Abstract: Policy enforcement previously available for web proxy access methods is extended and applied to layer 3 packets flowing through VPN channels. With these extensions, a common security policy is possible that is enforceable between VPN proxied access and VPN tunneled access. Equivalent security policy to tunnel based VPN access without comprising the inherent performance, scalability and application compatibility advantages tunne based VPNs have over their proxy based VPN counterparts.

Abstract: Policy enforcement previously available for web proxy access methods is extended and applied to layer 3 packets flowing through VPN channels. With these extensions, a common security policy is possible that is enforceable between VPN proxied access and VPN tunneled access. Equivalent security policy to tunnel based VPN access without comprising the inherent performance, scalability and application compatibility advantages tunnel based VPNs have over their proxy based VPN counterparts.

Abstract: An appliance works in conjunction with an agent on a remote device to control application access to a corporate network. In conjunction with an SSL tunnel and policy operating at the appliance, granular application control may be implemented. In particular, a device user may determine what applications from a set of applications may access the corporate network and which applications do not access the network. The applications may be analyzed to determine whether the application is good or bad, as what security configurations, approvals and denials are associated with the application.

Abstract: Policy enforcement previously available for web proxy access methods is extended and applied to layer 3 packets flowing through VPN channels. With these extensions, a common security policy is possible that is enforceable between VPN proxied access and VPN tunneled access. Equivalent security policy to tunnel based VPN access without comprising the inherent performance, scalability and application compatibility advantages tunnel based VPNs have over their proxy based VPN counterparts.

Abstract: An appliance works in conjunction with an agent on a remote device to control application access to a corporate network. In conjunction with an SSL tunnel and policy operating at the appliance, granular application control may be implemented. In particular, a device user may determine what applications from a set of applications may access the corporate network and which applications do not access the network. The applications may be analyzed to determine whether the application is good or bad, as what security configurations, approvals and denials are associated with the application.

Abstract: Policy enforcement previously available for web proxy access methods is extended and applied to layer 3 packets flowing through VPN channels. With these extensions, a common security policy is possible that is enforceable between VPN proxied access and VPN tunneled access. Equivalent security policy to tunnel based VPN access without comprising the inherent performance, scalability and application compatibility advantages tunne based VPNs have over their proxy based VPN counterparts.

Abstract: An appliance works in conjunction with an agent on a remote device to control application access to a corporate network. In conjunction with an SSL tunnel and policy operating at the appliance, granular application control may be implemented. In particular, a device user may determine what applications from a set of applications may access the corporate network and which applications do not access the network. The applications may be analyzed to determine whether the application is good or bad, as what security configurations, approvals and denials are associated with the application.

Abstract: Systems and methods for edge protection for internal identity providers are provided. A first claimed embodiment of the present disclosure involves a method for edge protection for internal identity providers. The method includes receiving a service authentication request at a virtual private networking (VPN) appliance on an edge of a secure network. A client device external to the secure network can send the service authentication request. The VPN appliance can then send a synthetic service authentication request to an identity provider in the secure network. This synthetic service authentication request can be based on the service authentication request. The VPN can then receive an authenticated credential from the identity provider. The authenticated credential is responsive to the synthetic service authentication request. The VPN appliance can then send the authenticated credential from the VPN appliance to the client device.

Abstract: A secure VPN connection is provided based on user identify and a hardware identifier. A client application may initiate the VPN connection. A client device user may provide identification information to the application, which then sends a VPN connection request to a remote VPN gateway. The VPN gateway may require an equipment identifier to establish the secure VPN gateway. If the hardware ID is registered, the secure VPN connection is established. If the hardware ID is not registered with the VPN gateway, the connection may be denied. In some instances, a connection may be established with an unregistered equipment ID based on settings at the VPN gateway.

Abstract: Systems and methods for management of persistent cookies in a corporate web portal are described. A plurality of zones may be defined and stored in memory. Each zone may be associated with a zone property indicative of whether cookies are allowed. A resource request may be received from a user device over a network where access to the requested resource may require a cookie. The user device may be classified into a zone from the plurality of zones based on the attributes of the user device. The cookie may be automatically installed on the user device based on a zone property for the zone and for those resources that have been configured to require installation of a cookie installed without requiring further user interaction following the request.

Abstract: A secure VPN connection is provided based on user identify and a hardware identifier. A client application may initiate the VPN connection. A client device user may provide identification information to the application, which then sends a VPN connection request to a remote VPN gateway. The VPN gateway may require an equipment identifier to establish the secure VPN gateway. If the hardware ID is registered, the secure VPN connection is established. If the hardware ID is not registered with the VPN gateway, the connection may be denied. In some instances, a connection may be established with an unregistered equipment ID based on settings at the VPN gateway.

Abstract: The present system provides centrally managed licensing where licensed user capacity may flow to where it is most needed. All user capacity may be allocated to the appliances. This provides a much better experience if communication between the central license server is severed from an appliance, as the appliance can still continue to service connections up to that allocated capacity even though it is unable to contact the central license manager. Sublicenses are created from a master license and allocated to appliances. The appliances may provide services based on the licensed set of features and user capacity allocated to them without any further communication with a central server that provided the sub-licenses. The central server may collect information from each appliance and may re-allocate licensed user capacity among the appliances.

Abstract: The present invention provides a jet ink composition suitable for printing watermarks on paper substrates. The jet ink composition comprises a solvent and a translucentizing agent. An example of a translucentizing agent is sucrose acetate isobutyrate. The present invention further provides a method of ink jet printing watermark on an object comprising projecting a stream of droplets of the ink composition and controlling the direction of the stream so that the droplets form the watermark on the object. The method of the present invention has the advantage that it provides high speed watermarking capability. The method provides a further advantage that it is economical in changing the design of watermarks. The method is versatile and allows changes in the design of watermarks to be incorporated readily.

Abstract: An ink jet printing ink containing a polymeric colorant and a substantially non-aqueous vehicle and a method for binary array continuous ink jet printing using the ink.