公开(公告)号：US20240356741A1

公开(公告)日：2024-10-24

申请号：US18304892

申请日：2023-04-21

Applicant: JPMORGAN CHASE BANK, N.A.

Inventor： Omar AMER ,  Charles LIM ,  Marco PISTOIA ,  Andrew LANG ,  Vas RAJAN ,  Kaushik CHAKRABORTY ,  Saqib MALIK

IPC: H04L9/08 ,  H04L9/40

CPC classification number: H04L9/0855 ,  H04L63/166

Abstract: Systems and methods for secure cryptographic secret distribution are disclosed. In one embodiment, a method for secure cryptographic secret distribution may include: (1) receiving, at a key relay station, a cryptographic secret from a webserver over a first communication network; (2) storing, by the key relay station, the cryptographic secret; (3) authenticating, by the key relay station, an end user via an end user electronic device; and (4) securely communicating, by the key relay station, the cryptographic secret to the end user electronic device. The end user electronic device is configured to store the cryptographic secret in secure storage on the end user electronic device, to encrypt data with the cryptographic secret, and to communicate the encrypted data to the webserver over a second communication network.

公开(公告)号：US20240333528A1

公开(公告)日：2024-10-03

申请号：US18194104

申请日：2023-03-31

Applicant: Dell Products L.P.

Inventor： Donna Barry Lewis ,  Abhidnya Sushant Joshi ,  Senthilkumar Ponnuswamy ,  Mahadev Karadigudda

IPC: H04L9/32 ,  H04L9/40

CPC classification number: H04L9/3268 ,  H04L63/0428 ,  H04L63/166

Abstract: Embodiments for securely exchanging Certificate Authority (CA) certificates inline and bi-directionally to make it easier for client-server transmissions to use certificate-based authentication. The client certificate is transferred securely through encryption with a pre-shared key based on certain parameters, and the server certificate is transferred securely through encryption with a pre-shared key based on the parameters. The process reduces the burden from applications to maintain and save the CA certificate. It also reduces the burden from server to maintain and save the CA certificate of the client so that server can select it to be used during authentication. This helps enable large scale deployments where the server can maintain the CA certificate and send it to client.

公开(公告)号：US12107855B2

公开(公告)日：2024-10-01

申请号：US17697843

申请日：2022-03-17

Applicant: Nile Global, Inc.

Inventor： Suresh Katukam ,  Promode Nedungadi ,  Avinash Kumar ,  Avoy Nanda

IPC: H04L9/40 ,  H04L61/103 ,  H04L61/5014

CPC classification number: H04L63/0876 ,  H04L61/103 ,  H04L61/5014 ,  H04L63/166 ,  H04L63/20

Abstract: Embodiments of a device and method are disclosed. In an embodiment, a method for network security involves determining whether a device connected to a network port of a switch of a network is a native device or a non-native device for the network and in response to determining whether the device is the native device or the non-native device for the network, performing native device authentication or non-native device authentication.

公开(公告)号：USRE50148E1

公开(公告)日：2024-09-24

申请号：US17085767

申请日：2020-10-30

Applicant: Cisco Technology, Inc.

Inventor： Atif Khan ,  Syed Khalid Raza ,  Nehal Bhau ,  Himanshu H. Shah

IPC: H04L29/06 ,  H04L9/40 ,  H04L12/701 ,  H04L12/715 ,  H04L12/751 ,  H04L45/00 ,  H04L45/02 ,  H04L45/64 ,  H04L12/28

CPC classification number: H04L63/0209 ,  H04L45/00 ,  H04L45/02 ,  H04L45/64 ,  H04L63/0272 ,  H04L63/205 ,  H04L12/2854 ,  H04L63/166

Abstract: A method for creating a secure network is provided. The method comprises establishing an overlay domain to control routing between overlay edge routers based on an underlying transport network, wherein said establishing comprises running an overlay management protocol to exchange information within the overlay domain; in accordance with the overlay management protocol defining service routes that exist exclusively within the overlay domain wherein each overlay route includes information on at least service availability within the overlay domain; and selectively using the service routes to control routing between the overlay edge routers; wherein the said routing is through the underlying transport network in a manner in which said overlay routes is shared with the overlay edge routers but not with the underlying transport network via the overlay management protocol.

公开(公告)号：US12101630B2

公开(公告)日：2024-09-24

申请号：US17634950

申请日：2019-08-18

Applicant: Apple Inc.

Inventor： Xiangying Yang ,  Jean-Marc Padova ,  Li Li ,  Shu Guo

IPC: G06F7/04 ,  H04L9/32 ,  H04W8/20 ,  H04W12/041 ,  H04W12/0431 ,  H04W12/069 ,  H04L9/40

CPC classification number: H04W12/069 ,  H04L9/3247 ,  H04L9/3263 ,  H04W8/205 ,  H04W12/041 ,  H04W12/0431 ,  H04L63/166 ,  H04L2209/80

Abstract: This application sets forth techniques for authenticating a mobile device with a cellular wireless network without electronic Subscriber Identity Module (eSIM) credentials by using an Extensible Authentication Protocol Transport Layer Security (EAP-TLS) procedure. The mobile device authenticates with an Authentication Server Function (AUSF) of the cellular wireless network using an embedded Universal Integrated Circuit Card (eUICC) certificate. Processing circuitry of the mobile wireless device external to the eUICC implements the EAP-TLS procedure and authenticates validity of the AUSF. In some embodiments, the eUICC provides key generation and storage for a session key for communication between the mobile device and the cellular wireless network. In some embodiments, a third-party managed Unified Data Management (UDM) broker authenticates the mobile device based on knowledge of the eUICC certificate and provides a session key to the cellular wireless network for subsequent communication with the mobile device, upon successful authentication of the mobile device.

公开(公告)号：US12101629B2

公开(公告)日：2024-09-24

申请号：US17627257

申请日：2019-09-03

Applicant: Telefonaktiebolaget LM Ericsson (publ)

Inventor： Pablo Martinez De La Cruz ,  Francisco Javier Garcia Garcia

IPC: G06F7/04 ,  G06F15/16 ,  H04L9/40 ,  H04L29/06 ,  H04W12/04 ,  H04W12/069 ,  H04W12/30 ,  H04W12/69

CPC classification number: H04W12/069 ,  H04L63/166 ,  H04W12/04 ,  H04W12/30 ,  H04W12/69

Abstract: A network repository function, NRF, in a core network domain of a mobile communication network is provided, wherein the NRF is configured to register network function, NF, profiles for NF discovery, and wherein NF certificates have been issued to the NFs, each NF certificate including a public key of the respective NF and at least one signature of at least one certification authority, CA. The NRF is configured to receive, from a registering NF having an NF certificate, profile information comprising an NF identity of the registering NF, an NF type of the registering NF, and at least one CA certificate of at least one CA that signed the NF certificate issued to the registering NF. The NRF is further configured to store the received profile information in a repository.

公开(公告)号：US12101338B2

公开(公告)日：2024-09-24

申请号：US16435337

申请日：2019-06-07

Applicant: NVIDIA Corporation

Inventor： Mark Overby ,  Rick Dingle ,  Nicola Di Miscio ,  Varadharajan Kannan ,  Yong Zhang ,  Francesco Saracino

IPC: H04L29/06 ,  G06F9/455 ,  G06F13/40 ,  G06N20/00 ,  H04L9/32 ,  H04L9/40 ,  H04L12/40 ,  H04L47/24 ,  H04L61/2585 ,  G06F21/60 ,  H04L9/00 ,  H04L67/12

CPC classification number: H04L63/1416 ,  G06F9/45558 ,  G06F13/4068 ,  G06N20/00 ,  H04L9/3265 ,  H04L12/40 ,  H04L12/40013 ,  H04L47/24 ,  H04L61/2585 ,  H04L63/1425 ,  H04L63/1441 ,  G06F2009/45587 ,  G06F2009/45595 ,  G06F21/602 ,  H04L9/50 ,  H04L2012/40215 ,  H04L2012/40273 ,  H04L63/1458 ,  H04L63/166 ,  H04L67/12

Abstract: Various approaches are disclosed for protecting vehicle buses from cyber-attacks. Disclosed approaches provide for an embedded system having a hypervisor that provides a virtualized environment supporting any number of guest OSes. The virtualized environment may include a security engine on an internal communication channel between the guest OS and an external vehicle bus of a vehicle to analyze network traffic to protect the guest OS from other guest OSes or other network components, and to protect those network components from the guest OS. Each guest OS may have its own security engine customized for the guest OS to account for what is typical or expected traffic for the guest OS (e.g., using machine learning, anomaly detection, etc.). Also disclosed are approaches for corrupting a message being transmitted on a vehicle bus to prevent devices from acting on the message.

公开(公告)号：US20240291744A1

公开(公告)日：2024-08-29

申请号：US18654801

申请日：2024-05-03

Applicant: Zscaler, Inc.

Inventor： Pankaj Chhabra

IPC: H04L43/10 ,  H04L9/40

CPC classification number: H04L43/10 ,  H04L63/1408 ,  H04L63/166

Abstract: Techniques for optimized tracing in IPV6 environments include sending a plurality of trace packets between a client and a destination in a service path; responsive to receiving a response from the plurality of trace packets, extracting trace information therefrom; and determining a corresponding router associated with each of the responses based on the trace information.

公开(公告)号：US12069091B2

公开(公告)日：2024-08-20

申请号：US17882460

申请日：2022-08-05

Applicant: McAfee, LLC

Inventor： Shashi KIran N

IPC: H04L9/40 ,  G06F16/955 ,  G06N20/00

CPC classification number: H04L63/1483 ,  G06F16/955 ,  G06N20/00 ,  H04L63/1416 ,  H04L63/1433 ,  H04L63/166

Abstract: There is disclosed in one example a computing apparatus, including: a processor and a memory; a network interface; and instructions encoded within the memory to instruct the processor to: receive a uniform resource locator (URL) for analysis, the URL to access a web page via a remote server; via the network interface, retrieve from the remote server a copy of the web page; render the web page in a headless browser to provide a computer-accessible visual output; perform visual analysis of the visual output via a digital eye; compare the visual analysis to a plurality of known phishing target websites; and if the comparison identifies the web page as visually similar to a known phishing target website, detect the web page as a phishing web page.

公开(公告)号：US12058143B2

公开(公告)日：2024-08-06

申请号：US17665735

申请日：2022-02-07

Applicant: Tsinghua University

Inventor： Ke Xu ,  Fan Yang ,  Bo Wu ,  Qi Li ,  Jianping Wu

IPC: H04L9/40 ,  H04L9/08 ,  H04L9/32

CPC classification number: H04L63/12 ,  H04L63/0435 ,  H04L63/08 ,  H04L63/166 ,  H04L63/20 ,  H04L9/0869 ,  H04L9/3239 ,  H04L9/3271 ,  H04L63/0442

Abstract: A dynamic path verification method based on reorganization of authentication fragments is proposed. The method includes: sending an initial expected path verification structure to a data packet sending end via a guarantee service node, and sending notification information to the respective routing nodes on an initial expected path; after updating the initial expected path to a new expected path, inserting the new expected path verification structure into a subsequent data packet to be sent, verifying the data packet by other nodes except a migration node, and sending the subsequent data packet to be sent to a next hop of routing node; performing the parsing verification on the received data packet by the migration node.