Protection At A Particular Protocol Layer Patents (Class 713/151)
  • Patent number: 8433894
    Abstract: A method and an apparatus for performing physical layer security operation are disclosed. A physical layer performs measurements continuously, and reports the measurements to a medium access control (MAC) layer. The MAC layer processes the measurements, and sends a security alert to a security manager upon detection of an abnormal condition based on the measurements. The security manager implements a counter-measure upon receipt of the security alert. The measurements include channel impulse response (CIR), physical medium power measurement, automatic gain control (AGC) value and status, automatic frequency control (AFC) gain and status, analog-to-digital converter (ADC) gain, Doppler spread estimate, and/or short preamble matched filter output. The security manager may switch a channel, switch a channel hopping policy, change a back-off protocol, or change a beamforming vector upon reception of the security alert.
    Type: Grant
    Filed: July 8, 2009
    Date of Patent: April 30, 2013
    Assignee: InterDigital Patent Holdings, Inc.
    Inventors: Alexander Reznik, Joseph S. Levy, Yogendra C. Shah, Suhas Mathur
  • Patent number: 8434143
    Abstract: Methods and systems for an intelligent network protection gateway (NPG) and network architecture are provided. According to one embodiment, a firewall provides network-layer protection to internal hosts against unauthorized access by hosts of an external network by performing network address translation (NAT) processing of Internet Protocol (IP) addresses. The firewall changes data in headers of VoIP packets and corresponding data contents of the VoIP packets, to enable bi-directional VoIP communications. An external VoIP interface of the firewall receives incoming VoIP packets having a user alias (e.g., an email address) and an indication regarding a VoIP port of external interface. The packets are directed to an appropriate internal host by the firewall performing port address forwarding based on the port indication to a Media Gateway Control Protocol (MGCP) media gateway within the internal network that maintains a mapping of user aliases to private addresses of the internal hosts.
    Type: Grant
    Filed: June 7, 2012
    Date of Patent: April 30, 2013
    Assignee: Fortinet, Inc.
    Inventor: Michael Xie
  • Patent number: 8433917
    Abstract: Effective utilization of a database while protecting a data provider's privacy is accomplished by an access control system which controls access to a database in which open information and secret information about a data provider are stored while being related to each other has an output request acquisition section which obtains an output request for output of information generated by accessing the database, a plural-term output authorization section which prohibits output of information generated by combining the open information and the secret information in output information requested to be output according to the output request, and which permits output of information generated by using the secret information without using the open information, and an output section which outputs the information in the output information permitted by the plural-term output authorization section to be output.
    Type: Grant
    Filed: December 16, 2008
    Date of Patent: April 30, 2013
    Assignee: International Business Machines Corporation
    Inventors: Madoka Yuriyama, Yuji Watanabe, Masayuji Numao
  • Patent number: 8429736
    Abstract: A proxy device such as a firewall uses an internal socket namespace such as a text string such that connection requests must be explicitly redirected to a listening socket in the alternate namespace in order to connect to a service. Because external connections cannot directly address the listening socket or service, greater security is provided than with traditional firewall or proxy devices. To receive a redirected proxy connection, a service process creates a listening socket and binds a name in an alternate namespace to the socket before listening for connections.
    Type: Grant
    Filed: May 7, 2008
    Date of Patent: April 23, 2013
    Assignee: McAfee, Inc.
    Inventors: Michael W. Green, David Diehl, Michael J. Karels
  • Patent number: 8428516
    Abstract: Providing network security includes detecting network traffic associated with an ad hoc network that includes a first station and a second station, and preventing data sent by the first station from reaching the second station.
    Type: Grant
    Filed: March 23, 2012
    Date of Patent: April 23, 2013
    Assignee: Aruba Networks, Inc.
    Inventors: Nicholas Kelsey, Christopher Waters
  • Publication number: 20130097418
    Abstract: A secure communication channel between an access point (AP) device associated with a wireless network and a mobile gateway (GW) device of a packet core network is established. Data is exchanged between the wireless network and the packet core network through the secure channel. A client device (UE) is authenticated through the secure communication channel. Device identity information is received from the AP device. A session request is sent to the packet core network. An IP address for the device is received from the packet core network. The communication between the AP device and the packet core network becomes secure without need to run an IP secure protocol on the UE that saves the battery power on the UE. Establishing the fully secure communication between the UE and the packet core network while saving the UE power provides a significant advantage for the mobile technology world.
    Type: Application
    Filed: December 14, 2011
    Publication date: April 18, 2013
    Inventors: YOGESH BHATT, Sashidhar Annaluru, Mukesh Garg
  • Patent number: 8423645
    Abstract: A method of, system for, and product for managing a denial of service attack in a multiprocessor environment comprising. The first step is establishing normal traffic usage baselines in the multiprocessor environment. Once the baseline is established the next step is monitoring outgoing traffic to detect a high proportion of packets being sent to a specific destination address, and a high number of outbound packets compared to said baseline. Next is monitoring ports and protocols to detect a high proportion of packets sent to a specific port, and a consistent use of a protocol for all packets for that port. If there is such consistent use of a protocol for all packets for that port as to evidence a denial of service attack, blocking measures are started to mitigate the apparent denial of service attack.
    Type: Grant
    Filed: September 14, 2004
    Date of Patent: April 16, 2013
    Assignee: International Business Machines Corporation
    Inventors: Clark Debs Jeffries, Robert William Danford, Terry Dwain Escamilla, Kevin David Himberger
  • Patent number: 8423759
    Abstract: An inventive method is disclosed for bootstrapping a trusted client public key at the server side in a client-server model of e-commerce or distributed computer applications. Generally, the invention integrates security technique elements and user procedural elements in such a way that no vulnerability arises due to the decoupling of elements. It is thus aimed at high security application areas. The readily available support of X.509 client security certificates in web browsers is advantageous for easy deployment at the client side. However, serious usability flaws deter the use of client certificates despite their potential for high security client authentication. The invention circumvents this contradiction at the client registration phase, and extends the benefits of simplified reliance on client public-private key pair to production use of the circumvention.
    Type: Grant
    Filed: February 12, 2009
    Date of Patent: April 16, 2013
    Assignee: CONNOTECH Experts-conseils, inc.
    Inventor: Thierry Moreau
  • Patent number: 8424053
    Abstract: A computer-implemented method is provided for updating network security policy rules when network resources are provisioned in a service landscape instance. The method includes categorizing network resources in a service landscape instance based on a service landscape model. The method further includes responding to the provisioning of a network resource by automatically generating one or more security policy rules for a newly-provisioned network resource. Additionally, the method includes updating security policy rules of pre-existing network resources in the service landscape instance that are determined to be eligible to communicate with the newly-provisioned network resource so as to include the newly-provisioned network resource as a remote resource based on the service landscape model.
    Type: Grant
    Filed: July 1, 2008
    Date of Patent: April 16, 2013
    Assignee: International Business Machines Corporation
    Inventors: Sivaram Gottimukkala, Lap Huynh, Dinakaran Joseph, Linwood Overby, Jr., Wesley Devine, Michael Behrendt, Gerd Breiter
  • Patent number: 8423760
    Abstract: A first packet is received at a network element from an E-UTRAN Node B (eNB) of an E-UTRAN access network via a secured communications tunnel of a secured connection, where the first packet encapsulates a second packet therein. It is determined whether the network element serves both a security gateway functionality and a serving gateway functionality of a core packet network based on the first packet and the second packet. The network element negotiates with the eNB to switch further communications from a tunnel mode to a transport mode of the secured connection if it is determined that the network element serves both the security gateway functionality and the serving gateway functionality. Thereafter, the network element exchanges further packets with the eNB via the transport mode of the secured connection after the eNB switches from the tunnel mode to the transport mode.
    Type: Grant
    Filed: February 23, 2010
    Date of Patent: April 16, 2013
    Assignee: Stoke, Inc.
    Inventors: Nishi Kant, Heeseon Lim
  • Patent number: 8417976
    Abstract: An apparatus connected to a network via a network interface device and capable of executing encrypted communication with an external device on the network requests that a first algorithm to be used in the encrypted communication with the external device is changed to a second algorithm included in the network interface device when the apparatus detects that a condition for shifting to a power saving mode, in which power consumption is smaller than that in a normal power mode, is satisfied while the apparatus is operated in the normal power mode.
    Type: Grant
    Filed: March 9, 2010
    Date of Patent: April 9, 2013
    Assignee: Canon Kabushiki Kaisha
    Inventor: Go Inoue
  • Patent number: 8417938
    Abstract: A system and method of operation is disclosed describing migration, management, and operation of applications and servers from customer data centers to cloud computing platforms without modification to existing environments or user access procedures. A cloud isolation layer operates as a virtual layer on the cloud platform, enabling server operation in a virtual environment that appears the same as the prior local environment. A cloud software image and a local cloud gateway act to redirect existing addressing from the local environment to the cloud implementation through secure network and data paths. A local management application provides a control interface and maps and manages the local environment and utilized cloud resources.
    Type: Grant
    Filed: October 15, 2010
    Date of Patent: April 9, 2013
    Assignee: Verizon Patent and Licensing Inc.
    Inventors: John F. Considine, Paul M. Curtis, Sanjay G. Dixit, Fernando Oliveira, John R. Rousseau, Jonathan Whitney
  • Patent number: 8418242
    Abstract: A method, system, and device for negotiating a security association (SA) on an Internet Protocol version 6 (IPv6) network are disclosed. In this method, the initiator and the responder generate an SA through the interaction of two messages. Compared with the conventional procedure for setting up an SA based on the Internet Key Exchange Protocol (IKE), the interaction procedure in the present invention is simplified significantly. Therefore, the negotiation is faster and more convenient. In addition, with the present invention, cryptographically generated address parameters (CGA Params) are carried in the message and the CGA may be verified so that the invader cannot spoof the address.
    Type: Grant
    Filed: January 10, 2011
    Date of Patent: April 9, 2013
    Assignee: Chengdu Huawei Symantec Technologies Co., Ltd.
    Inventors: Dong Zhang, Lifeng Liu
  • Patent number: 8417937
    Abstract: A media player is provided for receiving session data from a security socket layer. The session data includes encrypted content data, a content key and digital rights data, wherein the content key and the digital rights data have been encrypted with a SSL session key. The said media player includes a first processor portion and a second processor portion. The first processor portion is arranged to receive the session data, has a second key. The first processor portion and can generate the SSL session key and can decrypt the session data with the SSL session key. The first processor portion can further re-encrypt the decrypted content key with the second key and can output the re-encrypted content key and digital rights data. The second processor portion is arranged to receive the re-encrypted content key and digital rights data. The first processor portion can further decrypt the content, and is externally inaccessible.
    Type: Grant
    Filed: December 10, 2009
    Date of Patent: April 9, 2013
    Assignee: General Instrument Corporation
    Inventor: Geetha Mangalore
  • Patent number: 8418244
    Abstract: Techniques are provided for securing instant communications, such as text, audio, and video. A tunnel management module is included in an instant communication suite that comprises one or more instant communication applications. Any communication between a user of the instant communicate suite and a contact passes through the tunnel management module, which may use TLS (or IPSec) technologies to ensure security of the instant communications. Each contact of a user may be associated with a different set of security mappings, which may be specified by the user. A tunnel configuration file is generated from a security mapping and is used to create a tunnel through which secure instant communications may pass.
    Type: Grant
    Filed: April 27, 2007
    Date of Patent: April 9, 2013
    Assignee: Yahoo! Inc.
    Inventor: Richard Sinn
  • Publication number: 20130085880
    Abstract: A support system negotiates secure connections on behalf of multiple guest systems using a set of credentials associated with the guest systems. The operation of the secure connection may be transparent to the guest system such that guest system may send and receive messages that are encrypted or decrypted by the support system, such as a hypervisor. As the support system is in between the guest system and a destination, the support system may act as a local endpoint to the secure connection. Messages may be altered by the support system to indicate to a guest system which communications were secured. The credentials may be managed by the support system such that the guest system does not require access to the credentials.
    Type: Application
    Filed: September 29, 2011
    Publication date: April 4, 2013
    Applicant: Amazon Technologies, Inc.
    Inventors: Gregory B. Roth, Eric D. Crahen, Graeme D. Baer, Eric J. Brandwine, Nathan R. Fitch
  • Patent number: 8413213
    Abstract: Embodiments of the present invention provide a method, apparatus and system for selecting a wireless communication device for establishing a connection. The method according to some exemplary embodiments of the invention may include selecting a communication device for establishing a connection by determining whether one or more security-related characteristics of the communication device satisfy a security policy corresponding to a selected security class. Other embodiments are described and claimed.
    Type: Grant
    Filed: December 28, 2004
    Date of Patent: April 2, 2013
    Assignee: Intel Corporation
    Inventor: Claudio Glickman
  • Patent number: 8413216
    Abstract: Methods, devices, and systems are disclosed for simulating a large, realistic computer network. Virtual actors statistically emulate the behaviors of humans using networked devices or responses and automatic functions of networked equipment, and their stochastic actions are queued in buffer pools by a behavioral engine. An abstract machine engine creates the minimal interfaces needed for each actor, and the interfaces then communicate persistently over a network with each other and real and virtual network resources to form realistic network traffic. The network can respond to outside stimuli, such as a network mapping application, by responding with false views of the network in order to spoof hackers, and the actors can respond by altering a software defined network upon which they operate.
    Type: Grant
    Filed: December 15, 2011
    Date of Patent: April 2, 2013
    Assignee: Zanttz, Inc.
    Inventors: Chad O. Hughes, Steven M. Silva
  • Patent number: 8401195
    Abstract: Methods of automatically populating a secure group list in a key variable loader and of providing keys to a secure group are presented. After a user selects a secure group and encryption algorithm using inputs of the loader, the loader provides a group identifier and corresponding key for the group. The group identifier, encryption algorithm, and key are transmitted to a portable communication device over a physical connection between the two while a device identifier of the communication device is transmitted concurrently to the loader. The key variable loader automatically populates a stored list of subscribers of the group with the device identifier. When it is desired to transmit a new key to all of or fewer than all of the subscribers, one of the subscribers is connected with the loader and used to wirelessly transmit a new key to the remaining subscribers.
    Type: Grant
    Filed: September 22, 2008
    Date of Patent: March 19, 2013
    Assignee: Motorola Solutions, Inc.
    Inventors: Kenneth C. Fuchs, Larry Murrill
  • Patent number: 8397056
    Abstract: A computer system includes a mashup section that provides a mashup that performs an action on a resource. An attribute identification section identifies an attribute of a user running the mashup. An access control section provides access control. The mashup is associated to a permission artifact. The permission artifact specifies a principal and whether to permit the principal to take the action on the resource. The access control is triggered only when the mashup attempts to perform the action on the resource, and checks whether the attribute of the user running the mashup is predefined as belonging to the principal specified in the permission artifact associated to the mashup, and then permits the action on the resource only when the attribute belongs to the principal. Plural users with the same attribute belong to the principal when the same attribute is defined as belonging to the principal.
    Type: Grant
    Filed: April 20, 2010
    Date of Patent: March 12, 2013
    Assignee: JackBe Corporation
    Inventors: Daniel Malks, Aleksey Polenur, Karthic Thope
  • Publication number: 20130061038
    Abstract: Network security administrators are enabled with their customizable certificate authority reputation policy store which is informed by an independent certificate authority reputation server. The custom policy store overrides trusted root certificate stores accessible to an operating system web networking layer or to a third party browser. Importing revocation lists or updating browsers or operating system is made redundant. The apparatus redirects or rewrites traffic to protect a plurality of endpoints from a man-in-the-middle attack when a certificate authority has lost control over certificates used in TLS.
    Type: Application
    Filed: September 3, 2011
    Publication date: March 7, 2013
    Applicant: BARRACUDA NETWORKS, INC.
    Inventors: STEPHEN PAO, FLEMING SHI
  • Publication number: 20130061039
    Abstract: A method, an article of manufacture, and a process are provided for securing data sets by dynamically hopping amongst a variety of data encryption and/or manipulation protocols. Such dynamic protocol hopping can be implemented in reconfigurable logic. The encryption protocol applied to the data set is selected from among a plurality of encryption protocols. Preferably, the selection can be driven by a random number generator.
    Type: Application
    Filed: February 27, 2012
    Publication date: March 7, 2013
    Applicant: ADVANCED COMMUNICATION CONCEPTS
    Inventor: Jonathan W. Ellis
  • Patent number: 8392707
    Abstract: The gaming network described herein includes network security features, host security features, audit protocols, and design architecture approaches to reduce the possibility of network attacks. The gaming network provides for traffic confidentiality, encryption, message authentication, secure authentication mechanisms, anti-replay protection of traffic, key management mechanisms, robust network availability, misrouting and redirection protection and prevention, rejection of external traffic, and a high entry-barrier to device addition to the network. The host protection and security includes secure host initialization, disabling unneeded components, download verification, disabling of unused IP ports, discarding traffic, strong passwords, dynamic one-time passwords for remote login, disabling default accounts, and appropriate “least-level” device privileges.
    Type: Grant
    Filed: September 7, 2005
    Date of Patent: March 5, 2013
    Assignee: Bally Gaming, Inc.
    Inventors: James W. Morrow, David Carman, Paul R. Osgood
  • Patent number: 8392968
    Abstract: According to one embodiment of the invention, a method comprises an operation of commencing a first phrase and transfer processing of an authentication handshaking protocol. The first state is commenced for establishing a secure communication path by a first processor within a first network device. The first phrase comprises an exchange of data during a networking protocol. The transfer of processing for the networking protocol by the first processor to a second processor is conducted to complete the networking protocol.
    Type: Grant
    Filed: March 22, 2011
    Date of Patent: March 5, 2013
    Assignee: Aruba Networks, Inc.
    Inventors: Randy Chou, Brijesh Nambiar
  • Patent number: 8392618
    Abstract: There is provided an electronic system (10) comprising one or more functionality devices (16, 20, 21) and an electronic device adapted so that the one or more functionality devices (16, 20, 21) are locatable in proximity to the electronic device. The electronic device is operable to recognize the presence of the one or more functionality devices (16, 20, 21). Upon recognition of said one or more functionality devices (16, 20, 21), the electronic device is operable to perform one or more additional functionality features associated with said one or more functionality devices while said one or more functionality devices are in close proximity to the electronic device.
    Type: Grant
    Filed: July 16, 2004
    Date of Patent: March 5, 2013
    Assignee: Koninklijke Philips Electronics N.V.
    Inventors: Andre Postma, Robertus Theodorus Christianus Deckers
  • Patent number: 8392700
    Abstract: An apparatus and system are disclosed for asymmetric security in data communications between two or more nodes. Asymmetric security within data communications refers to sending and receiving messages at different security levels. The apparatus includes a receiving module, a transmission module, and a communication module. The receiving module receives a first message at a first security level from a first node. A security level may be defined by implementation of one or more security features, including encryption, digital signatures, and/or other security features. The transmission module transmits a second message at a second security level to the first node in response to receiving the first message. The first and second messages may be communicated during a single communication session. The communication module communicates the second security level to the first node. The communication may be directly between two nodes or may occur via a broker or other intermediate node.
    Type: Grant
    Filed: July 2, 2008
    Date of Patent: March 5, 2013
    Assignee: International Business Machines Corporation
    Inventors: Pratima Ahuja, Manoj Khangaonkar, Kai Mike Zhang
  • Patent number: 8392984
    Abstract: Internet Protocol (IP) video conferencing bridging provisioning/configuration systems receive a service order associated with a customer, where the service order requests enrollment of the customer in a Virtual Private Network (VPN) to VPN bridging network service for IP video conferencing. The provisioning/configuration systems orchestrate, based on the service order, configuration of multiple network nodes in a network that provides the VPN to VPN bridging network service for IP video conferencing to the customer to enable IP video conferencing calls to be made from the customer via the network to another customer on a different VPN.
    Type: Grant
    Filed: January 10, 2011
    Date of Patent: March 5, 2013
    Assignee: Verizon Patent and Licensing Inc.
    Inventors: Ashraf Yussouff, Nitin Anant Bhanap
  • Patent number: 8386763
    Abstract: A system and method is disclosed for locking down a capability of a computer system. Hardware instructions initiate a sequence of boot cycles to launch a computer operating system on a computer-enabled device. During the boot cycles, multiple levels of boot code are verified. Each verified stage of boot code verifies a subsequent stage of boot code. If the subsequent stage of boot code cannot be verified, the verified stage locks a capability of the computer so that the subsequent stage of boot code cannot modify the capability.
    Type: Grant
    Filed: January 4, 2012
    Date of Patent: February 26, 2013
    Assignee: Google Inc.
    Inventors: Randall R. Spangler, William F. Richardson, Sumit Gwalani, Luigi Semenzato, William A. Drewry
  • Patent number: 8387146
    Abstract: A method for collecting and distributing data on computer viruses identified on a plurality of computers during virus scanning includes receiving virus scan results from the plurality of computers and collecting and storing the virus scan results in a database. The results include the type of virus identified. The method further includes aggregating at scheduled intervals the virus scan results over a specified time period at a publisher server to create a virus database and replicating the virus database to a subscriber server. A virus report is created from the virus database upon receiving a request from a user computer at the subscriber server and sent to the user computer.
    Type: Grant
    Filed: March 14, 2011
    Date of Patent: February 26, 2013
    Assignee: McAfee, Inc.
    Inventors: Sandy Parish, Peter Goostree
  • Patent number: 8386766
    Abstract: The present invention relates to a method and arrangements in a mobile telecommunications network including a plurality of access points (203), a plurality of 5 network gateway devices (204). The method comprising the steps of: deciding a security setting needed for a dedicated bearer signal by a network component, communicating said decision to a node needed for establishing communication, configuring or selecting by said access point (203) a secure protocol (205) as needed between said access point and said gateway devices (204), and said decision being based on one or several of the network deployment being used and/or network operator policies.
    Type: Grant
    Filed: October 17, 2007
    Date of Patent: February 26, 2013
    Assignee: Telefonaktiebolaget LM Ericsson (publ)
    Inventors: Tomas Nylander, Jari Vikberg, Oscar Zee
  • Patent number: 8385330
    Abstract: A network architecture uses an Application Server Autonomous Access (ASAA) server which allows paging and call routing across different types of wireless and wireline access networks. The ASAA server provides connectivity between an external voice or data network and a wireless transmit/receive unit (WTRU). The external voice or data network may be a public switched telephone network (PSTN) or a public data network (PDN), so that the connectivity between the external network and the WTRU is provided through the access networks using data from the ASAA server.
    Type: Grant
    Filed: July 20, 2010
    Date of Patent: February 26, 2013
    Assignee: Intel Corporation
    Inventors: Narayan Parappil Menon, Alan Gerald Carlton
  • Patent number: 8386765
    Abstract: There is described a method for transmitting synchronization messages, for example PTP messages of the IEEE 1588 standard, the PTP message being inserted into a data packet in line with the Internet Protocol, the data packet having an IP header, and the data packet having a UDP header. In this case, for the encrypted transmission on the PTP message, the data packet is addressed to a UDP port that is reserved for encrypted PTP messages, the data packet is provided with an additional S-PTP header that is provided for encryption, the PTP message is extended with a pseudo random number, and the PTP message is encrypted together with the pseudo random number.
    Type: Grant
    Filed: March 24, 2006
    Date of Patent: February 26, 2013
    Assignee: Siemens Aktiengesellschaft
    Inventors: Steffen Fries, Jean Georgiades, Stephan Schüler
  • Patent number: 8386595
    Abstract: Methods and systems described herein can secure and deliver data over a network. A recipient computer requests a human-readable report from a transmitter computer that initiates a software application to generate a report using data from a backend database. In the application layer, the combination of the report and data is parsed and certain components are replaced to form multiple derived packets of the random strings, the replaced strings, and the combined unaltered string with random strings. The replacement is performed in a pre-determined order that can be a mathematical or logical function. The derived packets are encrypted at the application layer. Further, the receiving computer, in the application layer, decrypts the packets, then finds and replaces the random strings in the combined derived packet, thereby recreating the human-readable report.
    Type: Grant
    Filed: December 6, 2010
    Date of Patent: February 26, 2013
    Assignee: Unisys Corporation
    Inventor: Sateesh Mandre
  • Patent number: 8380977
    Abstract: A peer-to-peer communication method for NFC is provided. A link-level security is started by exchanging a link-level security request and a link-level security response between an initiator terminal and a target terminal, then transmission data are encrypted at link-level security layers of the initiator terminal and the target terminal, and the encrypted data are exchanged between the initiator terminal and the target terminal. The link-level security is released by exchanging a link-level security release request and a link-level security release response between the initiator terminal and the target terminal.
    Type: Grant
    Filed: February 7, 2007
    Date of Patent: February 19, 2013
    Assignee: Samsung Electronics Co., Ltd.
    Inventors: Jae-Seung Son, Eun-Tae Won, Jong-Hoon Ann
  • Publication number: 20130042100
    Abstract: Systems and methods for enforcing playback of a specific portion of the content in an open non-certified media player/renderer are provided. In accordance with such systems and methods, a key is extracted from a content portion for which playback is to be forced. The extracted key allows a client the ability to gain access to additional/remaining content. Moreover, the existence of forced content, the mechanism(s) utilized for forcing playback, as well as a particular position in the timeline associated with the forced playback are signaled to the client on/through which the open non-certified media player/renderer is implemented.
    Type: Application
    Filed: August 9, 2011
    Publication date: February 14, 2013
    Applicant: NOKIA CORPORATION
    Inventors: Imed Bouazizi, Miska M. Hannuksela
  • Patent number: 8375201
    Abstract: A system and method are provided for securing links at the physical (PHY) layer in an IEEE 802.3 Ethernet communication system. A local device (LD) receives an electrical waveform representing link partner security information from a network-connected link partner (LP) via unformatted message pages. The LD accesses predetermined LP reference information stored in a tangible memory medium. The LD compares the received LP security information to the LP reference information. In response to the LD matching the received LP security information to the LP reference information, a secure link to the LP is verified. Likewise, the LD may send electrical waveforms representing security information to the LP via the unformatted message pages. In response to the LP matching the LD security information to the LD reference information, a secure link to the LD is verified.
    Type: Grant
    Filed: March 5, 2009
    Date of Patent: February 12, 2013
    Assignee: Applied Micro Circuits Corporation
    Inventor: Bradley John Booth
  • Patent number: 8375225
    Abstract: Data storage devices having one or more data security features are provided according to various embodiments of the present invention. In one embodiment, a data storage device comprises buffer and a buffer client. The buffer client comprises a scrambler configured to receive a configuration setting and a secret key on a certain event, to configure a scrambling function based on the received configuration setting, and to scramble data with the secret key using the scrambling function, wherein the buffer client is configured to write the scrambled data to the buffer.
    Type: Grant
    Filed: December 11, 2009
    Date of Patent: February 12, 2013
    Assignee: Western Digital Technologies, Inc.
    Inventor: Danny O. Ybarra
  • Patent number: 8374339
    Abstract: Method, program, network system and client device each has a structure of being given encryption information different from given present encryption information by use of the given present encryption information and being given different encryption information in incremental steps, to one or a plurality of the connection destinations (client device CLm), for security setting of wireless communication network (wireless LAN device 2) to one or a plurality of connection destinations.
    Type: Grant
    Filed: December 27, 2005
    Date of Patent: February 12, 2013
    Assignee: Fujitsu Limited
    Inventor: Tomonori Yasumoto
  • Patent number: 8375439
    Abstract: A method may comprise determining, in an operating system instance, that a login access is being attempted by a user at an access time on an object. A domain identifier associated with the user may be determined. A set of one or more domain identifiers may be accessed that may be associated with the object and that identify one or more domains. One or more domain isolation rules may be accessed and evaluated that may be associated with the operating system instance for permitting an attempted login access to the object based on whether a domain identifier associated with the user is one of the domain identifiers in the set of domain identifiers associated with the object for during a time period. A permit or deny indication may be returned based on whether or not login access is permitted on the object at the access time.
    Type: Grant
    Filed: April 29, 2011
    Date of Patent: February 12, 2013
    Assignee: International Business Machines Corporation
    Inventors: Vijay Mann, Ranganathan Vidya
  • Patent number: 8370630
    Abstract: A mail system having high security is realized by mounting TCP2 for mail communication between client apparatuses. The present invention relates to a mail communication system which is connected to a network and exchanges mails between client apparatuses provided with the existing mailers, and each client apparatus is mounted with a TCP2 driver. A TCP2 driver 34 includes a TCP2 core 36 and a mail system core 37 and an e-mail received via the network is processed in this TCP2 driver 34 and thereafter, is supplied to an existing mailer 31 of the client apparatus. In the mail system core 37 of the TCP2 driver 34, control of mail encryption and decryption, deletion of an unnecessary mail and the like is carried out.
    Type: Grant
    Filed: July 31, 2006
    Date of Patent: February 5, 2013
    Inventor: Keiko Ogawa
  • Patent number: 8370622
    Abstract: The rate at which packets are provided to a cryptographic engine of a cryptographic system may be adjusted using a feedback mechanism to increase the output of the cryptographic system. Data is classified and queued on a per class/flow basis and stored in input queues prior to being processed by the cryptographic engine. A class based queue scheduler is implemented to select data from the input queues to be transmitted to the cryptographic engine. The cryptographic engine operates in processing cycles. At each cycle, an amount of data is transferred from the input queues to a cryptographic engine input queue. A cryptographic accelerator in the cryptographic engine processes the data on the cryptographic engine input queue during the cycle. The output rate of the cryptographic accelerator is measured during the cycle and this value is used as feedback to determine how much data should be passed to the cryptographic engine for a subsequent cycle.
    Type: Grant
    Filed: December 31, 2007
    Date of Patent: February 5, 2013
    Assignee: Rockstar Consortium US LP
    Inventors: Mohan Dattatreya, Mohana Posam, Abha Jain, Ayfang Yang
  • Patent number: 8370917
    Abstract: A network media gateway is used to bridge trust between a Service Provider network and subscriber devices. The gateway is authenticated by the Service Provider by using knowledge of network topology. Subscriber devices are authenticated in response to subscriber input to the gateway via an interface. Trusted subscriber devices can be tightly coupled with the Service Provider network, thereby facilitating delivery of QoE. Mobile and remote subscriber devices may also be authenticated. The gateway may also facilitate establishment of VPNs for peer-to-peer communications, and dynamically adjustable traffic, policy and queue weightings based on usage patterns.
    Type: Grant
    Filed: April 14, 2005
    Date of Patent: February 5, 2013
    Assignee: Rockstar Consortium US LP
    Inventors: Hassler Hayes, Nannra Anoop, John Watkins
  • Patent number: 8370623
    Abstract: Many secure tunnels require protocols that require special handling, authorization or security certificates, such as L2TP and PPTP. This often eliminates them for use between a corporate or agency network and outside, public networks. A secure socket tunnel protocol (SSTP) adds drivers in both the kernel and user mode to route standard protocol traffic, such as PPP, over a common HTTPS port. In the event of network interruptions, an exchange of a session cookie allows fast reconnection of the underlying HTTPS connection without affecting higher level applications.
    Type: Grant
    Filed: December 12, 2011
    Date of Patent: February 5, 2013
    Assignee: Microsoft Corporation
    Inventors: Vikas Jain, Madan Appiah, Kadirvel Vanniarajan, Samir Jain
  • Patent number: 8370907
    Abstract: A connection between a monitoring device and a remote user is accomplished securely over the Internet by using a communication channel with public/private key encryption to connect the two locations and by performing authentication of a user at the local monitoring device rather than at a device server at the remote location, thereby effectively removing the device server as vulnerable point for attack. In particular, when a remote user attempts to log in, via a web browser or interactive telephone system, the encrypted channel is established using the public/private key of the device and the device server proxies the log-in request to the monitored device. The device itself is then responsible for granting or denying access.
    Type: Grant
    Filed: November 20, 2007
    Date of Patent: February 5, 2013
    Assignee: DeviceCo LLC
    Inventors: Jeffrey P. Potter, Tinsley A. Galyean
  • Patent number: 8370936
    Abstract: Systems and methods for detecting and preventing network security breaches are described. The systems and methods present a gateway-based packet-forwarding network security solution to not only detect security breaches but also prevent them by directly dropping suspicious packets and connections. The systems and methods employ multiple techniques to detect and prevent network security breaches, including stateful signature detection, traffic signature detection, and protocol anomaly detection.
    Type: Grant
    Filed: February 8, 2002
    Date of Patent: February 5, 2013
    Assignee: Juniper Networks, Inc.
    Inventors: Nir Zuk, Kowsik Guruswamy
  • Publication number: 20130031356
    Abstract: A proxy server in a cloud-based proxy service receives a secure session request from a client device for a secure session. The secure session request is received at the proxy server as a result of a Domain Name System (DNS) request for a domain resolving to the proxy server. The proxy server participates in a secure session negotiation with the client device including transmitting a digital certificate to the client device that is bound to domain and multiple other domains. The proxy server receives an encrypted request from the client device for an action to be performed on a resource that is hosted at an origin server corresponding to the domain. The proxy server decrypts the request and participates in a secure session negotiation with the origin server including receiving a digital certificate from the origin server. The proxy server encrypts the decrypted request using the digital certificate from the origin server and transmits the encrypted request to the origin server.
    Type: Application
    Filed: July 28, 2011
    Publication date: January 31, 2013
    Inventors: Matthew Browning Prince, Lee Hahn Holloway, Srikanth N. Rao, Ian Gerald Pye
  • Patent number: 8363840
    Abstract: A method and apparatus for providing a broadcast service in a communication system is provided. The method includes creating a seed key pair including a first key and a second key, transmitting the seed key pair to a terminal to which the broadcast service is to be provided, creating a certain number of encryption keys using the seed key pair, the certain number corresponding to a lifetime of the seed key pair, encrypting broadcast service data for the lifetime using the encryption keys, and broadcasting the encrypted broadcast service data.
    Type: Grant
    Filed: April 3, 2009
    Date of Patent: January 29, 2013
    Assignee: Samsung Electronics Co., Ltd.
    Inventors: Sergey Nikolayevich Seleznev, Byung-Rae Lee, Sung-Oh Hwang, Kook-Heui Lee
  • Patent number: 8365262
    Abstract: A system for automatically generating and filling login information to improve the security in storage and use of the login information. The system comprises a monitoring module, a registration module, and a login module; the monitoring module is coupled to the registration module and the login module; the monitoring module is adapted to check for an entry of login information corresponding to the identifier of the current page, and prompt a result to the user, and transmit a signal to the registration module and the login module to perform a registration and/or login operation; the registration module comprises a login information generation unit, a login information storage unit, and a first user confirmation unit; and the login module comprises a login information input unit and a second user confirmation unit. A method for the same is also disclosed.
    Type: Grant
    Filed: November 6, 2008
    Date of Patent: January 29, 2013
    Assignee: Feitian Technologies Co., Ltd.
    Inventors: Zhou Lu, Huazhang Yu
  • Patent number: 8363831
    Abstract: A method, apparatus and system enabling software access to navigational data in a decrypted media stream while protecting stream payloads. In one embodiment, a filter may route an encrypted content stream and associated information to a secure partition having a trusted computing component for decryption. Upon decryption, the trusted computing component may store the decrypted payload of the content in a secure storage location accessible to the trusted computing component. Thereafter, the decrypted navigational header information of the content may be used to navigate to the decrypted content via a trusted component such as a trusted rendering unit in the secure partition.
    Type: Grant
    Filed: September 23, 2009
    Date of Patent: January 29, 2013
    Assignee: Intel Corporation
    Inventors: Richard Maliszewski, Keith L. Shippy, Ajit P. Joshi
  • Patent number: RE43987
    Abstract: In a computer system, a first electronic data processor is communicatively coupled to a first memory space and a second memory space. A second electronic data processor is communicatively coupled the second memory space and to a network interface device. The second electronic data processor is capable of exchanging data across a network of one or more computers via the network interface device. A video processor is adapted to combine video data from the first and second electronic data processors and transmit the combined video data to a display terminal for displaying the combined video data in a windowed format. The computer system is configured such that a malware program downloaded from the network and executing on the second electronic data processor is incapable of initiating access to the first memory space.
    Type: Grant
    Filed: January 27, 2011
    Date of Patent: February 5, 2013
    Inventors: Allen F. Rozman, Alfonso J. Cioffi