A method in a virtual private network (VPN) environment is disclosed. A user device transmits, to a VPN server before establishment of a VPN connection between the user device and the VPN server, an initiation request to establish the VPN connection. The initiation request includes remote content information indicating remote content that is unavailable in a geographic location of the user device. The user device receives, from the VPN server after establishment of the VPN connection, the remote content based at least in part on a configuration of domain name services (DNS) settings associated with the VPN connection to utilize a remote DNS server that is capable of obtaining the remote content. Various other aspects are contemplated.
H04L 61/4511 - Répertoires de réseauCorrespondance nom-adresse en utilisant des répertoires normalisésRépertoires de réseauCorrespondance nom-adresse en utilisant des protocoles normalisés d'accès aux répertoires en utilisant le système de noms de domaine [DNS]
2.
VPN SERVER SELECTION BASED ON INTENDED NETWORK USAGE
A request for a virtual private network (VPN) server is received at a central server from a user device. The request includes an intended network usage. A list of VPN servers is transmitted to the user device. Network test results that include network statistics measured between the user device and the VPN servers of the list of VPN servers are received from the user device. VPN server scores for the VPN servers are updated based on the network test results, the intended network usage, and at least one network condition associated with the intended network usage. An updated list of VPN servers ordered based on the updated VPN server scores is generated. The updated list of VPN servers is transmitted to the user device.
A VPN service assigns a first private IP address for a VPN concentrator and a second private IP address for a user device. Packets originating from the user device are modified by translating the second private IP address to a unique private IP address managed by the VPN concentrator, and translating the unique private IP address to a public IP address of the VPN concentrator. VPN session data, including the unique private IP address and an identifier associated with the user device, is registered in a peer hashtable. Inbound packets received from an external network are modified by translating the public IP address to the unique private IP address using the stored VPN session data, and then translating the unique private IP address to the second private IP address associated with the user device. The modified inbound packets are sent to the user device.
H04L 9/30 - Clé publique, c.-à-d. l'algorithme de chiffrement étant impossible à inverser par ordinateur et les clés de chiffrement des utilisateurs n'exigeant pas le secret
H04L 45/7453 - Recherche de table d'adressesFiltrage d'adresses en utilisant le hachage
H04L 61/2539 - Traduction d'adresses de protocole Internet [IP] en masquant les adressesTraduction d'adresses de protocole Internet [IP] en gardant les adresses anonymes
H04L 61/2592 - Traduction d'adresses de protocole Internet [IP] en utilisant la tunnelisation ou l'encapsulation
4.
SYSTEM AND METHOD FOR DECENTRALIZED INTERNET TRAFFIC FILTERING POLICY REPORTING
A system and method to filter potentially unwanted traffic from trackers, third-party cookies, malicious websites or other sources and present the aggregated results of said filtering to the VPN user. One of the embodiments enables a VPN user to opt-in or opt-out from the filtering activities while being able to access the aggregated information about filtering. In another embodiment, the user can choose to customize the filtering parameters to add or remove specific targets from the filtering policies.
H04L 61/4511 - Répertoires de réseauCorrespondance nom-adresse en utilisant des répertoires normalisésRépertoires de réseauCorrespondance nom-adresse en utilisant des protocoles normalisés d'accès aux répertoires en utilisant le système de noms de domaine [DNS]
A method including configuring a user device to receive encrypted content and an encrypted assigned private key associated with the encrypted content; configuring the user device to decrypt the encrypted assigned private key based on utilizing a master key to determine a decrypted assigned private key; configuring the user device to determine a combination decryption key based on utilizing the decrypted assigned private key and an access public key associated with the encrypted content; configuring the user device to decrypt an encrypted access private key associated with the access public key to determine a decrypted access private key; and configuring the user device to decrypt the encrypted content based on utilizing the decrypted access private key is disclosed. Various other aspects are contemplated.
H04L 9/30 - Clé publique, c.-à-d. l'algorithme de chiffrement étant impossible à inverser par ordinateur et les clés de chiffrement des utilisateurs n'exigeant pas le secret
H04L 9/06 - Dispositions pour les communications secrètes ou protégéesProtocoles réseaux de sécurité l'appareil de chiffrement utilisant des registres à décalage ou des mémoires pour le codage par blocs, p. ex. système DES
H04L 9/14 - Dispositions pour les communications secrètes ou protégéesProtocoles réseaux de sécurité utilisant plusieurs clés ou algorithmes
An intermediary between a client and a target receives response data from the target based on a first request from the client to the target. The intermediary includes in the response data an endpoint interpretable by the client as being available at the target. The intermediary receives a second request from the client directed to the target at the endpoint. The intermediary processes the second request directed to the target without forwarding the second request to the target.
H04L 67/568 - Stockage temporaire des données à un stade intermédiaire, p. ex. par mise en antémémoire
H04L 67/02 - Protocoles basés sur la technologie du Web, p. ex. protocole de transfert hypertexte [HTTP]
H04L 67/63 - Ordonnancement ou organisation du service des demandes d'application, p. ex. demandes de transmission de données d'application en utilisant l'analyse et l'optimisation des ressources réseau requises en acheminant une demande de service en fonction du contenu ou du contexte de la demande
7.
IDENTITY-BASED DISTRIBUTED CLOUD FIREWALL FOR ACCESS AND NETWORK SEGMENTATION
According to some embodiments, a method of controlling access to network resources includes: receiving an authentication request from a user device to a core security service; if the user is authenticated, authorizing the user device to connect to a private cloud, and connecting the user device with the private cloud and retrieving user-specific segmented firewall rules stored in the private cloud; routing, through the firewall rules, a request by the user device to access an outer resource; evaluating the request against the firewall rules; if the request meets the firewall rules, routing the request through security measures of the firewall; and if the request does not meet the firewall rules, denying the user device access to the outer resource.
A method for configuring a VPN server to receive a first data request to retrieve first data of interest from a first host device; configuring the VPN server to utilize a first exit IP address to transmit a first query for retrieving the first data of interest from the first host device; configuring the VPN server to determine, based on transmitting the first query, that the first exit IP address is blocked by the first host device; configuring the VPN server to suspend, based on determining that the first exit IP address is blocked, utilization of the first exit IP address for retrieving the first data of interest from the first host device; and configuring the VPN server to utilize the first exit IP address to transmit a second query for retrieving second data of interest from a second host device is disclosed. Various other aspects are contemplated.
A computing device receives, based on a request to connect to a virtual private network (VPN), a signal that the computing device has been connected to the VPN. The computing device receives handshake data from a server of the VPN. The computing device determines that a threshold time period has passed since a latest-in-time handshake notification of the handshake data, wherein the threshold time period is determined according to a schedule selected based on a connection status between the computing device and the VPN. The computing device provides, based on determining that the threshold time period has passed since the latest-in-time handshake notification of the handshake data, an indicator that the computing device is no longer connected to the VPN.
H04L 61/5007 - Adresses de protocole Internet [IP]
H04L 67/145 - Interruption ou inactivation de sessions, p. ex. fin de session contrôlée par un événement en évitant la fin de session, p. ex. maintien en vie, battements de cœur, message de reprise ou réveil pour une session inactive ou interrompue
The present disclosure discloses an infrastructure device that configures a user device to: receive a trained machine learning (ML) model to enable the user device to determine a given type of input information to be auto-fill in an observed field portion in an observed network element; analyze an observed source code associated with the observed network element to determine an observed characteristic associated with the observed field portion that is configured to accept the given type of input information; calculate an observed signature associated with the observed field portion based on the observed characteristic; utilize the trained ML model to evaluate the observed signature to determine the given type of input information; and to auto-fill, in the observed field portion, input information in accordance with the given type of input information. Various other aspects are contemplated.
The present disclosure discloses configuring a device to determine an assigned public key and an assigned private key; configuring the device to determine a content access public key and a content access private key; configuring the device to determine, for a folder, a folder access public key and a folder access private key; configuring the device to encrypt the content access private key by utilizing the assigned public key; configuring the device to encrypt the content access private key by utilizing the folder access public key; configuring the device to transmit the encrypted content, the first encrypted content access private key, and the second encrypted content access private key to a server for storage; and configuring the device to access, from the server, the encrypted content by decrypting the first encrypted content access private key or by decrypting the second encrypted content access private key. Various other aspects are contemplated.
G06F 3/06 - Entrée numérique à partir de, ou sortie numérique vers des supports d'enregistrement
G06F 21/62 - Protection de l’accès à des données via une plate-forme, p. ex. par clés ou règles de contrôle de l’accès
H04L 9/14 - Dispositions pour les communications secrètes ou protégéesProtocoles réseaux de sécurité utilisant plusieurs clés ou algorithmes
H04L 9/30 - Clé publique, c.-à-d. l'algorithme de chiffrement étant impossible à inverser par ordinateur et les clés de chiffrement des utilisateurs n'exigeant pas le secret
H04L 67/06 - Protocoles spécialement adaptés au transfert de fichiers, p. ex. protocole de transfert de fichier [FTP]
H04L 67/1097 - Protocoles dans lesquels une application est distribuée parmi les nœuds du réseau pour le stockage distribué de données dans des réseaux, p. ex. dispositions de transport pour le système de fichiers réseau [NFS], réseaux de stockage [SAN] ou stockage en réseau [NAS]
12.
IDENTIFYING VIRTUAL PRIVATE NETWORK SERVERS FOR USER DEVICES
An Internet Service Provider (ISP) of a user device is identified. At least one VPN server of available VPN servers is identified based on data indicative of respective histories of successful connections from devices in a location of the user device to the available VPN servers via the ISP, The at least one VPN server is then transmitted to the user device.
A method including receiving, by a manager device from an infrastructure device, seed information including unique information associated with manager device to enable the manager device to determine authorization information; determining, by the manager device, the authorization information based at least in part on utilizing the unique information; transmitting, by the manager device to the infrastructure device, a manager request related to an action to be performed regarding the network services, the manager request being signed based at least in part on utilizing a portion of the authorization information; and performing, by the manager device based at least in part on authorization of the manager request by the infrastructure device, the action regarding the network services is disclosed. Various other aspects are contemplated.
H04L 41/28 - Restriction de l’accès aux systèmes ou aux fonctions de gestion de réseau, p. ex. en utilisant la fonction d’autorisation pour accéder à la configuration du réseau
H04L 9/32 - Dispositions pour les communications secrètes ou protégéesProtocoles réseaux de sécurité comprenant des moyens pour vérifier l'identité ou l'autorisation d'un utilisateur du système
A method including storing, by a virtual private network (VPN) server, an initial operating system in a memory associated with the VPN server; transmitting, by the VPN server while executing the initial operating system, a request to obtain a VPN operating system to enable the VPN server to provide VPN services; receiving, by the VPN server based at least in part on transmitting the request, the VPN operating system; storing, by the VPN server, the VPN operating system in the memory associated with the VPN server; and executing, by the VPN server, the VPN operating system to provide the VPN services based at least in part on storing the VPN operating system is disclosed. Various other aspects are contemplated.
Systems and methods for decompiling binary code or executables are provided herein. In some embodiments, a method of training a machine learning algorithm for decompiling binary code into readable source code includes collecting a data set of source code and at least one element associated with the source code; providing binary code using the data set; training a model configured to decompile the binary code into source code using the data set by: decompiling the collected binary code into intermediate source code; comparing the source code in the data set with the intermediate source code; and updating the model and repeating the training if the source code in the data set differs from the intermediate source code by more than a threshold amount.
Domain name system (DNS) configuration during virtual private network (VPN) connection includes, by a VPN entry server, receiving from a client device, via a VPN tunnel between the entry server and the client device, a first request for first content that identifies a first external source for the first content, receiving, from an operative DNS server configured for the tunnel, an Internet Protocol (IP) address of a first VPN system exit server, in response to determining that the first content is unavailable via the first system exit server, identifying a second DNS server, such that a second VPN system exit server for obtaining the first content is available using the second DNS server, obtaining, from the second system exit server, the first content, wherein the second system exit server obtained the first content from the first external source, and transmitting, to the client device, via the tunnel, the first content.
H04L 61/4511 - Répertoires de réseauCorrespondance nom-adresse en utilisant des répertoires normalisésRépertoires de réseauCorrespondance nom-adresse en utilisant des protocoles normalisés d'accès aux répertoires en utilisant le système de noms de domaine [DNS]
Disclosed herein are an exemplary system and method for recurring VPN connections. The exemplary system and method are used for detecting the situations in which a user device is not able to establish VPN, detecting the situations in which the user device with active VPN connections is/are not able to reach resources on a network. The exemplary system and method also provide user device protected data transmission without data leakage during attempts at recurring VPN connections. The exemplary system and method include retry flow strategies, along with in-application enabled user decisions, and user-specific dataset flows.
The present disclosure discloses configuring a user device to receive an invitation link to enable the user device to receive network services from an infrastructure device; configuring the user device to receive, based on the user device activating the invitation link, seed information to be utilized by the user device to determine authentication information; configuring the user device to transmit, during an active communication session and based on determining the authentication information, a user request related to an action to be performed regarding receiving the network services, a portion of the user request being signed based on utilizing a first portion of the authentication information; and configuring the user device to perform the action regarding receiving the network services based on a verification that the communication session is currently active. Various other aspects are contemplated.
The present disclosure discloses detecting, by a user device, an attempt by an installed application to access a service to be provided by a service provider to the user device; determining, by the user device based at least in part on detecting the attempt, a first authentication factor based at least in part on decrypting encrypted first factor authentication information; determining, by the user device, a second authentication factor based at least in part on enabling decryption of encrypted second factor authentication information; and enabling, by the user device, authentication with the service provider based at least in part on utilizing the first authentication factor and the second authentication factor. Various other aspects are contemplated.
A validation software obtains a session datum from a request initiating at a device. The validation software hashes the session datum to obtain a hashed session datum. The validation software transmits a validation request that includes a portion of the hashed session datum to a validation server. The portion of the hashed session datum may have a length that is less than a length of the hashed session datum. The validation software determines, and based on a response received from the validation server, that the session datum is likely compromised. In response to determining that the session datum is likely compromised, a notification is output at the device.
The present disclosure is directed to a stateless system to enable data breach lookup. The stateless system may include an infrastructure device and a user device. In some aspects, the infrastructure device and the user device may determine whether the private data associated with the user device has been compromised due to a breach. The infrastructure device and/or the user device may utilize a critical combination of one or more of fast hashing algorithms, slow hashing algorithms, secret keys, and salt values to conduct the data breach lookup. In this way, the data breach lookup may be conducted without the user device communicating the private data externally. Various other aspects are contemplated.
A system for URL filtering includes a processor and a memory having stored therein at least programs or instructions executable by the processor to cause the system to filter a received URL by comparing the URL to a blocklist to predict if a resource associated with the URL is malicious, if the URL does not match a URL on the blocklist, filter the URL by applying an ML algorithm to predict whether a resource associated with the URL is malicious, if the resource is not malicious, filter the URL by comparing a visual feature of a resource with a respective visual feature of known non-malicious webpages to identify similarities and/or differences to determine if a resource is malicious, and if the resource is malicious, generate and transmit a URL filter determination that the resource associated with the URL is malicious and update the blocklist to include the URL.
A method including transmitting, by virtual private network (VPN) server to an infrastructure device while executing a primary VPN operating system, a request for a custom parameter file to enable the VPN server to provide VPN services; authenticating, by the infrastructure device, the VPN server as an authorized recipient of the custom parameter file; transmitting, by the infrastructure device to the VPN server, the custom parameter file based at least in part on authenticating the VPN server as the authorized recipient of the custom parameter file; and configuring, by the VPN server, the primary VPN operating system to utilize the custom parameter file to enable the VPN server to provide the VPN services is disclosed. Various other aspects are contemplated.
A method including receiving, by a first device from a second device in a mesh network, connection information indicating a DNS server associated with a LAN to which the second device is connected; transmitting, by the first device to the DNS server based on the connection information, a query to receive a subnet IP address assigned to a LAN device; receiving, by the first device from the DNS server, the subnet IP address assigned to the LAN device; determining, by the first device based on receiving the subnet IP address from the DNS server, that the LAN device is connected to the LAN; and transmitting, by the first device to the second device, a meshnet packet including data to be transmitted by the second device to the LAN device based on the subnet IP address assigned to the LAN device is disclosed. Various other aspects are contemplated.
A method including configuring a first device to receive, from a second device in a mesh network, connection information indicating a DNS server associated with a LAN to which the second device is connected; configuring the first device to transmit, to the DNS server, a query to receive a subnet IP address assigned to a LAN device; configuring the first device to receive, from the DNS server based on transmitting the query, the subnet IP address assigned to the LAN device; configuring the first device to determine, based on receiving the subnet IP address from the DNS server, that the LAN device is connected to the LAN; and configuring the first device to transmit, to the second device, a meshnet packet including data to be transmitted by the second device to the LAN device based on utilizing the subnet IP address is disclosed. Various other aspects are contemplated.
A method in a mesh network including configuring a first device to transmit, to a third-party application installed on the first device, an association between a second device and a unique identifier that identifies the second device; configuring the first device to receive, from the third-party application, a query for a meshnet IP address assigned to the second device, the query including the unique identifier; configuring the first device to transmit, to the third-party application based on receiving the query, the meshnet IP address assigned to the second device; configuring the first device to receive, from the third-party application based on transmitting the meshnet IP address, a communication packet to be transmitted to the second device, the communication packet indicating the meshnet IP address as a destination address; and configuring the first device to transmit the communication packet to the second device is disclosed. Various other aspects are contemplated.
H04L 61/4511 - Répertoires de réseauCorrespondance nom-adresse en utilisant des répertoires normalisésRépertoires de réseauCorrespondance nom-adresse en utilisant des protocoles normalisés d'accès aux répertoires en utilisant le système de noms de domaine [DNS]
H04L 67/53 - Services réseau en utilisant des fournisseurs tiers de services
A user device to receive, from an infrastructure device, a trained machine learning (ML) model to enable the user device to determine a given type of input information to be auto-fill in an observed field portion in an observed network element; analyze an observed source code associated with the observed network element to determine an observed characteristic associated with the observed field portion that is configured to accept the given type of input information; calculate an observed signature associated with the observed field portion based at least in part on the observed characteristic; utilize the trained ML model to evaluate the observed signature to determine the given type of input information; and auto-fill, in the observed field portion, input information in accordance with the given type of input information is disclosed. Various other aspects are contemplated.
A service that allows user to request personal data be removed from multiple data brokers or people search providers and tracks the requests is provided. A user provides identifying data that can be used to verify their identify to the service. The identifying data may include information such as name, current and/or previous addresses, email address, telephone number, sex, birthdate, etc. With respect to data brokers, the service retrieves information retrieves requirements for each of a plurality of data brokers. Based on the identifying data and the requirements, the service sends an instruction to the data broker to delete the private data. As responses are received from the data brokers, the service updates a report where the user can view information about each data broker and whether or not each data broker has deleted the user's private data.
A method, in an external meshnet device in communication with a first meshnet device and a second meshnet device, includes determining, based on comparing (i) a first range of first subnet IP addresses associated with a first LAN connected to the first meshnet device and (ii) a second range of second subnet IP addresses associated with a second LAN connected to the second meshnet device, a conflict that a first subnet IP address assigned to a first LAN device in the first LAN is the same as a second subnet IP address assigned to a second LAN device in the second LAN; mapping, based on determining the conflict, an alternate IP address to correspond with the first subnet IP address; and communicating with the first LAN device based on utilizing the alternate IP address instead of the first subnet IP address is disclosed. Various other aspects are contemplated.
A service that allows user to request personal data be removed from multiple data brokers or people search providers and tracks the requests is provided. A user provides identifying data that can be used to verify their identify to the service. The identifying data may include information such as name, current and/or previous addresses, email address, telephone number, sex, birthdate, etc. With respect to data brokers, the service retrieves information retrieves requirements for each of a plurality of data brokers. Based on the identifying data and the requirements, the service sends an instruction to the data broker to delete the private data. As responses are received from the data brokers, the service updates a report where the user can view information about each data broker and whether or not each data broker has deleted the user's private data.
A method in a VPN environment, including determining, by a VPN infrastructure device, first and second VPN protocols that are available for providing VPN services to a user device, the first VPN protocol being different from the second VPN protocol; transmitting, by the VPN infrastructure device to the user device, a list indicating first VPN servers that utilize the first VPN protocol and second VPN servers that utilize the second VPN protocol; and establishing, by the user device at substantially the same time, a first parallel VPN connection with a first VPN server from among the first plurality of VPN servers, the first VPN connection configured to utilize the first VPN protocol, and a second parallel VPN connection with a second VPN server from among the second plurality of VPN servers, the second VPN connection configured to utilize the second VPN protocol is disclosed. Various other aspects are contemplated.
A method including configuring a first device to receive, from a second device in a mesh network, connection information associated with a LAN to which the second device is connected; configuring the first device to calculate, based on utilizing the connection information, a range of subnet IP addresses associated with the LAN; configuring the first device to determine that a LAN device is connected to the LAN based on determining that a sample subnet IP address associated with the LAN device falls within the range of subnet IP addresses associated with the LAN; and configuring the first device to transmit, to the second device via the meshnet connection in the mesh network, an initiation meshnet packet including information to be transmitted by the second device to the LAN device via a LAN connection between the second meshnet device and the LAN device is disclosed. Various other aspects are contemplated.
A method in a mesh network including a first device and a second device, the method including receiving, by the first device from a third-party application installed on the first device, an initiation packet including information to be received by the second device, the initiation packet indicating a meshnet IP address assigned to the second device as a destination address; transmitting, by the first device via a meshnet connection between the first device and the second device, the initiation packet to the second device; receiving, by the first device via the meshnet connection and based at least in part on transmitting the initiation packet, a response packet from the second device, the response packet including information to be received by the third-party application; and transmitting, by the first device, the response packet to the third-party application is disclosed. Various other aspects are contemplated.
H04L 41/0806 - Réglages de configuration pour la configuration initiale ou l’approvisionnement, p. ex. prêt à l’emploi [plug-and-play]
H04L 61/5038 - Allocation d'adresse pour une utilisation locale, p. ex. dans des réseaux LAN ou USB, ou dans un réseau de contrôle [CAN]
H04L 67/12 - Protocoles spécialement adaptés aux environnements propriétaires ou de mise en réseau pour un usage spécial, p. ex. les réseaux médicaux, les réseaux de capteurs, les réseaux dans les véhicules ou les réseaux de mesure à distance
H04W 48/08 - Distribution d'informations relatives aux restrictions d'accès ou aux accès, p. ex. distribution de données d'exploration
34.
Performance-based parallel tunneling of virtual private network servers
A VPN infrastructure device, configured to receive a connection request for requesting VPN services; determine first and second VPN protocols that are available for providing the VPN services, the first VPN protocol being different from the second VPN protocol; determine a list indicating a first plurality of VPN servers configured to utilize the first VPN protocol and a second plurality of VPN servers configured to utilize the second VPN protocol; transmit the list indicating the first and second plurality of VPN servers; and enable a first VPN server from among the first plurality of VPN servers and a second VPN server from among the second plurality of VPN servers to provide, at substantially the same time, the VPN services to the user device, the first VPN server utilizing the first VPN protocol and the second VPN server utilizing the second VPN protocol is disclosed. Various other aspects are contemplated.
A user device, configured to transmit a connection request for requesting VPN services; receive, based on transmitting the connection request, a list indicating a first plurality of VPN servers configured to utilize a first VPN protocol and a second plurality of VPN servers configured to utilize a second VPN protocol, the first VPN protocol being different from the second VPN protocol; transmit, at substantially the same time, a first initiation request to request establishment of a first parallel VPN connection with a first VPN server, and a second initiation request to request establishment of a second parallel VPN connection with a second VPN server; and establish, based on transmitting the first and second initiation requests, the first parallel VPN connection with the first VPN server and the second parallel VPN connection with the second VPN server is disclosed. Various other aspects are contemplated.
A method in a mesh network including a first device connected to a first LAN and a second device connected to a second LAN, comprising: determining that a first subnet IP address assigned to a first LAN device connected to the first LAN matches a second subnet IP address assigned to a second LAN device connected to the second LAN; mapping an association between an alternate IP address and the first subnet IP address; transmitting the association between the alternate IP address and the first subnet IP address; receiving an initiation network packet to be transmitted by the first device to the first LAN device, the initiation network packet indicating the alternate IP address as a destination address; and transmitting the initiation network packet to the first LAN device over a first LAN connection between the first device and the first LAN device is disclosed. Various other aspects are contemplated.
G06F 15/16 - Associations de plusieurs calculateurs numériques comportant chacun au moins une unité arithmétique, une unité programme et un registre, p. ex. pour le traitement simultané de plusieurs programmes
H04L 61/2503 - Traduction d'adresses de protocole Internet [IP]
H04L 61/5038 - Allocation d'adresse pour une utilisation locale, p. ex. dans des réseaux LAN ou USB, ou dans un réseau de contrôle [CAN]
H04L 61/5046 - Résolution des conflits d'allocation d'adressesTest des adresses
H04L 101/668 - Adresses de sous-réseaux du protocole Internet [IP]
37.
Enabling partial access to a local area network via a meshnet device
An infrastructure device associated with a first device and a second device in a mesh network, the first device being connected to a LAN, the infrastructure device configured to: configure the first device to receive, from the second device, an initiation network packet to be transmitted by the first device to a first LAN device connected to the LAN, the initiation network packet indicating a first subnet IP address as a destination address; configure the first device to compare the first subnet IP address with a stored subnet IP address that is stored in the memory in correlation with the second device; and configure the first device to selectively transmit the initiation network packet to the first LAN device based on a result of comparing the first subnet IP address with the stored subnet IP address is disclosed. Various other aspects are contemplated.
H04L 12/28 - Réseaux de données à commutation caractérisés par la configuration des liaisons, p. ex. réseaux locaux [LAN Local Area Networks] ou réseaux étendus [WAN Wide Area Networks]
H04L 41/0806 - Réglages de configuration pour la configuration initiale ou l’approvisionnement, p. ex. prêt à l’emploi [plug-and-play]
H04L 67/12 - Protocoles spécialement adaptés aux environnements propriétaires ou de mise en réseau pour un usage spécial, p. ex. les réseaux médicaux, les réseaux de capteurs, les réseaux dans les véhicules ou les réseaux de mesure à distance
38.
Conflict resolution to enable access to local network devices via mesh network devices
A method in a mesh network including a first device connected to a first LAN and a second device connected to a second LAN, comprising: configuring the first device to determine a first range of first subnet IP addresses and a second range of second subnet IP addresses; configuring the first device to determine, based on comparing the first range with the second range, a conflict that a first subnet IP address in the first range matches a second subnet IP address in the second range; configuring the first device to map an association between an alternate IP address and the first subnet IP address; and configuring the first device to receive an initiation network packet to be transmitted by the first device to the first LAN device, the initiation network packet indicating the alternate IP address as a destination address is disclosed. Various other aspects are contemplated.
G06F 15/16 - Associations de plusieurs calculateurs numériques comportant chacun au moins une unité arithmétique, une unité programme et un registre, p. ex. pour le traitement simultané de plusieurs programmes
H04L 61/2503 - Traduction d'adresses de protocole Internet [IP]
H04W 28/02 - Gestion du trafic, p. ex. régulation de flux ou d'encombrement
H04L 101/668 - Adresses de sous-réseaux du protocole Internet [IP]
H04W 84/12 - Réseaux locaux sans fil [WLAN Wireless Local Area Network]
39.
Conflict resolution to enable access to local network devices via mesh network devices
A method in a mesh network including a first device connected to a first LAN and a second device connected to a second LAN, comprising: configuring the first device to determine that a first subnet IP address assigned to a first LAN device matches a second subnet IP address assigned to a second LAN device; configuring the first device to map an association between an alternate IP address and the first subnet IP address; configuring the first device to receive an initiation network packet to be transmitted by the first device to the first LAN device, the initiation network packet indicating the alternate IP address as a destination address; and configuring the first device to transmit the initiation network packet to the first LAN device over a first LAN connection is disclosed. Various other aspects are contemplated.
G06F 15/16 - Associations de plusieurs calculateurs numériques comportant chacun au moins une unité arithmétique, une unité programme et un registre, p. ex. pour le traitement simultané de plusieurs programmes
H04L 61/2503 - Traduction d'adresses de protocole Internet [IP]
H04L 61/5046 - Résolution des conflits d'allocation d'adressesTest des adresses
H04L 101/668 - Adresses de sous-réseaux du protocole Internet [IP]
40.
REASSIGNING EXIT INTERNET PROTOCOL ADDRESSES IN A VIRTUAL PRIVATE NETWORK SERVER
A method including activating, by a virtual private network (VPN) server, a first exit internet protocol (IP) address for communicating data associated with a user device having an established VPN connection with the VPN server; deactivating, by a VPN server, the first exit IP address from communicating the data associated with the user device based at least in part on determining that an amount of data communicated utilizing the first exit IP address satisfies a data threshold; and reactivating, by the VPN server at a later time, the first exit IP address for communicating the data associated with the user device based at least in part on determining that the amount of data communicated utilizing the first exit IP address fails to satisfy the data threshold is disclosed. Various other aspects are contemplated.
The present disclosure discloses utilizing, by a VPN server during an established VPN connection between the VPN server and a user device, a first exit IP address for communication of data associated with the user device; determining, by the VPN server during the established VPN connection, potential overloading of the VPN server based on determining a potential breach of a critical threshold associated with the VPN server; establishing, by the VPN server during the established VPN connection and based on determining the potential breach, a secure connection with a secondary server to enable communication of encrypted information between the VPN server and the secondary server; and modifying, by the VPN server based on determining the potential overloading, a configuration of an associated DNS server such that the DNS server returns communication information associated with the secondary server. Various other aspects are contemplated.
H04L 67/1001 - Protocoles dans lesquels une application est distribuée parmi les nœuds du réseau pour accéder à un serveur parmi une pluralité de serveurs répliqués
The present disclosure discloses configuring a device to determine, for encrypted content, a content access key pair including a content access public key and a content access private key, the encrypted content being determined by encrypting content utilizing a symmetric key; configuring the device to determine, for a folder, a folder access key pair including a folder access public key and a folder access private key; configuring the device to encrypt the content access private key by utilizing the folder access public key; configuring the device to encrypt the symmetric key by utilizing the content access public key; configuring the device to transmit the encrypted content, the encrypted content access private key and the encrypted symmetric key to a stateless server for storage; and configuring the device to access the encrypted content by decrypting the encrypted content access private key and the encrypted symmetric key. Various other aspects are contemplated.
G06F 3/06 - Entrée numérique à partir de, ou sortie numérique vers des supports d'enregistrement
G06F 21/62 - Protection de l’accès à des données via une plate-forme, p. ex. par clés ou règles de contrôle de l’accès
H04L 9/14 - Dispositions pour les communications secrètes ou protégéesProtocoles réseaux de sécurité utilisant plusieurs clés ou algorithmes
H04L 9/30 - Clé publique, c.-à-d. l'algorithme de chiffrement étant impossible à inverser par ordinateur et les clés de chiffrement des utilisateurs n'exigeant pas le secret
H04L 67/06 - Protocoles spécialement adaptés au transfert de fichiers, p. ex. protocole de transfert de fichier [FTP]
H04L 67/1097 - Protocoles dans lesquels une application est distribuée parmi les nœuds du réseau pour le stockage distribué de données dans des réseaux, p. ex. dispositions de transport pour le système de fichiers réseau [NFS], réseaux de stockage [SAN] ou stockage en réseau [NAS]
43.
Sharing domain name service resources in a mesh network
The disclosure describes a mesh network including a first device and a second device, which acts as an exit device with respect to the first device such that communication between the first device and an external device, outside the mesh network, is communicated via the second device. The first device receives access information utilized by the second device to access a DNS server in a LAN that includes the second device, and transmits a meshnet query packet that includes a DNS query for domain information associated with the external device. The first device receives, based on transmitting the meshnet query packet, the domain information associated with the external device, and transmits a meshnet initiation packet that includes a network communication for communicating with the external device, the network communication including the domain information. Various other aspects are contemplated.
H04L 61/4511 - Répertoires de réseauCorrespondance nom-adresse en utilisant des répertoires normalisésRépertoires de réseauCorrespondance nom-adresse en utilisant des protocoles normalisés d'accès aux répertoires en utilisant le système de noms de domaine [DNS]
H04L 101/668 - Adresses de sous-réseaux du protocole Internet [IP]
An infrastructure device to analyze a source code associated with a known network element to determine a characteristic associated with an included field portion that is configured to accept a known type of input information; determine a correlation between the determined characteristic and the known type of input information; calculate, based on the correlation, a training signature that uniquely indicates a classification of the field portion as a field portion that accepts the known type of input information; train a machine learning (ML) model based on utilizing the training signature as training data; and transmit, to a user device, a trained ML model to enable the user device to utilize the trained ML model to determine, during an operation period, a given type of input information to be auto-filled in an observed field portion in an observed network element is disclosed. Various other aspects are contemplated.
A method including configuring, by an infrastructure device, a user device to receive validation data based at least in part on transmitting a first service request to receive a first network service; configuring, by the infrastructure device, the user device to receive the first network service based at least in part on signing the validation data using a signature key and on authenticating first biometric information; configuring, by the infrastructure device, the user device to transmit, while receiving the first service, a second service request to receive encrypted content; and configuring, by the infrastructure device, the user device to decrypt the encrypted content based at least in part on utilizing a master key and on authenticating second biometric information is disclosed. Various other aspects are contemplated.
H04L 9/32 - Dispositions pour les communications secrètes ou protégéesProtocoles réseaux de sécurité comprenant des moyens pour vérifier l'identité ou l'autorisation d'un utilisateur du système
A method configuring a manager device, responsible for managing network services provided by an infrastructure device, to determine a manager request including a signature header signed by utilizing a manager private key associated with the manager device and a timestamp header identifying a point in time when the signature header was signed; configuring the manager device to transmit, to the infrastructure device, the manager request to request performance of an action associated with managing the network services; and configuring the manager device to receive, from the infrastructure device based on transmitting the manager request, an authorization message indicating successful authorization of the manager request, the successful authorization being based on a verification that a time difference between the point in time when the signature header was signed and a current time satisfies a predetermined duration of time is disclosed. Various other aspects are contemplated.
H04L 9/32 - Dispositions pour les communications secrètes ou protégéesProtocoles réseaux de sécurité comprenant des moyens pour vérifier l'identité ou l'autorisation d'un utilisateur du système
The disclosure discloses a first server determining an encrypted authentication packet including (i) a crypted code field that indicates a type of the encryption authentication packet, (ii) a crypted payload field that includes an encrypted initial authentication packet, determined by utilizing a nonce, an encryption key, and an encryption algorithm, and (iii) a data length field that indicates a length of the encrypted authentication packet, the length including a sum of a length of the crypted code field, a length of the crypted payload field, and a length of the data length field. The method may also include transmitting, by the first server to a second server, the encrypted authentication packet to enable the first server and the second server to conduct an authentication process. Various other aspects are contemplated.
H04L 9/32 - Dispositions pour les communications secrètes ou protégéesProtocoles réseaux de sécurité comprenant des moyens pour vérifier l'identité ou l'autorisation d'un utilisateur du système
48.
PARALLEL TUNNELING WITH VIRTUAL PRIVATE NETWORK SERVERS
The disclosure discloses an infrastructure device configuring a user device to establish respective parallel virtual private network (VPN) connections with respective VPN servers; configuring the user device to determine, based at least in part on establishing the respective parallel VPN connections, a default VPN server from among the respective VPN servers; configuring the user device to select, based at least in part on determining the default VPN server, the default VPN server as a VPN server from which the user device is to receive a VPN service; and configuring the user device to transmit, based at least in part on selecting the default VPN server, a request to the default VPN server to receive the VPN service. Various other aspects are contemplated.
H04L 43/0811 - Surveillance ou test en fonction de métriques spécifiques, p. ex. la qualité du service [QoS], la consommation d’énergie ou les paramètres environnementaux en vérifiant la disponibilité en vérifiant la connectivité
A method for configuring a multiuser device to (i) encrypt a first folder based on utilizing a first symmetric key and a second folder based on utilizing a second symmetric key, the first folder and the second folder being stored on the multiuser device; (ii) encrypt the first symmetric key based on utilizing a first trusted key and the second symmetric key based on utilizing a second trusted key; and (iii) provide access to the encrypted first folder by decrypting the encrypted first symmetric key based on verifying first biometric information and to the encrypted second folder by decrypting the encrypted second symmetric key based on verifying second biometric information, the first biometric information being different from the second biometric information is disclosed. Various other aspects and techniques are contemplated.
H04L 9/14 - Dispositions pour les communications secrètes ou protégéesProtocoles réseaux de sécurité utilisant plusieurs clés ou algorithmes
H04L 9/32 - Dispositions pour les communications secrètes ou protégéesProtocoles réseaux de sécurité comprenant des moyens pour vérifier l'identité ou l'autorisation d'un utilisateur du système
A method including receiving first connection information associated with a first LAN from a first meshnet device and second connection information associated with a second LAN from a second meshnet device; calculating a first range of first subnet IP addresses associated with the first LAN, and a second range of second subnet IP addresses associated with the second LAN; determining, based on comparing the first range and the second range, a conflict that a first subnet IP address assigned to a first LAN device is the same as a second subnet IP address assigned to a second LAN device; mapping, based on determining the conflict, an alternate IP address to correspond with the first subnet IP address; and communicating with the first LAN device based at least in part on utilizing the alternate IP address instead of utilizing the first subnet IP address is disclosed. Various other aspects are contemplated.
A method for configuring a first user device to generate a sharing encryption key based at least in part on combining a folder access private key associated with a folder and an assigned public key associated with a second user device; configuring the first user device to encrypt the folder access private key associated with the folder utilizing the sharing encryption key; and configuring the first user device to transmit the encrypted folder access private key to enable the second user device to access the folder is disclosed. Various other aspects are contemplated.
H04L 9/30 - Clé publique, c.-à-d. l'algorithme de chiffrement étant impossible à inverser par ordinateur et les clés de chiffrement des utilisateurs n'exigeant pas le secret
G06F 3/06 - Entrée numérique à partir de, ou sortie numérique vers des supports d'enregistrement
A first device in a mesh network and connected to a LAN being configured to: receive, from the second device, a first network packet to be transmitted by the first device to a first LAN device connected to the LAN, the first network packet indicating a first subnet IP address as a first destination address; select to transmit the first network packet to the first LAN device; receive, from the second device, a second network packet to be transmitted by the first device to a second LAN device connected to the LAN, the second network packet indicating a second subnet IP address as a second destination address; and select to refrain from transmitting the second network packet to the second LAN device based at least in part on the second packet indicating the second subnet IP address as the second destination address is disclosed. Various other aspects are contemplated.
H04L 12/28 - Réseaux de données à commutation caractérisés par la configuration des liaisons, p. ex. réseaux locaux [LAN Local Area Networks] ou réseaux étendus [WAN Wide Area Networks]
A method for utilizing, by a VPN server, a first exit IP address to transmit a first query to a host device for retrieving data of interest requested by the user device; determining, by the VPN server based at least in part on transmitting the first query, that the host device has blocked the first exit IP address; establishing, by the VPN server based at least in part on determining that the host device has blocked the first exit IP address, a connection with a secondary server to enable communication of information between the VPN server and the secondary server; and transmitting, by the VPN server to the secondary server, a message identifying the host device and the data of interest to be retrieved from the host device to enable the secondary server to utilize a second exit IP address to transmit a second query to request the data of interest is disclosed. Various other aspects are contemplated.
A method including receiving first connection information associated with a first LAN from a first meshnet device and second connection information associated with a second LAN from a second meshnet device; calculating a first range of first subnet IP addresses associated with the first LAN, and a second range of second subnet IP addresses associated with the second LAN; determining, based on comparing the first range and the second range, a conflict that a first subnet IP address assigned to a first LAN device is the same as a second subnet IP address assigned to a second LAN device; mapping, based on determining the conflict, an alternate IP address to correspond with the first subnet IP address; and communicating with the first LAN device based at least in part on utilizing the alternate IP address instead of utilizing the first subnet IP address is disclosed. Various other aspects are contemplated.
A method including receiving first connection information associated with a first LAN from a first meshnet device and second connection information associated with a second LAN from a second meshnet device; calculating a first range of first subnet IP addresses associated with the first LAN, and a second range of second subnet IP addresses associated with the second LAN; determining, based on comparing the first range and the second range, a conflict that a first subnet IP address assigned to a first LAN device is the same as a second subnet IP address assigned to a second LAN device; mapping, based on determining the conflict, an alternate IP address to correspond with the first subnet IP address; and communicating with the first LAN device based at least in part on utilizing the alternate IP address instead of utilizing the first subnet IP address is disclosed. Various other aspects are contemplated.
A method and apparatus for generating a content detection dataset using file creation dates. The method accesses a database comprising data files. The files are analyzed by a machine learning model to determine file creation dates. The creation dates are used to identify relevant content files. The most relevant files are included into a content detection dataset as content samples. The dataset may be used for training machine learning based content detectors.
A cyber security method and system for detecting malware via an anti-malware application employing a fast locality-sensitive hashing evaluation using a vantage-point tree (VPT) structure for the indication of malicious files and non-malicious files. The locality-sensitive hashing evaluation using the VPT structure can be performed prior to initiating the deeper, more computationally intensive evaluation and is used to identify with high confidence a scanned file or data object being (i) a malicious file, (ii) a non-malicious file, or a low confidence measure of the two.
A cyber security method and system for detecting malware via an anti-malware application employing a fast locality-sensitive hashing evaluation using a vantage-point tree (VPT) structure for the indication of malicious files and non-malicious files. The locality-sensitive hashing evaluation using the VPT structure can be performed prior to initiating the deeper, more computationally intensive evaluation and is used to identify with high confidence a scanned file or data object being (i) a malicious file, (ii) a non-malicious file, or a low confidence measure of the two.
A cyber security method and system for detecting malware via an anti-malware application employing a fast locality-sensitive hashing evaluation using a vantage-point tree (VPT) structure for the indication of malicious files and non-malicious files. The locality-sensitive hashing evaluation using the VPT structure can be performed prior to initiating the deeper, more computationally intensive evaluation and is used to identify with high confidence a scanned file or data object being a malicious file, a non-malicious file, or a low confidence measure of the two.
Systems and methods for optimal load distribution and data processing of a plurality of files in anti-malware solutions are provided herein. In some embodiments, the system includes: a plurality of node processors; a control processor programmed to: receiving a plurality of files used for malware analysis and training of anti-malware ML models; separating the plurality of files into a plurality of subsets of files based on byte size of each of the files, such that processing of each subset of files produces similar workloads amongst all available node processors; distributing the plurality of subsets of files amongst all available node processors such that each node processor processes its respective subset of files in parallel and within a similar timeframe as the other node processors; and receiving, by the control processor, a report of performance and/or anti-malware processing results of the subset of files performed from each node processor.
A method and apparatus for generating a dataset for training a content detection machine learning model. The method applies one or more transforms to a content containing bitstream that produce feature tensors representing the content, labels the feature tensors by type of content, stores feature tensors and labels in a dataset. The dataset my be used to train a content detection machine learning model. The model may be exported to content detectors to identify and classify bitstream content contained in other bitstreams.
A system is disclosed in which an infrastructure device analyzes a source code associated with a known network element to determine a characteristic associated with a field portion that is configured to accept a known type of input information; determines a correlation between the characteristic and the known type of input information; calculates a training signature to classify the field portion; trains an ML model based on the training signature; and transmits a trained ML model to a user device. The user device analyzes an observed source code associated with an observed network element to determine an observed characteristic associated with an observed field portion that is configured to accept a given type of input information; calculates an observed signature; utilizes the trained ML model to determine the given type of input information; and auto-fills, in the observed field portion, input information according to the given type of input information.
The present disclosure discloses configuring a transmitting device to determine verification information including a current fingerprint associated with a first instance of a source application stored on the transmitting device, the current fingerprint (i) being determined based on utilizing one or more connection parameters associated with an external device communicating with the first instance of the source application, and (ii) uniquely identifying the first instance of the source application; configuring the transmitting device to transmit verification information including the current fingerprint; configuring the transmitting device to receive a determination result determined by the receiving device based on a comparison of the current fingerprint with a verification fingerprint that uniquely identifies a second instance of the source application stored on another device; and configuring the transmitting device to selectively transmit transmission data utilizing the first instance of the source application based on the determination result. Various other aspects are contemplated.
Systems and methods for decompiling binary code or executables are provided herein. In some embodiments, a method of training a machine learning algorithm for decompiling binary code into readable source code includes collecting a data set of source code and at least one element associated with the source code; providing binary code using the data set; training a model configured to decompile the binary code into source code using the data set by: decompiling the collected binary code into intermediate source code; comparing the source code in the data set with the intermediate source code; and updating the model and repeating the training if the source code in the data set differs from the intermediate source code by more than a threshold amount.
The present disclosure discloses encrypting a folder stored on a user device based on utilizing a symmetric key; encrypting, based on utilizing a public key associated with the user device, the symmetric key to determine a single-encrypted symmetric key; transmitting, to a biometric unit available to the user device, a request to capture biometric information; verifying the biometric information based on a comparison of the biometric information with stored biometric information; selectively transmitting, to a trusted device located on the user device and based on successful verification of the biometric information, an encryption request to encrypt the single-encrypted symmetric key based on utilizing a trusted key that is generated by the trusted device, thereby determining a double-encrypted symmetric key; and storing the single-encrypted symmetric key and the double-encrypted symmetric key in a memory. Various other aspects and techniques are contemplated.
H04L 9/06 - Dispositions pour les communications secrètes ou protégéesProtocoles réseaux de sécurité l'appareil de chiffrement utilisant des registres à décalage ou des mémoires pour le codage par blocs, p. ex. système DES
H04L 9/14 - Dispositions pour les communications secrètes ou protégéesProtocoles réseaux de sécurité utilisant plusieurs clés ou algorithmes
H04L 9/32 - Dispositions pour les communications secrètes ou protégéesProtocoles réseaux de sécurité comprenant des moyens pour vérifier l'identité ou l'autorisation d'un utilisateur du système
66.
Identity-based distributed cloud firewall for access and network segmentation
According to some embodiments, a method of controlling access to network resources includes: receiving an authentication request from a user device to a core security service; if the user is authenticated, authorizing the user device to connect to a private cloud, and connecting the user device with the private cloud and retrieving user-specific segmented firewall rules stored in the private cloud; routing, through the firewall rules, a request by the user device to access an outer resource; evaluating the request against the firewall rules; if the request meets the firewall rules, routing the request through security measures of the firewall; and if the request does not meet the firewall rules, denying the user device access to the outer resource.
A method including establishing parallel VPN connections including a first respective VPN connection with a first VPN server and a second respective VPN connection with a second VPN server; verifying connectivity of the first respective VPN connection with the first VPN server and of the second respective VPN connection with the second VPN server; determining that the first respective VPN connection is terminated; transmitting an initiation request to a third VPN server to establish a third respective VPN connection with the third VPN server; and establishing the third respective VPN connection with the third VPN server such that the parallel VPN connections include the second respective VPN connection with a second VPN server and the third respective VPN connection with the third VPN server is disclosed. Various other aspects are contemplated.
H04L 43/0811 - Surveillance ou test en fonction de métriques spécifiques, p. ex. la qualité du service [QoS], la consommation d’énergie ou les paramètres environnementaux en vérifiant la disponibilité en vérifiant la connectivité
A mesh network wherein a first device selects a second device as an exit device with respect to the first device such that communication between the first device and an external device is communicated via the second device; receives a message indicating that the second device has selected a third device as an exit device with respect to the second device such that communication between the second device and the external device is communicated via the third device; transmits a meshnet query packet that includes a DNS query for domain information associated with the external device; receives the domain information associated with the external device; and transmits a meshnet initiation packet that includes a network communication for communicating with the external device, the network communication including the domain information to indicate that the third device is to utilize the domain information to transmit the network communication to the external device.
H04L 61/4511 - Répertoires de réseauCorrespondance nom-adresse en utilisant des répertoires normalisésRépertoires de réseauCorrespondance nom-adresse en utilisant des protocoles normalisés d'accès aux répertoires en utilisant le système de noms de domaine [DNS]
H04L 101/668 - Adresses de sous-réseaux du protocole Internet [IP]
69.
Conflict resolution to enable access to local network devices via mesh network devices
A first meshnet device in a mesh network, the first meshnet device configured to: determine a first range of first subnet IP addresses associated with a first LAN and a second range of second subnet IP addresses associated with a second LAN; determine a conflict that a first subnet IP address assigned to a first LAN device in the first LAN matches a second subnet IP address assigned to a second LAN device in the second LAN; map an association between an alternate IP address and the first subnet IP address; transmit, to a second meshnet device, the association between the alternate IP address and the first subnet IP address; and receive, from the second meshnet device, an initiation network packet to be transmitted to the first LAN device, the initiation network packet indicating the alternate IP address as a destination address is disclosed. Various other aspects are contemplated.
G06F 15/16 - Associations de plusieurs calculateurs numériques comportant chacun au moins une unité arithmétique, une unité programme et un registre, p. ex. pour le traitement simultané de plusieurs programmes
H04L 61/2503 - Traduction d'adresses de protocole Internet [IP]
H04L 61/5046 - Résolution des conflits d'allocation d'adressesTest des adresses
H04L 101/668 - Adresses de sous-réseaux du protocole Internet [IP]
70.
Dynamic management of servers based on environmental events
A method including predicting or determining, by a VPN server, potential overloading of the VPN server based on predicting or determining a breach of a critical threshold associated with the VPN server; verifying, by the VPN server based on predicting or determining the potential overloading, an identity of a secondary server with which the VPN server is authorized to establish a secure connection; establishing, by the VPN server based on verifying the identity of the secondary server, a secure connection with the secondary server to enable communication of encrypted information between the VPN server and the secondary server; and transmitting, by the VPN server to the secondary server, an encrypted message identifying a host device and data of interest to be retrieved from the host device to enable the secondary server to request the data of interest from the host device is disclosed. Various other aspects are contemplated.
H04L 67/1001 - Protocoles dans lesquels une application est distribuée parmi les nœuds du réseau pour accéder à un serveur parmi une pluralité de serveurs répliqués
71.
Dynamic management of servers based on environmental events
A method including configuring a VPN server to utilize, during an established VPN connection between the VPN server and a user device, a first exit IP address to transmit a first query to a host device for retrieving data of interest; configuring the VPN server to predict or determine potential overloading of the VPN server based on a breach of a critical threshold; configuring the VPN server to establish, based on predicting or determining the breach, a secure connection with a secondary server; and configuring the VPN server to transmit, to the secondary server over the secure connection, an encrypted message identifying the host device and the data of interest to be retrieved from the host device to enable the secondary server to request the data of interest based on utilizing a second exit IP address is disclosed. Various other aspects are contemplated.
H04L 67/1001 - Protocoles dans lesquels une application est distribuée parmi les nœuds du réseau pour accéder à un serveur parmi une pluralité de serveurs répliqués
72.
Dynamic management of servers based on environmental events
A method including configuring a VPN server to predict or determine potential overloading of the VPN server based on predicting or determining a breach of a critical threshold; configuring the VPN server to verify, based on predicting or determining the potential overloading, an identity of a secondary server with which the VPN server is authorized to establish a secure connection; configuring the VPN server to establish, based on verifying the identity of the secondary server, a secure connection with the secondary server to enable communication of encrypted information between the VPN server and the secondary server; and configuring the VPN server to transmit, to the secondary server, an encrypted message identifying a host device and data of interest to be retrieved from the host device to enable the secondary server to request the data of interest from the host device is disclosed. Various other aspects are contemplated.
H04L 67/1001 - Protocoles dans lesquels une application est distribuée parmi les nœuds du réseau pour accéder à un serveur parmi une pluralité de serveurs répliqués
The present disclosure discloses determining, by a first device, an access key pair associated with encrypted content, the access key pair including a content access public key and a content access private key; receiving, by the first device, a public key associated with a second device; encrypting, by the first device, the content access private key based at least in part on utilizing the content access private key and the public key associated with the second device; and transmitting, by the first device, the encrypted content access private key to enable the second device to access the encrypted content. Various other aspects are contemplated.
H04L 9/06 - Dispositions pour les communications secrètes ou protégéesProtocoles réseaux de sécurité l'appareil de chiffrement utilisant des registres à décalage ou des mémoires pour le codage par blocs, p. ex. système DES
H04L 9/30 - Clé publique, c.-à-d. l'algorithme de chiffrement étant impossible à inverser par ordinateur et les clés de chiffrement des utilisateurs n'exigeant pas le secret
A method including determining, by a first user device, unavailability of a first biometric unit for verification of first biometric information; transmitting, by the first user device to an infrastructure device based on determining unavailability of the first biometric unit, a request for information regarding one or more second user devices available to assist with authenticating the first user device; receiving, by the first user device from the infrastructure device, the information regarding the one or more second user devices based on a determination that the one or more second user devices has a second biometric unit available for verification of second biometric information; and transmitting, by the first user device to the infrastructure device, a selection message for selecting a second user device from among the one or more second user devices to assist with authenticating the first user device is disclosed. Various other aspects are contemplated.
H04L 9/32 - Dispositions pour les communications secrètes ou protégéesProtocoles réseaux de sécurité comprenant des moyens pour vérifier l'identité ou l'autorisation d'un utilisateur du système
A method including transmitting, by an infrastructure device to a user device, an invitation link to enable the user device to receive network services from the infrastructure device; transmitting, by the infrastructure device to the user device based at least in part on the user device activating the invitation link, seed information to be utilized by the user device to determine authentication information; receiving, by the infrastructure device from the user device during an active communication session, a user request related to an action to be performed regarding receiving the network services, the user request being signed based at least in part on utilizing a first portion of the authentication information; and enabling, by the infrastructure device, performance of the action regarding receiving the network services based at least in part on verifying that the communication session is currently active is disclosed. Various other aspects are contemplated.
A method including receiving, by a user device from an infrastructure device, an invitation link to enable the user device to receive network services from the infrastructure device; receiving, by the user device from the infrastructure device based on the user device activating the invitation link, seed information to be utilized by the user device to determine authentication information; transmitting, by the user device to the infrastructure device during an active communication session and based on determining the authentication information, a user request related to an action to be performed regarding receiving the network services, a portion of the user request being signed based on utilizing a first portion of the authentication information; and performing, by the user device, the action regarding receiving the network services based on a verification that the communication session is currently active is disclosed. Various other aspects are contemplated.
An infrastructure device configured to: configure a first device to receive, from a second device, a first network packet to be transmitted by the first device to a first LAN device, the first network packet indicating a first subnet IP address as a destination address; configure the first device to select to transmit the first network packet to the first LAN device; configure the first device to receive, from the second device, a second network packet to be transmitted by the first device to a second LAN device, the second network packet indicating a second subnet IP address as a destination address; and configure the first device to select to refrain from transmitting the second network packet to the second LAN device based at least in part on the second packet indicating the second subnet IP address as the destination address is disclosed. Various other aspects are contemplated.
H04L 12/28 - Réseaux de données à commutation caractérisés par la configuration des liaisons, p. ex. réseaux locaux [LAN Local Area Networks] ou réseaux étendus [WAN Wide Area Networks]
Methods, apparatuses and systems for automatic binary file segmentation include receiving binary content, applying a first machine learning process to the binary content to determine data segments in the binary content by identifying at least one of a respective starting point or end point of different data types in the binary content, examining the determined data segments of the binary content to identify data segments that are resistant to analysis, and applying respective techniques to the identified, analysis-resistant data segments to render the content of the identified, analysis-resistant data segments. In some embodiments, the rendering of the content of the identified, analysis-resistant data segments enables the identified, analysis-resistant segments to be analyzed, for example, to determine if the identified, analysis-resistant segments contain malicious content.
The present disclosure discloses configuring a device to receive, from a transmitting source application, a transmission packet to be transmitted to a destination application; configuring the device to determine connection information included in the transmission packet, the connection information indicating one or more parameters to be utilized by the destination application to connect with the transmitting source application; configuring the device to determine a fingerprint based at least in part on the connection information; configuring the device to compare the determined fingerprint with a trusted fingerprint stored in correlation with an identity of a trusted source application that is known to be unaffected by malware; and configuring the device to process the transmission packet based at least in part on a result of comparing the determined fingerprint with the stored fingerprint is disclosed. Various other aspects are contemplated.
G06F 21/00 - Dispositions de sécurité pour protéger les calculateurs, leurs composants, les programmes ou les données contre une activité non autorisée
G06F 16/435 - Filtrage basé sur des données supplémentaires, p. ex. sur des profils d'utilisateurs ou de groupes
A method and apparatus for testing a malware detection machine learning model. The method trains a malware detection model using a first dataset containing malware samples from a particular time period. The trained model is then tested using a second dataset that is a time shifted version of the first dataset.
G06F 21/00 - Dispositions de sécurité pour protéger les calculateurs, leurs composants, les programmes ou les données contre une activité non autorisée
A method including encrypting, by a user device based at least in part on utilizing a symmetric key, a folder stored on the user device; encrypting, by the user device based at least in part on utilizing an assigned public key specific to the folder, the symmetric key to determine a single-encrypted symmetric key; encrypting, by the user device based at least in part on utilizing a trusted device key specific to the user device, the single-encrypted symmetric key to determine a double-encrypted symmetric key; encrypting, by the user device based at least in part on utilizing a trusted user key specific to the folder, an assigned private key that is associated with the assigned public key; and storing, by user device, the double-encrypted symmetric key and the encrypted assigned private key in an associated memory is disclosed. Various other aspects and techniques are contemplated.
H04L 9/32 - Dispositions pour les communications secrètes ou protégéesProtocoles réseaux de sécurité comprenant des moyens pour vérifier l'identité ou l'autorisation d'un utilisateur du système
H04L 9/14 - Dispositions pour les communications secrètes ou protégéesProtocoles réseaux de sécurité utilisant plusieurs clés ou algorithmes
H04L 9/30 - Clé publique, c.-à-d. l'algorithme de chiffrement étant impossible à inverser par ordinateur et les clés de chiffrement des utilisateurs n'exigeant pas le secret
82.
Stateless system to enable data breach notification
The disclosure describes transmitting, by a user device to an infrastructure device, access information to enable authentication of the user device; calculating, by the user device, a hash of private data, the hash of the private data to be utilized for comparison with a hash of breached data that is compromised due to a data breach, the private data being different from the access information; verifying, by the user device based at least in part on communicating verification information with the infrastructure device, that the user device is authorized to have access to a plaintext version of the private data; transmitting, by the user device to the infrastructure device, the hash of the private data; and receiving, by the user device from the infrastructure device, a notification indicating a result of a comparison of the hash of the private data with the hash of the breached data.
A method including receiving, by an infrastructure device from a manager device configured to manage network services provided by the infrastructure device, a manager request for requesting performance of an action associated with managing the network services, the manager request including a signature header signed by utilizing a manager private key associated with the manager device and a timestamp header identifying a point in time when the signature header was signed; determining, by the infrastructure device, a time difference between the point in time when the signature header was signed and a current time; authorizing, by the infrastructure device, the manager request based on determining that the determined time difference satisfies a predetermined duration of time; and enabling, by the infrastructure device, performance of the action associated with managing the network services based on authorizing the manager request is disclosed. Various other aspects are contemplated.
H04L 9/32 - Dispositions pour les communications secrètes ou protégéesProtocoles réseaux de sécurité comprenant des moyens pour vérifier l'identité ou l'autorisation d'un utilisateur du système
H04L 67/133 - Protocoles pour les appels de procédure à distance [RPC]
84.
Optimized header information to enable access control
A method including determining, by a manager device configured to manage network services provided by an infrastructure device, a manager request including a signature header signed by utilizing a manager private key associated with the manager device and a timestamp header identifying a point in time when the signature header was signed; transmitting, by the manager device to the infrastructure device, the manager request to request performance of an action associated with managing the network services; and receiving, by the manager device from the infrastructure device based at least in part on transmitting the manager request, an authorization message indicating successful authorization of the manager request, the successful authorization being based at least in part on a verification that a time difference between the point in time when the signature header was signed and a current time satisfies a predetermined duration of time is disclosed. Various other aspects are contemplated.
H04L 9/32 - Dispositions pour les communications secrètes ou protégéesProtocoles réseaux de sécurité comprenant des moyens pour vérifier l'identité ou l'autorisation d'un utilisateur du système
85.
Secure connections between servers in a virtual private network
A method including determining, by a VPN server based on requesting data of interest from a host device, that the host device has declined to provide the data of interest to the VPN server; verifying, by the VPN server, an identity of a secondary server with which the VPN server is authorized to establish a secure connection; establishing, by the VPN server based on verifying the identity of the secondary server, a secure connection with the secondary server to enable communication of encrypted information between the VPN server and the secondary server; and transmitting, by the VPN server to the secondary server over the secure connection, an encrypted message identifying the host device and the data of interest to be retrieved from the host device to enable the secondary server to request the data of interest from the host device is disclosed. Various other aspects are contemplated.
A method including configuring a VPN server to utilize a first exit IP address to transmit a query to a host device for requesting data of interest; configuring the VPN server to determine that the host device has blocked the first exit IP address; configuring the VPN server to establish, based on determining that the host device has blocked the first exit IP address, a secure connection with a secondary server to enable communication of encrypted information; and configuring the VPN server to transmit, to the secondary server over the secure connection, an encrypted message identifying the host device and the data of interest to be retrieved from the host device to enable the secondary server to transmit a second query to request the data of interest based on utilizing a second exit IP address, different from the first exit IP address is disclosed. Various other aspects are contemplated.
A method including receiving, by a VPN server from a user device during an established VPN connection, a first data request for the VPN server to retrieve first information from a first host device; transmitting, by the VPN server during the established VPN connection, the first information to the user device based on utilizing a first exit IP address to retrieve the first information from the first host device; receiving, by the VPN server from the user device during the established VPN connection, a second data request for the VPN server to retrieve second information from a second host device; and transmitting, by the VPN server during the established VPN connection, the second information to the user device based on utilizing a second exit IP address, associated with a secondary server, to retrieve the second information from the second host device is disclosed. Various other aspects are contemplated.
A method including configuring a VPN server to assign, based on establishing a VPN connection, a first exit IP address to be utilized for retrieving information during the VPN connection; configuring the VPN server to determine, during the established VPN connection, a host device that is likely to block communication from the first exit IP address; configuring the VPN server to modify associated DNS settings to return communication information associated with the VPN server itself when the information is to be retrieved from the host device; configuring the VPN server to receive, during the established VPN connection, the information retrieved from the host device based on utilizing a second exit IP address associated with a secondary server; and configuring the VPN server to transmit, during the established VPN connection, the information to a user device in accordance with the modified DNS settings is disclosed. Various other aspects are contemplated.
A method including configuring a VPN server to receive, from a user device during an established VPN connection, a first data request to retrieve first information from a first host device; configuring the VPN server to transmit, during the established VPN connection, the first information to the user device based on utilizing a first exit IP address to retrieve the first information from the first host device; configuring the VPN server to receive, from the user device during the established VPN connection, a second data request to retrieve second information from a second host device; and configuring the VPN server to transmit, during the established VPN connection, the second information to the user device based on utilizing a second exit IP address, associated with a secondary server, to retrieve the second information from the second host device is disclosed. Various other aspects are contemplated.
H04L 61/4511 - Répertoires de réseauCorrespondance nom-adresse en utilisant des répertoires normalisésRépertoires de réseauCorrespondance nom-adresse en utilisant des protocoles normalisés d'accès aux répertoires en utilisant le système de noms de domaine [DNS]
90.
System and method for differential malware scanner
Systems and methods for malware filtering are provided herein. In some embodiments, a system having one or more processors is configured to: retrieve a file downloaded to a user device; break the downloaded file into a plurality of chunks; scan the plurality of chunks to identify potentially malicious chunks; predict whether the downloaded file is malicious based on the scan of the plurality of chunks; and determine whether the downloaded file is malicious based on the prediction.
G06F 21/56 - Détection ou gestion de programmes malveillants, p. ex. dispositions anti-virus
G06F 21/53 - Contrôle des utilisateurs, des programmes ou des dispositifs de préservation de l’intégrité des plates-formes, p. ex. des processeurs, des micrologiciels ou des systèmes d’exploitation au stade de l’exécution du programme, p. ex. intégrité de la pile, débordement de tampon ou prévention d'effacement involontaire de données par exécution dans un environnement restreint, p. ex. "boîte à sable" ou machine virtuelle sécurisée
91.
Secure connections between servers in a virtual private network
A method including configuring a VPN server to determine, based on requesting data of interest from a host device, that the host device has declined to provide the data of interest; configuring the VPN server to verify, based on determining that the host device has declined to provide the data of interest, an identity of a secondary server with which the VPN server is authorized to establish a secure connection; configuring the VPN server to establish, based on verifying the identity of the secondary server, a secure connection with the secondary server to enable communication of encrypted information; and configuring the VPN server to transmit, to the secondary server, an encrypted message identifying the host device and the data of interest to be retrieved from the host device to enable the secondary server to request the data of interest from the host device is disclosed. Various other aspects are contemplated.
A method including receiving, by a security device from a user device that is in a private network, a transmission packet for communication to a destination device over an open network; determining, by the security device based on receiving the transmission packet, whether the user device is permitted to transmit the transmission packet to the destination device over the open network; determining, by the security device based on determining that the user device is permitted to transmit the transmission packet to the destination device, whether the user device is permitted to utilize a protocol utilized by the user device to transmit the transmission packet; and determining, by the security device based on determining that the user device is permitted to utilize the protocol, whether the user device is permitted to utilize a transmission web application utilized by the user device to transmit the transmission packet is disclosed.
Disclosed are systems and methods for determining, by a processor associated with a user device, encrypted authentication information by encrypting authentication information that is associated with authenticating the user device with a service provider, the encrypting utilizing one or more encryption keys; detecting, by the processor, an attempt to access a service to be provided by the service provider based on detecting transmission of a request for the service from the user device to the service provider; determining, by the processor, one or more authentication factors to be utilized to authenticate the user device with the service provider based on decrypting the encrypted authentication information by utilizing one or more decryption keys; and enabling, by the processor, authentication of the user device with the service provider based on enabling transmission of the one or more authentication factors to the service provider. Various other aspects are contemplated.
H04L 9/32 - Dispositions pour les communications secrètes ou protégéesProtocoles réseaux de sécurité comprenant des moyens pour vérifier l'identité ou l'autorisation d'un utilisateur du système
A method including configuring a VPN server to receive, from a user device during an established VPN connection between the VPN server and the user device, a data request for the VPN server to retrieve data of interest from a host device; configuring the VPN server to utilize, during the established VPN connection, a first exit IP address to transmit a query to the host device for retrieving the data of interest; configuring the VPN server to determine, based on transmitting the query, that the first exit IP address is blocked by the host device; and configuring the VPN server to transmit, during the established VPN connection and based on determining that the first exit IP address is blocked, the data request to a secondary server to enable retransmission of the query to the host device by utilizing a second exit IP address is disclosed. Various other aspects are contemplated.
H04L 67/141 - Configuration des sessions d'application
H04L 61/4511 - Répertoires de réseauCorrespondance nom-adresse en utilisant des répertoires normalisésRépertoires de réseauCorrespondance nom-adresse en utilisant des protocoles normalisés d'accès aux répertoires en utilisant le système de noms de domaine [DNS]
95.
Utilization of multiple exit internet protocol addresses in a virtual private network
A method including receiving, at a VPN server from a user device during an established VPN connection between the VPN server and the user device, a data request for the VPN server to retrieve data of interest from a host device; utilizing, by the VPN server during the established VPN connection, a first exit IP address to transmit a query to the host device for retrieving the data of interest; determining, by the VPN server based on transmitting the query, that the first exit IP address is blocked by the host device; and transmitting, by the VPN server during the established VPN connection and based on determining that the first exit IP address is blocked, the data request to a secondary server to enable retransmission of the query to the host device by utilizing a second exit IP address is disclosed. Various other aspects are contemplated.
H04L 61/4511 - Répertoires de réseauCorrespondance nom-adresse en utilisant des répertoires normalisésRépertoires de réseauCorrespondance nom-adresse en utilisant des protocoles normalisés d'accès aux répertoires en utilisant le système de noms de domaine [DNS]
H04L 67/141 - Configuration des sessions d'application
96.
Utilization of multiple exit internet protocol addresses in a virtual private network
A method including receiving, at a VPN server from a user device, a data request for the VPN server to retrieve data of interest from a host device; transmitting, by the VPN server to the host device during the established VPN connection, a query to retrieve the data of interest based on utilizing a first exit IP address; and determining, by the VPN server based on transmitting the query, that the first exit IP address is blocked by the host device; retrieving, by the VPN server during the established VPN connection and based on determining that the first exit IP address is blocked by the host device, the data of interest based on utilizing a second exit IP address; and transmitting, by the VPN server to the user device during the established VPN connection, the data of interest retrieved based on utilizing the second exit IP address is disclosed.
H04L 67/141 - Configuration des sessions d'application
H04L 61/4511 - Répertoires de réseauCorrespondance nom-adresse en utilisant des répertoires normalisésRépertoires de réseauCorrespondance nom-adresse en utilisant des protocoles normalisés d'accès aux répertoires en utilisant le système de noms de domaine [DNS]
97.
Utilization of multiple exit internet protocol addresses in a virtual private network
A method including configuring a VPN server to receive, from a user device during an established VPN connection between the VPN server and the user device, a data request for the VPN server to retrieve data of interest; configuring the VPN server to transmit, during the established VPN connection, a query to retrieve the data of interest based on utilizing a first exit IP address; configuring the VPN server to determine, based on transmitting the query, that the first exit IP address is blocked; configuring the VPN server to retrieve, during the established VPN connection and based on determining that the first exit IP address is blocked by the host device, the data of interest based on utilizing a second exit IP address; and configuring the VPN server to transmit, to the user device during the established VPN connection, the data of interest is disclosed. Various other aspects are contemplated.
H04L 67/141 - Configuration des sessions d'application
H04L 61/4511 - Répertoires de réseauCorrespondance nom-adresse en utilisant des répertoires normalisésRépertoires de réseauCorrespondance nom-adresse en utilisant des protocoles normalisés d'accès aux répertoires en utilisant le système de noms de domaine [DNS]
98.
DETECTING MALICIOUS BEHAVIOR FROM HANDSHAKE PROTOCOLS USING MACHINE LEARNING
A method for identifying a malicious connection between a client device and a server includes obtaining handshake parameters for the client device and the server responsive to the client device initiating a connection with the server, generating a feature set by extracting features from the handshake parameters, predicting a maliciousness of the connection using a machine learning model, where the extracted features are provided as inputs to the machine learning model, and automatically initiating a corrective action if the connection is predicted to be malicious.
A method for identifying a malicious connection between a client device and a server includes obtaining handshake parameters for the client device and the server responsive to the client device initiating a connection with the server, generating a feature set by extracting features from the handshake parameters, predicting a maliciousness of the connection using a machine learning model, where the extracted features are provided as inputs to the machine learning model, and automatically initiating a corrective action if the connection is predicted to be malicious.
A method of generating a machine learning model for detecting malicious connections between two or more computing devices includes executing, within a secure operating environment, a plurality of known malicious software applications and a plurality of known non-malicious software applications, generating a dataset of known handshake parameters by monitoring connections between the plurality of known malicious software applications and one or more target servers, and the plurality of known non-malicious software applications and the one or more target servers, training a machine learning model using the dataset of known handshake parameters to predict a maliciousness of a connection between two or more computing devices based on handshake parameters between the two or more computing devices, and distributing the machine learning model to one or more client devices.
brevets