Abstract: The invention provides a method for a dynamical virtual a private network, which is suitable for a main device in a dynamic virtual private network. The method comprises: (a) before the main device establishes a tunneling connection, acquiring a request for adding a sub-device to a whitelist directly or through a third-party cloud service and sending an acceptance message or a rejection message to the sub-device accordingly thereto; (b) acquiring a request for connecting with the sub-device directly or through the third-party cloud service, and determining whether the tunneling connection with the sub-device is established or not accordingly thereto or sending a rejection message to the sub-device; (c) after the tunneling connection is established between the main device and the sub-device, receiving a connection code sent from the sub-device through the tunneling connection, and determining whether the connection code sent from the sub-device is correct or not.

Abstract: The invention provides a method for a dynamical virtual a private network, which is suitable for a main device in a dynamic virtual private network. The method comprises: (a) before the main device establishes a tunneling connection, acquiring a request for adding a sub-device to a whitelist directly or through a third-party cloud service and sending an acceptance message or a rejection message to the sub-device accordingly thereto; (b) acquiring a request for connecting with the sub-device directly or through the third-party cloud service, and determining whether the tunneling connection with the sub-device is established or not accordingly thereto or sending a rejection message to the sub-device; (c) after the tunneling connection is established between the main device and the sub-device, receiving a connection code sent from the sub-device through the tunneling connection, and determining whether the connection code sent from the sub-device is correct or not.

Abstract: A method and system for use with a public cloud network is disclosed, wherein the public cloud network includes at least one private cloud server and at least one smart client device in communication therewith. The method and system comprise setting up the at least one private cloud server and the at least one smart client device in a client server relationship. The at least one private cloud server includes a message box associated therewith. The first message box is located in the public network. The at least one smart client includes a second message box associated therewith. The second message box is located on the public network. The method includes passing session based message information between the at least one private cloud server and the at least one smart client device via the first message box and the second message box in a secure manner. The session base information is authenticated by the private cloud server and the at least one smart client device.

Abstract: In a peer-to-peer connection establishment method, processing modules installed at the two peers use a reliable network space as a transmission medium to transmit an online transmission request to the space to obtain channel establishment information from the opposite party, such that data can be communicated between both parties directly via a remote connection to assure the privacy of information, so as to enhance the safety of using a network.

Abstract: A method and system for use with a public cloud network is disclosed, wherein the public cloud network includes at least one private cloud server and at least one smart client device in communication therewith. The method and system comprise setting up the at least one private cloud server and the at least one smart client device in a client server relationship. The at least one private cloud server includes a message box associated therewith. The first message box is located in the public network. The at least one smart client includes a second message box associated therewith. The second message box is located on the public network. The method includes passing session based message information between the at least one private cloud server and the at least one smart client device via the first message box and the second message box in a secure manner. The session base information is authenticated by the private cloud server and the at least one smart client device.

Abstract: According to one embodiment of the present invention, a dipole antenna capable of supporting multi-band communications, includes a first portion of the antenna in a folded structure, a second portion of the antenna that includes a first coupling pad and a second coupling pad physically separated by a distance, and a current path along the first portion of the antenna and the second portion of the antenna, wherein a first portion of the current path that includes the first coupling pad and the second coupling pad is configured to introduce a slow wave effect if electric current flows through the first portion of the current path.

Abstract: Methods and systems for processing multiple levels of data in system security approaches are disclosed. In one embodiment, a first set and a second set of resources are selected to iteratively and independently reverse multiple levels of format conversions on the payload portions of a data unit from a first file and a data unit from a second file, respectively. The first file and the second file are associated with a first transport connection and a second transport connection, respectively. Upon completion of the aforementioned reversal operations, the payload portions of a first reversed data unit and a second reversed data unit, which correspond to the data unit of the first file and the data unit of the second file, respectively, are inspected for suspicious patterns prior to any aggregation of the data units of the first file or the second file.

Abstract: A method and system for ensuring system security is disclosed. Based on the content of the data units the method and system monitor, the method and system retrieve the states and the dependency relationships among these states that are representative of unwanted patterns. The method and system store the states and the dependency relationships mentioned above in different types of memories according to the frequency of accessing the states. The frequency is calculated by comparing a number of test data patterns with the states in a sequence specified by the dependency relationships. The method and system further identify a set of suspected data units by comparing the data units with the retrieved states in a sequence specified by the retrieved dependency relationships, wherein the content of the set of the suspected data units collectively matches any of the unwanted patterns.

Abstract: Embodiments of the present invention set forth methods and systems for accessing storage via the Internet. Specifically, one embodiment of the present invention sets forth a method, which includes the steps of automatically establishing a connection to the Internet, automatically logging into a first account and a second account, wherein first storage space is allocated to the first account and second storage space is allocated to the second account, aggregating the first storage space and the second storage space to formulate an aggregated storage space, and mapping the aggregated storage space into a set of contiguous memory locations.

Abstract: A method and system for ensuring system security is disclosed. The method and system split a regular expression that corresponds to a number of patterns into sub-expressions. The dependency relationships among the finite automata that correspond to the sub-expressions are maintained. Then, as data units are put through these finite automata in a sequence that is based on the dependency relationships, suspected data units are identified. The suspected data units are the ones containing content that collectively matches one or more of the aforementioned patterns. Identification of the suspected data units is based on the merged results of the finite automata. Depending on the result of identifying the suspected data units, different actions are performed.

Abstract: A method and system for preventing spreading of malware, including: automatically launching an anti-malware control mechanism after a data security device connects to a computing device and receives power from the computing device, determining availability of a data path in the data security device before allowing data to pass through the data path, and scanning the data that passes through the data path.

Abstract: Embodiments of the present invention set forth methods for preventing the spreading of malware via the use of a data security device. Specifically, one embodiment of the present invention sets forth a method, which includes the steps of activating a malware scanning engine in the data security device after the data security device is attached to a computer and a mobile device but before data communication between the computer and the mobile device occurs; invoke malware scanning engine before permitting any data communication between the mobile device and the computer to occur.

Abstract: According to one embodiment of the present invention, a dipole antenna capable of supporting multi-band communications, includes a first portion of the antenna in a folded structure, a second portion of the antenna that includes a first coupling pad and a second coupling pad physically separated by a distance, and a current path along the first portion of the antenna and the second portion of the antenna, wherein a first portion of the current path that includes the first coupling pad and the second coupling pad is configured to introduce a slow wave effect if electric current flows through the first portion of the current path.

Abstract: A method and system for ensuring system security is disclosed. The method and system utilize a first processing unit to split a regular expression that corresponds to a number of patterns into sub-expressions and maintain the dependency relationships among the finite automata that correspond to the sub-expressions. Then, the method and system utilize a second processing unit to move the data units through these finite automata in a sequence that is based on the dependency relationships to identify the suspected data units. The suspected data units are the ones containing content that collectively matches one or more of the aforementioned patterns. Identification of the suspected data units is based on the merged results of the finite automata.

Abstract: A method and system for preventing virus infections via the use of a removable storage device are described. Specifically, one embodiment of the present invention sets forth a method, which includes the steps of gathering a first set of information associated with the removable storage device, processing the first set of information to generate a second set of information also associated with the removable storage device, sending the second set of information to the computer to cause the computer to identify the removable storage device as a read-only device, accessing an antivirus program stored in the removable storage device and causing the antivirus program to be launched on the computer, and sending a third set of information to the computer after the antivirus program is launched on the computer to cause the computer to identify the removable storage device as a writable device.

Abstract: A method and system for providing system security services is disclosed. The server of a vendor of a content inspection engine receives a current set of definition data in a first format from the server of a definition data file generator through a network. The vendor and the definition data file generator are two unaffiliated legal entities. Then the server of the content inspection engine vendor makes available the definition data to be used by a network device via the network. The network device utilizes the content inspection engine and the definition data in a second format that the content inspection engine recognizes in its unmodified state to provide system security services to a number of devices that are attached to the network device.

Abstract: A method and system that ensures system security is disclosed. Specifically, the method and system formulate a finite automaton that corresponds to a number of patterns. Then, as data units are put through the finite automaton, suspected data units are identified. The suspected data units are the ones containing content that collectively matches one or more of the aforementioned patterns. To identify the suspected data units, the dependency relationships among various states in the finite automaton that have been compressed are relied upon. Depending on the result of identifying the suspected data units, different actions are performed.

Abstract: A method and system for ensuring system security is disclosed. Based on the content of the data units the method and system monitor, the method and system retrieve the states and the dependency relationships among these states that are representative of unwanted patterns. The method and system store the states and the dependency relationships mentioned above in different types of memories according to the frequency of accessing the states. The frequency is calculated by comparing a number of test data patterns with the states in a sequence specified by the dependency relationships. The method and system further identify a set of suspected data units by comparing the data units with the retrieved states in a sequence specified by the retrieved dependency relationships, wherein the content of the set of the suspected data units collectively matches any of the unwanted patterns.

Abstract: Methods and systems for processing multiple levels of data in system security approaches are disclosed. In one embodiment, a first set and a second set of resources are selected to iteratively and independently reverse multiple levels of format conversions on the payload portions of a data unit from a first file and a data unit from a second file, respectively. The first file and the second file are associated with a first transport connection and a second transport connection, respectively. Upon completion of the aforementioned reversal operations, the payload portions of a first reversed data unit and a second reversed data unit, which correspond to the data unit of the first file and the data unit of the second file, respectively, are inspected for suspicious patterns prior to any aggregation of the data units of the first file or the second file.

Abstract: A method and system that ensures system security is disclosed. Specifically, the method and system formulate a finite automaton that corresponds to a number of patterns. Then, as data units are put through the finite automaton, suspected data units are identified. The suspected data units are the ones containing content that collectively matches one or more of the aforementioned patterns. To identify the suspected data units, the dependency relationships among various states in the finite automaton that have been compressed are relied upon. Depending on the result of identifying the suspected data units, different actions are performed.