公开(公告)号：US12238185B2

公开(公告)日：2025-02-25

申请号：US18066235

申请日：2022-12-14

Applicant: Microsoft Technology Licensing, LLC

Inventor： George Kim ,  Christian Cypress Chung ,  Vivek Sanjeev Tejwani ,  Sorabh Kumar Gandhi ,  Abhishek Pathak

IPC: H04L67/51 ,  G06F9/455 ,  G06F15/16 ,  G06F21/57 ,  G06F21/60 ,  H04L9/32 ,  H04L15/16 ,  H04L61/4511

Abstract: A distributed computing system is provided, and configured to execute a domain name service (DNS) log analyzer configured to identify a dependency of a first service executed on a first VM at a first server, on a second service executed on a second VM at a second server, via one or more DNS logs of a DNS server. The system is further configured to execute an authentication log analyzer configured to identify a dependency of the first service on a third service executed at a third server, via the one or more token authentication logs of an authentication server. The system is further configured to execute a dependency map generator configured to generate a service-to-service dependency map including the dependency between the first service and the second service, and the dependency between the first service and third service.

公开(公告)号：US12238125B2

公开(公告)日：2025-02-25

申请号：US16846968

申请日：2020-04-13

Applicant: RADWARE, LTD.

Inventor： Sharon Shitrit-Efergan ,  Eyal Rundstein

IPC: H04L29/06 ,  H04L9/40 ,  H04L61/4511

Abstract: A method and system for detecting domain name system (DNS) recursive cyber-attacks are presented. The system includes learning a plurality of baselines of at least rates and rate invariants of DNS features; monitoring DNS traffic directed to and from a DNS resolver, wherein the DNS resolver is communicatively connected between at least one client and at least one name server; analyzing the monitored DNS traffic using at least one detection function to detect an anomaly based in part on at least one baseline of the plurality of learnt baselines; and upon detection of at least one anomaly, performing at least one mitigation action to filter out incoming DNS queries to a domain name under attack.

公开(公告)号：US12231391B1

公开(公告)日：2025-02-18

申请号：US18788290

申请日：2024-07-30

Applicant: FUZHOU UNIVERSITY

Inventor： Daoye Zhu

IPC: G06F15/173 ,  H04L61/4511 ,  H04L69/329

Abstract: The provided is a method for constructing a geospatial grid region name interoperability protocol system. The method constructs the geospatial grid region name interoperability protocol system from four layers: a subdivision layer, a management layer, an association layer, and an application layer, specifically including a grid subdivision sub-protocol, a grid coding sub-protocol, a geospatial grid region name organization sub-protocol, a geospatial grid region name mapping sub-protocol, a geospatial grid region naming authorization sub-protocol, a geospatial grid region name-based code conversion sub-protocol, a geospatial grid region name interoperability sub-protocol, a geospatial grid region name registration sub-protocol, a geospatial grid region name resolution sub-protocol, etc., thereby achieving registration and resolution of a geospatial grid region name and mutual association and spatial interoperability of ubiquitous location information based on the geospatial grid region name.

公开(公告)号：US12224936B2

公开(公告)日：2025-02-11

申请号：US18341907

申请日：2023-06-27

Applicant: Comcast Cable Communications, LLC

Inventor： John Jason Brzozowski ,  Joseph Pryszlak

IPC: H04L45/741 ,  H04L45/00 ,  H04L45/745 ,  H04L49/00 ,  H04L61/251 ,  H04L61/2557 ,  H04L61/2575 ,  H04L61/4511 ,  H04L69/08 ,  H04L69/16 ,  H04L61/5076

Abstract: Some aspects of the methods and systems presented relate to performing stateless address translation between IPv4 capable devices to IPv6 capable networks and devices. Stateless address translation may form a new IPv6 addresses by combining the IPv4 address of a device with an IPv6 prefix address assigned to the translator. The translation may also combine the IPv4 destination address and UDP port information with the new IPv6 address. Existing Domain Name Systems (DNSs) may be leveraged for resolving the IPv4 and IPv6 addresses across different networks.

公开(公告)号：US20250047759A1

公开(公告)日：2025-02-06

申请号：US18924470

申请日：2024-10-23

Applicant: Cisco Technology, Inc.

Inventor： Vincent E. Parla ,  Kyle Andrew Donald Mestery

IPC: H04L67/561 ,  H04L9/40 ,  H04L12/46 ,  H04L45/00 ,  H04L45/42 ,  H04L61/103 ,  H04L61/4511 ,  H04L67/02 ,  H04L67/101 ,  H04L67/1012 ,  H04L67/141 ,  H04L67/562

Abstract: Techniques for leveraging the MASQUE protocol to provide remote clients with full application access to private enterprise resources are described herein. One or more network nodes may be configured to execute a MASQUE proxy service to provide a remote client device with full access to an enterprise/private application resource executing on an application node and hosted in an enterprise/application network, behind the MASQUE proxy service. In some examples, the MASQUE proxy service may execute on a single proxy node hosted at an edge of a cloud network or at an edge of an enterprise network. Additionally, or alternatively, a first instance of the MASQUE proxy service may execute on a first proxy node hosted at an edge of a cloud network (e.g., an ingress proxy node) and a second instance of the MASQUE proxy service may execute on a second proxy node hosted at an edge of the enterprise network.

公开(公告)号：US12218907B2

公开(公告)日：2025-02-04

申请号：US18206884

申请日：2023-06-07

Applicant: Capital One Services, LLC

Inventor： Rahul Parikh ,  Sugavaneswaran Selvaraj ,  Vijayalakshmi Narasimha Raju Kalidindi

IPC: H04L61/50 ,  H04L61/4511 ,  H04L101/668

Abstract: A method, apparatus, and computer-readable medium are described that gather information from subnets of a virtual private cloud, compare the information of the subnets to criteria of components of a service, and identify selected subnets that comport with the criteria. The subnets may be associated with different availability zones. The selection of any subnet may affect the subnets available for the next selection. The process may dynamically adjust for previous subnet selections and may be available as a service. Based on a call to the service with criteria of the components, the service may request information regarding the subnets and return an identified list of subnets for the components. The process may accommodate services during development stages and during deployment stages and/or account for primary and secondary subnet assignments. By dynamically adjusting the available subnets, delays in subnet selection and subsequent deployment may be reduced.

公开(公告)号：US12218776B2

公开(公告)日：2025-02-04

申请号：US17672844

申请日：2022-02-16

Applicant: BRIGHT DATA LTD.

Inventor： Derry Shribman ,  Ofer Vilenski

IPC: H04L67/02 ,  G06F7/58 ,  G06F8/71 ,  G06F9/455 ,  G06F9/48 ,  G06F16/955 ,  H04L9/40 ,  H04L12/28 ,  H04L12/46 ,  H04L47/283 ,  H04L61/256 ,  H04L61/2575 ,  H04L61/2585 ,  H04L61/2589 ,  H04L61/2592 ,  H04L61/4511 ,  H04L61/5007 ,  H04L67/01 ,  H04L67/025 ,  H04L67/133 ,  H04L67/141 ,  H04L67/142 ,  H04L67/288 ,  H04L67/2885 ,  H04L67/56 ,  H04L67/563 ,  H04L67/568 ,  H04L67/5681 ,  H04L67/63 ,  H04L69/16 ,  H04L69/167 ,  H04L69/168 ,  H04W4/80 ,  H04W48/18 ,  H04W84/10 ,  H04W84/18 ,  H04L101/69

Abstract: A method for fetching a content from a web server to a client device is disclosed, using tunnel devices serving as intermediate devices. The tunnel device is selected based on an attribute, such as IP Geolocation. A tunnel bank server stores a list of available tunnels that may be used, associated with values of various attribute types. The tunnel devices initiate communication with the tunnel bank server, and stays connected to it, for allowing a communication session initiated by the tunnel bank server. Upon receiving a request from a client to a content and for specific attribute types and values, a tunnel is selected by the tunnel bank server, and is used as a tunnel for retrieving the required content from the web server, using standard protocol such as SOCKS, WebSocket or HTTP Proxy. The client only communicates with a super proxy server that manages the content fetching scheme.

公开(公告)号：US20250030658A1

公开(公告)日：2025-01-23

申请号：US18908676

申请日：2024-10-07

Applicant: TENCENT TECHNOLOGY (SHENZHEN) COMPANY LIMITED

Inventor： Yong YANG

IPC: H04L61/4511 ,  H04L61/5007

Abstract: This application discloses a domain name query method and apparatus, a device, and a storage medium, and relates to the field of mobile communications. The method includes receiving a domain name system (DNS) query request from a terminal device, the DNS query request comprising a domain name; determining, based on cached data of a user plane function (UPF), an Internet protocol (IP) address corresponding to the domain name; and transmitting a DNS response to the terminal device, the DNS response comprising the IP address corresponding to the domain name.

公开(公告)号：US20250023786A1

公开(公告)日：2025-01-16

申请号：US18904768

申请日：2024-10-02

Applicant: Sonatus, Inc.

Inventor： Yu Fang ,  Yixiang Chen ,  Xuanran Zong

IPC: H04L41/0893 ,  G07C5/00 ,  H04L9/40 ,  H04L12/40 ,  H04L41/28 ,  H04L43/0876 ,  H04L47/20 ,  H04L61/3015 ,  H04L61/4511 ,  H04W4/40

Abstract: A system and method including a vehicle having a first network zone and a second network zone of a different type than the first network zone; a converged network device (CND) interposed between the first network zone and the second network zone, the CND including a policy manager circuit structured to interpret a policy comprising a network regulation description; a configuration circuit structured to configure a first network interface circuit in response to the network regulation description; and where the first network interface circuit is structured to regulate communications between end points of the first network zone and end points of the second network zone.

公开(公告)号：US12200812B2

公开(公告)日：2025-01-14

申请号：US18541645

申请日：2023-12-15

Applicant: Telefonaktiebolaget LM Ericsson (publ)

Inventor： Noamen Ben Henda ,  Juha Kujanen

IPC: H04W8/02 ,  H04L9/40 ,  H04L61/4511 ,  H04W48/16 ,  H04W84/04 ,  H04W88/16

Abstract: A method by a first security edge protection proxy (SEPP) for security edge protection of messages being communicated between first and second communications networks of a communications system. The method receives, from a first network function of the first communications network, a first message containing an address identifying a second network function which is located in the second communications network. The method receives, from a second SEPP operating to protect communications with the second communications network, a second message containing a fully qualified domain name, FQDN, reference for a combination of the second SEPP and the second network function. The method stores the FQDN reference for the combination of the second SEPP and second network function in a label-to-FQDN mapping data structure with a logical association to a substitute locally-unique label, and sends a third message containing the substitute locally-unique label to the first network function.