Multicast Patents (Class 713/163)
-
Patent number: 9323922Abstract: One embodiment of the present invention provides a system that differentiates service provided to a database user based on a security profile of the user. During operation, the system receives a sequence of commands from a user at a database system. The system then uses the sequence of commands to determine a security profile which indicates whether the user is behaving suspiciously. Next the system associates a resource consumer group with the user based on the security profile. Finally, the system differentiates service provided to the user based on the resource consumer group.Type: GrantFiled: January 6, 2005Date of Patent: April 26, 2016Assignee: ORACLE INTERNATIONAL CORPORATIONInventors: Nithya Muralidharan, Daniel ManHung Wong
-
Patent number: 9317326Abstract: A plurality of virtual machines (VMs) is migrated from a source group to a destination group in such as way as to achieve consistency and either availability or group preservation. Execution of VMs in the source group is selectively delayed during state migration so that memory transfer of all the VMs in the group will converge roughly at the same time. After VM state transfer to the destination group, execution switch-over is coordinated using different handshake and acknowledgement messages, passed either through a “leader” VM in each group, or directly between source-destination VM pairs.Type: GrantFiled: November 27, 2013Date of Patent: April 19, 2016Assignee: VMware, Inc.Inventors: Arunachalam Ramanathan, Gabriel Tarasuk-Levin
-
Patent number: 9294270Abstract: Various techniques that allow group members to detect the use of stale encryption policy by other group members are disclosed. One method involves receiving a message from a first group member via a network. The message is received by a second group member. The method then detects that the first group member is not using a most recent policy update supplied by a key server, in response to information in the message. In response, a notification message can be sent from the second group member. The notification message indicates that at least one group member is not using the most recently policy update. The notification message can be sent to the key server or towards the first group member.Type: GrantFiled: January 5, 2010Date of Patent: March 22, 2016Assignee: Cisco Technology, Inc.Inventors: Warren Scott Wainner, Sheela D. Rowles, Brian E. Weis, David Arthur McGrew, Scott R. Fluhrer, Kavitha Kamarthy
-
Patent number: 9240983Abstract: Disclosed herein are mechanisms to support the management of multicast keys for a multicast group comprising one or more optical line terminals (OLTs), one or more fiber to coax units (FCUs), and a plurality of coax network units (CNUs). The disclosed embodiments may support the management of multicast keys over optical and coaxial networks. In some embodiments, an FCU may facilitate communication of operations administration and maintenance (OAM) messages containing multicast keys from one or more OLTs to one or more CNUs (typically a plurality of CNUs). Some embodiments may employ one multicast key over both the optical network and coaxial network. Other embodiments may employ an optical domain multicast key over the optical network and an electrical domain multicast key over the coaxial network. Embodiments may comprise adding a first CNU to a multicast group as well as adding subsequent CNUs to the multicast group.Type: GrantFiled: June 6, 2014Date of Patent: January 19, 2016Assignee: Futurewei Technologies, Inc.Inventors: Yanbin Sun, Guangsheng Wu, Li Zhang, Fanglin Sun, Jim Chen
-
Patent number: 9210223Abstract: In one embodiment, a first network device receives a priority message from a second network device, wherein the priority message conforms to a connection establishment protocol and indicates a priority associated with the second network device. The first network device obtains the priority from the priority message and stores the priority. The first network device allocates resources for at least one of control or data plane processing to the second network device in accordance with the priority.Type: GrantFiled: August 23, 2014Date of Patent: December 8, 2015Assignee: Cisco Technology, Inc.Inventors: Mohamed Khalid, Sunil Cherukuri, Haseeb Sarwar Niazi, Muhammad Afaq Khan
-
Patent number: 9209972Abstract: Methods, systems and apparatuses for a mediator controlling access to an electronic content, are disclosed. One method includes receiving, by a mediator device of a mediator, a second share SKG2 from an owner device, wherein a first share SKG1 is provided to a member device of a member of a group by the owner device. Further, the mediator receives a request from the member for mediation, including the mediator receiving a dispatch of the header of the encrypted electronic content. Further, the mediator receives a request for mediation, including the mediator receiving a dispatch of the header of the encrypted electronic content from the member. Further, the mediator determines whether the member is eligible to decrypt the electronic content, if eligible, the mediator responding to the request for mediation with a member accessible header, wherein the member accessible header includes the header after application of SKG2.Type: GrantFiled: January 31, 2015Date of Patent: December 8, 2015Assignee: PivotCloud, Inc.Inventors: Roy Peter D'Souza, Lars Kuhtz
-
Patent number: 9210460Abstract: A user device provides, to a content delivery system, a content request for selected media and receives, in response to the content request, a unicast link for receiving the selected media via a unicast stream and a multicast link for receiving the selected media via a multicast stream. The user device presents a first portion of the selected media via the unicast stream and buffers, in a local memory, a second portion of the selected media from the multicast stream. The second portion is later in linear sequence of the selected media than the first portion. The user device discontinues presenting the first portion of the selected media when the first portion would overlap the second portion and present the second portion of the selected media from the memory.Type: GrantFiled: December 12, 2013Date of Patent: December 8, 2015Assignee: Verizon and Redbox Digital Entertainment Services, LLCInventors: Jian Huang, Jack Jianxiu Hao, Xuefeng Yao, Yuhui Qian
-
Patent number: 9197700Abstract: Some embodiments provide non-transitory machine-readable medium that stores a program which when executed by at least one processing unit of a device synchronizes a set of keychains stored on the device with a set of other devices. The device and the set of other devices are communicatively coupled to one another through a peer-to-peer (P2P) network. The program receives a modification to a keychain in the set of keychains stored on the device. The program generates an update request for each device in the set of other devices in order to synchronize the set of keychains stored on device with the set of other devices. The program transmits through the P2P network the set of update requests to the set of other devices over a set of separate, secure communication channels.Type: GrantFiled: March 15, 2013Date of Patent: November 24, 2015Assignee: APPLE INC.Inventors: Michael Brouwer, Dallas B. De Atley, Mitchell D. Adler
-
Patent number: 9191688Abstract: A system, device, and method for receiver access control in an interne television system uses a push mechanism to distribute access control information from a distribution device to an access device. The access device uses the access control information to make receiver access control decisions for a subsequently received request from a host to join a television channel multicast group.Type: GrantFiled: July 17, 2014Date of Patent: November 17, 2015Assignee: RPX CLEARINGHOUSE LLCInventors: Bradley Cain, Thomas P. Hardjono
-
Patent number: 9191219Abstract: Methods, systems, and apparatus, including computer programs encoded on a computer storage medium, can include establishing communications with one or more peers in a communication group via one or more unicast communication channels; sending a participation information request on a multicast communication channel of a local network to discover peers that participate in the communication group; receiving one or more responses to the participation information request on the multicast channel of the local network from one or more peers that participate in the communication group; selecting one or more of the peers from which the one or more responses were received based on a network topology condition to reduce communication latency in at least a portion of the communication group; and communicating with the one or more selected peers to distribute information within the communication group.Type: GrantFiled: June 16, 2009Date of Patent: November 17, 2015Assignee: Adobe Systems IncorporatedInventors: Matthew Kaufman, Michael Thornburgh
-
Patent number: 9167422Abstract: A method for ensuring media stream security in an IP Multimedia Subsystem network is disclosed. The method includes: assigning an end-to-end media stream security key for a calling User Equipment (UE) or a called UE, by a network device with which the calling UE or the called UE is registered, respectively, and transmitting the media stream security key to a network device with which the opposite end is registered; encrypting the end-to-end media stream security key using a session key shared with the calling UE or the called UE respectively, and transmitting the encrypted end-to-end media stream security key to the calling UE or the called UE, respectively, via a session message; encrypting or decrypting a media stream, by the calling UE or the called UE, respectively, using the end-to-end media stream security key.Type: GrantFiled: October 10, 2013Date of Patent: October 20, 2015Assignee: Inventergy, Inc.Inventor: Jun Yan
-
Patent number: 9143489Abstract: An improved system and method are disclosed for peer-to-peer communications. In one example, the method enables endpoints to securely send and receive messages to one another within a hybrid peer-to-peer environment.Type: GrantFiled: December 16, 2013Date of Patent: September 22, 2015Assignee: Damaka, Inc.Inventors: Sivakumar Chaturvedi, Satish Gundabathula
-
Patent number: 9143321Abstract: A method and apparatus for transmitting encryption keys in a secure communication system is provided herein. During rekeying of a device, a key encryption key (KEK) is utilized to wrap (encrypt) the traffic encryption key (TEK) when the KEK is available to the device. If unavailable, the TEK will be wrapped using public key encryption with the recipient device's public key. The receiving device will then be able to unwrap the TEK using public key decryption with its own private key. Because TEKs are always transmitted in a secure manner, secure and efficient rekeying of devices on foreign networks can occur.Type: GrantFiled: March 9, 2012Date of Patent: September 22, 2015Assignee: MOTOROLA SOLUTIONS, INC.Inventors: Thomas J. Senese, Helen Y. Hoselton, Obaid Shahab
-
Patent number: 9143486Abstract: According to one embodiment, there is provided a communication device including a first communication layer receiving processor to perform a receiving process on a first communication layer on data received from a first communication device. The first communication layer receiving processor includes a first key identifying unit to identify, a key required to process the data; a first attribute identifying unit to identify, pursuant to key data, first attribute information that is attribute information associated with the key as identified; and a data processor to process the data using the key as identified. The data processed by the data processor and the first attribute information are passed to a second communication layer processor configured to perform a process on a second communication layer.Type: GrantFiled: November 25, 2013Date of Patent: September 22, 2015Assignee: KABUSHIKI KAISHA TOSHIBAInventors: Yasuyuki Tanaka, Mitsuru Kanda, Seijiro Yoneyama, Yoshiki Terashima
-
Patent number: 9118627Abstract: There are provided measures for resource reservation improvement in session initiation. Such measures for resource reservation improvement may for example comprise receiving a session initiation request of a user, determining an authentication type of the user, detecting, in the received session initiation request, an absence of authentication data required for an authentication in accordance with the determined authentication type of the user, and preventing a resource reservation for the requested session initiation.Type: GrantFiled: April 9, 2009Date of Patent: August 25, 2015Assignee: Nokia Solutions and Networks OyInventors: Adam Boeszoermenyi, Karl Lanzinger
-
Patent number: 9081936Abstract: A system and method for tracking a downloaded digital media file which employs reheader splicing of the digit media file for digital rights management (DRM) are provided. The system and method provide for receiving a request for a first file from a client, accessing the first file and a second file that is representative of the first file, applying data identifying the client into the second file, and combining the first and second file such that a size of the combined file is substantially the same size as the accessed first file, and downloading the combined first and second file to the client. The combining of the first and second file includes replacing corresponding object components of the first file with the objects components of the second file. The data identifying the client includes at least one of a transaction ID, merchant ID, user ID and order ID.Type: GrantFiled: November 12, 2008Date of Patent: July 14, 2015Assignee: THOMSON LICENSING, LLCInventors: Peter Tadeusz Matuchniak, Bryan Bledstein, Walterlance Ware
-
Patent number: 9076188Abstract: In one embodiment of the present invention, a source point of a supply chain secures shipment of an object by devising an encryption key and encrypting a message using the encryption key to produce an encrypted message. A portion or portions of the encryption key and the encrypted message are included or incorporated within the object to be shipped, packaging surrounding the object, and/or labels affixed to the object or packaging, prior to shipping the object to a destination point within the supply chain. Upon receipt of the object from the supply chain, the destination point can extract the portion or portions of the encryption key and the encrypted message from the object, packaging surrounding the object, and/or labels affixed to the object or packaging, obtain the remaining portion of the encryption key directly from the source point, reassemble the encryption key, and decrypt the encrypted message to produce a computed message.Type: GrantFiled: April 13, 2005Date of Patent: July 7, 2015Assignee: Hewlett-Packard Development Company, L.P.Inventors: Salil Pradhan, Vinay Deolalikar, Lester Ortiz, Aliplo Caban, Geoff Lyon
-
Patent number: 9071856Abstract: In one embodiment, a method determines an audience rule to be applied for delivering content. The audience rule specifies an audience that is defined based on a combination of device properties, content properties, and digital rights management (DRM) properties. A device group associated with a group of devices is determined where devices in the device group are associated with content authorization properties, device properties, and digital rights management (DRM) properties. The method then applies the audience rule to the device group to determine any devices in the group of devices in which a content authorization for a device should be altered based on analyzing the content authorization properties, device properties, and digital rights management (DRM) properties of the device group and the combination of device properties, content properties, and digital rights management (DRM) properties of the audience rule.Type: GrantFiled: May 31, 2012Date of Patent: June 30, 2015Assignee: ARRIS Technology, Inc.Inventor: Thomas J. Bahnck
-
Patent number: 9071423Abstract: A system and method for identifying the player that leaked content encryption keys by loading a set of player keys into individual content players and determining the number of encryptions and the number of encryption keys to use in multiple encrypting critical content. The method produces copies of critical data content packets, each copy of which is separately encrypted using any one of a set of encryption keys that are related to one another through a mathematical algorithm. The related set of encryption keys and data describing key relationship and content player identity are transmitted to a previously determined license management agency. The transmitted encrypted content is written to a receiving device or file, or streamed to an individual player for non-synchronous playback. This abstract is not to be considered limiting, since other embodiments may deviate from the features described in this abstract.Type: GrantFiled: August 24, 2012Date of Patent: June 30, 2015Assignees: Sony Corporation, Sony Electronics Inc.Inventor: Brant L. Candelore
-
Patent number: 9071725Abstract: Systems and techniques for transferring electronic data between users of a communications system by receiving, at an instant messaging host, a video file from a sender and intended for a recipient; authenticating the video file; and sending the video file to the intended recipient.Type: GrantFiled: September 13, 2012Date of Patent: June 30, 2015Assignee: FACEBOOK, INC.Inventors: Noel Enete, Wayne Packard, Harry W. Morris
-
Patent number: 9049024Abstract: A method for managing a conference between two or more parties comprises an identity based authenticated key exchange between a conference management element and each of the two or more parties seeking to participate in the conference. Messages exchanged between the conference management element and the two or more parties are encrypted based on respective identities of recipients of the messages. The method comprises the conference management element receiving from each party a random group key component. The random group key component is computed by each party based on a random number used by the party during the key authentication operation and random key components computed by a subset of others of the two or more parties seeking to participate in the conference. The conference management element sends to each party the random group key components computed by the parties such that each party can compute the same group key.Type: GrantFiled: August 28, 2012Date of Patent: June 2, 2015Assignee: Alcatel LucentInventors: Ganapathy S. Sundaram, Violeta Cakulev
-
Patent number: 9047468Abstract: A method, system and computer-readable storage medium with instructions to migrate full-disk encrypted virtual storage between blade servers. A key is obtained to perform an operation on a first blade server. The key is obtained from a virtual security hardware instance and provided to the first blade server via a secure out-of-band communication channel. The key is migrated from the first blade server to a second blade server. The key is used to perform hardware encryption of data stored on the first blade server. The data are migrated to the second blade server without decrypting the data at the first blade server, and the second blade server uses the key to access the data. Other embodiments are described and claimed.Type: GrantFiled: December 30, 2008Date of Patent: June 2, 2015Assignee: Intel CorporationInventors: Palsamy Sakthikumar, Vincent J. Zimmer
-
Patent number: 9038191Abstract: Methods and apparatus are provided for providing a DRM service by a user terminal apparatus consuming DRM content in a service environment that provides the DRM content using a plurality of incompatible DRM systems. A license corresponding to the DRM content is acquired from a service providing apparatus that provides the DRM content. It is determined whether the license is a common license having a common DRM interface format. The common DRM interface format of the common license is converted to a format of a first DRM system installed in the user terminal apparatus, when the license is the common license. The license having the format of the first DRM system is applied in reproducing the DRM content. The common license is provided from the service providing apparatus to the user terminal apparatus through a common DRM interface when the service providing apparatus does not support the first DRM system.Type: GrantFiled: April 27, 2012Date of Patent: May 19, 2015Assignee: Samsung Electronics Co., LtdInventors: Sergey Nikolayevich Seleznev, Byung-Rae Lee, Bo-Gyeong Kang
-
Patent number: 9021272Abstract: The present invention relates to key management in a secure microcontroller, and more particularly, to systems, devices and methods of automatically and transparently employing logic or physical address based keys that may also be transferred using dedicated buses. A cryptographic engine translates a logic address to at least one physical address, and processes a corresponding data word based on at least one target key. The target key is selected from a plurality of keys based on the logic or physical address. A universal memory controller stores each processed data word in the corresponding physical address within a memory. Each key is associated with a memory region within the memory, and therefore, the logic or physical address associated with a memory region may be used to automatically identify the corresponding target key. A dedicated secure link may be used to transport key request commands and the plurality of keys.Type: GrantFiled: August 28, 2012Date of Patent: April 28, 2015Assignee: Maxim Integrated Products, Inc.Inventors: Vincent Debout, Frank Lhermet, Yann Yves René Loisel, Grégory Rome, Christophe Tremlet
-
Patent number: 9008311Abstract: A communication system that includes a sender computer and plurality of designated receiver computers coupled to the sender through a communication link. Each one of the receiver computers is equipped with computational resources stronger than the computational resources of an adversary computer. There is provided a method for sending a secret from the sender computer to a designated receiver computer. The sender computer defining a succession of computational tasks having respective solutions. The computational tasks are so defined such that the duration of solving each task by the receiver computer is shorter than what would have been required for the adversary computer to solve the task. Next, the sender computer sending through the link the succession of tasks encrypted by previous solutions and the receiver computer receiving the tasks and is capable of decrypting the secret faster than what would have been required for the adversary computer to decrypt the secret.Type: GrantFiled: June 23, 2005Date of Patent: April 14, 2015Assignee: Ben-Gurion University of the Negev Research and Development AuthorityInventors: Shlomi Dolev, Ephraim Korach, Galit Uzan
-
Patent number: 9009474Abstract: A method and apparatus for detecting data modification in a layered operating system is disclosed. Outbound content indicators at different layers are compared to detect potential outbound data modifications. Likewise, inbound content indicators at different layers are compared to detect potential inbound data modifications. Content indicators include checksum, cryptographic hash, signature, and fingerprint indicators. Embodiments of the present invention enable detection of data modifications across an operating system's kernel and user mode spaces, prevention of modified outbound data from reaching a network, prevention of modified input data from reaching a user application, and detection of malware and faults within an operating system.Type: GrantFiled: April 28, 2014Date of Patent: April 14, 2015Assignee: Trend Micro IncorporatedInventor: Blake Stanton Sutherland
-
Patent number: 8983065Abstract: Method and apparatus for secure transmissions. Each user is provided a registration key. A long-time updated broadcast key is encrypted using the registration key and provided periodically to a user. A short-time updated key is encrypted using the broadcast key. The short-time key is available with each broadcast message, wherein sufficient information to calculate the short-time key is provided in an Internet protocol header preceding the broadcast content. Broadcasts are then encrypted using the short-time key, wherein the user decrypts the broadcast message using the short-time key.Type: GrantFiled: February 28, 2008Date of Patent: March 17, 2015Assignee: QUALCOMM IncorporatedInventors: Nikolai Konrad Leung, Philip Michael Hawkes, Gregory Gordon Rose
-
Patent number: 8966586Abstract: An OpenFlow network controller controls an OpenFlow network. A networking connection is established between the OpenFlow network controller and an OpenFlow network device attempting to become part of the OpenFlow network. After establishing the networking connection with the OpenFlow network device, the OpenFlow network controller attempts to authenticate the OpenFlow network device. Where authentication of the OpenFlow network device is successful, the OpenFlow network controller sends a message to the OpenFlow network device to indicate that the authentication was successful and permits the OpenFlow network device to join and perform OpenFlow messaging.Type: GrantFiled: January 27, 2013Date of Patent: February 24, 2015Assignee: International Business Machines CorporationInventors: Vishal Shukla, Ashish Kapur, Thu Quoc Tran
-
Patent number: 8964744Abstract: A management apparatus for managing one or a plurality of devices connected to a network, comprises a management unit configured to manage information of each device; an instruction unit configured to cause a server having a function of managing a key to implement multicast using IPsec to register information of the management apparatus and the information of a device caused to belong to a multicast group out of the devices managed by the management unit, and issue key information to be used in the multicast group; and a communication unit configured to perform multicast communication using the IPsec with the device belonging to the multicast group using the key information issued by the server.Type: GrantFiled: October 4, 2012Date of Patent: February 24, 2015Assignee: Canon Kabushiki KaishaInventor: Masahito Hirai
-
Patent number: 8955093Abstract: A network system includes a security device and a network access device. The network access device is to receive a packet from a source node destined to a destination node, and to examine a data structure maintained by the network access device to determine whether the data structure stores a data member having a predetermined value, the data member indicating whether the packet should undergo security processing. If the data member matches the predetermined value, the packet is transmitted to a security device associated with the network access device to allow the security device to perform content inspection, and in response to a response received from the security device, the packet is routed to the destination node dependent upon the response. The packet is routed to the destination node without forwarding the packet to the security device.Type: GrantFiled: April 10, 2013Date of Patent: February 10, 2015Assignee: Varmour Networks, Inc.Inventors: Choung-Yaw Michael Shieh, Meng Xu, Yi Sun, Jia-Jyi Roger Lian
-
Patent number: 8954735Abstract: A method and device for securely provisioning trust anchors includes generating a database wrapper key as a function of computing device hardware. The database wrapper key encrypts a key database when it is not in use by a trusted execution environment and may be generated using a Physical Unclonable Function (PUF). A local computing device establishes a secure connection and security protocols with a remote computing device. In establishing the secure connection, the local computing device and remote computing device may exchange and/or authenticate cryptographic keys, including Enhanced Privacy Identification (EPID) keys, and establish a session key and device identifier(s). One or more trust anchors are then provisioned depending on whether unilateral, bilateral, or multilateral trust is established. The local computing device may act as a group or domain controller in establishing multilateral trust. Any of the devices may also require user presence to be verified.Type: GrantFiled: September 28, 2012Date of Patent: February 10, 2015Assignee: Intel CorporationInventors: Ned M. Smith, David Johnston, George W. Cox, Adi Shaliv
-
Patent number: 8949949Abstract: In an embodiment, a method enables authentication of devices connected to a network. The method also enables the devices to digitally sign communication on the network with private keys. When a new device is added to the network, a mobile device may be connected to the new device. The mobile device receives identification from the new device and sends the identification to an authorization server, over a public network. The mobile device also sends a request for a private key to the authorization server. The authorization server contains an inventory of the devices authorized to communicate over the network. If the identification of the new device exists in the inventory, the authorization server sends a private key to the mobile device, over the public network. The mobile device forwards the private key to the new device.Type: GrantFiled: February 11, 2014Date of Patent: February 3, 2015Assignee: Level 3 Communications, LLCInventors: William Thomas Sella, James Michael Sella
-
Patent number: 8949943Abstract: A third-party can subscribe to one or more electronic message group lists without joining the group lists by creating a trust relationship between the subscriber and a group list member. In particular, the subscriber can send a trust indicator to the group member, who can then determine whether to accept the trust indicator for all or specific groups that are associated with the group member, as appropriate. In at least one embodiment, the group member can send a trust indicator acceptance message to the subscriber that identifies the group member, and any or all group lists associated with the group member. The subscriber can then receive messages directed to the trusted group member or group lists, and can send group messages to the group lists subject to a receive setting associated with the group lists or group members of the group lists.Type: GrantFiled: August 29, 2012Date of Patent: February 3, 2015Assignee: Facebook, Inc.Inventor: Richard A. Landsman
-
Patent number: 8942378Abstract: A method for encrypting multicast services in a passive optical network system is provided in the present invention, and the method includes: an Optical Line Terminal (OLT) generating a public key, and using the public key to encrypt the multicast service data in a bearer channel and then transmitting the encrypted data, the multicast service data in the same one bearer channel being encrypted using the same public key; and said OLT sending the public key ,which is used to encrypt the multicast service data, via a management control channel to an Optical Network Unit (ONU) which is activated successfully and requests to receive said multicast service data. A device for encrypting multicast services in a passive optical network system is also provided in the present invention.Type: GrantFiled: November 10, 2010Date of Patent: January 27, 2015Assignee: ZTE CorporationInventors: Dezhi Zhang, Liquan Yuan
-
Patent number: 8931085Abstract: There is provided a method for optimizing a download of requested data to an electronic data processing unit that is currently receiving unrequested multicast data through a router included in a network. The unrequested multicast data corresponds to at least one multicast data group. Internet Group Management Protocol (IGMP) V2 Leave Messages are sent to the router for the at least one multicast data group. IGMP Membership Queries issued by the router for the at least one multicast data group are ignored, so as to cause the router to terminate a transmission of the unrequested multicast data to free up available bandwidth for the download of the requested data.Type: GrantFiled: August 8, 2003Date of Patent: January 6, 2015Assignee: Thomson LicensingInventor: William Henry Yost
-
Patent number: 8925042Abstract: An intermediary device may be used to connect a telecommunications device to an existing secure network that is accessed by a computing device. The intermediary device may simplify connections to the secure network by connecting to the secure network without setting up a new connection to the secure network. The telecommunications device may connect to the computing device, via the intermediary device, using a secondary network, which enables the telecommunications device to access the secure network through the computing device. In some instances, the computing device may operate to bridge a connection with the telecommunications device and perform some or all of the functions of the intermediary device.Type: GrantFiled: April 28, 2011Date of Patent: December 30, 2014Assignee: T-Mobile USA, Inc.Inventors: Mark Drovdahl, Paulo Chow, Sinclair M. Temple
-
Patent number: 8924719Abstract: Secure bulk messaging mechanism in which, roughly described, a sender first encrypts a message once. The message can be decrypted with a message decryption key. These can be symmetric or asymmetric keys. For each recipient, the sender then encrypts the message decryption key with the recipient's public key. The sender then sends the encrypted message and the encrypted message decryption keys to a store-and-forward server. Subsequently, one or more recipients connect to the server and retrieve the encrypted message and the message encryption key that has been encrypted with the recipient's public key. Alternatively, the server can forward these items to each individual recipient. The recipient then decrypts the encrypted message decryption key with the recipient's private key, resulting in an unencrypted message decryption key. The recipient then decrypts the message using the unencrypted message decryption key.Type: GrantFiled: December 17, 2012Date of Patent: December 30, 2014Assignee: Axway Inc.Inventor: David Jevans
-
Patent number: 8913751Abstract: A key management and node authentication method for a sensor network is disclosed. The method comprises the following steps of: 1) keys pre-distribution: before deploying the network, communication keys for establishing security connection between nodes are pre-distributed to all of nodes by a deployment server. 2) Keys establishment: after deploying the network, a pair key for the security connection is established between nodes, which includes the following steps of: 2.1) establishment of shared keys: the pair key is established between neighbor nodes in which the shared keys are existed; 2.2) path keys establishment: the pair key is established between the nodes in which there is no shared keys but there is a multi-hop security connection. 3) Node identity (ID) authentication: before formally communicating between nodes, the identity is authenticated so as to determine the legality and the validity of the identity of the other.Type: GrantFiled: June 2, 2010Date of Patent: December 16, 2014Assignee: China IWNCOMM Co. Ltd.Inventors: Zhiqiang Du, Jun Cao, Manxia Tie, Zhenhai Huang
-
Publication number: 20140365768Abstract: Disclosed herein are mechanisms to support the management of multicast keys for a multicast group comprising one or more optical line terminals (OLTs), one or more fiber to coax units (FCUs), and a plurality of coax network units (CNUs). The disclosed embodiments may support the management of multicast keys over optical and coaxial networks. In some embodiments, an FCU may facilitate communication of operations administration and maintenance (OAM) messages containing multicast keys from one or more OLTs to one or more CNUs (typically a plurality of CNUs). Some embodiments may employ one multicast key over both the optical network and coaxial network. Other embodiments may employ an optical domain multicast key over the optical network and an electrical domain multicast key over the coaxial network. Embodiments may comprise adding a first CNU to a multicast group as well as adding subsequent CNUs to the multicast group.Type: ApplicationFiled: June 6, 2014Publication date: December 11, 2014Inventors: Yanbin Sun, Guangsheng Wu, Li Zhang, Fanglin Sun, Jim Chen
-
Patent number: 8910304Abstract: A control API controls secret data to be stored in a secret data storage area which is accessible only to the control API. Moreover, the control API controls the file information storing part in the secret data storage area to store (i) storing location information of the stored secret data and (ii) administrative storage location information notified by the web application so that the storing location information and the administrative storage location information are associated with each other. This makes it possible to (i) prevent a leakage of confidential information and (ii) allow an authorized web application to easily use the confidential information.Type: GrantFiled: October 25, 2012Date of Patent: December 9, 2014Assignee: Sharp Kabushiki KaishaInventor: Kunihiko Tsujimoto
-
Patent number: 8903094Abstract: The invention concerns a cryptographic key distribution system comprising a server node, a repeater network connected to the server node through a quantum channel, and a client node connected to the repeater network through a quantum channel; wherein in use: the repeater network and the client node cooperatively generate a transfer quantum key which is supplied to a system subscriber by the client node; the server node and the repeater network cooperatively generate a link quantum key; the repeater network encrypts the link quantum key based on the transfer quantum key and sends the encrypted link quantum key to the system subscriber through a public communication channel; the server node encrypts a traffic cryptographic key based on the link quantum key and a service authentication key and sends the encrypted traffic cryptographic key to the system subscriber through a public communication channel.Type: GrantFiled: August 3, 2012Date of Patent: December 2, 2014Assignee: Selex Sistemi Integrati S.p.A.Inventor: Fabio Antonio Bovino
-
Patent number: 8903096Abstract: Provided are techniques for the fast and reliable distribution of security keys within a cluster of computing devices, or computers. One embodiment provides a method for secure distribution of encryption keys, comprising generating a symmetric key for the encryption of communication among a plurality of nodes of a cluster of nodes; encrypting the symmetric key with a plurality of public keys, each public key corresponding to a particular node of the plurality of modes, to generate a plurality of encrypted symmetric keys; storing the plurality of encrypted symmetric keys in a central repository; and distributing the encrypted symmetric keys to the nodes such that each particular node receives an encrypted symmetric key corresponding to a corresponding public key of the particular node.Type: GrantFiled: July 24, 2012Date of Patent: December 2, 2014Assignee: International Business Machines CorporationInventors: Jes Kiran Chittigala, Ravi A. Shankar, Vidya Ranganathan
-
Patent number: 8897445Abstract: A combination-based broadcast encryption method includes: assigning by a server a base group of different combinations to each user; producing and sending secret information for each user by using as a base the base group allocated to each user; producing and sending an inverse-base parameter value through calculations with integers used to produce the base group and key value information of one or more privileged users; and deriving a group key by using the key value information of the privileged users, encrypting a session key by using the derived group key, and sending the encrypted session key to each user. Accordingly, each user is assigned a different base through a combination, thereby having security against collusion attacks.Type: GrantFiled: April 30, 2012Date of Patent: November 25, 2014Assignee: Samsung Electronics Co., Ltd.Inventors: Weon-il Jin, Dae-youb Kim, Hwan-joon Kim, Sung-joon Park
-
Patent number: 8892874Abstract: A method for secure direct link communications between multiple wireless transmit/receive units (WTRUs). The WTRUs exchange nonces that are used for generating a common nonce. A group identification information element (GIIE) is generated from at least the common nonce and is forwarded to an authentication server. The authentication server generates a group direct link master key (GDLMK) from the GIIE to match WTRUs as part of a key agreement group. Group key encryption key (GKEK) and a group key confirmation key (GKCK) are also generated based on the common nonce and are used to encrypt and sign the GDLMK so that base stations do not have access to the GDLMK. Also disclosed is a method for selecting a key management suite (KMS) to generate temporal keys. A KMS index (KMSI) may be set according to a selected KMS, transmitted to another WTRU and used to establish a direct link.Type: GrantFiled: December 16, 2009Date of Patent: November 18, 2014Assignee: InterDigital Patent Holdings, Inc.Inventors: Alexander Reznik, Yogendra C. Shah
-
Patent number: 8886931Abstract: In a case where another user's communication terminal (nTE113) departs from a group, user's communication terminal (TEb14) updates encryption information, using the terminal individual information of only the communication terminals (nTE213 and nTE313) which remain in the group (PNy). User's communication terminal (TEb14) encrypts the PN-shared key (KPNy), using the updated encryption information. User's communication terminal (TEb14) transmits the encrypted shared key information obtained from this encryption to a management device (PNSP11), and updates the encrypted shared key information stored in the management device (PNSP11).Type: GrantFiled: March 3, 2010Date of Patent: November 11, 2014Assignee: KDDI CorporationInventors: Takashi Matsunaka, Yoji Kishi, Takayuki Warabino
-
Patent number: 8887237Abstract: Assigning clients to VLANs on a digital network. A client attaching to a digital network through a network device is initially assigned to a first VLAN. This VLAN may have restricted access and is used for authentication. The device snoops DHCP traffic on this first VLAN rewriting DHCP traffic from the client to request a short lease time for the client. A short lease time may be on the order of 30 seconds. The device optionally rewrites DHCP traffic to the client on the first VLAN to assure a short lease time is returned; this rewriting supports DHCP servers which do not issue short leases. Traffic on this first VLAN may be limited to authentication such as captive portals, 802.1x, Kerberos, and the like. If client authentication on the first VLAN does not succeed, when the short lease expires, the client will receive another short lease on the first VLAN. The network device snoops authentication traffic.Type: GrantFiled: May 13, 2011Date of Patent: November 11, 2014Assignee: Aruba Networks, Inc.Inventors: Ramsundar Janakiraman, Rajesh Mirukula, Brijesh Nambiar
-
Patent number: 8885830Abstract: A system for establishing an encrypted multicast communication session over a communications network can include a client means (e.g., a radio, laptop, workstation, phone, PDA) and a server means. The client means can transmit a request for a first user to join a pre-defined collaborative group, including at least the first user and a second user. The client means can transmit a request for a first user to create or select a collaborative group based on specified criteria. The system can also include a server means that can retrieve, select or generate an encryption key for the collaborative group and transmit the encryption key to the first user via the client means. The server can transmit the encryption key to the second user via a second client means. The client means can communicate via multicast, encrypting end-to-end above the network layer using the encryption key received from the server means.Type: GrantFiled: May 4, 2009Date of Patent: November 11, 2014Assignee: Mitre CorporationInventors: Thomas Tahan, Steven Leonard Cox, Weilin Wang, Martin Woscek
-
Patent number: 8869290Abstract: A broadband gateway, which enables communication with a plurality of devices, handles at least one physical layer connection to at least one corresponding network access service provider. Security boundaries such as conditional access (CA) and/or digital right management (DRM) boundaries associated with the broadband gateway are identified based on security profiles associated with the plurality of devices and/or a service from networks. The identified security boundaries are utilized to determine or negotiate CA information for content access for the service. The received content may be distributed according to the determined CA information and the security profiles of the corresponding devices. The broadband gateway may be automatically and dynamically configured based on the identified security boundaries to secure content distribution to the devices.Type: GrantFiled: December 30, 2010Date of Patent: October 21, 2014Assignee: Broadcom CorporationInventors: Xuemin Chen, Jeyhan Karaoguz, Wael Diab, David Garrett, David Albert Lundgren, Rich Prodan
-
Patent number: 8856876Abstract: To check security of an Access Point (AP) in a wireless communication system, an operating method of a terminal includes, before completing connection to the AP, receiving a frame that informs the terminal of existence of the AP; extracting security test information from the frame; and testing the security of the AP using the security test information.Type: GrantFiled: November 19, 2012Date of Patent: October 7, 2014Assignee: Samsung Electronics Co., Ltd.Inventors: Woo-Jin Park, Jae-Eun Kang, Hyo-Sun Shim, Jin-Wook Lee, Chang-Hyun Lee, Seong-Wook Lee
-
Patent number: 8856207Abstract: A click detection method, apparatus and system is provided. An embodiment includes a method that receives a request from a client destined for a server and a unique identifier for the client. The method of the method also includes generating a representation of the unique identifier, and forwarding the unique identifier and the request to the server.Type: GrantFiled: July 10, 2008Date of Patent: October 7, 2014Assignee: BlackBerry LimitedInventors: Russell Owen, Michael Brown, Herbert Little