公开(公告)号：US12126622B2

公开(公告)日：2024-10-22

申请号：US17592667

申请日：2022-02-04

Applicant: VEAA Inc.

Inventor： Jim Sienicki ,  Roger Lucas ,  Perry Wintner ,  Nick Jelbert ,  Clint Smith

IPC: H04L9/40 ,  G06F11/14 ,  G06F21/10 ,  H04L67/1097

CPC classification number: H04L63/101 ,  G06F11/1464 ,  G06F11/1469 ,  G06F21/105 ,  H04L63/0435 ,  H04L63/102 ,  H04L63/20 ,  H04L67/1097 ,  G06F21/1075

Abstract: An edge device may be configured to generate a secure container to perform a software application on the edge device. A security daemon operating on a processor of the edge device may receive a configure host request message from a container manager. In response, the security daemon may determine integrity of metadata, extract licenses from the metadata, determine image permissions, create a user or group account, and update one or more system service access-control lists (ACLs). The security daemon may generate and send a configure host response message to the container manager, which may create and/or start the container.

公开(公告)号：US12113859B2

公开(公告)日：2024-10-08

申请号：US18498950

申请日：2023-10-31

Applicant: NOKIA SOLUTIONS AND NETWORKS OY

Inventor： Hyunseok Chang ,  Sarit Mukherjee

IPC: G06F15/16 ,  H04L9/40 ,  H04L67/1097

CPC classification number: H04L67/1097 ,  H04L63/0435 ,  H04L63/20

Abstract: Various example embodiments for supporting zero-trust policy enforcement in a communication system are presented herein. Various example embodiments for supporting zero-trust policy enforcement in a communication system may be configured to support zero-trust policy enforcement, including zero-trust authentication, for Remote Direct Memory Access (RDMA) communications. Various example embodiments for supporting zero-trust policy enforcement for RDMA communications may be configured to support transparent zero-trust policy enforcement for RDMA communications by leveraging programmable Smart Network Interface Cards (SmartNICs). Various example embodiments for supporting zero-trust policy enforcement for RDMA communications based on leveraging of programmable SmartNICs may be configured to support zero-trust policy enforcement for RDMA communications by applying zero-trust policies on a connection-by-connection basis within SmartNICs for RDMA connections between RDMA applications hosted on end hosts served by the SmartNICs.

公开(公告)号：US12111917B2

公开(公告)日：2024-10-08

申请号：US16765111

申请日：2018-11-15

Applicant: Enrico Maim

Inventor： Enrico Maim

IPC: G06F21/55 ,  G06F21/60 ,  G06F21/87 ,  H04L9/40 ,  H04W12/041 ,  H04W12/50 ,  H04W12/63 ,  H04W4/80

CPC classification number: G06F21/55 ,  G06F21/606 ,  G06F21/87 ,  H04L63/14 ,  H04L63/20 ,  H04W12/041 ,  H04W12/50 ,  H04W12/63 ,  G06F2221/034 ,  H04L63/0435 ,  H04W4/80

Abstract: A portable terminal includes a security envelope, the envelope being able to capture a signal transmitted by a generator of the terminal (screen, loudspeaker, etc.), to convey this signal and to restore it at the level of a sensor of the terminal (camera, microphone), so as to be able to detect a breach of this envelope by alteration of the restored signal.

公开(公告)号：US20240333642A1

公开(公告)日：2024-10-03

申请号：US18194413

申请日：2023-03-31

Applicant: SCATR LLC

Inventor： John G. ANDREWS ,  Mikel Youssef AWAD ,  Matthew William CARPENTER ,  John P. KEYERLEBER

IPC: H04L45/74 ,  H04L9/40 ,  H04L45/24

CPC classification number: H04L45/74 ,  H04L45/24 ,  H04L45/245 ,  H04L63/0435 ,  H04L67/1019 ,  H04L67/145

Abstract: A secure data routing method and system are disclosed. Logical communication channels are established that each associate an IP address and a protocol port associated with a first computer system to an IP address and a protocol port associated with a second or third computer system. Some logical communication channels associated with the second computer system and some logical communication channels associated with the third computer system are associated with the same IP address and protocol port associated with the first computer system. Data packets are received and parsed to find tokens embedded in the headers. A first data packet embedding a first token is associated to a first source and is decrypted using a first decryption key associated with the first source. A second data packet embedding a second token is associated to a second source and is decrypted using a second decryption key associated with the second source.

公开(公告)号：US12107840B2

公开(公告)日：2024-10-01

申请号：US17833168

申请日：2022-06-06

Applicant: HYUNDAI MOTOR COMPANY ,  Kia Corporation

Inventor： Ho Jin Jung

IPC: H04L9/40 ,  G07C5/00 ,  H04L9/08

CPC classification number: H04L63/0435 ,  G07C5/008 ,  H04L9/0825 ,  H04L63/062 ,  H04L2209/84

Abstract: A vehicle control apparatus and a control method thereof are provided. A vehicle control apparatus includes a processor including a host core and a hardware security module (HSM) core. The processor generates a first private key and a first public key, receives a second public key from a diagnostic device, generates a shared key based on the first private key and the second public key, receives a security data transmission request from the diagnostic device, and encodes data based on the shared key and transmits the encoded data to the diagnostic device.

公开(公告)号：US12107834B2

公开(公告)日：2024-10-01

申请号：US17570363

申请日：2022-01-06

Applicant: VMware LLC

Inventor： Yong Wang ,  Awan Kumar Sharma ,  Sourabh Bhattacharya ,  Deepika Solanki ,  Sarthak Ray

IPC: G06F9/00 ,  H04L9/40 ,  H04L29/06 ,  H04L45/12 ,  H04L45/24 ,  H04L45/42 ,  H04L47/125

CPC classification number: H04L63/029 ,  H04L45/123 ,  H04L45/24 ,  H04L45/42 ,  H04L47/125 ,  H04L63/0435 ,  H04L63/20

Abstract: Some embodiments provide a method that collects metrics for one or more paths of a first tunnel implementing a first security association (SA) and for one or more paths of a second tunnel implementing a second SA. The method selects a path based on the collected metrics of the paths of the first and second tunnels. When the selected path belongs to the first tunnel, the method encrypts data transmitted as encrypted payload of the first SA and transmits the encrypted payload in the first tunnel. When the selected path belongs to the second tunnel, the method encrypts data to be transmitted as encrypted payload of the second SA and transmits the encrypted payload in the second tunnel.

公开(公告)号：US20240323189A1

公开(公告)日：2024-09-26

申请号：US18312263

申请日：2023-05-04

Applicant: Zscaler, Inc.

Inventor： Dejan Mihajlovic ,  Deepika Dwivedi ,  Anurag Raghuvanshi ,  Rakesh Adepu ,  Mithun A S ,  Sandip Davara ,  Abhijeet Malik ,  Kanti Varanasi ,  William Fehring ,  John A. Chanak ,  Sunil Menon

IPC: H04L9/40

CPC classification number: H04L63/10 ,  H04L63/0435 ,  H04L63/20

Abstract: Systems and methods for policy based seamless authentication for PRA systems through zero trust private networks. The various systems and methods described herein include steps of receiving a request to access a Privileged Remote Access (PRA) system; determining if any credential rules apply to a console associated with the request; retrieving credentials associated with any of a user and the console from a database, thereby avoiding the user being required to provide credentials; and providing access to the requested PRA system based on the retrieved credentials.

公开(公告)号：US20240314147A1

公开(公告)日：2024-09-19

申请号：US18672768

申请日：2024-05-23

Applicant: Wiz, Inc.

Inventor： Yarin MIRAN ,  Ami LUTTWAK ,  Roy REZNIK ,  Avihai BERKOVITZ ,  Moran COHEN ,  Yaniv SHAKED ,  Yaniv Joseph OLIVER

IPC: H04L9/40 ,  G06F9/50 ,  H04L67/1097

CPC classification number: H04L63/1416 ,  G06F9/505 ,  H04L63/0435 ,  H04L63/0823 ,  H04L63/1425 ,  H04L67/1097

Abstract: A method for scalable vulnerability detection is provided. The method includes selecting at least a workload of a plurality of workloads deployed in a first cloud environment for inspection, wherein the workload includes a first volume; generating in a remote cluster an inspection node, the inspection node including at least a first disk, wherein the remote cluster provisions inspection nodes in response to demand for inspection nodes; generating a persistent volume (PV) on which the at least a first disk is mounted, wherein the at least a first disk is generated from a snapshot of the first volume; and generating a persistent volume claim (PVC) of the PV for an inspector workload, wherein the inspector workload is configured to inspect the PV for an object, and wherein inspector workloads are provisioned in response to demand for inspector workloads.

公开(公告)号：US12095745B2

公开(公告)日：2024-09-17

申请号：US17493872

申请日：2021-10-05

Applicant: Inventronics GmbH

Inventor： Markus Jung ,  Bernhard Siessegger ,  Jiye Park ,  Prajosh Premdas

IPC: H04L29/06 ,  H04L9/40

CPC classification number: H04L63/0435 ,  H04L63/0442 ,  H04L63/166 ,  H04L63/20

Abstract: A computer network may include a Non-IP subnetwork with a frontend device, an IP subnetwork with a backend device, and a gateway connecting the Non-IP subnetwork with the IP subnetwork and translating communication therebetween. The communication for authentication and/or encryption between the backend device and the gateway is an IP communication based on an IP security protocol and a Non-IP communication between the gateway and the frontend device. A gateway is configured to provide a virtual IP communication endpoint dedicated to the frontend where a secure end-to-end communication may be established between the backend device and the frontend device. The Non-IP communication is applied to transmit a transcription of the request datagram to the frontend device. The frontend device is configured to generate a response datagram and to transmit a transcription of the response datagram to the gateway by applying the Non-IP communication.

公开(公告)号：US20240305607A1

公开(公告)日：2024-09-12

申请号：US18666254

申请日：2024-05-16

Applicant: UAB 360 IT

Inventor： Karolis Pabijanskas ,  Andžej Valcik ,  Ramunas Keliuotis

IPC: H04L9/40 ,  H04L9/08 ,  H04L9/32

CPC classification number: H04L63/0272 ,  H04L9/0869 ,  H04L9/32 ,  H04L63/0435 ,  H04L63/08 ,  H04L63/123

Abstract: The disclosure discloses a first server determining an encrypted authentication packet including (i) a crypted code field that indicates a type of the encryption authentication packet, (ii) a crypted payload field that includes an encrypted initial authentication packet, determined by utilizing a nonce, an encryption key, and an encryption algorithm, and (iii) a data length field that indicates a length of the encrypted authentication packet, the length including a sum of a length of the crypted code field, a length of the crypted payload field, and a length of the data length field. The method may also include transmitting, by the first server to a second server, the encrypted authentication packet to enable the first server and the second server to conduct an authentication process. Various other aspects are contemplated.