Abstract: There is provided a method of validating a first computing device based on copies of a distributed database storing a trust parameter indicative of a trusted or untrusted designation for network connected second computing devices, the method performed by a certain second computing device designated as trusted, comprising: receiving a validation request for designation as trusted transmitted by the first computing device designated as untrusted, querying trust-resource(s) to determine whether the first computing device should be designated as trusted or untrusted, when a trust parameter is obtained from the trust-resource, creating a new record storing the trust parameter of the first computing device, a first unique identifier indicative of the first computing device, and a second unique identifier indicative of the certain second computing device, and distributing the new record over the network for local verification and updating of respective copies of the distributed database.

Abstract: There is provided a method of validating a first computing device based on copies of a distributed database storing a trust parameter indicative of a trusted or untrusted designation for network connected second computing devices, the method performed by a certain second computing device designated as trusted, comprising: receiving a validation request for designation as trusted transmitted by the first computing device designated as untrusted, querying trust-resource(s) to determine whether the first computing device should be designated as trusted or untrusted, when a trust parameter is obtained from the trust-resource, creating a new record storing the trust parameter of the first computing device, a first unique identifier indicative of the first computing device, and a second unique identifier indicative of the certain second computing device, and distributing the new record over the network for local verification and updating of respective copies of the distributed database.

Abstract: One embodiment of the invention sets forth a mechanism for selecting a voice recognition device included in a network of such devices for processing audio commands corresponding to a detected speech event. The voice recognition devices in the network individually determine which one of the devices is best suited to process the audio commands corresponding to the speech event. In operation, each of the voice recognition devices that detected the same speech event independently selects the same device for processing the audio command. Because each of the voice recognition devices, including the selected device, selects the same device for processing the audio command, the voice recognition devices not need to share information related to the selected device with one another.

Abstract: One embodiment of the invention sets forth a mechanism for selecting a voice recognition device included in a network of such devices for processing audio commands corresponding to a detected speech event. The voice recognition devices in the network individually determine which one of the devices is best suited to process the audio commands corresponding to the speech event. In operation, each of the voice recognition devices that detected the same speech event independently selects the same device for processing the audio command. Because each of the voice recognition devices, including the selected device, selects the same device for processing the audio command, the voice recognition devices not need to share information related to the selected device with one another.

Abstract: An audio processing system includes a group of microphones associated with a dynamic network of microphones and a receiver. The receiver is configured to identify a first signal received by a microphone in the plurality of microphones that is designated as a primary microphone, and identify a subset of microphones included in the plurality of microphones, where each microphone in the subset is associated with a respective signal corresponding to the first signal. The receiver is further configured to calculate a weighting factor for each microphone included in the subset based on the first signal and the respective signal and opportunistically establish a connection with a microphone associated with the dynamic network of microphones that is not included in the plurality of microphones; and, based on a signal received from this microphone, adjust a weighting factor for at least one of the microphones in the subset.

Abstract: An audio processing system includes a group of microphones associated with a dynamic network of microphones and a receiver. The receiver is configured to identify a first signal received by a microphone in the plurality of microphones that is designated as a primary microphone, and identify a subset of microphones included in the plurality of microphones, where each microphone in the subset is associated with a respective signal corresponding to the first signal. The receiver is further configured to calculate a weighting factor for each microphone included in the subset based on the first signal and the respective signal and opportunistically establish a connection with a microphone associated with the dynamic network of microphones that is not included in the plurality of microphones; and, based on a signal received from this microphone, adjust a weighting factor for at least one of the microphones in the subset.

Abstract: Secure communications on a network. An unauthenticated client on an network sends start packets to locate other clients. The unauthenticated client receives responses to the start packets from other clients on the network. The responses may be advertise packets that are from advertising clients that may be authenticated clients or other unauthenticated clients in authenticated mode. The unauthenticated client prioritizes the received packets so that authentication can be performed with the most desirable advertising client. Authentication packets are sent and received between the unauthenticated client and the advertising client in an attempt to authenticate.

Abstract: Secure communications on a network. An unauthenticated client on an network sends start packets to locate other clients. The unauthenticated client receives responses to the start packets from other clients on the network. The responses may be advertise packets that are from advertising clients that may be authenticated clients or other unauthenticated clients in authenticated mode. The unauthenticated client prioritizes the received packets so that authentication can be performed with the most desirable advertising client. Authentication packets are sent and received between the unauthenticated client and the advertising client in an attempt to authenticate.

Abstract: Secure communications on a network. An unauthenticated client on an network sends start packets to locate other clients. The unauthenticated client receives responses to the start packets from other clients on the network. The responses may be advertise packets that are from advertising clients that may be authenticated clients or other unauthenticated clients in authenticated mode. The unauthenticated client prioritizes the received packets so that authentication can be performed with the most desirable advertising client. Authentication packets are sent and received between the unauthenticated client and the advertising client in an attempt to authenticate.

Abstract: A system for providing security in a computing network. The system has a server for distributing policies to be implemented by firewall devices in the network. The firewall devices provide hardware implemented firewalls to communication devices making network connections. The system has logic to allow a connection to be made to the network via a communication device at a node provided the firewall device is at that node. Therefore, the firewall device must be in the system for a connection to be established via the communication device. Additionally, the system is configured to cause data transferred by the communication device to be processed by the firewall.

Abstract: A method for providing security in a computing network. A device connects to a network and authenticates itself with a server. Next, the server adds the IP address of the device to a list of trusted devices. The server broadcasts the trusted IP address to all devices in the network to which the newly authenticated device is allowed to communicate. The devices in the network add the trusted IP address to a list of trusted address stored on each device. The server may also transmit its stored list to the newly authenticated device. After a device has received a packet, it determines if the IP address associated with the packet is on its trusted list. If it is, the device processes the packet. If the IP address is not found on the safe list, the device queries the authentication server to determine if the IP address is safe.

Abstract: A method is described a NIC to ascertain the presence of spoofing activity and thus detect unauthorized network access. The NIC monitors for packets purporting to be from itself. In one embodiment, a NIC views packets trafficking on its network and monitors for packets having its own MAC Address, but which it did not send. In another embodiment, the NIC monitors for packets having its own IP address, but which it did not send. These falsely purportive packets originate not from the observant NIC, but suspiciously from elsewhere. Such suspect origins entities may be rogue entities attempting to gain unauthorized network access. These embodiments detect unauthorized access to a network by ascertaining the presence of spoofing activity in a manner that does not require gross revamping of network architecture or the burdening of network accessibility by legitimate authorized entities.

Abstract: Methods of determining whether a network interface card entry within the system registry of a Windows™-based operating system pertains to “real” physical hardware or to a “virtual” device. In one embodiment of the present invention, the method includes the steps of: (1) opening the HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Class\Net key entry of the system registry; (2) examining each of the sub-keys for the “Net” key, and find one with a “DriverDesc” string value matching a NIC; (3) opening the “Ndi” key under the matching sub-key; (4) getting the “DeviceID” string value under the “Ndi” key; and, (5) searching the “DeviceID” string for a backslash “\” character. If the backslash character is found, then it can be concluded that the network interface card entry is associated with “real” physical hardware.

Abstract: The present invention provides a method for detecting TCP/IP (Transmission Control Protocol/Internet Protocol) bindings for Network Interface Cards (NICs) installed on Windows 95™ and Windows 98™ operating systems with a VPN (Virtual Private Network) client present. More particularly, the present invention provides a method for parsing the Windows™ system registry to detect TCP/IP bindings for network interface cards installed within a host computer system. In one embodiment, a function for detecting TCP/IP bindings of one network interface card implemented and repeated for all keys of the registry of a computer software for detecting the TCP/IP bindings for network interface cards installed on the host computer system.

Abstract: A system for providing security in a computing network. The system has a server for distributing policies to be implemented by firewall devices in the network. The firewall devices provide hardware implemented firewalls to communication devices making network connections. The system has logic to allow a connection to be made to the network via a communication device at a node provided the firewall device is at that node. Therefore, the firewall device must be in the system for a connection to be established via the communication device. Additionally, the system is configured to cause data transferred by the communication device to be processed by the firewall.

Abstract: A method for providing security in a computing network. When a security node receives a packet broadcast in a segment of the network, it compares an address in the packet with a stored list of addresses to determine if the packet is associated with an untrusted device. The address may be a source or destination address in packet. If the security node determines that an unauthorized packet is being broadcast, it broadcasts a garbage packet while the unauthorized packet is being broadcast. This causes a collision and the nodes in the segment will ignore both packets. The security node may have stored thereon a list of authorized or unauthorized addresses (e.g., medium access control addresses), which it references whenever it detects a packet being broadcast.

Abstract: A method for detecting TCP/IP (Transmission Control Protocol/Internet Protocol) bindings for Network Interface Cards (NICs) installed on Windows 95® and Windows 98® operating systems with a VPN (Virtual Private Network) client present. The present invention provides a method for parsing the Windows™ system registry to detect TCP/IP bindings for network interface cards installed within a host computer system. In one embodiment, a DriverCheck function and a HardwareCheck function are implemented as parts of a computer software for detecting the TCP/IP bindings for network interface cards installed on the host computer system.