Protection At A Particular Protocol Layer Patents (Class 713/151)
-
Patent number: 8433894Abstract: A method and an apparatus for performing physical layer security operation are disclosed. A physical layer performs measurements continuously, and reports the measurements to a medium access control (MAC) layer. The MAC layer processes the measurements, and sends a security alert to a security manager upon detection of an abnormal condition based on the measurements. The security manager implements a counter-measure upon receipt of the security alert. The measurements include channel impulse response (CIR), physical medium power measurement, automatic gain control (AGC) value and status, automatic frequency control (AFC) gain and status, analog-to-digital converter (ADC) gain, Doppler spread estimate, and/or short preamble matched filter output. The security manager may switch a channel, switch a channel hopping policy, change a back-off protocol, or change a beamforming vector upon reception of the security alert.Type: GrantFiled: July 8, 2009Date of Patent: April 30, 2013Assignee: InterDigital Patent Holdings, Inc.Inventors: Alexander Reznik, Joseph S. Levy, Yogendra C. Shah, Suhas Mathur
-
Patent number: 8434143Abstract: Methods and systems for an intelligent network protection gateway (NPG) and network architecture are provided. According to one embodiment, a firewall provides network-layer protection to internal hosts against unauthorized access by hosts of an external network by performing network address translation (NAT) processing of Internet Protocol (IP) addresses. The firewall changes data in headers of VoIP packets and corresponding data contents of the VoIP packets, to enable bi-directional VoIP communications. An external VoIP interface of the firewall receives incoming VoIP packets having a user alias (e.g., an email address) and an indication regarding a VoIP port of external interface. The packets are directed to an appropriate internal host by the firewall performing port address forwarding based on the port indication to a Media Gateway Control Protocol (MGCP) media gateway within the internal network that maintains a mapping of user aliases to private addresses of the internal hosts.Type: GrantFiled: June 7, 2012Date of Patent: April 30, 2013Assignee: Fortinet, Inc.Inventor: Michael Xie
-
Patent number: 8433917Abstract: Effective utilization of a database while protecting a data provider's privacy is accomplished by an access control system which controls access to a database in which open information and secret information about a data provider are stored while being related to each other has an output request acquisition section which obtains an output request for output of information generated by accessing the database, a plural-term output authorization section which prohibits output of information generated by combining the open information and the secret information in output information requested to be output according to the output request, and which permits output of information generated by using the secret information without using the open information, and an output section which outputs the information in the output information permitted by the plural-term output authorization section to be output.Type: GrantFiled: December 16, 2008Date of Patent: April 30, 2013Assignee: International Business Machines CorporationInventors: Madoka Yuriyama, Yuji Watanabe, Masayuji Numao
-
Patent number: 8429736Abstract: A proxy device such as a firewall uses an internal socket namespace such as a text string such that connection requests must be explicitly redirected to a listening socket in the alternate namespace in order to connect to a service. Because external connections cannot directly address the listening socket or service, greater security is provided than with traditional firewall or proxy devices. To receive a redirected proxy connection, a service process creates a listening socket and binds a name in an alternate namespace to the socket before listening for connections.Type: GrantFiled: May 7, 2008Date of Patent: April 23, 2013Assignee: McAfee, Inc.Inventors: Michael W. Green, David Diehl, Michael J. Karels
-
Patent number: 8428516Abstract: Providing network security includes detecting network traffic associated with an ad hoc network that includes a first station and a second station, and preventing data sent by the first station from reaching the second station.Type: GrantFiled: March 23, 2012Date of Patent: April 23, 2013Assignee: Aruba Networks, Inc.Inventors: Nicholas Kelsey, Christopher Waters
-
Publication number: 20130097418Abstract: A secure communication channel between an access point (AP) device associated with a wireless network and a mobile gateway (GW) device of a packet core network is established. Data is exchanged between the wireless network and the packet core network through the secure channel. A client device (UE) is authenticated through the secure communication channel. Device identity information is received from the AP device. A session request is sent to the packet core network. An IP address for the device is received from the packet core network. The communication between the AP device and the packet core network becomes secure without need to run an IP secure protocol on the UE that saves the battery power on the UE. Establishing the fully secure communication between the UE and the packet core network while saving the UE power provides a significant advantage for the mobile technology world.Type: ApplicationFiled: December 14, 2011Publication date: April 18, 2013Inventors: YOGESH BHATT, Sashidhar Annaluru, Mukesh Garg
-
Patent number: 8423645Abstract: A method of, system for, and product for managing a denial of service attack in a multiprocessor environment comprising. The first step is establishing normal traffic usage baselines in the multiprocessor environment. Once the baseline is established the next step is monitoring outgoing traffic to detect a high proportion of packets being sent to a specific destination address, and a high number of outbound packets compared to said baseline. Next is monitoring ports and protocols to detect a high proportion of packets sent to a specific port, and a consistent use of a protocol for all packets for that port. If there is such consistent use of a protocol for all packets for that port as to evidence a denial of service attack, blocking measures are started to mitigate the apparent denial of service attack.Type: GrantFiled: September 14, 2004Date of Patent: April 16, 2013Assignee: International Business Machines CorporationInventors: Clark Debs Jeffries, Robert William Danford, Terry Dwain Escamilla, Kevin David Himberger
-
Patent number: 8423759Abstract: An inventive method is disclosed for bootstrapping a trusted client public key at the server side in a client-server model of e-commerce or distributed computer applications. Generally, the invention integrates security technique elements and user procedural elements in such a way that no vulnerability arises due to the decoupling of elements. It is thus aimed at high security application areas. The readily available support of X.509 client security certificates in web browsers is advantageous for easy deployment at the client side. However, serious usability flaws deter the use of client certificates despite their potential for high security client authentication. The invention circumvents this contradiction at the client registration phase, and extends the benefits of simplified reliance on client public-private key pair to production use of the circumvention.Type: GrantFiled: February 12, 2009Date of Patent: April 16, 2013Assignee: CONNOTECH Experts-conseils, inc.Inventor: Thierry Moreau
-
Patent number: 8424053Abstract: A computer-implemented method is provided for updating network security policy rules when network resources are provisioned in a service landscape instance. The method includes categorizing network resources in a service landscape instance based on a service landscape model. The method further includes responding to the provisioning of a network resource by automatically generating one or more security policy rules for a newly-provisioned network resource. Additionally, the method includes updating security policy rules of pre-existing network resources in the service landscape instance that are determined to be eligible to communicate with the newly-provisioned network resource so as to include the newly-provisioned network resource as a remote resource based on the service landscape model.Type: GrantFiled: July 1, 2008Date of Patent: April 16, 2013Assignee: International Business Machines CorporationInventors: Sivaram Gottimukkala, Lap Huynh, Dinakaran Joseph, Linwood Overby, Jr., Wesley Devine, Michael Behrendt, Gerd Breiter
-
Patent number: 8423760Abstract: A first packet is received at a network element from an E-UTRAN Node B (eNB) of an E-UTRAN access network via a secured communications tunnel of a secured connection, where the first packet encapsulates a second packet therein. It is determined whether the network element serves both a security gateway functionality and a serving gateway functionality of a core packet network based on the first packet and the second packet. The network element negotiates with the eNB to switch further communications from a tunnel mode to a transport mode of the secured connection if it is determined that the network element serves both the security gateway functionality and the serving gateway functionality. Thereafter, the network element exchanges further packets with the eNB via the transport mode of the secured connection after the eNB switches from the tunnel mode to the transport mode.Type: GrantFiled: February 23, 2010Date of Patent: April 16, 2013Assignee: Stoke, Inc.Inventors: Nishi Kant, Heeseon Lim
-
Patent number: 8417976Abstract: An apparatus connected to a network via a network interface device and capable of executing encrypted communication with an external device on the network requests that a first algorithm to be used in the encrypted communication with the external device is changed to a second algorithm included in the network interface device when the apparatus detects that a condition for shifting to a power saving mode, in which power consumption is smaller than that in a normal power mode, is satisfied while the apparatus is operated in the normal power mode.Type: GrantFiled: March 9, 2010Date of Patent: April 9, 2013Assignee: Canon Kabushiki KaishaInventor: Go Inoue
-
Patent number: 8417938Abstract: A system and method of operation is disclosed describing migration, management, and operation of applications and servers from customer data centers to cloud computing platforms without modification to existing environments or user access procedures. A cloud isolation layer operates as a virtual layer on the cloud platform, enabling server operation in a virtual environment that appears the same as the prior local environment. A cloud software image and a local cloud gateway act to redirect existing addressing from the local environment to the cloud implementation through secure network and data paths. A local management application provides a control interface and maps and manages the local environment and utilized cloud resources.Type: GrantFiled: October 15, 2010Date of Patent: April 9, 2013Assignee: Verizon Patent and Licensing Inc.Inventors: John F. Considine, Paul M. Curtis, Sanjay G. Dixit, Fernando Oliveira, John R. Rousseau, Jonathan Whitney
-
Patent number: 8418242Abstract: A method, system, and device for negotiating a security association (SA) on an Internet Protocol version 6 (IPv6) network are disclosed. In this method, the initiator and the responder generate an SA through the interaction of two messages. Compared with the conventional procedure for setting up an SA based on the Internet Key Exchange Protocol (IKE), the interaction procedure in the present invention is simplified significantly. Therefore, the negotiation is faster and more convenient. In addition, with the present invention, cryptographically generated address parameters (CGA Params) are carried in the message and the CGA may be verified so that the invader cannot spoof the address.Type: GrantFiled: January 10, 2011Date of Patent: April 9, 2013Assignee: Chengdu Huawei Symantec Technologies Co., Ltd.Inventors: Dong Zhang, Lifeng Liu
-
Patent number: 8417937Abstract: A media player is provided for receiving session data from a security socket layer. The session data includes encrypted content data, a content key and digital rights data, wherein the content key and the digital rights data have been encrypted with a SSL session key. The said media player includes a first processor portion and a second processor portion. The first processor portion is arranged to receive the session data, has a second key. The first processor portion and can generate the SSL session key and can decrypt the session data with the SSL session key. The first processor portion can further re-encrypt the decrypted content key with the second key and can output the re-encrypted content key and digital rights data. The second processor portion is arranged to receive the re-encrypted content key and digital rights data. The first processor portion can further decrypt the content, and is externally inaccessible.Type: GrantFiled: December 10, 2009Date of Patent: April 9, 2013Assignee: General Instrument CorporationInventor: Geetha Mangalore
-
Patent number: 8418244Abstract: Techniques are provided for securing instant communications, such as text, audio, and video. A tunnel management module is included in an instant communication suite that comprises one or more instant communication applications. Any communication between a user of the instant communicate suite and a contact passes through the tunnel management module, which may use TLS (or IPSec) technologies to ensure security of the instant communications. Each contact of a user may be associated with a different set of security mappings, which may be specified by the user. A tunnel configuration file is generated from a security mapping and is used to create a tunnel through which secure instant communications may pass.Type: GrantFiled: April 27, 2007Date of Patent: April 9, 2013Assignee: Yahoo! Inc.Inventor: Richard Sinn
-
Publication number: 20130085880Abstract: A support system negotiates secure connections on behalf of multiple guest systems using a set of credentials associated with the guest systems. The operation of the secure connection may be transparent to the guest system such that guest system may send and receive messages that are encrypted or decrypted by the support system, such as a hypervisor. As the support system is in between the guest system and a destination, the support system may act as a local endpoint to the secure connection. Messages may be altered by the support system to indicate to a guest system which communications were secured. The credentials may be managed by the support system such that the guest system does not require access to the credentials.Type: ApplicationFiled: September 29, 2011Publication date: April 4, 2013Applicant: Amazon Technologies, Inc.Inventors: Gregory B. Roth, Eric D. Crahen, Graeme D. Baer, Eric J. Brandwine, Nathan R. Fitch
-
Patent number: 8413213Abstract: Embodiments of the present invention provide a method, apparatus and system for selecting a wireless communication device for establishing a connection. The method according to some exemplary embodiments of the invention may include selecting a communication device for establishing a connection by determining whether one or more security-related characteristics of the communication device satisfy a security policy corresponding to a selected security class. Other embodiments are described and claimed.Type: GrantFiled: December 28, 2004Date of Patent: April 2, 2013Assignee: Intel CorporationInventor: Claudio Glickman
-
Patent number: 8413216Abstract: Methods, devices, and systems are disclosed for simulating a large, realistic computer network. Virtual actors statistically emulate the behaviors of humans using networked devices or responses and automatic functions of networked equipment, and their stochastic actions are queued in buffer pools by a behavioral engine. An abstract machine engine creates the minimal interfaces needed for each actor, and the interfaces then communicate persistently over a network with each other and real and virtual network resources to form realistic network traffic. The network can respond to outside stimuli, such as a network mapping application, by responding with false views of the network in order to spoof hackers, and the actors can respond by altering a software defined network upon which they operate.Type: GrantFiled: December 15, 2011Date of Patent: April 2, 2013Assignee: Zanttz, Inc.Inventors: Chad O. Hughes, Steven M. Silva
-
Patent number: 8401195Abstract: Methods of automatically populating a secure group list in a key variable loader and of providing keys to a secure group are presented. After a user selects a secure group and encryption algorithm using inputs of the loader, the loader provides a group identifier and corresponding key for the group. The group identifier, encryption algorithm, and key are transmitted to a portable communication device over a physical connection between the two while a device identifier of the communication device is transmitted concurrently to the loader. The key variable loader automatically populates a stored list of subscribers of the group with the device identifier. When it is desired to transmit a new key to all of or fewer than all of the subscribers, one of the subscribers is connected with the loader and used to wirelessly transmit a new key to the remaining subscribers.Type: GrantFiled: September 22, 2008Date of Patent: March 19, 2013Assignee: Motorola Solutions, Inc.Inventors: Kenneth C. Fuchs, Larry Murrill
-
Patent number: 8397056Abstract: A computer system includes a mashup section that provides a mashup that performs an action on a resource. An attribute identification section identifies an attribute of a user running the mashup. An access control section provides access control. The mashup is associated to a permission artifact. The permission artifact specifies a principal and whether to permit the principal to take the action on the resource. The access control is triggered only when the mashup attempts to perform the action on the resource, and checks whether the attribute of the user running the mashup is predefined as belonging to the principal specified in the permission artifact associated to the mashup, and then permits the action on the resource only when the attribute belongs to the principal. Plural users with the same attribute belong to the principal when the same attribute is defined as belonging to the principal.Type: GrantFiled: April 20, 2010Date of Patent: March 12, 2013Assignee: JackBe CorporationInventors: Daniel Malks, Aleksey Polenur, Karthic Thope
-
Publication number: 20130061038Abstract: Network security administrators are enabled with their customizable certificate authority reputation policy store which is informed by an independent certificate authority reputation server. The custom policy store overrides trusted root certificate stores accessible to an operating system web networking layer or to a third party browser. Importing revocation lists or updating browsers or operating system is made redundant. The apparatus redirects or rewrites traffic to protect a plurality of endpoints from a man-in-the-middle attack when a certificate authority has lost control over certificates used in TLS.Type: ApplicationFiled: September 3, 2011Publication date: March 7, 2013Applicant: BARRACUDA NETWORKS, INC.Inventors: STEPHEN PAO, FLEMING SHI
-
Publication number: 20130061039Abstract: A method, an article of manufacture, and a process are provided for securing data sets by dynamically hopping amongst a variety of data encryption and/or manipulation protocols. Such dynamic protocol hopping can be implemented in reconfigurable logic. The encryption protocol applied to the data set is selected from among a plurality of encryption protocols. Preferably, the selection can be driven by a random number generator.Type: ApplicationFiled: February 27, 2012Publication date: March 7, 2013Applicant: ADVANCED COMMUNICATION CONCEPTSInventor: Jonathan W. Ellis
-
Patent number: 8392707Abstract: The gaming network described herein includes network security features, host security features, audit protocols, and design architecture approaches to reduce the possibility of network attacks. The gaming network provides for traffic confidentiality, encryption, message authentication, secure authentication mechanisms, anti-replay protection of traffic, key management mechanisms, robust network availability, misrouting and redirection protection and prevention, rejection of external traffic, and a high entry-barrier to device addition to the network. The host protection and security includes secure host initialization, disabling unneeded components, download verification, disabling of unused IP ports, discarding traffic, strong passwords, dynamic one-time passwords for remote login, disabling default accounts, and appropriate “least-level” device privileges.Type: GrantFiled: September 7, 2005Date of Patent: March 5, 2013Assignee: Bally Gaming, Inc.Inventors: James W. Morrow, David Carman, Paul R. Osgood
-
Patent number: 8392968Abstract: According to one embodiment of the invention, a method comprises an operation of commencing a first phrase and transfer processing of an authentication handshaking protocol. The first state is commenced for establishing a secure communication path by a first processor within a first network device. The first phrase comprises an exchange of data during a networking protocol. The transfer of processing for the networking protocol by the first processor to a second processor is conducted to complete the networking protocol.Type: GrantFiled: March 22, 2011Date of Patent: March 5, 2013Assignee: Aruba Networks, Inc.Inventors: Randy Chou, Brijesh Nambiar
-
Patent number: 8392618Abstract: There is provided an electronic system (10) comprising one or more functionality devices (16, 20, 21) and an electronic device adapted so that the one or more functionality devices (16, 20, 21) are locatable in proximity to the electronic device. The electronic device is operable to recognize the presence of the one or more functionality devices (16, 20, 21). Upon recognition of said one or more functionality devices (16, 20, 21), the electronic device is operable to perform one or more additional functionality features associated with said one or more functionality devices while said one or more functionality devices are in close proximity to the electronic device.Type: GrantFiled: July 16, 2004Date of Patent: March 5, 2013Assignee: Koninklijke Philips Electronics N.V.Inventors: Andre Postma, Robertus Theodorus Christianus Deckers
-
Patent number: 8392700Abstract: An apparatus and system are disclosed for asymmetric security in data communications between two or more nodes. Asymmetric security within data communications refers to sending and receiving messages at different security levels. The apparatus includes a receiving module, a transmission module, and a communication module. The receiving module receives a first message at a first security level from a first node. A security level may be defined by implementation of one or more security features, including encryption, digital signatures, and/or other security features. The transmission module transmits a second message at a second security level to the first node in response to receiving the first message. The first and second messages may be communicated during a single communication session. The communication module communicates the second security level to the first node. The communication may be directly between two nodes or may occur via a broker or other intermediate node.Type: GrantFiled: July 2, 2008Date of Patent: March 5, 2013Assignee: International Business Machines CorporationInventors: Pratima Ahuja, Manoj Khangaonkar, Kai Mike Zhang
-
Patent number: 8392984Abstract: Internet Protocol (IP) video conferencing bridging provisioning/configuration systems receive a service order associated with a customer, where the service order requests enrollment of the customer in a Virtual Private Network (VPN) to VPN bridging network service for IP video conferencing. The provisioning/configuration systems orchestrate, based on the service order, configuration of multiple network nodes in a network that provides the VPN to VPN bridging network service for IP video conferencing to the customer to enable IP video conferencing calls to be made from the customer via the network to another customer on a different VPN.Type: GrantFiled: January 10, 2011Date of Patent: March 5, 2013Assignee: Verizon Patent and Licensing Inc.Inventors: Ashraf Yussouff, Nitin Anant Bhanap
-
Patent number: 8386763Abstract: A system and method is disclosed for locking down a capability of a computer system. Hardware instructions initiate a sequence of boot cycles to launch a computer operating system on a computer-enabled device. During the boot cycles, multiple levels of boot code are verified. Each verified stage of boot code verifies a subsequent stage of boot code. If the subsequent stage of boot code cannot be verified, the verified stage locks a capability of the computer so that the subsequent stage of boot code cannot modify the capability.Type: GrantFiled: January 4, 2012Date of Patent: February 26, 2013Assignee: Google Inc.Inventors: Randall R. Spangler, William F. Richardson, Sumit Gwalani, Luigi Semenzato, William A. Drewry
-
Patent number: 8387146Abstract: A method for collecting and distributing data on computer viruses identified on a plurality of computers during virus scanning includes receiving virus scan results from the plurality of computers and collecting and storing the virus scan results in a database. The results include the type of virus identified. The method further includes aggregating at scheduled intervals the virus scan results over a specified time period at a publisher server to create a virus database and replicating the virus database to a subscriber server. A virus report is created from the virus database upon receiving a request from a user computer at the subscriber server and sent to the user computer.Type: GrantFiled: March 14, 2011Date of Patent: February 26, 2013Assignee: McAfee, Inc.Inventors: Sandy Parish, Peter Goostree
-
Patent number: 8386766Abstract: The present invention relates to a method and arrangements in a mobile telecommunications network including a plurality of access points (203), a plurality of 5 network gateway devices (204). The method comprising the steps of: deciding a security setting needed for a dedicated bearer signal by a network component, communicating said decision to a node needed for establishing communication, configuring or selecting by said access point (203) a secure protocol (205) as needed between said access point and said gateway devices (204), and said decision being based on one or several of the network deployment being used and/or network operator policies.Type: GrantFiled: October 17, 2007Date of Patent: February 26, 2013Assignee: Telefonaktiebolaget LM Ericsson (publ)Inventors: Tomas Nylander, Jari Vikberg, Oscar Zee
-
Patent number: 8385330Abstract: A network architecture uses an Application Server Autonomous Access (ASAA) server which allows paging and call routing across different types of wireless and wireline access networks. The ASAA server provides connectivity between an external voice or data network and a wireless transmit/receive unit (WTRU). The external voice or data network may be a public switched telephone network (PSTN) or a public data network (PDN), so that the connectivity between the external network and the WTRU is provided through the access networks using data from the ASAA server.Type: GrantFiled: July 20, 2010Date of Patent: February 26, 2013Assignee: Intel CorporationInventors: Narayan Parappil Menon, Alan Gerald Carlton
-
Patent number: 8386765Abstract: There is described a method for transmitting synchronization messages, for example PTP messages of the IEEE 1588 standard, the PTP message being inserted into a data packet in line with the Internet Protocol, the data packet having an IP header, and the data packet having a UDP header. In this case, for the encrypted transmission on the PTP message, the data packet is addressed to a UDP port that is reserved for encrypted PTP messages, the data packet is provided with an additional S-PTP header that is provided for encryption, the PTP message is extended with a pseudo random number, and the PTP message is encrypted together with the pseudo random number.Type: GrantFiled: March 24, 2006Date of Patent: February 26, 2013Assignee: Siemens AktiengesellschaftInventors: Steffen Fries, Jean Georgiades, Stephan Schüler
-
Patent number: 8386595Abstract: Methods and systems described herein can secure and deliver data over a network. A recipient computer requests a human-readable report from a transmitter computer that initiates a software application to generate a report using data from a backend database. In the application layer, the combination of the report and data is parsed and certain components are replaced to form multiple derived packets of the random strings, the replaced strings, and the combined unaltered string with random strings. The replacement is performed in a pre-determined order that can be a mathematical or logical function. The derived packets are encrypted at the application layer. Further, the receiving computer, in the application layer, decrypts the packets, then finds and replaces the random strings in the combined derived packet, thereby recreating the human-readable report.Type: GrantFiled: December 6, 2010Date of Patent: February 26, 2013Assignee: Unisys CorporationInventor: Sateesh Mandre
-
Patent number: 8380977Abstract: A peer-to-peer communication method for NFC is provided. A link-level security is started by exchanging a link-level security request and a link-level security response between an initiator terminal and a target terminal, then transmission data are encrypted at link-level security layers of the initiator terminal and the target terminal, and the encrypted data are exchanged between the initiator terminal and the target terminal. The link-level security is released by exchanging a link-level security release request and a link-level security release response between the initiator terminal and the target terminal.Type: GrantFiled: February 7, 2007Date of Patent: February 19, 2013Assignee: Samsung Electronics Co., Ltd.Inventors: Jae-Seung Son, Eun-Tae Won, Jong-Hoon Ann
-
Publication number: 20130042100Abstract: Systems and methods for enforcing playback of a specific portion of the content in an open non-certified media player/renderer are provided. In accordance with such systems and methods, a key is extracted from a content portion for which playback is to be forced. The extracted key allows a client the ability to gain access to additional/remaining content. Moreover, the existence of forced content, the mechanism(s) utilized for forcing playback, as well as a particular position in the timeline associated with the forced playback are signaled to the client on/through which the open non-certified media player/renderer is implemented.Type: ApplicationFiled: August 9, 2011Publication date: February 14, 2013Applicant: NOKIA CORPORATIONInventors: Imed Bouazizi, Miska M. Hannuksela
-
Patent number: 8375201Abstract: A system and method are provided for securing links at the physical (PHY) layer in an IEEE 802.3 Ethernet communication system. A local device (LD) receives an electrical waveform representing link partner security information from a network-connected link partner (LP) via unformatted message pages. The LD accesses predetermined LP reference information stored in a tangible memory medium. The LD compares the received LP security information to the LP reference information. In response to the LD matching the received LP security information to the LP reference information, a secure link to the LP is verified. Likewise, the LD may send electrical waveforms representing security information to the LP via the unformatted message pages. In response to the LP matching the LD security information to the LD reference information, a secure link to the LD is verified.Type: GrantFiled: March 5, 2009Date of Patent: February 12, 2013Assignee: Applied Micro Circuits CorporationInventor: Bradley John Booth
-
Patent number: 8375225Abstract: Data storage devices having one or more data security features are provided according to various embodiments of the present invention. In one embodiment, a data storage device comprises buffer and a buffer client. The buffer client comprises a scrambler configured to receive a configuration setting and a secret key on a certain event, to configure a scrambling function based on the received configuration setting, and to scramble data with the secret key using the scrambling function, wherein the buffer client is configured to write the scrambled data to the buffer.Type: GrantFiled: December 11, 2009Date of Patent: February 12, 2013Assignee: Western Digital Technologies, Inc.Inventor: Danny O. Ybarra
-
Patent number: 8374339Abstract: Method, program, network system and client device each has a structure of being given encryption information different from given present encryption information by use of the given present encryption information and being given different encryption information in incremental steps, to one or a plurality of the connection destinations (client device CLm), for security setting of wireless communication network (wireless LAN device 2) to one or a plurality of connection destinations.Type: GrantFiled: December 27, 2005Date of Patent: February 12, 2013Assignee: Fujitsu LimitedInventor: Tomonori Yasumoto
-
Patent number: 8375439Abstract: A method may comprise determining, in an operating system instance, that a login access is being attempted by a user at an access time on an object. A domain identifier associated with the user may be determined. A set of one or more domain identifiers may be accessed that may be associated with the object and that identify one or more domains. One or more domain isolation rules may be accessed and evaluated that may be associated with the operating system instance for permitting an attempted login access to the object based on whether a domain identifier associated with the user is one of the domain identifiers in the set of domain identifiers associated with the object for during a time period. A permit or deny indication may be returned based on whether or not login access is permitted on the object at the access time.Type: GrantFiled: April 29, 2011Date of Patent: February 12, 2013Assignee: International Business Machines CorporationInventors: Vijay Mann, Ranganathan Vidya
-
Patent number: 8370630Abstract: A mail system having high security is realized by mounting TCP2 for mail communication between client apparatuses. The present invention relates to a mail communication system which is connected to a network and exchanges mails between client apparatuses provided with the existing mailers, and each client apparatus is mounted with a TCP2 driver. A TCP2 driver 34 includes a TCP2 core 36 and a mail system core 37 and an e-mail received via the network is processed in this TCP2 driver 34 and thereafter, is supplied to an existing mailer 31 of the client apparatus. In the mail system core 37 of the TCP2 driver 34, control of mail encryption and decryption, deletion of an unnecessary mail and the like is carried out.Type: GrantFiled: July 31, 2006Date of Patent: February 5, 2013Inventor: Keiko Ogawa
-
Patent number: 8370622Abstract: The rate at which packets are provided to a cryptographic engine of a cryptographic system may be adjusted using a feedback mechanism to increase the output of the cryptographic system. Data is classified and queued on a per class/flow basis and stored in input queues prior to being processed by the cryptographic engine. A class based queue scheduler is implemented to select data from the input queues to be transmitted to the cryptographic engine. The cryptographic engine operates in processing cycles. At each cycle, an amount of data is transferred from the input queues to a cryptographic engine input queue. A cryptographic accelerator in the cryptographic engine processes the data on the cryptographic engine input queue during the cycle. The output rate of the cryptographic accelerator is measured during the cycle and this value is used as feedback to determine how much data should be passed to the cryptographic engine for a subsequent cycle.Type: GrantFiled: December 31, 2007Date of Patent: February 5, 2013Assignee: Rockstar Consortium US LPInventors: Mohan Dattatreya, Mohana Posam, Abha Jain, Ayfang Yang
-
Patent number: 8370917Abstract: A network media gateway is used to bridge trust between a Service Provider network and subscriber devices. The gateway is authenticated by the Service Provider by using knowledge of network topology. Subscriber devices are authenticated in response to subscriber input to the gateway via an interface. Trusted subscriber devices can be tightly coupled with the Service Provider network, thereby facilitating delivery of QoE. Mobile and remote subscriber devices may also be authenticated. The gateway may also facilitate establishment of VPNs for peer-to-peer communications, and dynamically adjustable traffic, policy and queue weightings based on usage patterns.Type: GrantFiled: April 14, 2005Date of Patent: February 5, 2013Assignee: Rockstar Consortium US LPInventors: Hassler Hayes, Nannra Anoop, John Watkins
-
Patent number: 8370623Abstract: Many secure tunnels require protocols that require special handling, authorization or security certificates, such as L2TP and PPTP. This often eliminates them for use between a corporate or agency network and outside, public networks. A secure socket tunnel protocol (SSTP) adds drivers in both the kernel and user mode to route standard protocol traffic, such as PPP, over a common HTTPS port. In the event of network interruptions, an exchange of a session cookie allows fast reconnection of the underlying HTTPS connection without affecting higher level applications.Type: GrantFiled: December 12, 2011Date of Patent: February 5, 2013Assignee: Microsoft CorporationInventors: Vikas Jain, Madan Appiah, Kadirvel Vanniarajan, Samir Jain
-
Patent number: 8370907Abstract: A connection between a monitoring device and a remote user is accomplished securely over the Internet by using a communication channel with public/private key encryption to connect the two locations and by performing authentication of a user at the local monitoring device rather than at a device server at the remote location, thereby effectively removing the device server as vulnerable point for attack. In particular, when a remote user attempts to log in, via a web browser or interactive telephone system, the encrypted channel is established using the public/private key of the device and the device server proxies the log-in request to the monitored device. The device itself is then responsible for granting or denying access.Type: GrantFiled: November 20, 2007Date of Patent: February 5, 2013Assignee: DeviceCo LLCInventors: Jeffrey P. Potter, Tinsley A. Galyean
-
Patent number: 8370936Abstract: Systems and methods for detecting and preventing network security breaches are described. The systems and methods present a gateway-based packet-forwarding network security solution to not only detect security breaches but also prevent them by directly dropping suspicious packets and connections. The systems and methods employ multiple techniques to detect and prevent network security breaches, including stateful signature detection, traffic signature detection, and protocol anomaly detection.Type: GrantFiled: February 8, 2002Date of Patent: February 5, 2013Assignee: Juniper Networks, Inc.Inventors: Nir Zuk, Kowsik Guruswamy
-
Publication number: 20130031356Abstract: A proxy server in a cloud-based proxy service receives a secure session request from a client device for a secure session. The secure session request is received at the proxy server as a result of a Domain Name System (DNS) request for a domain resolving to the proxy server. The proxy server participates in a secure session negotiation with the client device including transmitting a digital certificate to the client device that is bound to domain and multiple other domains. The proxy server receives an encrypted request from the client device for an action to be performed on a resource that is hosted at an origin server corresponding to the domain. The proxy server decrypts the request and participates in a secure session negotiation with the origin server including receiving a digital certificate from the origin server. The proxy server encrypts the decrypted request using the digital certificate from the origin server and transmits the encrypted request to the origin server.Type: ApplicationFiled: July 28, 2011Publication date: January 31, 2013Inventors: Matthew Browning Prince, Lee Hahn Holloway, Srikanth N. Rao, Ian Gerald Pye
-
Patent number: 8363840Abstract: A method and apparatus for providing a broadcast service in a communication system is provided. The method includes creating a seed key pair including a first key and a second key, transmitting the seed key pair to a terminal to which the broadcast service is to be provided, creating a certain number of encryption keys using the seed key pair, the certain number corresponding to a lifetime of the seed key pair, encrypting broadcast service data for the lifetime using the encryption keys, and broadcasting the encrypted broadcast service data.Type: GrantFiled: April 3, 2009Date of Patent: January 29, 2013Assignee: Samsung Electronics Co., Ltd.Inventors: Sergey Nikolayevich Seleznev, Byung-Rae Lee, Sung-Oh Hwang, Kook-Heui Lee
-
Patent number: 8365262Abstract: A system for automatically generating and filling login information to improve the security in storage and use of the login information. The system comprises a monitoring module, a registration module, and a login module; the monitoring module is coupled to the registration module and the login module; the monitoring module is adapted to check for an entry of login information corresponding to the identifier of the current page, and prompt a result to the user, and transmit a signal to the registration module and the login module to perform a registration and/or login operation; the registration module comprises a login information generation unit, a login information storage unit, and a first user confirmation unit; and the login module comprises a login information input unit and a second user confirmation unit. A method for the same is also disclosed.Type: GrantFiled: November 6, 2008Date of Patent: January 29, 2013Assignee: Feitian Technologies Co., Ltd.Inventors: Zhou Lu, Huazhang Yu
-
Patent number: 8363831Abstract: A method, apparatus and system enabling software access to navigational data in a decrypted media stream while protecting stream payloads. In one embodiment, a filter may route an encrypted content stream and associated information to a secure partition having a trusted computing component for decryption. Upon decryption, the trusted computing component may store the decrypted payload of the content in a secure storage location accessible to the trusted computing component. Thereafter, the decrypted navigational header information of the content may be used to navigate to the decrypted content via a trusted component such as a trusted rendering unit in the secure partition.Type: GrantFiled: September 23, 2009Date of Patent: January 29, 2013Assignee: Intel CorporationInventors: Richard Maliszewski, Keith L. Shippy, Ajit P. Joshi
-
Patent number: RE43987Abstract: In a computer system, a first electronic data processor is communicatively coupled to a first memory space and a second memory space. A second electronic data processor is communicatively coupled the second memory space and to a network interface device. The second electronic data processor is capable of exchanging data across a network of one or more computers via the network interface device. A video processor is adapted to combine video data from the first and second electronic data processors and transmit the combined video data to a display terminal for displaying the combined video data in a windowed format. The computer system is configured such that a malware program downloaded from the network and executing on the second electronic data processor is incapable of initiating access to the first memory space.Type: GrantFiled: January 27, 2011Date of Patent: February 5, 2013Inventors: Allen F. Rozman, Alfonso J. Cioffi