Abstract: In general, scapular tethers and methods of using scapular tethers are provided. A tether is configured to be implanted in a body of a patient and to control movement of the patient's scapula. In an exemplary embodiment, the tether is configured to be attached to at least one body structure in a patient. The tether includes a flexible member configured to, when implanted in the patient, flex in response to movement of the patient's scapula accompanying arm movement of the patient.

Abstract: In some networking situations, securing an inner packet of a tunnel packet requires an intermediary networking device knowing a destination address of the secured inner packet. Consequently, an identity of a secured network is known to others and presents a security risk. The provided technique addresses this risk by: i) establishing at a first security interface a first secured network connection between a first and second secured network, the connection established for a first packet addressed to a virtual security interface and destined for the second secured network; and ii) responding to a network condition by establishing at a second security interface at least one second secured network connection between the first and second secured network, the connection established for a second packet addressed to the virtual security interface and destined for the second secured network.

Abstract: A method for providing network security comprising a step of configuring a remote network to engage network security negotiation with a local network. The method includes a step of configuring a first security policy of a security component within the local network to pass through a network security negotiating communication between the local network and the remote network, and a step of establishing a network security negotiation between the remote network and a security parameter generator via the security component. The security parameter generator can be located within the local network and configured to provide secure communication with the remote network.

Abstract: A method for providing network security comprising a step of configuring a remote network to engage network security negotiation with a local network. The method includes a step of configuring a first security policy of a security component within the local network to pass through a network security negotiating communication between the local network and the remote network, and a step of establishing a network security negotiation between the remote network and a security parameter generator via the security component. The security parameter generator can be located within the local network and configured to provide secure communication with the remote network.

Abstract: In some networking situations, securing an inner packet of a tunnel packet requires an intermediary networking device knowing a destination address of the secured inner packet. Consequently, an identity of a secured network is known to others and presents a security risk. The provided technique addresses this risk by: i) establishing at a first security interface a first secured network connection between a first and second secured network, the connection established for a first packet addressed to a virtual security interface and destined for the second secured network; and ii) responding to a network condition by establishing at a second security interface at least one second secured network connection between the first and second secured network, the connection established for a second packet addressed to the virtual security interface and destined for the second secured network.

Abstract: An Application Programming Interface (API) for communicating security policy information between a Key Authority Point (KAP) and a Policy Enforcement Point (PEP), thereby eliminating the need to manually install security policies on each network device.

Abstract: Providing end-to-end security poses many challenges to security solutions. In Internet Security (IPsec), securing data locally and remotely, as well as reducing the number of security associations and polices needed to secure that data are such challenges. The provided method and apparatus answer theses challenges by i) decrypting an encrypted packet according to a first policy, ii) establishing a local secure connection to an end node on a local network according to a second security policy in an event a source and a destination of the packet belong to a same security group, and the destination of the packet is on the local network, and iii) establishing a remote secure connection to a remote network according to a third security policy in an event the source and the destination of the packet belong to a same security group, and the destination of the packet is the remote network.

Abstract: System and methods for providing an intelligent overlay for providing dynamic control policies, keys and management of same for a data and/or communications network without requiring any change in the network hardware or architecture.

Abstract: A technique for securing message traffic in a data network using various methods for distributing security policies and keys, where policy definition is determined in a Management and Policy (MAP) functional layer that is responsible for policy distribution; a separate Key Authority Point (KAP) that is responsible for key generation, key distribution, and policy distribution; and a separate Policy Enforcement Point (PEP) which is responsible for enforcing the policies and applying the keys.

Abstract: A technique for securing message traffic in a data network using a protocol such as IPsec, and more particularly various methods for distributing security policies among peer entities in a network while minimizing the passing and storage of detailed policy or key information except at the lowest levels of a hierarchy.

Abstract: A technique for processing secure data packets that are directly and not directly addressed to a policy enforcement point (PEP). The present invention incorporates a dual internal path for the fast path processing of secure data packets at a PEP. A first path is used to process secure data packets addressed to the PEP. A second path is used to process secure data packets not addressed to the PEP. On the first path, secure data packets addressed to the PEP are transferred to the PEP for immediate processing. On the second path, a series of checks are performed to maximize the speed of processing the secure data packets. In addition, policies associated with the secure data packets are retrieved and destination address/mask combinations are used along with destination addresses in the secure data packets to determine if the packets are to be further processed or dropped.

Abstract: A technique for securing message traffic in a data network using a protocol such as IPsec, and more particularly various methods for distributing security keys where key generation, key distribution, policy generation and policy distribution are separated, with inner to outer header replication on packet traffic. The approach permits encrypted messages to travel seamlessly through various otherwise unsecured internetworking devices.