Abstract: A reception apparatus for optimizing a virtual private network operates by defragmenting and deduplicating transfer of variable sized blocks. A large data object is converted to a plurality of data paragraphs by a fingerprinting method. Each data paragraph is cached and hashed. The hashes are transmitted from a primary apparatus. Only data paragraphs which are not previously cached at satellite are received. The data object is integrated from stored and newly transmitted data paragraphs and transmitted to its destination IP address.
Abstract: A transmission apparatus for optimizing a virtual private network operates by defragmenting and deduplicating transfer of variable sized blocks. A large data object is converted to a plurality of data paragraphs by a fingerprinting method. Each data paragraph is cached and hashed. The hashes are transmitted to at least one satellite apparatus. Only data paragraphs which are not previously cached at each satellite are transferred.
Abstract: Enabling web filtering by authenticated group membership, role, or user identity is provided by embedding a uniform resource identifier into an electronic document requested by a client. A client browser will provide directory credentials to a trusted web filter apparatus enabling a policy controlled access to resources external to the trusted network. An apparatus comprises circuits for transmitting a uniform resource identifier to a client, receiving a request comprising authentication credentials, querying a policy database and determining a customized policy for access to an externally sourced electronic document or application. A computer-implemented technique to simplify web filter administrator tasks by removing a need to set each browsers settings or install additional software on each user terminal.
Abstract: An apparatus, system, and method for measuring the similarity of diverse binary objects, such as files, is disclosed. The method comprises determining a plurality of digital signatures in each of a plurality of dissimilar objects, for each digital signature, accessing a location in a store which has object identifiers for each object which also exhibits at least one instance of the digital signature, writing into the store the object identifiers of all the objects which have the corresponding pattern and the number of times the pattern is found, and making a list of all the objects which share a pattern found in each object. Analyzing the list determines the degree of similarity of a particular object with each of a plurality of diverse binary objects.
Abstract: Disclosed is a method, a computer system, and a computer-readable media product that contains a set of computer executable software instructions for directing the computer to execute a process for policy-based operation of a DNS server apparatus to manage traffic due to undesirable mail or requests for electronic documents. The policies operate according to owners, regions, or countries controlling source IP addresses and deterministically select from a plurality of non-equivalent replies to be sent to the source IP address. Accumulating previous activity records may assist in determining which traffic may be usefully deferred or suppressed. The process includes withholding certain information from certain DNS servers seeking IP addresses to improve overall security and integrity of the Internet.
Abstract: A hash module of a mail sender creates a hash data context structure. The hash module processes the headers and the body of an e-mail message in the order required, for example by the DKIM specification, until the data to be hashed has been input. The hash module converts the context structure into printable characters and the encoded structure is transmitted over the Internet or other network to the next participating system. The token authority's hash module decodes the context back into binary form. After ensuring business logic is satisfied, it generates additional headers required for signature, which are then added to the developing hash. The hash module finalizes the hash function and creates the hash value. The authorization module creates the signature and returns it to the e-mail module, which attaches the signature to the message and transmits it to the destination mailbox provider, which verifies the token.
Type:
Grant
Filed:
August 19, 2010
Date of Patent:
May 14, 2013
Assignee:
Barracuda Networks, Inc.
Inventors:
Daniel T. Dreymann, Stephan Brunner, Yoel Gluck, Anh Vo
Abstract: A network apparatus, system, and method for operating a server to identify and subsequently control suspected peer-to-peer (P2P) sources transmitting traffic from a first network to a second network. Identifying a peer-to-peer source by a characteristic of destination port profile. Identifying a peer-to-peer source by a characteristic of destination host IP address profile. Determining when hopping ports usage comprise a data stream. Determining when destination IP address usage represent “Seek You” (CQ) like call behavior analogous to a radio invitation for any operators listening to respond.
Abstract: An apparatus includes a data container unloading circuit which frees a container either by discarding the contents or transmitting the contents to its destination. A data container loading circuit receives a plurality of submittals of various sizes and selects an appropriately sized free container. If no free container has sufficient capacity the loading circuit blocks all loading until a container of sufficient size becomes available. A container tailor circuit checks for available free space in the buffer and transfers capacity among free containers to resize one to fit an incoming submittal. The mix of container sizes can be adapted over time to reflect the changing sizes of the traffic.
Abstract: An apparatus, system, and method for measuring the similarity of binary objects is disclosed. The method determines at least one pattern signature in an Nth binary object, accessing a location in a similarity store which has object identifiers for each of the previous N?1 binary objects which contain the corresponding pattern, and writing the object identifier of the Nth binary object at that same location in the similarity store. Reporting the number of locations in similarity store which contain the object identifiers of two apparently diverse binary objects is a measure of similarity to each other.
Abstract: An apparatus which receives client-server transactions such as HTTP REQUESTS and transforms them into a synopsis format for archival storage. HTTP transactions are logged and parsed for key words called HTTP METHODS. For each HTTP METHOD, data is extracted from the message or the resources provided by the transaction. The data is efficiently stored into a transaction store. The data is also indexed and the index is stored into the transaction store. A record is kept for all concurrent sessions by usernames associated with a directory entry.
Abstract: When each new device or service is installed into a network, a hyper-server reads a configuration description provided by the new device or service and adapts to provide a user interface for configuring its capabilities. A first server gathers descriptions of available commands and parameters from many diverse devices and services. A second server presents an administrator or operator with a control panel for one or many client devices. The panel presentation changes with respect to the devices or services selected. The hyper-server registers the capabilities of each device or service and transfers the commands and parameter settings to the appropriate device or service under configuration control.
Abstract: Network security administrators are enabled with their customizable certificate authority reputation policy store which is informed by an independent certificate authority reputation server. The custom policy store overrides trusted root certificate stores accessible to an operating system web networking layer or to a third party browser. Importing revocation lists or updating browsers or operating system is made redundant. Proactive remediation is enabled to delete or disable root certificates in trusted operating system root certificate stores or in trusted browser root certificate stores by a web security agent installed at distributed endpoints. This removes the need for additional hardware or synchronous remote access over the protected endpoints.
Abstract: Network security administrators are enabled with their customizable certificate authority reputation policy store which is informed by an independent certificate authority reputation server. The custom policy store overrides trusted root certificate stores accessible to an operating system web networking layer or to a third party browser. Importing revocation lists or updating browsers or operating system is made redundant. The apparatus redirects or rewrites traffic to protect a plurality of endpoints from a man-in-the-middle attack when a certificate authority has lost control over certificates used in TLS.
Abstract: An apparatus and system for scoring and grading websites and method of operation. An apparatus receives one or more Uniform Resource Identifiers (URI), requests and receives a resource such as a webpage, and observes the behaviors of a commercial browser operating within a commercial operating system over a multi-core processor having hardware containing virtualization extensions. The apparatus records and stores objects and packets captured while the browser is controlled by software received from a server accessed via the URI.
Abstract: A system for more secure, more efficient, more widely applicable backup, retention, and retrieval of data. An apparatus comprising improved means for de-duplication of data and securely storing data remotely with efficient retention and recovery. A method comprising disassembling data objects, efficiently de-duplicating, securely storing and retrieving backups in shared servers on a public network, and controlling retention.
Abstract: A method which operates a plurality of threads in parallel on disparate file sizes ordered by an additional thread. Efficiently backing up of heterogeneous non-volatile mass store to a network attached server scalably distributes computing hashes and eliminating duplication. The method segments each file and object into a hierarchy of pieces in a plurality of types and avoids sending unnecessary pieces.
Type:
Grant
Filed:
July 3, 2009
Date of Patent:
October 2, 2012
Assignee:
Barracuda Networks Inc
Inventors:
Derrick Shea Peckham, Jason Daniel Dictos
Abstract: Requesting a service such as querying a database or communicating content by sending a plurality of arguments concatenated to a dns request and receiving a reply in the form of text or an IPv4 or an IPv6 address.
Abstract: Duplicate deliveries of email messages are prevented when a transient failure prevents delivery to some of a plurality of intended recipients but delivery to an other one or more of the intended recipients is successful. After receiving a list of recipients, an email body, and an “end of data” sequence, but prior to responding to the “end of data” sequence, an email server determines a transient failure reply code when any one of the address mailboxes of intended recipients is not available. A message-memorandum, such as the globally unique message-id and the address of one or more successful recipients is stored into a memorandum store. A subsequent transmission of the corresponding message will only be delivered to recipients who have not previously received it.