公开(公告)号：US10542006B2

公开(公告)日：2020-01-21

申请号：US15465315

申请日：2017-03-21

Applicant: Daniel Chien

Inventor： Daniel Chien

IPC: H04L29/06 ,  H04L29/08 ,  H04L12/721 ,  H04L12/741 ,  H04L29/12

Abstract: Techniques for network security are disclosed. In some implementations, an evaluation module determines whether a network communication from a source computing system to a destination computing system is allowable. The allowability of the communication is determined based properties of the network communication, such as a source or destination address, a port number, a time of day, a geographic location, and the like. If the communication is disallowed, the evaluation module or a related component redirects the communication to an alternative computing system that masquerades as the destination communication system.

公开(公告)号：US10382436B2

公开(公告)日：2019-08-13

申请号：US15359542

申请日：2016-11-22

Applicant: Daniel Chien

Inventor： Daniel Chien

IPC: H04L29/06 ,  G06F21/57 ,  H04L9/32 ,  G06F21/44 ,  H04L12/721 ,  H04L12/741

Abstract: Techniques for network security are disclosed. In some implementations, an evaluation module determines whether a network communication from a computing device is allowable. The allowability of the communication is determined based on (1) whether the computing device is using an authorized source network address, and (2) whether a non-modifiable identifier of the computing device is authorized. The non-modifiable identifier is a fixed hardware identifier of the computing device, such as an identifier of a CPU, network interface card, storage device, or the like.

公开(公告)号：US10277626B2

公开(公告)日：2019-04-30

申请号：US15808283

申请日：2017-11-09

Applicant: Daniel Chien

Inventor： Daniel Chien

IPC: H04L29/06

Abstract: Techniques for network traffic filtering and flow control are disclosed. Some implementations provide a network communication evaluation module (“NCEM”) that executes on a networking device, such as a gateway or router, and performs network traffic control, such as suppressing denial of service attacks or otherwise limiting packet flow. The NCEM performs packet filtering in order to identify and drop packets that are being (or are likely to be) transmitted as part of a denial of service attack. The NCEM conditionally drops packets that meet specified conditions or rules. For example, the NCEM may drop all packets that are using a nonauthentic source address. As another example, the NCEM may limit the volume of packets of a particular type, such as by limiting the number of DNS requests that are made during a specified time interval.

公开(公告)号：US08621604B2

公开(公告)日：2013-12-31

申请号：US11712648

申请日：2007-02-28

Applicant: Daniel Chien

Inventor： Daniel Chien

IPC: G06F11/00

CPC classification number: H04L63/1441 ,  G06F21/645 ,  G06F2221/2119 ,  H04L63/1491

Abstract: Identifying a questionable network address from a network communication. In an embodiment, a network device receives an incoming or outgoing connection request, a web page, an email, or other network communication. An evaluation module evaluates the network communication for a corresponding network address, which may be for the source or destination of the network communication. The network address generally includes an IP address and a port number. The evaluation module checks a predefined white list for the network address to determine whether the network address is valid. Depending on the result, the evaluation module sets an indicator for preventing, allowing, or warning about the network communication. A category code, security code, organization code, or function code, may also be checked against the white list to ensure a valid network node is not compromised. A domain name may also be determined from the network address to further validate the network communication.

Abstract translation: 从网络通信中识别可疑的网络地址。 在一个实施例中，网络设备接收传入或传出连接请求，网页，电子邮件或其他网络通信。 评估模块评估对应的网络地址的网络通信，该网络地址可以是网络通信的源或目的地。 网络地址通常包括IP地址和端口号。 评估模块检查网络地址的预定义白名单，以确定网络地址是否有效。 根据结果​​，评估模块设置一个用于防止，允许或警告网络通信的指示器。 还可以针对白名单检查类别代码，安全代码，组织代码或功能代码，以确保有效的网络节点不被泄露。 还可以从网络地址确定域名以进一步验证网络通信。

公开(公告)号：US20230198997A1

公开(公告)日：2023-06-22

申请号：US18113037

申请日：2023-02-22

Applicant: Daniel Chien

Inventor： Daniel Chien

IPC: H04L9/40

CPC classification number: H04L63/105 ,  H04L63/104

Abstract: Computer security techniques are described. One example provides a security module. The security module executes on a computing system and determines whether to allow a user or a program (e.g., native executable, script, etc.) associated with the user to access a resource, such as by reading, writing, or executing a file. An example operation system provides a new system administration mechanism that enforces rights and limitations for specific administrative and application groups that each have their own super user. Such a system may include a safe mode superuser who is required to log in when the system is in maintenance mode (e.g., single user console mode) at which time the safe mode superuser is the only user who is allowed to make programs executable.

公开(公告)号：US20210176253A1

公开(公告)日：2021-06-10

申请号：US16708423

申请日：2019-12-09

Applicant: Daniel Chien

Inventor： Daniel Chien

IPC: H04L29/06

Abstract: Computer security techniques are described. One example provides a security module. The security module executes on a computing system and determines whether to allow a user or a program (e.g., native executable, script, etc.) associated with the user to access a resource, such as by reading, writing, or executing a file. This decision is based at least in part on whether an access control list that is associated with the resource specifies that a source (e.g., IP address, hardware address) that is associated with the user is allowed to access the resource. This decision can also or instead be based on whether the computing system is executing in maintenance mode, such as in single-user diagnostic mode.

公开(公告)号：US10826912B2

公开(公告)日：2020-11-03

申请号：US16220652

申请日：2018-12-14

Applicant: Daniel Chien

Inventor： Daniel Chien

IPC: H04L29/06 ,  G06F21/45

Abstract: Techniques for computer security, and more specifically timestamp-abased authentication, are described. Some implementations provide an authentication method that utilizes an authentication process that is shared as a secret between a first and second computing system. The process provides as output a number that is based on a timestamp. The first computing system executes the authentication process using a timestamp obtained from its clock. The resulting number is transmitted to the second computing system, possibly along with other authentication data, such as a username and/or password. In response, the second computing system executes the authentication process using a timestamp obtained from its clock. If the numbers generated by the first and second computing systems match, the first computing system is authenticated.

公开(公告)号：US20200295932A1

公开(公告)日：2020-09-17

申请号：US16888839

申请日：2020-05-31

Applicant: Daniel Chien

Inventor： Daniel Chien

IPC: H04L9/08 ,  H04L29/06 ,  H04L7/00

Abstract: Techniques for computer security, and more specifically timestamp-based key generation techniques, are described. Some implementations provide a table of key generation processes that is shared as a secret between a first computing system and a second computing system, both of which have synchronized clocks. Both computing systems use the same technique for selecting a key generation process from the table, such as based on a random number generator seeded with a timestamp. Since the computing systems have synchronized clocks, they both select and use the same key generation process, thereby generating the same encryption key without the need to communicate the key from one system to another. Furthermore, both computing systems may synchronize their clocks to a private time server that maintains a clock that runs faster or slower than standard time. Security is maintained by one or more of restricting access to the time server, using secret key generation processes, and/or using a secret random number generator.

公开(公告)号：US20050263986A1

公开(公告)日：2005-12-01

申请号：US10853956

申请日：2004-05-26

Applicant: Steven Miller ,  Mark Reynolds ,  James Eckelberry ,  Robert Carlstedt ,  Daniel Chien ,  Kenneth Lang ,  Martin Peaker ,  Nancy Saxon ,  Jos Timmermans ,  Jeff Lloyd

Inventor： Steven Miller ,  Mark Reynolds ,  James Eckelberry ,  Robert Carlstedt ,  Daniel Chien ,  Kenneth Lang ,  Martin Peaker ,  Nancy Saxon ,  Jos Timmermans ,  Jeff Lloyd

IPC: B60G5/00

CPC classification number: B60G11/465 ,  B60G5/047 ,  B60G9/003 ,  B60G9/006 ,  B60G2200/31

Abstract: A vehicle suspension assembly includes a control rod pivotally connected between a vehicle frame and an axle. The control rod controls longitudinal and vertical movement of the axle. A spring member is pivotally connected to the frame and fixed to the axle. Air spring assemblies are mounted between the axle and frame. The rigidly mounted spring member exerts torsion forces on the axle to counter roll forces and the air spring assemblies provide favorable ride characteristics adaptable to various trailer load conditions.

Abstract translation: 车辆悬架组件包括枢转地连接在车架和车轴之间的控制杆。 控制杆控制轴的纵向和垂直运动。 弹簧构件枢转地连接到框架并固定到车轴上。 空气弹簧组件安装在轴和框架之间。 刚性安装的弹簧构件在轴上施加扭转力以对抗滚动力，并且空气弹簧组件提供适合于各种拖车负载条件的有利的乘坐特性。

公开(公告)号：US20180198796A1

公开(公告)日：2018-07-12

申请号：US15913889

申请日：2018-03-06

Applicant: Daniel Chien

Inventor： Daniel Chien

IPC: H04L29/06 ,  H04L29/12 ,  H04L12/24 ,  H04L12/741

CPC classification number: H04L63/101 ,  H04L41/12 ,  H04L45/74 ,  H04L61/1511 ,  H04L61/2007 ,  H04L61/2514 ,  H04L63/1441 ,  H04L63/145 ,  H04L63/1458 ,  H04L63/1483 ,  H04L67/02

Abstract: Techniques for evaluating a questionable network communication are disclosed. In some implementations, a network of computing systems or devices is provided. Each system includes an evaluation module that determines whether an outbound or inbound network communication is allowable based on one or more factors or properties of the communication, including one or more of an IP address, a listening port, a geographic location, time of day, or the like. The systems in the network may be configured to only communicate with other devices that are identified in a white list of trusted computing systems.