David P Mankins

US Patent:

7415012, Aug 19, 2008

Filed:

May 27, 2004

Appl. No.:

10/854789

Inventors:

David P. Mankins - Cambridge MA, US

Assignee:

Verizon Corporate Services Group Inc. - New York NY
BBN Technologies Corp. - Cambridge MA

International Classification:

H04L 12/56

US Classification:

370389

Abstract:

Systems and methods are disclosed for classifying packets with a rule. In one exemplary embodiment, the method includes receiving a packet; determining a key value for the received packet; identifying a rule corresponding to the determined key value by searching a set of rules, the set of rules being decorrelated such that there is no overlap in any key values corresponding to the decorrelated set of rules.

US Patent:

7900194, Mar 1, 2011

Filed:

Mar 23, 2005

Appl. No.:

11/088151

Inventors:

David P. Mankins - Cambridge MA, US

Assignee:

Verizon Corporate Services Group Inc. - Basking Ridge NJ
Raytheon BBN Technologies Corp. - Basking Ridge NJ

International Classification:

G06F 9/44
G06F 11/00
G06F 7/04

US Classification:

717127, 726 23, 726 25, 726 27

Abstract:

Kernel-based intrusion detection using Bloom filters is disclosed. In one of many possible embodiments for detecting an intrusion attack, a Bloom filter is provided and used to generate a Bloom filter data object. The Bloom filter data object contains data representative of expected system-call behavior associated with a computer program. The Bloom filter data object is embedded in an operating system (“OS”) kernel upon an invocation of the computer program. Actual system-call behavior is compared with the data in the Bloom filter data object.

US Patent:

7921285, Apr 5, 2011

Filed:

Nov 14, 2003

Appl. No.:

10/714101

Inventors:

Craig Partridge - East Lansing MI, US
Walter Clark Milliken - Dover NH, US
David Patrick Mankins - Cambridge MA, US

Assignee:

Verizon Corporate Services Group Inc. - Basking Ridge NJ
Raytheon BBN Technologies Corp. - Cambridge MA

International Classification:

H04L 29/06
H04L 29/00

US Classification:

713160, 713150, 713162, 709230, 709236, 370351, 370389, 370475, 726 22, 726 23

Abstract:

Embodiments of the invention reduce the probability of success of a DOS attack on a node receiving packets by decreasing the probability of random collisions of packets sent by a malicious user with those sent by honest users. The probability of random collisions may be reduced in one class of embodiments of the invention by supplementing the identification field of the IP header of each transmitted packet with at least one bit from another field of the header. The probability of random collisions may be reduced in another class of embodiments of the invention by ensuring that packets sent from a transmitting IPsec node to a receiving IPsec node are not fragmented.

US Patent:

8139504, Mar 20, 2012

Filed:

Apr 7, 2009

Appl. No.:

12/419543

Inventors:

David Patrick Mankins - Cambridge MA, US
Gregory D. Troxel - Stow MA, US
Karen Z. Haigh - Greenfield MN, US

Assignee:

Raytheon BBN Technologies Corp. - Cambridge MA

International Classification:

H04L 12/28

US Classification:

370254, 370401, 709242, 709249

Abstract:

Systems, devices, and methods for routing data through a first and a second ad-hoc network are described. Routing information structured according to a first routing protocol associated with a plurality of nodes in the first network is received at a border node that is part of at least the first and second ad-hoc networks. Routing information structured according to a second routing protocol associated with a plurality of nodes in the second ad-hoc network is also received. The received routing information is translated from the first routing protocol to the second routing protocol, or vice versa, and disseminated to nodes in the first or second ad-hoc networks. Data packets from nodes in the first ad-hoc network are forwarded to nodes in the second ad-hoc network, or vice versa, based in part on the translated routing information.

US Patent:

8595818, Nov 26, 2013

Filed:

Jun 1, 2011

Appl. No.:

13/150724

Inventors:

Josh Forrest Karlin - Cambridge MA, US
Gregory Stephen Lauer - Sudbury MA, US
Craig Partridge - East Lansing MI, US
David Patrick Mankins - Cambridge MA, US
William Timothy Strayer - West Newton MA, US

Assignee:

Raytheon BBN Technologies Corp. - Cambridge MA

International Classification:

H04L 29/06
G06F 11/00
G06F 12/14
G06F 12/16
G08B 23/00

US Classification:

726 12, 726 22, 726 23, 726 24, 713150

Abstract:

Systems, methods, and devices for decoy routing and covert channel bonding are described. The decoy routing system includes a client computing device, a decoy router, and a decoy proxy such that packets addressed to a decoy destination are re-routed by the decoy router to a covert destination via the decoy proxy. The decoy routing method may be applied to a covert channel bonding process, in which a plurality of packet data streams are sent to one or more decoy destinations, re-routed appropriately via one or more decoy routers and/or decoy proxies, and assembled together into a single packet data stream at either a decoy proxy, or a final covert destination.

US Patent:

20040103290, May 27, 2004

Filed:

Nov 22, 2002

Appl. No.:

10/302218

Inventors:

David Mankins - Cambridge MA, US

International Classification:

H04L009/32

US Classification:

713/193000

Abstract:

Systems and methods are provided for controlling the right to use an item. A user seeking the use of the item may communicate to a server a code identifying a security object and any other information requested by the server. The server may use the code to retrieve a key associated with the security object. The server may execute a cryptographic algorithm on at least the key and a time-dependent input to generate a one-time password, which the server may report to the user. The one-time password may be used to successfully gain access to the security object item only once within a predetermined period of time. The security object, which is disconnected from the server, may receive from the user the one-time password and execute a cryptographic algorithm on a locally-retrieved key and a time-dependent input to generate another one-time password. If the one-time passwords match, the user may be granted access to the item.

US Patent:

20040243782, Dec 2, 2004

Filed:

May 28, 2003

Appl. No.:

10/446309

Inventors:

David Mankins - Cambridge MA, US

International Classification:

G06F012/00

US Classification:

711/170000, 711/156000

Abstract:

Schemes for determining whether all of the fragments of a datagram are received are described herein. The schemes described herein can allocate fifteen bits of memory to one or more counters to facilitate a determination of whether all of the fragments of a datagram are received.

US Patent:

20050029358, Feb 10, 2005

Filed:

Aug 7, 2003

Appl. No.:

10/636416

Inventors:

David Mankins - Cambridge MA, US

International Classification:

G06F017/00
G06K007/10

US Classification:

235462460, 235375000

Abstract:

A system facilitates the purchase of an item or service using a wireless device (). The system may capture an image of a bar code () associated with a device () from which the item or service is being purchased and transmit the image to facilitate payment for the item or service. The system may alternatively process the image to extract information from the image and transmit the extracted information to facilitate payment for the item or service.