Protection At A Particular Protocol Layer Patents (Class 713/151)
-
Patent number: 8719592Abstract: A telematics system that includes a security controller is provided. The security controller is responsible for ensuring secure access to and controlled use of resources in the vehicle. The security measures relied on by the security controller can be based on digital certificates that grant rights to certificate holders, e.g., application developers. In the case in which applications are to be used with vehicle resources, procedures are implemented to make sure that certified applications do not jeopardize vehicle resources' security and vehicle users' safety. Relationships among interested entities are established to promote and support secure vehicle resource access and usage. The entities can include vehicle makers, communication service providers, communication apparatus vendors, vehicle subsystem suppliers, application developers, as well as vehicle owners/users.Type: GrantFiled: January 22, 2008Date of Patent: May 6, 2014Assignee: Cellport Systems, Inc.Inventors: Patrick J. Kennedy, Axel Fuchs, Charles W. Spaur
-
Publication number: 20140122865Abstract: The present invention is directed towards systems and methods for split proxying Secure Socket Layer (SSL) communications via intermediaries deployed between a client and a server. The method includes establishing, by a server-side intermediary, a SSL session with a server. A client-side intermediary may establish a second SSL session with a client using SSL configuration information received from the server-side intermediary. Both intermediaries may communicate via a third SSL session. The server-side intermediary may decrypt data received from the server using the first SSL session's session key. The server-side intermediary may transmit to the client-side intermediary, via the third SSL session, data encrypted using the third SSL session's session key. The client-side intermediary may decrypt the encrypted data using the third SSL session's session key. The client-side intermediary may transmit to the client the data encrypted using the second SSL session's session key.Type: ApplicationFiled: September 16, 2013Publication date: May 1, 2014Applicant: Citrix Systems, Inc.Inventor: Michael Ovsiannikov
-
Patent number: 8713665Abstract: A method and system for controlling a firewall for a user computer system. One or more processors of the user computer system receive a control request to control a program of the user computer system by the firewall. The control request includes a condition pertaining to at least one process of a remote computer system. The at least one process is configured to be executed on the remote computer system. The firewall protects the user computer system from external threats. The processors store a remote system condition associated with the program of the user computer system. The remote system condition includes the condition pertaining to the at least one process. The processors ascertain whether the remote system condition is satisfied. The processors direct the firewall to block or allow the transmission of data if it is ascertained that the remote system condition is not satisfied or satisfied, respectively.Type: GrantFiled: September 4, 2012Date of Patent: April 29, 2014Assignee: International Business Machines CorporationInventors: Rick A. Hamilton, II, Brian M. O'Connell, John R. Pavesi, Keith R. Walker
-
Patent number: 8713303Abstract: A method and a system for establishing a security connection between switch equipments are disclosed in the present invention. The system includes the first switch equipment and the second switch equipment; the first switch equipment sends the switch key negotiation activation packet and the switch key negotiation response packet to the second switch equipment; the second switch equipment sends the switch key negotiation request packet to the first switch equipment. The embodiments of the present invention provide a security policy for data security transmission between switch equipments by establishing shared switch key between each two switch equipments, thus guaranteeing the confidentiality of the data transmission process between switch equipments in the data link layer. The calculation burden of switch equipment and the delay of the data packets transmitted from the transmission end to the reception end can be reduced and the efficiency of network transmission can be improved.Type: GrantFiled: May 26, 2010Date of Patent: April 29, 2014Assignee: China Iwncomm Co., Ltd.Inventors: Qin Li, Jun Cao, Li Ge, Manxia Tie, Zhenhai Huang
-
Patent number: 8711706Abstract: A protocol delay measuring device prevents an increase of the processing overhead of a communication terminal attributed to a protocol delay measurement. The measuring device determines the protocol delay by using first and second timestamps created respectively before and after a processed packet is obtained from an unprocessed packet by IPsec processing by the communication terminal. An acknowledges creates an identifier of the unprocessed packet. A timestamp database stores the created identifier along with the first timestamp and writes the identifier in a storage where the identifier is kept the same before and after the IPsec processing by the communication terminal. A correlator reads the identifier from the storage and extracts the first timestamp stored along with the same identifier as the read identifier in the timestamp database. A calculator calculates the difference between the extracted first timestamp and the second timestamp as the protocol delay.Type: GrantFiled: December 15, 2008Date of Patent: April 29, 2014Assignee: Panasonic CorporationInventors: Satoshi Senga, Kazushige Yamada, Ming-Fong Yeh
-
Patent number: 8713302Abstract: A voice-over-Internet-Protocol (VoIP) client codes audio data as printable ASCII characters, then embeds the ASCII audio data inside a cookie that is sent over the Internet within an HTTP GET message. The GET message is sent to a server acting as a call proxy or external manager that forwards the audio data to a remote client. Return audio data is sent back to the client in the normal data field of an HTTP response message from the server. When the client receives the HTTP response, it sends another GET message without audio data, allowing the server to send another response. This empty GET allows VoIP to pass through strict firewalls that pair each HTTP response with a GET. For secure-sockets layer (SSL), client and server exchange pseudo-keys in hello and finished messages that establish the SSL session. Audio data is streamed in SSL messages instead of encrypted data.Type: GrantFiled: April 25, 2011Date of Patent: April 29, 2014Assignee: Google Inc.Inventor: Debra C. Kirchhoff
-
Patent number: 8713301Abstract: A control or supervision system incorporates a digital serial communication and modules which are mutually communicable to this and operate with CAN-protocol. A control desk can be wirelessly connected to one or more modules operating with a signal protocol which takes no account of arbitration and/or confirmation functions appearing in the CAN-system. A particular receiving communication part executes the conversion of said signal protocol to the signal protocol of the CAN-system. A device for controlling a function in a first module in a CAN-system via a wireless connection to a second module in said system. A system of mutually separate units, whereof each unit operates with a CAN-signalling protocol, intercommunicable by means of radiocommunications operating with an identification system in which a key allocation between the units is based upon identities that are assigned by a module in the unit or a master system.Type: GrantFiled: June 9, 2008Date of Patent: April 29, 2014Assignee: Xinshu Management, L.L.C.Inventor: Lars-Berno Fredriksson
-
Patent number: 8713649Abstract: A system and method can provide subnet manager (SM) restrictions in an InfiniBand (IB) network. A first SM in a subnet in the IB network operates to determine whether a second SM associated with a remote port is trustworthy. Furthermore, the first SM is allowed to send at least one of a request and a response that contains a management key to the second SM, if the first SM determines that the second SM is trustworthy. Additionally, the first SM is prevented from attempting to initiate communication with the second SM, if otherwise.Type: GrantFiled: June 4, 2012Date of Patent: April 29, 2014Assignee: Oracle International CorporationInventors: Bjorn-Dag Johnsen, Line Holen, Dag Georg Moxnes
-
Patent number: 8710952Abstract: A method of authenticating a radio frequency identification (RFID) reader to efficiently and timely check of revocation status of the RFID reader includes the steps of checking whether a given certificate is expired or revoked, and allowing a user of an RFID tag to verify that the credentials and revocation status information reported to the tag by reader is correct and current/valid before permitting information transmission from the RFID tag to the reader. An RFID tag includes a passively powered display and a user activatable control which allows the method to be carried out with the tag. The tag may include encrypted communication ability and automatic certificate revocation list checking. (This method is applicable not just to RFID but to any technology involving purely passive operation, i.e., where the tag obtains power from a reader).Type: GrantFiled: September 7, 2010Date of Patent: April 29, 2014Assignee: The Regents of the University of CaliforniaInventors: Gene Tsudik, Ersin Uzun
-
Publication number: 20140115320Abstract: A more secure TCP/IP protocol stack is provided having an enhanced transport layer. Encryption and decryption logic is arranged on the transmission side and on the reception side for processing a payload of a transport layer protocol, such as TCP or UDP. By employing this enhanced transport layer, a cryptograph process communication can be realized by dissolving various kinds of restrictions which a conventional IPsec or SSL possesses without affecting upper layer processing, and, at the same time, maintaining compatibility with the IP layer.Type: ApplicationFiled: October 18, 2013Publication date: April 24, 2014Applicant: INTO CO., LTD.Inventors: Hirotsugu OZAKI, Keiko Ogawa
-
Patent number: 8707020Abstract: A MACSec packet exposes selected tags in front of the MACSec tag. Different embodiments are directed to methods and apparatuses of various network nodes, that send, forward, and receive packets. Anther embodiment is the MACSec data structure on a computer readable medium. Another embodiment is the upgrade process of a legacy network.Type: GrantFiled: May 13, 2010Date of Patent: April 22, 2014Assignee: ClearCrypt, Inc.Inventors: Gabor Lengyel, Ramana Devarapalli, Liang-Chih Yuan
-
Patent number: 8707426Abstract: A method and apparatus for resolving a cousin domain name to detect web-based fraud is described. In one embodiment, the method for resolving cousin domain names of a legitimate domain name comprising applying at least one rule to a domain name to generate one or more candidate cousin domain names and comparing the at least one candidate cousin domain name with legitimate domain information to identify the legitimate domain name that is imitated by at least one portion of the domain name.Type: GrantFiled: May 28, 2008Date of Patent: April 22, 2014Assignee: Symantec CorporationInventors: Zulfikar Ramzan, Shaun Cooley
-
Patent number: 8707440Abstract: The system and method for passively identifying encrypted and interactive network sessions described herein may distribute a passive vulnerability scanner in a network, wherein the passive vulnerability scanner may observe traffic travelling across the network and reconstruct a network session from the observed traffic. The passive vulnerability scanner may then analyze the reconstructed network session to determine whether the session was encrypted or interactive (e.g., based on randomization, packet timing characteristics, or other qualities measured for the session). Thus, the passive vulnerability scanner may monitor the network in real-time to detect any devices in the network that run encrypted or interactive services or otherwise participate in encrypted or interactive sessions, wherein detecting encrypted and interactive sessions in the network may be used to manage changes and potential vulnerabilities in the network.Type: GrantFiled: March 22, 2010Date of Patent: April 22, 2014Assignee: Tenable Network Security, Inc.Inventors: Ron Gula, Renaud Deraison, Matthew T. Hayton
-
Patent number: 8707285Abstract: Embodiments include a method comprising loading a software class containing class information for a lock state. The method includes allocating an instance of a software object derived from the software class, wherein the allocating includes allocating of a lock word as part of the instance of the software object. The lock word defines whether the object is locked by a thread of multiple threads. The method includes observing activity relative to the instance of the software object. The method also includes, responsive to observing the activity relative to the instance of the software object that indicates that the lock state of the instance of the object is non-locking, removing the lock word from the instance of the object.Type: GrantFiled: December 31, 2010Date of Patent: April 22, 2014Assignee: International Business Machines CorporationInventor: Peter W. Burka
-
Publication number: 20140108781Abstract: The present invention provides a method and a system for negotiation based on IKE messages. A standby device updates a value of a stored third identity according to an update notification of an active device. The update notification of the active device is sent by the active device after updating a value of a stored second identity. When the standby device switches to a new active device, the new active device sends a second message for negotiating IPSec information to a peer device according to the updated third identity. The third identity is an identity that is stored in the standby device and used to acquire state information of the active device.Type: ApplicationFiled: October 11, 2013Publication date: April 17, 2014Inventors: Wei Zhang, Ruirui Liu, Wenhui Xie, Guolu Gao
-
Publication number: 20140101435Abstract: An encrypted communication apparatus determines a security protocol in IPsec to be applied to an IP packet, and calculates, based on the determined security protocol, a packet size which prevents the IP packet from being fragmented even if IPsec is applied to the IP packet. The packet size to be calculated is independent of an encryption algorithm and authentication algorithm which are actually specified by the determined security protocol.Type: ApplicationFiled: October 1, 2013Publication date: April 10, 2014Applicant: CANON KABUSHIKI KAISHAInventor: Akihisa KINOSHITA
-
Patent number: 8694769Abstract: A system and method for controlling data communications between a server and a client device, such as a mobile device. Embodiments relate generally to a technique where stop data is provided to the client device. This stop data can be transmitted (e.g. by the client device) to the server. When processed by the server, the stop data indicates to the server that at least some of the encrypted data received by the client device from the server was not decrypted using the second key (e.g. as may be the case when the second key has been deleted). Upon receiving the stop data, the server may, for example, withhold the transmission of data encrypted with the first key to the client device until the second key is restored on the client device. In one embodiment, the stop data is provided to the client device in an encoded (e.g. encrypted) form.Type: GrantFiled: December 16, 2011Date of Patent: April 8, 2014Assignee: BlackBerry LimitedInventors: Dave Bajar, Philip Chi-Jim Luk, Michael Kenneth Brown, Darrell Reginald May
-
Patent number: 8693688Abstract: A method and apparatus for adaptive packet ciphering is disclosed. The apparatus can include a transceiver capable of communicating in a wireless network and specifying a packet number (PN) and an integrity check value (ICV) as separate packet data units (PDUs) in a stream of a PDUs. The data between a PN-PDU and an ICV-PDU can be enciphered as a single payload of concentrated PDUs.Type: GrantFiled: September 30, 2009Date of Patent: April 8, 2014Assignee: Intel CorporationInventor: David Johnston
-
Publication number: 20140095862Abstract: According to an example, a detection message may be sent for security association detection for Internet protocol security. The detection message includes a detection flag. The detection message may be an encapsulated message including the detection flag.Type: ApplicationFiled: September 27, 2013Publication date: April 3, 2014Applicant: Hangzhou H3C Technologies Co., Ltd.Inventor: Chao YANG
-
Publication number: 20140095861Abstract: Server-assisted secure function evaluation (SFE) is performed with input consistency verification for two parties that want to evaluate a function. The server computes a garbled circuit corresponding to the function. A predefined bit of the 0-secret of wire i in the garbled circuit is set to a random bit bi and a predefined bit of the 1-secret of wire i in the garbled circuit is set to bi. The server communicates with each party using an Oblivious Transfer (OT) to provide encrypted versions of the respective inputs of each party. Each party receives the encrypted wire secret of the other party and the garbled circuit for computation of a respective output and stores the predefined bit of a wire of interest of the other party. A given party can verify input consistency by the other party over at least two executions by comparing the values stored by the given party for the at least two executions with corresponding values obtained from the server.Type: ApplicationFiled: September 28, 2012Publication date: April 3, 2014Inventors: Vladimir Y. Kolesnikov, Ranji Kumaresan, Abdullatif Shikfa
-
Patent number: 8688970Abstract: The invention provides a method for trust relationship detection between a core and access network for a user equipment. The gist is that a security tunnel establishment procedure is used so one entity, be it part of the core network or be it the user equipment itself, is provided with information to determine whether the access network is trusted or untrusted. The information may comprise a first IP address/prefix, which is initially assigned to the user equipment, upon attaching to the access network. The necessary information may further comprise a second IP address/prefix, which is an address/prefix that is allocated at a trusted entity of the core network. Depending which entity determines the trust relationship of the access network, it might be necessary to transmit either the first IP address/prefix or the second IP address/prefix or the first and the second IP address/prefix using the security tunnel establishment procedure.Type: GrantFiled: June 12, 2008Date of Patent: April 1, 2014Assignee: Panasonic CorporationInventors: Jens Bachmann, Kilian Weniger, Takashi Aramaki, Jon Schuringa, Jun Hirano, Shinkichi Ikeda
-
Patent number: 8687804Abstract: For a data transfer, security is negotiated via a control channel operating in accordance with a first protocol. The data is transmitted responsive to the security negotiation on a data channel operating in accordance with a second protocol. For example, a described implementation involves using a security control protocol and a separate secure data transfer protocol that operate cooperatively, but independently, to provide flexible application layer security with highly efficient data transfers.Type: GrantFiled: November 1, 2006Date of Patent: April 1, 2014Assignee: Microsoft CorporationInventor: Blair B. Dillaway
-
Patent number: 8683568Abstract: Techniques for using a network analyzer device connected to a network include (a) sniffing packets traversing the network between a web-based application server and a user machine, the user machine being operated by a user, (b) analyzing the sniffed packets to extract event information relating to interaction events between the user machine and the web-based application server, and (c) sending the extracted event information to an authentication server for risk-based authentication of the user.Type: GrantFiled: September 22, 2011Date of Patent: March 25, 2014Assignee: EMC CorporationInventors: Anton Khitrenovich, Oded Peer, Oleg Freylafert
-
Patent number: 8681673Abstract: A method for reducing power consumption in a wireless communication system includes: generating a descramble initial value by using at least some bits of identification information of an STA, which is known to an AP or base station and the STA; generating a first descramble sequence by using the generated descramble initial value and comparing at least some bits of the generated first descramble sequence with at least some bits of a service field of a currently-received signal; as the comparison result, when it is determined that the destination of the currently-received signal is not set to the STA, stopping the signal reception; and as the comparison result, when it is determined that the destination of the currently-received signal is set to the STA, generating a second descramble sequence by using the descramble initial value and descrambling the currently-received signal.Type: GrantFiled: April 7, 2011Date of Patent: March 25, 2014Assignee: Electronics and Telecommunications Research InstituteInventors: Yu-Ro Lee, Jong-Ee Oh, Sok-Kyu Lee, Hyun-Kyu Chung
-
Patent number: 8675674Abstract: The present invention is directed towards systems and methods for distributed operation of a plurality of cryptographic cards in a multi-core system. In various embodiments, a plurality of cryptographic cards providing encryption/decryption resources are assigned to a plurality of packet processing engines in operation on a multi-core processing system. One or more cryptographic cards can be configured with a plurality of hardware or software queues. The plurality of queues can be assigned to plural packet processing engines so that the plural packet processing engines share cryptographic services of a cryptographic card having multiple queues. In some embodiments, all cryptographic cards are configured with multiple queues which are assigned to the plurality of packet processing engines configured for encryption operation.Type: GrantFiled: December 23, 2009Date of Patent: March 18, 2014Assignee: Citrix Systems, Inc.Inventors: Ashoke Saha, Rajesh Joshi, Tushar Kanekar
-
Patent number: 8677475Abstract: A communication system may be configured to provide multiple levels of security for a communication link between a first node and a second node of a network. The system may be further configured to select a first level of security from the multiple levels of security for transmitting first data send by a first client via the first node to the second node and to select a second level of security from the multiple levels of security for transmitting second data send by a second client via the first node to the second node, the second level of security being different than the first level of security.Type: GrantFiled: July 15, 2009Date of Patent: March 18, 2014Assignee: Infineon Technologies AGInventors: Neal J. King, Charles Bry
-
Patent number: 8677114Abstract: Techniques are provided for enabling application steering/blocking in a secure network which includes a network entity, and a first tunnel endpoint coupled to the network entity over an encrypted tunnel. The first tunnel endpoint associates at least a first Security Parameter Index (SPI) to a first application identifier to generate first mapping information (MI), communicates the first MI to the network entity, and transmits an encrypted message to the network entity over the encrypted tunnel. The encrypted message includes an encrypted packet and an unencrypted header including the first SPI. The network entity determines the first SPI from the unencrypted header, determines the first application identifier based on the first SPI and the first MI, and identifies a first application associated with the first application identifier. The network entity can still perform application steering/blocking even though traffic passing through the tunnel is encrypted.Type: GrantFiled: January 4, 2007Date of Patent: March 18, 2014Assignee: Motorola Solutions, Inc.Inventors: Adam C. Lewis, George Popovich, Peter E. Thomas
-
Patent number: 8671285Abstract: A fetch unit (a) fetches a block of instruction data from an instruction cache of the microprocessor; (b) performs an XOR on the block with a data entity to generate plain text instruction data; and (c) provides the plain text instruction data to an instruction decode unit. In a first instance the block comprises encrypted instruction data and the data entity is a decryption key. In a second instance the block comprises unencrypted instruction data and the data entity is Boolean zeroes. The time required to perform (a), (b), and (c) is the same in the first and second instances regardless of whether the block is encrypted or unencrypted. A decryption key generator selects first and second keys from a plurality of keys, rotates the first key, and adds/subtracts the rotated first key to/from the second key, all based on portions of the fetch address, to generate the decryption key.Type: GrantFiled: April 21, 2011Date of Patent: March 11, 2014Assignee: VIA Technologies, Inc.Inventors: G. Glenn Henry, Terry Parks, Brent Bean, Thomas A. Crispin
-
Patent number: 8671448Abstract: A method for implementing a mandatory access control model in operating systems which natively use a discretionary access control scheme. A method for implementing mandatory access control for a plurality of computers, the system comprising information assets, stored as files on the computers, and a network communicatively connecting the computers, wherein each of the computers includes an operating system that uses a discretionary access control policy, and wherein each of a subset of computers includes a software agent component operable to intercept a request for a file operation on a file from a user of one of the computers including the software agent, determining whether the file is protected, if the file is protected, altering ownership of the file from the user to another owner, and providing access based on a mandatory access control policy.Type: GrantFiled: December 13, 2011Date of Patent: March 11, 2014Assignee: McAfee, Inc.Inventors: Oren Tirosh, Eran Werner
-
Publication number: 20140068245Abstract: The present invention is directed towards systems and methods for managing SSL session persistence and reuse in a multi-core system. A first core may indicate that an SSL session established by the first core is non-resumable. Responsive to the indication, the core may set an indicator at a location in memory accessible by each core of the multi-core system, the indicator indicating that the SSL session is non-resumable. A second core of the multi-core system may receive a request to reuse the SSL session. The request may include a session identifier of the SSL session. In addition, the session identifier may identify the first core as an establisher of the SSL session. The second core can identify from encoding of the session identifier whether the second core is not the establisher of the SSL session. Responsive to the identification, the second core may determine whether to resume the SSL session.Type: ApplicationFiled: November 8, 2013Publication date: March 6, 2014Applicant: Citrix Systems, Inc.Inventor: Tushar Kanekar
-
Patent number: 8665710Abstract: A protocol circuit layer is described. The protocol circuit layer may employ a routing layer to determine optimal routes when establishing a circuit. The circuit layer may employ a link layer to send data packets over links to other network nodes. A naming layer may employ circuits to establish a distributed database of associations between network node addresses and their network locations.Type: GrantFiled: June 25, 2012Date of Patent: March 4, 2014Assignee: CoCo Communications Corp.Inventors: Riley Eller, Frank Laub, Jeremy Bruestle, Mark L Tucker
-
Patent number: 8667585Abstract: Disclosed herein is a Transmission Control Protocol (TCP) flooding attack prevention method. The TCP flooding attack prevention method includes identifying the type of a packet received at an intermediate stage between a client and a server; determining the direction of the packet; defining a plurality of session states based on the type and the direction of the packet; detecting a TCP flooding attack by tracking the session states for each flow; and responding to the TCP flooding attack based on the type of the TCP flooding attack.Type: GrantFiled: November 2, 2011Date of Patent: March 4, 2014Assignee: Electronics and Telecommunications Research InstituteInventors: Seung-Yong Yoon, Byoung-Koo Kim
-
Patent number: 8667151Abstract: In one embodiment, a method of the invention has the steps of: (A) establishing an access-layer security association (SA) between a mobile node (MN) and an authentication authorization accounting (AAA) server; (B) deriving a secondary key from an extended master session key (EMSK) corresponding to the access-layer SA; (C) providing the secondary key to a home agent; and (D) based on the secondary key, establishing an SA corresponding to an Open System Interconnection (OSI) layer higher than the access layer for securing communications between the home agent and a selected network node. In various embodiments, the selected network node can be (i) the MN, (ii) a proxy node configured on behalf of the MN, or (iii) a proxy node configured on behalf of the home agent.Type: GrantFiled: August 9, 2007Date of Patent: March 4, 2014Assignee: Alcatel LucentInventors: Semyon B. Mizikovsky, Ganapathy S. Sundaram, Zhibi Wang
-
Patent number: 8661500Abstract: An approach is provided for providing end-to-end privacy in multi-level distributed computations. A distributed computation privacy platform determines one or more privacy policies associated with at least one level of a computational environment. The distributed computation privacy platform also determines one or more computation closures associated with the at least one level of the computational environment. The distributed computation privacy platform further processes and/or facilitates a processing of the one or more privacy policies and the one or more computation closures to cause, at least in part, an enforcement of the one or more privacy policies.Type: GrantFiled: May 20, 2011Date of Patent: February 25, 2014Assignee: Nokia CorporationInventors: Sergey Boldyrev, Jari-Jukka Harald Kaaja, Hannu Ensio Laine, Jukka Honkola, Vesa-Veikko Luukkala, Ian Justin Oliver
-
Patent number: 8661241Abstract: A network switch including a plurality of ports, a packet processor, and a first processor. The plurality of ports are configured to receive a plurality of packets transmitted from a network to the network switch. The packet processor comprises a classifier configured to select a subset of the plurality of packets according to sampling criteria. The first processor is configured to determine, based on the subset of the plurality of packets, whether the plurality of packets are associated with an attack on the network switch. The classifier is further configured to, prior to the first processor determining whether the plurality of packets are associated with an attack, copy the subset of the plurality of packets to the first processor while maintaining the plurality of packets in the packet processor.Type: GrantFiled: September 26, 2011Date of Patent: February 25, 2014Assignee: Marvell International Ltd.Inventor: Michael Orr
-
Patent number: 8661523Abstract: A method and system, used with an extended USB computer system, for locking out USB mass storage devices at the desktop. For lockout activation, a switch at each host computer is set, and causes a host-side lockout process to deliver a downstream lockout signal to the host's associated portal. This signal causes a portal-side lockout process to disallow USB data from a mass storage device from entering the network.Type: GrantFiled: September 3, 2010Date of Patent: February 25, 2014Assignee: ClearCube Technology, Inc.Inventors: Michael Barron, Raymond A. Dupont, Rajesh K. Mellacheruvu, Randy Printz, Syed Mohammad Amir Husain
-
Patent number: 8656467Abstract: A device for communicating with other devices to allow them to access applications, comprises: at least a first application; authentication means for authenticating a communicating device; and access control means accessible by a communicating device requesting access to the first application without the communicating device having been authenticated by the authentication means. The device is further arranged to arbitrate whether access of the communicating device to the first application is granted or refused wherein if the arbitration requires an authentication of the communicating device, the access control means instructs the authentication means to authenticate the communicating device.Type: GrantFiled: June 6, 2000Date of Patent: February 18, 2014Assignee: Nokia CorporationInventors: Thomas Müller, Martin Roter
-
Patent number: 8656481Abstract: A method for configuring Internet Protocol Security (IPsec) protocol. The method includes configuring IPsec phase 1 Security Associations (SA) lifetimes and soft phase 2 SA lifetimes in a manner enabling efficient Dead Peer Detection recovery of secure communication between client and server in the event of a communication disruption and thereby preventing undesirable sustained periods of non-communication between client and server.Type: GrantFiled: September 15, 2009Date of Patent: February 18, 2014
-
Patent number: 8656127Abstract: An information processing terminal (101) includes: a storage area (206), in which general information (211) and confidential information (210) are recorded; an input/output receiving unit (201) which receives an access command to general information (211) or confidential information (210); a route information holding unit (203) in which route information is held, the route information indicating an area of activity in which access to the confidential information (210) is allowed; a current location acquisition unit (304) which acquires current location information indicating the current location of the information processing terminal (101); an access determination unit (305) which allows access to the confidential information (210) when the location of the information processing terminal (101) indicated by the current location information is in the route information; and a confidential information access unit (306) which accesses the confidential information (210) in response to the access allowance by the acType: GrantFiled: February 9, 2011Date of Patent: February 18, 2014Assignee: Panasonic CorporationInventors: Hideki Matsushima, Natsume Matsuzaki, Kouji Kobayashi, Masao Nonaka
-
Patent number: 8650647Abstract: A reputation server is coupled to multiple clients via a network. Each client has a security module that detects malware at the client. The security module computes a hygiene score based on detected malware. The security module provides the hygiene score and an identifier of a visited web site to a reputation server. The security module also provides identifiers of files encountered at specified web sites to the reputation server. The reputation server computes secondary hygiene scores for web sites based on the hygiene scores of the clients that visit the web sites. The reputation server further computes reputation scores for files based on the secondary hygiene scores of sites that host the files. The reputation server provides the reputation scores to the clients. A reputation score represents an assessment of whether the associated file is malicious.Type: GrantFiled: July 24, 2012Date of Patent: February 11, 2014Assignee: Symantec CorporationInventors: Carey S. Nachenberg, Michael P. Spertus
-
Patent number: 8645678Abstract: A chaotic cryptographic technique for orthogonal frequency division multiplexing (OFDM) based wireless/wired communication systems is implemented with an OFDM symbol structure based on symmetric key cryptography. At the receiver side, data detection becomes infeasible without knowledge of the secret key. Without the knowledge of the key, the signal will be a noise-like signal. The computational power required to implement the technique is very low, rendering the system an attractive option for high data rate communications based on OFDM technology. The system security is proportional to (L×N)! where N is the number of subcarriers in the OFDM system and L is the number of OFDM symbols involved in the encryption process. For OFDM applications where ?256, L may be set to 1 and breaking the system would require N! exhaustive-search trials. In the case that N<256, L may be increased.Type: GrantFiled: December 19, 2011Date of Patent: February 4, 2014Assignee: Khalifa University of Science, Technology & Research (Kustar)Inventors: Arafat Al-Dweik, Chan Yeob Yeun
-
Patent number: 8644889Abstract: Aspects of the invention include a method and system for restoring connectivity from a telematics service provider to a desubscribed telematics unit, and therefore, restored a capability of providing telematics services to a vehicle owner. A vehicle owner with a lapsed subscription and a desubscribed telematics unit installed in his vehicle may have the need to request certain telematics services from the telematics service provider. Aspects of the invention provide for a vehicle owner with a lapsed subscription and a desubscribed telematics unit to request certain “a la carte” services from a telematics service provider using the vehicle owner's personal cellular telephone connected to the desubscribed telematics unit across a personal wireless link.Type: GrantFiled: March 26, 2009Date of Patent: February 4, 2014Assignee: General Motors, LLC.Inventor: Lawrence D. Cepuran
-
Patent number: 8646053Abstract: The present invention provides a security module for Web application, especially a portal application, using a rewriter proxy. The security module ensures that the rewritten URIs are appended by an authentication identifier for determining whether the rewritten URI has not been changed. Preferably, the authentication identifier can be generated by applying a secure hash algorithm and/or secret key to the original URIs of the remote resource or the entire rewritten URIs. When a client activates those URIs, a request is sent to the rewriter proxy. Before a connection to the access protected remote resource is established, the security module validates whether the URIs contained in the user client request have been changed by the user.Type: GrantFiled: December 14, 2010Date of Patent: February 4, 2014Assignee: International Business Machines CorporationInventors: Stephan Laertz, Peter Fischer, Carsten Leue, Thomas Schaeck
-
Patent number: 8646041Abstract: A method is provided for producing securing data for implementing a secured session between a first and at least a second entity based on a protocol for establishing secured sessions. The method includes setting up a third secured entity related to the first entity; generating at least a portion of the securing data within the third entity; and transmitting the securing data from the secured third entity to the first entity.Type: GrantFiled: May 19, 2008Date of Patent: February 4, 2014Assignee: Institut Telecom / Telecom ParistechInventor: Pascal Urien
-
Patent number: 8646085Abstract: The invention relates to an apparatus for analyzing and reconfiguring a technical system (2) with respect to security, as well as a corresponding decision support system and computer program product. A graph constructor (20) provides, based on technical information about the system (2) received via an input interface (10), a representation of potential attacks in a directed graph of attack nodes. A system/countermeasure analysis unit (30) ranks different sets of countermeasures to enable a selected set of countermeasures to be taken to improve security. The analysis unit (30) performs the following procedure for each set of countermeasures: i) logically apply the set of countermeasures to attacks in the directed graph, and ii) determine a rank of the applied set of countermeasures based on the effectiveness of the countermeasures with respect to the reduction of the risk of attacks.Type: GrantFiled: September 23, 2008Date of Patent: February 4, 2014Assignee: Telefonaktiebolaget L M Ericsson (Publ)Inventors: Karl Norrman, Jonathan Cederberg, Mats Näslund
-
Publication number: 20140032897Abstract: A network-based application can establish a secure network connection to a switch. A unique identifier (UID) is generated for the network-based application, and a secure authentication request is generated from the network-based application. The UID for the network-based application is embedded in the secure authentication request. The secure authentication request is communicated to the switch. A response to the secure authentication request is received from the switch. One or more operations are performed that utilize the UID to establish a secure communication channel between the network-based application and the switch.Type: ApplicationFiled: July 30, 2012Publication date: January 30, 2014Inventors: Kaushik Datta, Craig Joseph Mills
-
Patent number: 8640216Abstract: The present solution described herein is directed towards systems and methods to prevent cross-site request forgeries based on web form verification using unique identifiers. The present solution tags each form from a server that is served out in the response with a unique and unpredictable identifier. When the form is posted, the present solution enforces that the identifier being returned is the same as the one that was served out to the user. This prevents malicious unauthorized third party users from submitting a form on a user's behalf since they cannot guess the value of this unique identifier that was inserted.Type: GrantFiled: December 23, 2009Date of Patent: January 28, 2014Assignee: Citrix Systems, Inc.Inventors: Craig Anderson, Anoop Reddy, Yariv Keinan
-
Patent number: 8640219Abstract: A method for enabling access to digital rights managed (DRM) content from a server to a portable playback device using a device that functions as a proxy for enabling communication between the server and the portable playback device. The method provides for establishing a connection with a device capable of operating as a gateway device for passing data between the portable playback device and the server, requesting that the device establish a connection with the server and operate as a proxy for enabling data exchange between the portable playback device and the server, sending to the server, upon establishing the connection with the server via the device operating as a proxy, data indicating DRM solutions supported by the portable playback device, and a list comprising requested DRM content to be downloaded to the portable playback device, and receiving from the server, via the device operating as a proxy, the requested DRM content and DRM rules associated with the received content.Type: GrantFiled: June 23, 2005Date of Patent: January 28, 2014Assignee: Thomson LicensingInventors: Junbiao Zhang, Kumar Ramaswamy, Jeffrey Allen Cooper
-
Patent number: 8635392Abstract: A layer management interface (LMI) to communicate with a processor over MDIO protocol, and to communicate with a media access control security (MACsec) functional block over a local network protocol, the LMI including a command register to receive command information for transacting data information with the destination portion within the MACsec, an address register to receive address information associated with the destination portion without conducting all the MDIO address cycles required by the MDIO protocol to receive the address information, the LMI being configured to determine a location of the destination portion based on the received address information, and a data register to transact the data information without conducting all MDIO data cycles required by the MDIO protocol to transact the data information, and to transact the data information with the determined destination portion based on the command information over the local network protocol.Type: GrantFiled: October 12, 2012Date of Patent: January 21, 2014Assignee: Broadcom CorporationInventor: David (Wei) Wang
-
Patent number: 8635695Abstract: Systems and methods for detecting and preventing network security breaches are described. The systems and methods present a gateway-based packet-forwarding network security solution to not only detect security breaches but also prevent them by directly dropping suspicious packets and connections. The systems and methods employ multiple techniques to detect and prevent network security breaches, including stateful signature detection, traffic signature detection, and protocol anomaly detection.Type: GrantFiled: September 14, 2012Date of Patent: January 21, 2014Assignee: Juniper Networks, Inc.Inventors: Nir Zuk, Kowsik Guruswamy