Patents Assigned to Secure Computing Corporation
  • Patent number: 7903549
    Abstract: Methods and systems for operation upon one or more data processors to filter communications of users in accordance with content-based policy.
    Type: Grant
    Filed: May 15, 2006
    Date of Patent: March 8, 2011
    Assignee: Secure Computing Corporation
    Inventors: Paul Judge, Phyllis Adele Schneck, Weilai Yang, Jonathan Alexander Zdziarski
  • Publication number: 20100115620
    Abstract: Various embodiments include an apparatus comprising a detection database including a tree structure of descriptor parts including one or more root nodes and one or more child nodes linked to from one or more parent descriptor parts chains, each of the root nodes representing a descriptor part, and each root node linked to at least one of the child nodes, each root node and each child node linked to any possible additional child nodes, wherein the possible additional child nodes include any possible successor child nodes and a descriptor comparator coupled to the detection database, the descriptor comparator operable to receive data including a plurality of logic entities, once or successively, and to continuously compare logic entities provided to the tree structure of descriptor parts stored in detection database, and to provide an output based on the comparison.
    Type: Application
    Filed: June 3, 2009
    Publication date: May 6, 2010
    Applicant: Secure Computing Corporation
    Inventor: Christoph Alme
  • Publication number: 20100037289
    Abstract: Various embodiments include a system comprising an interface coupled to a computer network, the interface operable to provide a merge rule wizard operable to generate one or more displayable dialog boxes that include selectable criteria for merging a plurality of sets of security rules into a single security rule base.
    Type: Application
    Filed: April 29, 2009
    Publication date: February 11, 2010
    Applicant: Secure Computing Corporation
    Inventors: Jaideep Roy, Scott DeLoach, David Diehl
  • Publication number: 20100031359
    Abstract: Various embodiments include a method of detecting shell code in an arbitrary file comprising determining where one or more candidate areas exist within an arbitrary file, searching at least one nearby area surrounding each of the one or more candidate areas within the arbitrary file for an instruction candidate, and calculating for any such instruction candidate a statistical probability based on a disassembly of instructions starting at a found offset for the instruction candidate that the disassembled instructions are shellcode.
    Type: Application
    Filed: April 15, 2008
    Publication date: February 4, 2010
    Applicant: Secure Computing Corporation
    Inventor: Christoph Alme
  • Publication number: 20090300748
    Abstract: A firewall system comprises a rule management tool that is operable to evaluate a rule set for rules that may be merged, present selected rules that can be merged to an administrator, along with an indication of any change in function of the resulting merged rule, and receive input from the administrator indicating whether to merge the selected rules.
    Type: Application
    Filed: June 2, 2008
    Publication date: December 3, 2009
    Applicant: Secure Computing Corporation
    Inventors: David Diehl, Scott DeLoach, Jaideep Roy
  • Publication number: 20090282471
    Abstract: A proxy device such as a firewall uses an internal socket namespace such as a text string such that connection requests must be explicitly redirected to a listening socket in the alternate namespace in order to connect to a service. Because external connections cannot directly address the listening socket or service, greater security is provided than with traditional firewall or proxy devices. To receive a redirected proxy connection, a service process creates a listening socket and binds a name in an alternate namespace to the socket before listening for connections.
    Type: Application
    Filed: May 7, 2008
    Publication date: November 12, 2009
    Applicant: Secure Computing Corporation
    Inventors: Michael W. Green, David Diehl, Michael J. Karels
  • Publication number: 20090254663
    Abstract: Methods and systems for operation upon one or more data processors for prioritizing transmission of communications associated with an entity based upon reputation information associated with the entity.
    Type: Application
    Filed: April 2, 2009
    Publication date: October 8, 2009
    Applicant: Secure Computing Corporation
    Inventors: Dmitri Alperovitch, Sven Krasser, Paula Greve, Phyllis Adele Schneck, Jonathan Torrez
  • Patent number: 7594262
    Abstract: A system and method for secure group communications is provided. One embodiment provides a method for implementing a virtual private group network. The method includes creating a virtual private group definition on a policy server, establishing a plurality of secure connections between the policy server and a plurality of group nodes, sending a copy of the virtual private group definition from the policy server to the group nodes, sending a shared traffic encryption key from the policy server to each of the group nodes, and sharing secure communication information among the group nodes using the shared traffic encryption key, wherein each group node is included in the virtual private group definition.
    Type: Grant
    Filed: September 4, 2002
    Date of Patent: September 22, 2009
    Assignee: Secure Computing Corporation
    Inventors: Robert Otto Hanzlik, Geoffrey A. Lowe, Thomas R. Markham, Lynn Marquette Meredith
  • Patent number: 7590859
    Abstract: A method of accomplishing two-factor user authentication, comprising providing two separate user authentication methods, enabling a user to communicate authentication data for both authentication methods to a first web site using the internet, and enabling the communication of at least some of the authentication data from the first web site to a second web site also using the internet. Both web sites are thus involved in user authentication using the authentication data.
    Type: Grant
    Filed: January 16, 2002
    Date of Patent: September 15, 2009
    Assignee: Secure Computing Corporation
    Inventor: Sean Brennan
  • Publication number: 20090222466
    Abstract: A system and method for automatically cloning or migrating a computing appliance while maintaining its operational state. A configuration bundle that includes configuration data, software revision level and a list of system updates is used to recover or duplicate a device's operation state. The system and method can also be utilized to migrate a computing appliance between different operating system while maintaining or replicating the previous operational state.
    Type: Application
    Filed: November 20, 2008
    Publication date: September 3, 2009
    Applicant: Secure Computing Corporation
    Inventors: Tylor Allison, Aaron Miller, Andrew Nissen, Michael James Silbersack
  • Publication number: 20090222690
    Abstract: A system and method for automatic disaster recovery of a computing appliance including reconstruction of its previous operational state. A configuration bundle that includes configuration data, software revision level and a list of system updates is used to recover the device's operation state. The system and method can also be utilized to recover a not fully functional member of a clustered computing system from the configuration information stored on other members of the cluster.
    Type: Application
    Filed: November 25, 2008
    Publication date: September 3, 2009
    Applicant: Secure Computing Corporation
    Inventors: David Seelig, Stephen Czeck
  • Publication number: 20090222812
    Abstract: A system and method for automatic disaster recovery and synchronization of computing appliances configured for operation in a cluster. A configuration bundle that includes configuration data, software revision level and a list of system updates is used to recover or duplicate the computing appliance's operation state. Upon entering a clustered configuration, the primary node creates a clustered configuration bundle from individual configuration bundles for the registered nodes in the cluster. The clustered configuration bundle can then be used for disaster recovery or synchronization of any of the registered nodes.
    Type: Application
    Filed: December 13, 2008
    Publication date: September 3, 2009
    Applicant: Secure Computing Corporation
    Inventors: Andrew Nissen, Aaron Miller, Michael James Silbersack
  • Publication number: 20090199290
    Abstract: One embodiment of the application provides a method and system for receiving at a gateway device a plurality of virtual private network tunnels to be routed to a Local Area Network (LAN), routing a first portion of the plurality of virtual private network tunnels to at least one slave device coupled to the gateway device, performing IPsec processing of the first portion of the plurality of virtual private network tunnels using at least one slave device, forwarding the first portion of the plurality of virtual private network tunnels after IPsec processing to at the gateway device and routing the plurality of virtual private network tunnels to the LAN.
    Type: Application
    Filed: March 17, 2008
    Publication date: August 6, 2009
    Applicant: Secure Computing Corporation
    Inventors: David McCullough, Tom Essebier, Philip Craig
  • Publication number: 20090192955
    Abstract: Methods and systems for granular support vector machines. Granular support vector machines can randomly select samples of datapoints and project the samples of datapoints into a randomly selected subspaces to derive granules. A support vector machine can then be used to identify hyperplane classifiers respectively associated with the granules. The hyperplane classifiers can be used on an unknown datapoint to provide a plurality of predictions which can be aggregated to provide a final prediction associated with the datapoint.
    Type: Application
    Filed: January 25, 2008
    Publication date: July 30, 2009
    Applicant: SECURE COMPUTING CORPORATION
    Inventors: Yuchun Tang, Yuanchen He
  • Patent number: 7543329
    Abstract: A system and method of limiting access from an external network to documents stored on an internal network. A client list is built in which each client is assigned to one or more roles. Each role has access to one or more documents as defined on a document list. A request from an external network is reviewed and, if possible, the request is associated with a client on the client list. The requested document is then compared to the document list associated with the client's role and, if the requested document is in the list of documents available to a client in the client's role, the requested document is fetched, cleaned and sent to the client.
    Type: Grant
    Filed: June 30, 2003
    Date of Patent: June 2, 2009
    Assignee: Secure Computing Corporation
    Inventors: Richard R. Viets, David G. Motes, Paula Budig Greve, Wayne W. Herberg
  • Patent number: 7536715
    Abstract: A system and method for restricting packet transfer to a computer across a network, wherein the computer includes a network interface device coupled to the network and wherein the network interface device includes a packet filter. A security server is connected to the network. A packet is received at the network interface device and the network interface device determines if the packet is an authorized transaction. If the packet is not an authorized transaction, the packet is routed to the security server, where the security server determines whether the packet is an authorized transaction. If the security server determines that the packet is an authorized transaction, the network interface device is configured to accept similar transactions.
    Type: Grant
    Filed: November 25, 2002
    Date of Patent: May 19, 2009
    Assignee: Secure Computing Corporation
    Inventor: Thomas R. Markham
  • Publication number: 20090125980
    Abstract: Methods and systems for operation upon one or more data processors for assigning a reputation to a messaging entity by analyzing the attributes of the entity, correlating the attributes with known attributes to define relationships between entities sharing attributes, and attributing a portion of the reputation of one related entity to the reputation of the other related entity.
    Type: Application
    Filed: November 9, 2007
    Publication date: May 14, 2009
    Applicant: Secure Computing Corporation
    Inventors: Dmitri Alperovitch, Paul Judge, Sven Krasser, Phyllis Adele Schneck
  • Publication number: 20090122699
    Abstract: Methods and systems for operation upon one or more data processors for prioritizing transmission among a plurality of data streams based upon a classification associated with the data packets associated with each of the plurality of data streams, respectively. Systems and methods can operate to allocate bandwidth to priority data streams first and recursively allocate remaining bandwidth to lesser priority data streams based upon the priority associated with those respective lesser priority data streams.
    Type: Application
    Filed: November 8, 2007
    Publication date: May 14, 2009
    Applicant: SECURE COMPUTING CORPORATION
    Inventors: Dmitri Alperovitch, Paula Greve, Paul Judge, Sven Krasser, Phyllis Adele Schneck
  • Publication number: 20090119740
    Abstract: Methods and systems for adjusting control settings associated with filtering or classifying communications to a computer or a network. The adjustment of the control settings can include adjustment of policy and/or security settings associated with the computer or network. Ranges associated with the control settings can also be provided in some implementations.
    Type: Application
    Filed: November 6, 2007
    Publication date: May 7, 2009
    Applicant: SECURE COMPUTING CORPORATION
    Inventors: Dmitri Alperovitch, Paula Greve, Sven Krasser, Tomo Foote-Lennox
  • Patent number: 7519994
    Abstract: The present invention is directed to systems and methods for enhancing electronic communication security. An electronic communication is received and stored. A plurality of risk assessments are made with respect to the received communication thereby generating a risk profile associated with the communication. The assessments are made in a sequential manner by assigning the stored communication and index and serially placing the index on queue associated with interrogation engines that perform the various assessments. The index is initially placed in a queue associated with an interrogation engine performing the first type of assessment on the communication. The index is placed in a subsequent queue only after the interrogation engine associated with the prior queue in which the index was placed has assessed the communication. This is repeated until all desired assessments have been performed.
    Type: Grant
    Filed: July 11, 2006
    Date of Patent: April 14, 2009
    Assignee: Secure Computing Corporation
    Inventors: Paul Judge, Guru Rajan