Protection At A Particular Protocol Layer Patents (Class 713/151)
  • Patent number: 8719592
    Abstract: A telematics system that includes a security controller is provided. The security controller is responsible for ensuring secure access to and controlled use of resources in the vehicle. The security measures relied on by the security controller can be based on digital certificates that grant rights to certificate holders, e.g., application developers. In the case in which applications are to be used with vehicle resources, procedures are implemented to make sure that certified applications do not jeopardize vehicle resources' security and vehicle users' safety. Relationships among interested entities are established to promote and support secure vehicle resource access and usage. The entities can include vehicle makers, communication service providers, communication apparatus vendors, vehicle subsystem suppliers, application developers, as well as vehicle owners/users.
    Type: Grant
    Filed: January 22, 2008
    Date of Patent: May 6, 2014
    Assignee: Cellport Systems, Inc.
    Inventors: Patrick J. Kennedy, Axel Fuchs, Charles W. Spaur
  • Publication number: 20140122865
    Abstract: The present invention is directed towards systems and methods for split proxying Secure Socket Layer (SSL) communications via intermediaries deployed between a client and a server. The method includes establishing, by a server-side intermediary, a SSL session with a server. A client-side intermediary may establish a second SSL session with a client using SSL configuration information received from the server-side intermediary. Both intermediaries may communicate via a third SSL session. The server-side intermediary may decrypt data received from the server using the first SSL session's session key. The server-side intermediary may transmit to the client-side intermediary, via the third SSL session, data encrypted using the third SSL session's session key. The client-side intermediary may decrypt the encrypted data using the third SSL session's session key. The client-side intermediary may transmit to the client the data encrypted using the second SSL session's session key.
    Type: Application
    Filed: September 16, 2013
    Publication date: May 1, 2014
    Applicant: Citrix Systems, Inc.
    Inventor: Michael Ovsiannikov
  • Patent number: 8713665
    Abstract: A method and system for controlling a firewall for a user computer system. One or more processors of the user computer system receive a control request to control a program of the user computer system by the firewall. The control request includes a condition pertaining to at least one process of a remote computer system. The at least one process is configured to be executed on the remote computer system. The firewall protects the user computer system from external threats. The processors store a remote system condition associated with the program of the user computer system. The remote system condition includes the condition pertaining to the at least one process. The processors ascertain whether the remote system condition is satisfied. The processors direct the firewall to block or allow the transmission of data if it is ascertained that the remote system condition is not satisfied or satisfied, respectively.
    Type: Grant
    Filed: September 4, 2012
    Date of Patent: April 29, 2014
    Assignee: International Business Machines Corporation
    Inventors: Rick A. Hamilton, II, Brian M. O'Connell, John R. Pavesi, Keith R. Walker
  • Patent number: 8713303
    Abstract: A method and a system for establishing a security connection between switch equipments are disclosed in the present invention. The system includes the first switch equipment and the second switch equipment; the first switch equipment sends the switch key negotiation activation packet and the switch key negotiation response packet to the second switch equipment; the second switch equipment sends the switch key negotiation request packet to the first switch equipment. The embodiments of the present invention provide a security policy for data security transmission between switch equipments by establishing shared switch key between each two switch equipments, thus guaranteeing the confidentiality of the data transmission process between switch equipments in the data link layer. The calculation burden of switch equipment and the delay of the data packets transmitted from the transmission end to the reception end can be reduced and the efficiency of network transmission can be improved.
    Type: Grant
    Filed: May 26, 2010
    Date of Patent: April 29, 2014
    Assignee: China Iwncomm Co., Ltd.
    Inventors: Qin Li, Jun Cao, Li Ge, Manxia Tie, Zhenhai Huang
  • Patent number: 8711706
    Abstract: A protocol delay measuring device prevents an increase of the processing overhead of a communication terminal attributed to a protocol delay measurement. The measuring device determines the protocol delay by using first and second timestamps created respectively before and after a processed packet is obtained from an unprocessed packet by IPsec processing by the communication terminal. An acknowledges creates an identifier of the unprocessed packet. A timestamp database stores the created identifier along with the first timestamp and writes the identifier in a storage where the identifier is kept the same before and after the IPsec processing by the communication terminal. A correlator reads the identifier from the storage and extracts the first timestamp stored along with the same identifier as the read identifier in the timestamp database. A calculator calculates the difference between the extracted first timestamp and the second timestamp as the protocol delay.
    Type: Grant
    Filed: December 15, 2008
    Date of Patent: April 29, 2014
    Assignee: Panasonic Corporation
    Inventors: Satoshi Senga, Kazushige Yamada, Ming-Fong Yeh
  • Patent number: 8713302
    Abstract: A voice-over-Internet-Protocol (VoIP) client codes audio data as printable ASCII characters, then embeds the ASCII audio data inside a cookie that is sent over the Internet within an HTTP GET message. The GET message is sent to a server acting as a call proxy or external manager that forwards the audio data to a remote client. Return audio data is sent back to the client in the normal data field of an HTTP response message from the server. When the client receives the HTTP response, it sends another GET message without audio data, allowing the server to send another response. This empty GET allows VoIP to pass through strict firewalls that pair each HTTP response with a GET. For secure-sockets layer (SSL), client and server exchange pseudo-keys in hello and finished messages that establish the SSL session. Audio data is streamed in SSL messages instead of encrypted data.
    Type: Grant
    Filed: April 25, 2011
    Date of Patent: April 29, 2014
    Assignee: Google Inc.
    Inventor: Debra C. Kirchhoff
  • Patent number: 8713301
    Abstract: A control or supervision system incorporates a digital serial communication and modules which are mutually communicable to this and operate with CAN-protocol. A control desk can be wirelessly connected to one or more modules operating with a signal protocol which takes no account of arbitration and/or confirmation functions appearing in the CAN-system. A particular receiving communication part executes the conversion of said signal protocol to the signal protocol of the CAN-system. A device for controlling a function in a first module in a CAN-system via a wireless connection to a second module in said system. A system of mutually separate units, whereof each unit operates with a CAN-signalling protocol, intercommunicable by means of radiocommunications operating with an identification system in which a key allocation between the units is based upon identities that are assigned by a module in the unit or a master system.
    Type: Grant
    Filed: June 9, 2008
    Date of Patent: April 29, 2014
    Assignee: Xinshu Management, L.L.C.
    Inventor: Lars-Berno Fredriksson
  • Patent number: 8713649
    Abstract: A system and method can provide subnet manager (SM) restrictions in an InfiniBand (IB) network. A first SM in a subnet in the IB network operates to determine whether a second SM associated with a remote port is trustworthy. Furthermore, the first SM is allowed to send at least one of a request and a response that contains a management key to the second SM, if the first SM determines that the second SM is trustworthy. Additionally, the first SM is prevented from attempting to initiate communication with the second SM, if otherwise.
    Type: Grant
    Filed: June 4, 2012
    Date of Patent: April 29, 2014
    Assignee: Oracle International Corporation
    Inventors: Bjorn-Dag Johnsen, Line Holen, Dag Georg Moxnes
  • Patent number: 8710952
    Abstract: A method of authenticating a radio frequency identification (RFID) reader to efficiently and timely check of revocation status of the RFID reader includes the steps of checking whether a given certificate is expired or revoked, and allowing a user of an RFID tag to verify that the credentials and revocation status information reported to the tag by reader is correct and current/valid before permitting information transmission from the RFID tag to the reader. An RFID tag includes a passively powered display and a user activatable control which allows the method to be carried out with the tag. The tag may include encrypted communication ability and automatic certificate revocation list checking. (This method is applicable not just to RFID but to any technology involving purely passive operation, i.e., where the tag obtains power from a reader).
    Type: Grant
    Filed: September 7, 2010
    Date of Patent: April 29, 2014
    Assignee: The Regents of the University of California
    Inventors: Gene Tsudik, Ersin Uzun
  • Publication number: 20140115320
    Abstract: A more secure TCP/IP protocol stack is provided having an enhanced transport layer. Encryption and decryption logic is arranged on the transmission side and on the reception side for processing a payload of a transport layer protocol, such as TCP or UDP. By employing this enhanced transport layer, a cryptograph process communication can be realized by dissolving various kinds of restrictions which a conventional IPsec or SSL possesses without affecting upper layer processing, and, at the same time, maintaining compatibility with the IP layer.
    Type: Application
    Filed: October 18, 2013
    Publication date: April 24, 2014
    Applicant: INTO CO., LTD.
    Inventors: Hirotsugu OZAKI, Keiko Ogawa
  • Patent number: 8707020
    Abstract: A MACSec packet exposes selected tags in front of the MACSec tag. Different embodiments are directed to methods and apparatuses of various network nodes, that send, forward, and receive packets. Anther embodiment is the MACSec data structure on a computer readable medium. Another embodiment is the upgrade process of a legacy network.
    Type: Grant
    Filed: May 13, 2010
    Date of Patent: April 22, 2014
    Assignee: ClearCrypt, Inc.
    Inventors: Gabor Lengyel, Ramana Devarapalli, Liang-Chih Yuan
  • Patent number: 8707426
    Abstract: A method and apparatus for resolving a cousin domain name to detect web-based fraud is described. In one embodiment, the method for resolving cousin domain names of a legitimate domain name comprising applying at least one rule to a domain name to generate one or more candidate cousin domain names and comparing the at least one candidate cousin domain name with legitimate domain information to identify the legitimate domain name that is imitated by at least one portion of the domain name.
    Type: Grant
    Filed: May 28, 2008
    Date of Patent: April 22, 2014
    Assignee: Symantec Corporation
    Inventors: Zulfikar Ramzan, Shaun Cooley
  • Patent number: 8707440
    Abstract: The system and method for passively identifying encrypted and interactive network sessions described herein may distribute a passive vulnerability scanner in a network, wherein the passive vulnerability scanner may observe traffic travelling across the network and reconstruct a network session from the observed traffic. The passive vulnerability scanner may then analyze the reconstructed network session to determine whether the session was encrypted or interactive (e.g., based on randomization, packet timing characteristics, or other qualities measured for the session). Thus, the passive vulnerability scanner may monitor the network in real-time to detect any devices in the network that run encrypted or interactive services or otherwise participate in encrypted or interactive sessions, wherein detecting encrypted and interactive sessions in the network may be used to manage changes and potential vulnerabilities in the network.
    Type: Grant
    Filed: March 22, 2010
    Date of Patent: April 22, 2014
    Assignee: Tenable Network Security, Inc.
    Inventors: Ron Gula, Renaud Deraison, Matthew T. Hayton
  • Patent number: 8707285
    Abstract: Embodiments include a method comprising loading a software class containing class information for a lock state. The method includes allocating an instance of a software object derived from the software class, wherein the allocating includes allocating of a lock word as part of the instance of the software object. The lock word defines whether the object is locked by a thread of multiple threads. The method includes observing activity relative to the instance of the software object. The method also includes, responsive to observing the activity relative to the instance of the software object that indicates that the lock state of the instance of the object is non-locking, removing the lock word from the instance of the object.
    Type: Grant
    Filed: December 31, 2010
    Date of Patent: April 22, 2014
    Assignee: International Business Machines Corporation
    Inventor: Peter W. Burka
  • Publication number: 20140108781
    Abstract: The present invention provides a method and a system for negotiation based on IKE messages. A standby device updates a value of a stored third identity according to an update notification of an active device. The update notification of the active device is sent by the active device after updating a value of a stored second identity. When the standby device switches to a new active device, the new active device sends a second message for negotiating IPSec information to a peer device according to the updated third identity. The third identity is an identity that is stored in the standby device and used to acquire state information of the active device.
    Type: Application
    Filed: October 11, 2013
    Publication date: April 17, 2014
    Inventors: Wei Zhang, Ruirui Liu, Wenhui Xie, Guolu Gao
  • Publication number: 20140101435
    Abstract: An encrypted communication apparatus determines a security protocol in IPsec to be applied to an IP packet, and calculates, based on the determined security protocol, a packet size which prevents the IP packet from being fragmented even if IPsec is applied to the IP packet. The packet size to be calculated is independent of an encryption algorithm and authentication algorithm which are actually specified by the determined security protocol.
    Type: Application
    Filed: October 1, 2013
    Publication date: April 10, 2014
    Applicant: CANON KABUSHIKI KAISHA
    Inventor: Akihisa KINOSHITA
  • Patent number: 8694769
    Abstract: A system and method for controlling data communications between a server and a client device, such as a mobile device. Embodiments relate generally to a technique where stop data is provided to the client device. This stop data can be transmitted (e.g. by the client device) to the server. When processed by the server, the stop data indicates to the server that at least some of the encrypted data received by the client device from the server was not decrypted using the second key (e.g. as may be the case when the second key has been deleted). Upon receiving the stop data, the server may, for example, withhold the transmission of data encrypted with the first key to the client device until the second key is restored on the client device. In one embodiment, the stop data is provided to the client device in an encoded (e.g. encrypted) form.
    Type: Grant
    Filed: December 16, 2011
    Date of Patent: April 8, 2014
    Assignee: BlackBerry Limited
    Inventors: Dave Bajar, Philip Chi-Jim Luk, Michael Kenneth Brown, Darrell Reginald May
  • Patent number: 8693688
    Abstract: A method and apparatus for adaptive packet ciphering is disclosed. The apparatus can include a transceiver capable of communicating in a wireless network and specifying a packet number (PN) and an integrity check value (ICV) as separate packet data units (PDUs) in a stream of a PDUs. The data between a PN-PDU and an ICV-PDU can be enciphered as a single payload of concentrated PDUs.
    Type: Grant
    Filed: September 30, 2009
    Date of Patent: April 8, 2014
    Assignee: Intel Corporation
    Inventor: David Johnston
  • Publication number: 20140095862
    Abstract: According to an example, a detection message may be sent for security association detection for Internet protocol security. The detection message includes a detection flag. The detection message may be an encapsulated message including the detection flag.
    Type: Application
    Filed: September 27, 2013
    Publication date: April 3, 2014
    Applicant: Hangzhou H3C Technologies Co., Ltd.
    Inventor: Chao YANG
  • Publication number: 20140095861
    Abstract: Server-assisted secure function evaluation (SFE) is performed with input consistency verification for two parties that want to evaluate a function. The server computes a garbled circuit corresponding to the function. A predefined bit of the 0-secret of wire i in the garbled circuit is set to a random bit bi and a predefined bit of the 1-secret of wire i in the garbled circuit is set to bi. The server communicates with each party using an Oblivious Transfer (OT) to provide encrypted versions of the respective inputs of each party. Each party receives the encrypted wire secret of the other party and the garbled circuit for computation of a respective output and stores the predefined bit of a wire of interest of the other party. A given party can verify input consistency by the other party over at least two executions by comparing the values stored by the given party for the at least two executions with corresponding values obtained from the server.
    Type: Application
    Filed: September 28, 2012
    Publication date: April 3, 2014
    Inventors: Vladimir Y. Kolesnikov, Ranji Kumaresan, Abdullatif Shikfa
  • Patent number: 8688970
    Abstract: The invention provides a method for trust relationship detection between a core and access network for a user equipment. The gist is that a security tunnel establishment procedure is used so one entity, be it part of the core network or be it the user equipment itself, is provided with information to determine whether the access network is trusted or untrusted. The information may comprise a first IP address/prefix, which is initially assigned to the user equipment, upon attaching to the access network. The necessary information may further comprise a second IP address/prefix, which is an address/prefix that is allocated at a trusted entity of the core network. Depending which entity determines the trust relationship of the access network, it might be necessary to transmit either the first IP address/prefix or the second IP address/prefix or the first and the second IP address/prefix using the security tunnel establishment procedure.
    Type: Grant
    Filed: June 12, 2008
    Date of Patent: April 1, 2014
    Assignee: Panasonic Corporation
    Inventors: Jens Bachmann, Kilian Weniger, Takashi Aramaki, Jon Schuringa, Jun Hirano, Shinkichi Ikeda
  • Patent number: 8687804
    Abstract: For a data transfer, security is negotiated via a control channel operating in accordance with a first protocol. The data is transmitted responsive to the security negotiation on a data channel operating in accordance with a second protocol. For example, a described implementation involves using a security control protocol and a separate secure data transfer protocol that operate cooperatively, but independently, to provide flexible application layer security with highly efficient data transfers.
    Type: Grant
    Filed: November 1, 2006
    Date of Patent: April 1, 2014
    Assignee: Microsoft Corporation
    Inventor: Blair B. Dillaway
  • Patent number: 8683568
    Abstract: Techniques for using a network analyzer device connected to a network include (a) sniffing packets traversing the network between a web-based application server and a user machine, the user machine being operated by a user, (b) analyzing the sniffed packets to extract event information relating to interaction events between the user machine and the web-based application server, and (c) sending the extracted event information to an authentication server for risk-based authentication of the user.
    Type: Grant
    Filed: September 22, 2011
    Date of Patent: March 25, 2014
    Assignee: EMC Corporation
    Inventors: Anton Khitrenovich, Oded Peer, Oleg Freylafert
  • Patent number: 8681673
    Abstract: A method for reducing power consumption in a wireless communication system includes: generating a descramble initial value by using at least some bits of identification information of an STA, which is known to an AP or base station and the STA; generating a first descramble sequence by using the generated descramble initial value and comparing at least some bits of the generated first descramble sequence with at least some bits of a service field of a currently-received signal; as the comparison result, when it is determined that the destination of the currently-received signal is not set to the STA, stopping the signal reception; and as the comparison result, when it is determined that the destination of the currently-received signal is set to the STA, generating a second descramble sequence by using the descramble initial value and descrambling the currently-received signal.
    Type: Grant
    Filed: April 7, 2011
    Date of Patent: March 25, 2014
    Assignee: Electronics and Telecommunications Research Institute
    Inventors: Yu-Ro Lee, Jong-Ee Oh, Sok-Kyu Lee, Hyun-Kyu Chung
  • Patent number: 8675674
    Abstract: The present invention is directed towards systems and methods for distributed operation of a plurality of cryptographic cards in a multi-core system. In various embodiments, a plurality of cryptographic cards providing encryption/decryption resources are assigned to a plurality of packet processing engines in operation on a multi-core processing system. One or more cryptographic cards can be configured with a plurality of hardware or software queues. The plurality of queues can be assigned to plural packet processing engines so that the plural packet processing engines share cryptographic services of a cryptographic card having multiple queues. In some embodiments, all cryptographic cards are configured with multiple queues which are assigned to the plurality of packet processing engines configured for encryption operation.
    Type: Grant
    Filed: December 23, 2009
    Date of Patent: March 18, 2014
    Assignee: Citrix Systems, Inc.
    Inventors: Ashoke Saha, Rajesh Joshi, Tushar Kanekar
  • Patent number: 8677475
    Abstract: A communication system may be configured to provide multiple levels of security for a communication link between a first node and a second node of a network. The system may be further configured to select a first level of security from the multiple levels of security for transmitting first data send by a first client via the first node to the second node and to select a second level of security from the multiple levels of security for transmitting second data send by a second client via the first node to the second node, the second level of security being different than the first level of security.
    Type: Grant
    Filed: July 15, 2009
    Date of Patent: March 18, 2014
    Assignee: Infineon Technologies AG
    Inventors: Neal J. King, Charles Bry
  • Patent number: 8677114
    Abstract: Techniques are provided for enabling application steering/blocking in a secure network which includes a network entity, and a first tunnel endpoint coupled to the network entity over an encrypted tunnel. The first tunnel endpoint associates at least a first Security Parameter Index (SPI) to a first application identifier to generate first mapping information (MI), communicates the first MI to the network entity, and transmits an encrypted message to the network entity over the encrypted tunnel. The encrypted message includes an encrypted packet and an unencrypted header including the first SPI. The network entity determines the first SPI from the unencrypted header, determines the first application identifier based on the first SPI and the first MI, and identifies a first application associated with the first application identifier. The network entity can still perform application steering/blocking even though traffic passing through the tunnel is encrypted.
    Type: Grant
    Filed: January 4, 2007
    Date of Patent: March 18, 2014
    Assignee: Motorola Solutions, Inc.
    Inventors: Adam C. Lewis, George Popovich, Peter E. Thomas
  • Patent number: 8671285
    Abstract: A fetch unit (a) fetches a block of instruction data from an instruction cache of the microprocessor; (b) performs an XOR on the block with a data entity to generate plain text instruction data; and (c) provides the plain text instruction data to an instruction decode unit. In a first instance the block comprises encrypted instruction data and the data entity is a decryption key. In a second instance the block comprises unencrypted instruction data and the data entity is Boolean zeroes. The time required to perform (a), (b), and (c) is the same in the first and second instances regardless of whether the block is encrypted or unencrypted. A decryption key generator selects first and second keys from a plurality of keys, rotates the first key, and adds/subtracts the rotated first key to/from the second key, all based on portions of the fetch address, to generate the decryption key.
    Type: Grant
    Filed: April 21, 2011
    Date of Patent: March 11, 2014
    Assignee: VIA Technologies, Inc.
    Inventors: G. Glenn Henry, Terry Parks, Brent Bean, Thomas A. Crispin
  • Patent number: 8671448
    Abstract: A method for implementing a mandatory access control model in operating systems which natively use a discretionary access control scheme. A method for implementing mandatory access control for a plurality of computers, the system comprising information assets, stored as files on the computers, and a network communicatively connecting the computers, wherein each of the computers includes an operating system that uses a discretionary access control policy, and wherein each of a subset of computers includes a software agent component operable to intercept a request for a file operation on a file from a user of one of the computers including the software agent, determining whether the file is protected, if the file is protected, altering ownership of the file from the user to another owner, and providing access based on a mandatory access control policy.
    Type: Grant
    Filed: December 13, 2011
    Date of Patent: March 11, 2014
    Assignee: McAfee, Inc.
    Inventors: Oren Tirosh, Eran Werner
  • Publication number: 20140068245
    Abstract: The present invention is directed towards systems and methods for managing SSL session persistence and reuse in a multi-core system. A first core may indicate that an SSL session established by the first core is non-resumable. Responsive to the indication, the core may set an indicator at a location in memory accessible by each core of the multi-core system, the indicator indicating that the SSL session is non-resumable. A second core of the multi-core system may receive a request to reuse the SSL session. The request may include a session identifier of the SSL session. In addition, the session identifier may identify the first core as an establisher of the SSL session. The second core can identify from encoding of the session identifier whether the second core is not the establisher of the SSL session. Responsive to the identification, the second core may determine whether to resume the SSL session.
    Type: Application
    Filed: November 8, 2013
    Publication date: March 6, 2014
    Applicant: Citrix Systems, Inc.
    Inventor: Tushar Kanekar
  • Patent number: 8665710
    Abstract: A protocol circuit layer is described. The protocol circuit layer may employ a routing layer to determine optimal routes when establishing a circuit. The circuit layer may employ a link layer to send data packets over links to other network nodes. A naming layer may employ circuits to establish a distributed database of associations between network node addresses and their network locations.
    Type: Grant
    Filed: June 25, 2012
    Date of Patent: March 4, 2014
    Assignee: CoCo Communications Corp.
    Inventors: Riley Eller, Frank Laub, Jeremy Bruestle, Mark L Tucker
  • Patent number: 8667585
    Abstract: Disclosed herein is a Transmission Control Protocol (TCP) flooding attack prevention method. The TCP flooding attack prevention method includes identifying the type of a packet received at an intermediate stage between a client and a server; determining the direction of the packet; defining a plurality of session states based on the type and the direction of the packet; detecting a TCP flooding attack by tracking the session states for each flow; and responding to the TCP flooding attack based on the type of the TCP flooding attack.
    Type: Grant
    Filed: November 2, 2011
    Date of Patent: March 4, 2014
    Assignee: Electronics and Telecommunications Research Institute
    Inventors: Seung-Yong Yoon, Byoung-Koo Kim
  • Patent number: 8667151
    Abstract: In one embodiment, a method of the invention has the steps of: (A) establishing an access-layer security association (SA) between a mobile node (MN) and an authentication authorization accounting (AAA) server; (B) deriving a secondary key from an extended master session key (EMSK) corresponding to the access-layer SA; (C) providing the secondary key to a home agent; and (D) based on the secondary key, establishing an SA corresponding to an Open System Interconnection (OSI) layer higher than the access layer for securing communications between the home agent and a selected network node. In various embodiments, the selected network node can be (i) the MN, (ii) a proxy node configured on behalf of the MN, or (iii) a proxy node configured on behalf of the home agent.
    Type: Grant
    Filed: August 9, 2007
    Date of Patent: March 4, 2014
    Assignee: Alcatel Lucent
    Inventors: Semyon B. Mizikovsky, Ganapathy S. Sundaram, Zhibi Wang
  • Patent number: 8661500
    Abstract: An approach is provided for providing end-to-end privacy in multi-level distributed computations. A distributed computation privacy platform determines one or more privacy policies associated with at least one level of a computational environment. The distributed computation privacy platform also determines one or more computation closures associated with the at least one level of the computational environment. The distributed computation privacy platform further processes and/or facilitates a processing of the one or more privacy policies and the one or more computation closures to cause, at least in part, an enforcement of the one or more privacy policies.
    Type: Grant
    Filed: May 20, 2011
    Date of Patent: February 25, 2014
    Assignee: Nokia Corporation
    Inventors: Sergey Boldyrev, Jari-Jukka Harald Kaaja, Hannu Ensio Laine, Jukka Honkola, Vesa-Veikko Luukkala, Ian Justin Oliver
  • Patent number: 8661241
    Abstract: A network switch including a plurality of ports, a packet processor, and a first processor. The plurality of ports are configured to receive a plurality of packets transmitted from a network to the network switch. The packet processor comprises a classifier configured to select a subset of the plurality of packets according to sampling criteria. The first processor is configured to determine, based on the subset of the plurality of packets, whether the plurality of packets are associated with an attack on the network switch. The classifier is further configured to, prior to the first processor determining whether the plurality of packets are associated with an attack, copy the subset of the plurality of packets to the first processor while maintaining the plurality of packets in the packet processor.
    Type: Grant
    Filed: September 26, 2011
    Date of Patent: February 25, 2014
    Assignee: Marvell International Ltd.
    Inventor: Michael Orr
  • Patent number: 8661523
    Abstract: A method and system, used with an extended USB computer system, for locking out USB mass storage devices at the desktop. For lockout activation, a switch at each host computer is set, and causes a host-side lockout process to deliver a downstream lockout signal to the host's associated portal. This signal causes a portal-side lockout process to disallow USB data from a mass storage device from entering the network.
    Type: Grant
    Filed: September 3, 2010
    Date of Patent: February 25, 2014
    Assignee: ClearCube Technology, Inc.
    Inventors: Michael Barron, Raymond A. Dupont, Rajesh K. Mellacheruvu, Randy Printz, Syed Mohammad Amir Husain
  • Patent number: 8656467
    Abstract: A device for communicating with other devices to allow them to access applications, comprises: at least a first application; authentication means for authenticating a communicating device; and access control means accessible by a communicating device requesting access to the first application without the communicating device having been authenticated by the authentication means. The device is further arranged to arbitrate whether access of the communicating device to the first application is granted or refused wherein if the arbitration requires an authentication of the communicating device, the access control means instructs the authentication means to authenticate the communicating device.
    Type: Grant
    Filed: June 6, 2000
    Date of Patent: February 18, 2014
    Assignee: Nokia Corporation
    Inventors: Thomas Müller, Martin Roter
  • Patent number: 8656481
    Abstract: A method for configuring Internet Protocol Security (IPsec) protocol. The method includes configuring IPsec phase 1 Security Associations (SA) lifetimes and soft phase 2 SA lifetimes in a manner enabling efficient Dead Peer Detection recovery of secure communication between client and server in the event of a communication disruption and thereby preventing undesirable sustained periods of non-communication between client and server.
    Type: Grant
    Filed: September 15, 2009
    Date of Patent: February 18, 2014
  • Patent number: 8656127
    Abstract: An information processing terminal (101) includes: a storage area (206), in which general information (211) and confidential information (210) are recorded; an input/output receiving unit (201) which receives an access command to general information (211) or confidential information (210); a route information holding unit (203) in which route information is held, the route information indicating an area of activity in which access to the confidential information (210) is allowed; a current location acquisition unit (304) which acquires current location information indicating the current location of the information processing terminal (101); an access determination unit (305) which allows access to the confidential information (210) when the location of the information processing terminal (101) indicated by the current location information is in the route information; and a confidential information access unit (306) which accesses the confidential information (210) in response to the access allowance by the ac
    Type: Grant
    Filed: February 9, 2011
    Date of Patent: February 18, 2014
    Assignee: Panasonic Corporation
    Inventors: Hideki Matsushima, Natsume Matsuzaki, Kouji Kobayashi, Masao Nonaka
  • Patent number: 8650647
    Abstract: A reputation server is coupled to multiple clients via a network. Each client has a security module that detects malware at the client. The security module computes a hygiene score based on detected malware. The security module provides the hygiene score and an identifier of a visited web site to a reputation server. The security module also provides identifiers of files encountered at specified web sites to the reputation server. The reputation server computes secondary hygiene scores for web sites based on the hygiene scores of the clients that visit the web sites. The reputation server further computes reputation scores for files based on the secondary hygiene scores of sites that host the files. The reputation server provides the reputation scores to the clients. A reputation score represents an assessment of whether the associated file is malicious.
    Type: Grant
    Filed: July 24, 2012
    Date of Patent: February 11, 2014
    Assignee: Symantec Corporation
    Inventors: Carey S. Nachenberg, Michael P. Spertus
  • Patent number: 8645678
    Abstract: A chaotic cryptographic technique for orthogonal frequency division multiplexing (OFDM) based wireless/wired communication systems is implemented with an OFDM symbol structure based on symmetric key cryptography. At the receiver side, data detection becomes infeasible without knowledge of the secret key. Without the knowledge of the key, the signal will be a noise-like signal. The computational power required to implement the technique is very low, rendering the system an attractive option for high data rate communications based on OFDM technology. The system security is proportional to (L×N)! where N is the number of subcarriers in the OFDM system and L is the number of OFDM symbols involved in the encryption process. For OFDM applications where ?256, L may be set to 1 and breaking the system would require N! exhaustive-search trials. In the case that N<256, L may be increased.
    Type: Grant
    Filed: December 19, 2011
    Date of Patent: February 4, 2014
    Assignee: Khalifa University of Science, Technology & Research (Kustar)
    Inventors: Arafat Al-Dweik, Chan Yeob Yeun
  • Patent number: 8644889
    Abstract: Aspects of the invention include a method and system for restoring connectivity from a telematics service provider to a desubscribed telematics unit, and therefore, restored a capability of providing telematics services to a vehicle owner. A vehicle owner with a lapsed subscription and a desubscribed telematics unit installed in his vehicle may have the need to request certain telematics services from the telematics service provider. Aspects of the invention provide for a vehicle owner with a lapsed subscription and a desubscribed telematics unit to request certain “a la carte” services from a telematics service provider using the vehicle owner's personal cellular telephone connected to the desubscribed telematics unit across a personal wireless link.
    Type: Grant
    Filed: March 26, 2009
    Date of Patent: February 4, 2014
    Assignee: General Motors, LLC.
    Inventor: Lawrence D. Cepuran
  • Patent number: 8646053
    Abstract: The present invention provides a security module for Web application, especially a portal application, using a rewriter proxy. The security module ensures that the rewritten URIs are appended by an authentication identifier for determining whether the rewritten URI has not been changed. Preferably, the authentication identifier can be generated by applying a secure hash algorithm and/or secret key to the original URIs of the remote resource or the entire rewritten URIs. When a client activates those URIs, a request is sent to the rewriter proxy. Before a connection to the access protected remote resource is established, the security module validates whether the URIs contained in the user client request have been changed by the user.
    Type: Grant
    Filed: December 14, 2010
    Date of Patent: February 4, 2014
    Assignee: International Business Machines Corporation
    Inventors: Stephan Laertz, Peter Fischer, Carsten Leue, Thomas Schaeck
  • Patent number: 8646041
    Abstract: A method is provided for producing securing data for implementing a secured session between a first and at least a second entity based on a protocol for establishing secured sessions. The method includes setting up a third secured entity related to the first entity; generating at least a portion of the securing data within the third entity; and transmitting the securing data from the secured third entity to the first entity.
    Type: Grant
    Filed: May 19, 2008
    Date of Patent: February 4, 2014
    Assignee: Institut Telecom / Telecom Paristech
    Inventor: Pascal Urien
  • Patent number: 8646085
    Abstract: The invention relates to an apparatus for analyzing and reconfiguring a technical system (2) with respect to security, as well as a corresponding decision support system and computer program product. A graph constructor (20) provides, based on technical information about the system (2) received via an input interface (10), a representation of potential attacks in a directed graph of attack nodes. A system/countermeasure analysis unit (30) ranks different sets of countermeasures to enable a selected set of countermeasures to be taken to improve security. The analysis unit (30) performs the following procedure for each set of countermeasures: i) logically apply the set of countermeasures to attacks in the directed graph, and ii) determine a rank of the applied set of countermeasures based on the effectiveness of the countermeasures with respect to the reduction of the risk of attacks.
    Type: Grant
    Filed: September 23, 2008
    Date of Patent: February 4, 2014
    Assignee: Telefonaktiebolaget L M Ericsson (Publ)
    Inventors: Karl Norrman, Jonathan Cederberg, Mats Näslund
  • Publication number: 20140032897
    Abstract: A network-based application can establish a secure network connection to a switch. A unique identifier (UID) is generated for the network-based application, and a secure authentication request is generated from the network-based application. The UID for the network-based application is embedded in the secure authentication request. The secure authentication request is communicated to the switch. A response to the secure authentication request is received from the switch. One or more operations are performed that utilize the UID to establish a secure communication channel between the network-based application and the switch.
    Type: Application
    Filed: July 30, 2012
    Publication date: January 30, 2014
    Inventors: Kaushik Datta, Craig Joseph Mills
  • Patent number: 8640216
    Abstract: The present solution described herein is directed towards systems and methods to prevent cross-site request forgeries based on web form verification using unique identifiers. The present solution tags each form from a server that is served out in the response with a unique and unpredictable identifier. When the form is posted, the present solution enforces that the identifier being returned is the same as the one that was served out to the user. This prevents malicious unauthorized third party users from submitting a form on a user's behalf since they cannot guess the value of this unique identifier that was inserted.
    Type: Grant
    Filed: December 23, 2009
    Date of Patent: January 28, 2014
    Assignee: Citrix Systems, Inc.
    Inventors: Craig Anderson, Anoop Reddy, Yariv Keinan
  • Patent number: 8640219
    Abstract: A method for enabling access to digital rights managed (DRM) content from a server to a portable playback device using a device that functions as a proxy for enabling communication between the server and the portable playback device. The method provides for establishing a connection with a device capable of operating as a gateway device for passing data between the portable playback device and the server, requesting that the device establish a connection with the server and operate as a proxy for enabling data exchange between the portable playback device and the server, sending to the server, upon establishing the connection with the server via the device operating as a proxy, data indicating DRM solutions supported by the portable playback device, and a list comprising requested DRM content to be downloaded to the portable playback device, and receiving from the server, via the device operating as a proxy, the requested DRM content and DRM rules associated with the received content.
    Type: Grant
    Filed: June 23, 2005
    Date of Patent: January 28, 2014
    Assignee: Thomson Licensing
    Inventors: Junbiao Zhang, Kumar Ramaswamy, Jeffrey Allen Cooper
  • Patent number: 8635392
    Abstract: A layer management interface (LMI) to communicate with a processor over MDIO protocol, and to communicate with a media access control security (MACsec) functional block over a local network protocol, the LMI including a command register to receive command information for transacting data information with the destination portion within the MACsec, an address register to receive address information associated with the destination portion without conducting all the MDIO address cycles required by the MDIO protocol to receive the address information, the LMI being configured to determine a location of the destination portion based on the received address information, and a data register to transact the data information without conducting all MDIO data cycles required by the MDIO protocol to transact the data information, and to transact the data information with the determined destination portion based on the command information over the local network protocol.
    Type: Grant
    Filed: October 12, 2012
    Date of Patent: January 21, 2014
    Assignee: Broadcom Corporation
    Inventor: David (Wei) Wang
  • Patent number: 8635695
    Abstract: Systems and methods for detecting and preventing network security breaches are described. The systems and methods present a gateway-based packet-forwarding network security solution to not only detect security breaches but also prevent them by directly dropping suspicious packets and connections. The systems and methods employ multiple techniques to detect and prevent network security breaches, including stateful signature detection, traffic signature detection, and protocol anomaly detection.
    Type: Grant
    Filed: September 14, 2012
    Date of Patent: January 21, 2014
    Assignee: Juniper Networks, Inc.
    Inventors: Nir Zuk, Kowsik Guruswamy