspect describes a method for locally expanding/contracting an instance of a deployed application. A third aspect describes a method for redirected network traffic associated with detected malicious conduct from a first application deployment environment to a secured second application deployment environment. A fourth aspect describes a method for performing multi-stage network traffic filtering.

公开(公告)号：US20240348660A1

公开(公告)日：2024-10-17

申请号：US18752420

申请日：2024-06-24

Applicant: Intel Corporation

Inventor： Omer Ben-Shalom ,  Dan Horovitz ,  Ilil Blum Shem-Tov ,  Lev Faerman ,  Wissam Ghammashi

IPC: H04L9/40

CPC classification number: H04L63/20 ,  H04L63/0236 ,  H04L63/1416 ,  H04L63/306

Abstract: Hardware-based Zero Trust Network Access Agents for Improved Security are disclosed herein. An example apparatus includes network interface circuitry; machine-readable instructions; and first processor circuitry programmable by the instructions to detect, via firmware execution, a request from a device to access a resource via a zero trust network access interface; determine, via the firmware execution, a security state of the device; and based on the security state of the device, transmit the request to a host operating system (OS) via a virtual network interface, the operating system executed via second processor circuitry different than the first processor circuitry.

公开(公告)号：US20240340268A1

公开(公告)日：2024-10-10

申请号：US18749056

申请日：2024-06-20

Applicant: Level 3 Communications, LLC

Inventor： Michael Benjamin

IPC: H04L9/40 ,  H04L41/0816 ,  H04L43/028 ,  H04L61/4511 ,  H04L61/5007 ,  H04L67/10

CPC classification number: H04L63/0263 ,  H04L41/0816 ,  H04L43/028 ,  H04L61/4511 ,  H04L61/5007 ,  H04L63/0236 ,  H04L67/10

Abstract: Systems and methods for implementing filters within computer networks include obtaining blocklist data that includes blocklist entries for a network. Each of the blocklist entries includes one or more network traffic attributes for identifying traffic to be blocked. In response to receiving the blocklist data, a filter based on a common network traffic attribute shared between at least two of the plurality of blocklist entries is generated. The filter is then deployed to a network device within the network such that the filter may be implemented at the network device to block corresponding traffic.

公开(公告)号：US20240333729A1

公开(公告)日：2024-10-03

申请号：US18370610

申请日：2023-09-20

Applicant: Hitachi, Ltd. ,  National Institute of Information and Communications Technology

Inventor： Shota FUJII ,  Nobutaka KAWAGUCHI ,  Tomohiro SHIGEMOTO ,  Takayuki SATOU ,  Sho AOKI ,  Masato TERADA ,  Yu TSUDA

IPC: H04L9/40

CPC classification number: H04L63/1416 ,  H04L63/0236 ,  H04L63/1433

Abstract: A connection destination malignancy determination system connected to the Internet through a network includes: a connection destination observation unit that observes a connection destination; a connection destination malignancy determination unit that determines a malignancy indicating the degree of maliciousness of the connection destination; and a countermeasure priority determination unit that determines a countermeasure priority indicating the degree of preferential countermeasure required based on the malignancy and an observation result of the connection destination.

公开(公告)号：US12107827B2

公开(公告)日：2024-10-01

申请号：US18326745

申请日：2023-05-31

Applicant: CLOUDFLARE, INC.

Inventor： Nicholas Alexander Wondra ,  Igor Postelnik ,  Michael John Vanderwater ,  Adam Simon Chalmers ,  Nuno Miguel Lourenço Diegues ,  Arég Harutyunyan ,  Erich Alfred Heine

IPC: H04L9/40 ,  H04L12/46 ,  H04L67/10

CPC classification number: H04L63/0236 ,  H04L12/4633 ,  H04L63/0272 ,  H04L63/029 ,  H04L63/0485 ,  H04L67/10

Abstract: A unified network service that connects multiple disparate private networks and end user client devices operating on separate networks is described. The multiple disparate private networks and end user client devices connect to a distributed cloud computing network that provides routing services, security services, and performance services, and that can be controlled consistently regardless of the connection type. The unified network service provides uniform access control at the L3 layer (e.g., at the IP layer) or at a higher layer using user identity information (e.g., a zero-trust model). The disparate private networks are run on top of the distributed cloud computing network. The virtual routing layer of the distributed cloud computing network allows customers of the service to have private resources visible only to client devices (e.g., user devices of the customer and/or server devices of the customer) of the organization while using address space that potentially overlaps with other customers of the distributed cloud computing network.

公开(公告)号：US12101315B2

公开(公告)日：2024-09-24

申请号：US17872156

申请日：2022-07-25

Applicant: Cloud Linux Software Inc.

Inventor： Igor Seletskiy ,  Serhii Polishchuk ,  Marat Sataiev

IPC: H04L9/40 ,  G06F21/46

CPC classification number: H04L63/0846 ,  G06F21/46 ,  H04L63/0218 ,  H04L63/0236 ,  H04L63/1425

Abstract: Disclosed herein are systems and methods for rapid password evaluation. A method may include: configuring a web application firewall (WAF) to monitor login credentials for one or more web applications; intercepting, using the WAF, a password input during a login attempt to a web application by an entity; calculating a hash value of the password input; transmitting the hash value to a dedicated server configured to: determine whether the hash value is in a database of hashes corresponding to weak passwords; and in response to determining that the hash value is in the database of hashes, transmit a message to the WAF indicating that the password input corresponds to a weak password; and generating for display, using the WAF, a web page prompting for a password reset for the web application.

公开(公告)号：US12101294B2

公开(公告)日：2024-09-24

申请号：US18341954

申请日：2023-06-27

Applicant: Snowflake Inc.

Inventor： Robert Bengt Benedikt Gernhardt ,  Mikhail Kazhamiaka ,  Nithin Mahesh ,  Eric Robinson

IPC: H04L9/40

CPC classification number: H04L63/0218 ,  H04L63/0236 ,  H04L63/0245

Abstract: Different database deployments, or other data system deployments, may want to communicate with each other without sacrificing security or control. To this end, embodiments of the present disclosure may provide secure message exchange techniques for a source and/or target deployment. Configurable rule sets may be stored in the deployments; the rule sets may define what messages may be communicated between deployments. The deployments may implement a selective filtering scheme in one or more stages based on the rule sets to filter outgoing and/or incoming messages.

公开(公告)号：US12099996B2

公开(公告)日：2024-09-24

申请号：US16536701

申请日：2019-08-09

Applicant: tZERO IP, LLC

Inventor： Tron Black ,  Andrew Warner

IPC: G06Q20/36 ,  G06Q40/04 ,  H04L9/06 ,  H04L9/40

CPC classification number: G06Q20/3678 ,  G06Q20/3674 ,  G06Q40/04 ,  H04L9/0637 ,  H04L63/0236

Abstract: In an example, a system comprises at least one processor, at least one memory communicatively coupled to the processor, and at least one network interface communicatively coupled to the processor. The processor is configured to: receive an intent to purchase a token into a transaction address from a remote computing device; receive signed data, signed by a private key, from the computing device; receive at least one of the transaction address or public key associated with the transaction address from the computing device; verify that the transaction address or the public key is associated with the private key; verify that the transaction address or the public key is whitelisted to purchase the token; and allow purchase of the token into the transaction address when the target transaction address or the public key is both: (1) associated with the private key and (2) whitelisted to purchase the token.