logo

For the Inventor, By the Inventor

The patent badge is an abbreviated version of the USPTO patent document. The patent badge does contain a link to the full patent document.

The patent badge is an abbreviated version of the USPTO patent document. The patent badge covers the following: Patent number, Date patent was issued, Date patent was filed, Title of the patent, Applicant, Inventor, Assignee, Attorney firm, Primary examiner, Assistant examiner, CPCs, and Abstract. The patent badge does contain a link to the full patent document (in Adobe Acrobat format, aka pdf). To download or print any patent click here.

Patent No.:

US 11176459 B1

PDFFull Text
Date of Patent:
Nov. 16, 2021

Filed:

Sep. 12, 2019

Extracting encryption metadata and terminating malicious connections using machine learning

Applicant:

Cujo Llc, El Segundo, CA (US);

Inventors:

Yuri Frayman, Miami, FL (US);

Robert Beatty, Lauderhill, FL (US);

Leonid Kuperman, Los Angeles, CA (US);

Gabor Takacs, Gyor, HU;

Assignee:

Cujo LLC, Walnut, CA (US);

Attorney:

Withrow & Terranova, PLLC

Primary Examiner:

Don G Zhao

Int. Cl.
CPC ...
H04L 29/00 (2006.01); G06N 5/00 (2006.01); G06N 20/00 (2019.01); H04L 29/06 (2006.01); H04L 12/46 (2006.01); G06N 20/20 (2019.01); H04W 12/082 (2021.01); H04W 12/088 (2021.01); H04B 10/114 (2013.01); H04L 12/28 (2006.01); G06N 3/08 (2006.01); G06N 20/10 (2019.01);
U.S. Cl.
CPC ...
G06N 5/003 (2013.01); G06N 20/00 (2019.01); G06N 20/20 (2019.01); H04B 10/1149 (2013.01); H04L 12/2825 (2013.01); H04L 12/2827 (2013.01); H04L 12/2834 (2013.01); H04L 12/4625 (2013.01); H04L 63/0428 (2013.01); H04L 63/06 (2013.01); H04L 63/0823 (2013.01); H04L 63/1416 (2013.01); H04L 63/1425 (2013.01); H04L 63/20 (2013.01); H04W 12/082 (2021.01); H04W 12/088 (2021.01); G06N 3/08 (2013.01); G06N 20/10 (2019.01);
Abstract

A network traffic hub extracts encryption metadata from messages establishing an encrypted connection between a smart appliance and a remote server and determines whether malicious behavior is present in the messages. For example, the network traffic hub can extract an encryption cipher suite, identified encryption algorithms, or a public certificate. The network traffic hub detects malicious behavior or security threats based on the encryption metadata. These security threats may include a man-in-the-middle attacker or a Padding Oracle On Downgraded Legacy Encryption attack. Upon detecting malicious behavior or security threats, the network traffic hub blocks the encrypted traffic or notifies a user.

Find Patent Forward Citations

Loading…