Protection At A Particular Protocol Layer Patents (Class 713/151)
  • Patent number: 9088638
    Abstract: The present invention involves providing secure Voice Over IP (VOIP) communications to a mobile communications device. Specifically, the disclosed systems and methods enable a standard remote communications device (e.g., a cellular telephone) to utilize the Secure Communications Interoperability Protocol (SCIP) as designed by the U.S. Department of Defense. The invention provides SCIP access to users without requiring specific hardware configurations to be built into, or added to, the remote communications device. The remote communications device is equipped with software that emulates what was previously accomplished through a hardware configuration in order to facilitate secure VOIP communications over standard mobile communication devices.
    Type: Grant
    Filed: September 3, 2009
    Date of Patent: July 21, 2015
    Assignee: Apriva, LLC
    Inventor: Mike Klingen
  • Patent number: 9086913
    Abstract: Methods and apparatus relating to processor extensions for execution of secure embedded containers are described. In an embodiment, a scalable solution for manageability function is provided, e.g., for UMPC environments or otherwise where utilizing a dedicated processor or microcontroller for manageability is inappropriate or impractical. For example, in an embodiment, an OS (Operating System) or VMM (Virtual Machine Manager) Independent (generally referred to herein as “OI”) architecture involves creating one or more containers on a processor by dynamically partitioning resources (such as processor cycles, memory, devices) between the HOST OS/VMM and the OI container. Other embodiments are also described and claimed.
    Type: Grant
    Filed: December 31, 2008
    Date of Patent: July 21, 2015
    Assignee: Intel Corporation
    Inventors: Vedvyas Shanbhogue, Arvind Kumar, Purushottam Goel
  • Patent number: 9077754
    Abstract: This disclosure is directed to systems and methods for handling the processing of a next protocol negotiation extension for a transport layer security (TLS) session. A device, intermediary to a client and a server, may receive a client hello message from the client in a handshake to establish a transport layer security (TLS) session with the server. The client hello message may include a next protocol negotiation extension. The device may include a first TLS processor that is software based and a second TLS processor that is hardware based. The device may determine that the client hello message includes the next protocol negotiation extension. The device may establish, responsive to the determination, the TLS session using the first TLS processor. The device may process, upon establishment of the TLS session using the first TLS processor, encrypted data for the TLS session using the second TLS processor.
    Type: Grant
    Filed: April 6, 2013
    Date of Patent: July 7, 2015
    Assignee: Citrix Systems, Inc.
    Inventors: Swarupa Gonuguntla, Ashoke Saha, Tushar Kanekar
  • Patent number: 9050536
    Abstract: A communication game system includes a plurality of game apparatuses which are able to wirelessly communicate with each other. Each of the game apparatus registers identifying information of an opponent obtained by a short-distance wireless communication or by user's manual input in a friend list. Thereafter, the game apparatus connects to the Internet, and inquires whether it is possible to communicate with an opponent in the friend list over the network. If it is possible to communicate, the game apparatus obtains an address of the opponent to make a network communication. Even if a user makes a short distance wireless communication with a friend to exchange and register the identifying information or registers the friend by hand and then is parted from the friend, the user can safely communicate with the friend across the network without being exposed to unknown players.
    Type: Grant
    Filed: May 20, 2013
    Date of Patent: June 9, 2015
    Assignee: NINTENDO CO., LTD.
    Inventors: Tetsuya Sasaki, Yosuke Hatayama, Daisuke Nakamura, Yoshitaka Shirota, Masaru Mitsuyoshi, Yutaka Takehisa, Katsuya Eguchi
  • Patent number: 9048923
    Abstract: Embodiments of the present invention include a system and method for wirelessly identifying and validating an electronic device in order to initiate a communication process with another device or a service. In an embodiment, the system includes a portable biometric monitoring device that is identified by a client device or a server for the purpose of initiating a pairing process. In an embodiment, pairing implies pairing the portable device to an online user account with minimal user interaction. After pairing, the portable device and appropriate client devices and servers communicate with little or no user interaction, for example to upload sensor data collected by the portable device.
    Type: Grant
    Filed: December 24, 2013
    Date of Patent: June 2, 2015
    Assignee: Fitbit, Inc.
    Inventors: Peter Andrew Molettiere, James Park, Aislinn Abigail Bilodeaux-Dewey, Christine Boomer Brumback, Eric Nathan Friedman, Robert Curtis Cole, Heiko Gernot Albert Panther, Andrew Cole Axley
  • Patent number: 9049012
    Abstract: According to an embodiment, a communication apparatus includes a finding unit; a negotiating unit; and a communicating unit. The finding unit is configured to, in response to a request from an application that makes use of key information, find out a key generating device that generates the key information. The negotiating unit is configured to perform a negotiation operation with respect to the key generating device to determine conditions for key information that is to be generated. The communicating unit is configured to receive, from the key generating device, the key information that is generated based on the conditions determined in the negotiation operation, and send the received key information to the application.
    Type: Grant
    Filed: March 7, 2013
    Date of Patent: June 2, 2015
    Assignee: Kabushiki Kaisha Toshiba
    Inventors: Shinichi Baba, Yoshimichi Tanizawa, Hideaki Sato
  • Patent number: 9043898
    Abstract: An access rights management system is presented in which a mobile device may be allowed to access corporately held data in a flexible manner but in which the security and integrity of the data is maintained. The mobile device is provided with a rights adjustment module which modifies the access rights for locally stored corporate data in dependence on the connectivity of the mobile device with a corporate server.
    Type: Grant
    Filed: April 18, 2011
    Date of Patent: May 26, 2015
    Assignee: LENOVO INNOVATIONS LIMITED (HONG KONG)
    Inventors: Frederic Fok Ah Chuen, Benoit Lecroart, Olivier Perron
  • Patent number: 9043928
    Abstract: Methods are provided for tracking data corresponding to a mobile device that accesses a web page. Once a mobile device is registered with a network, the mobile device is instructed to request permission before accessing a web page. An access request is received, and based on a user profile, the access request is approved such that the mobile device may access the web page. Access data that corresponds to the mobile device accessing the web page is collected so that it can be added to and stored in a database.
    Type: Grant
    Filed: February 24, 2010
    Date of Patent: May 26, 2015
    Assignee: Sprint Communications L.P.
    Inventors: Lyle W. Paczkowski, John E. Belser, Nicolas A. Nehme Antoun, Farni B. Weaver
  • Patent number: 9043588
    Abstract: Various embodiments provide a method and apparatus of providing accelerated encrypted connections in a cloud network supporting transmission of data including per-user encrypted data. Transmission of encrypted data from an application server uses an encryption scheme that encrypts static data using a first encryption scheme that derives keys from the content itself and encrypts dynamic data, such as dynamic website content with personalized user data, using a second encryption scheme.
    Type: Grant
    Filed: May 8, 2012
    Date of Patent: May 26, 2015
    Assignee: Alcatel Lucent
    Inventors: Krishna P. Puttaswamy Naga, Katherine Guo
  • Patent number: 9043604
    Abstract: Keying materials used for providing security in a platform are securely provisioned both online and offline to devices in a remote platform. The secure provisioning of the keying materials is based on a revision of firmware installed in the platform.
    Type: Grant
    Filed: September 5, 2013
    Date of Patent: May 26, 2015
    Assignee: Intel Corporation
    Inventors: Ernest F. Brickell, Shay Gueron, Jiangtao Li, Carlos V. Rozas, Daniel Nemiroff, Vincent R. Scarlata, Uday R. Savagaonkar, Simon P. Johnson
  • Patent number: 9043874
    Abstract: Provided are a system and method for protecting data in an electronic communications environment. An interested entity establishes one or more controls for a received unit of data. At a source device in the electronic communications network, the unit of data is encapsulated with self-protection security data that includes the one or more controls. The encapsulated unit of data is delivered from the source device to a destination device in the electronic communications network. A data broker facilitates the delivery of the data to the destination device according to the controls. Facilitating the delivery of the data includes: identifying for the receiving device a collection of services corresponding to the controls independently of the network.
    Type: Grant
    Filed: November 28, 2012
    Date of Patent: May 26, 2015
    Assignee: Wal-Mart Stores, Inc.
    Inventor: Stuart I. Riley
  • Patent number: 9038162
    Abstract: Implementations of the present invention efficiently establish secure connections between a client and server, at least in part by authenticating the client and server early on in the connection setup phases. A client initiating a connection with a server identifies the secure communication protocols enabled at the client, and identifies these protocols in a connection request it sends to the server. The server processes the message and responds with a communication protocol it deems appropriate for the connection. The client and server then exchange appropriate authentication information, and then establish a connection session that implements the chosen communication protocol, and encrypts messages using the negotiated communication protocol. Additional implementations relate to reestablishing dropped connections behind virtual Internet Protocol addresses, without necessarily having to recommit much connection resource overhead.
    Type: Grant
    Filed: June 25, 2012
    Date of Patent: May 19, 2015
    Assignee: Microsoft Technology Licensing, LLC
    Inventors: Costin Hagiu, Elton Saul, Rajneesh Mahajan, Sergey A. Kuzin, Joy Chik, John E. Parsons, Ashwin Palekar, Ara Bernardi
  • Patent number: 9037656
    Abstract: A method and system for facilitating interaction between an electronic device and a plurality of content provider websites are disclosed. In one embodiment, the method includes receiving at a server a plurality of information portions provided from the websites, where each of the information portions is associated with a respective copy of information that is available at each of the websites. The method also includes aggregating at the server the information portions so that they are combined into an overall grouping, with the respective information portions being maintained respectively as distinct subportions within the grouping. Further, the method includes sending from the server a message for receipt by a part of the electronic device, the primary message including the grouping. The grouping is sent together with an additional copy of the information or with an indication of that information to which the overall grouping relates.
    Type: Grant
    Filed: December 20, 2010
    Date of Patent: May 19, 2015
    Assignee: Google Technology Holdings LLC
    Inventors: David Brenner, Roger Bye, Kevin Foy, Lucia Robles Noriega
  • Patent number: 9037855
    Abstract: A content data reproducing method includes: decrypting encrypted data to generate plain-text data; dividing the plain-text data into decrypted content data and reproduction management information; sending the reproduction management information to a user space; storing the decrypted content data in a secret buffer; obtaining the decrypted content data as reproduction target data from the secret buffer and transmitting the reproduction target data to a decoder; and decoding the reproduction target data by the decoder.
    Type: Grant
    Filed: November 6, 2013
    Date of Patent: May 19, 2015
    Assignee: SOCIONEXT Inc.
    Inventors: Atsushi Oida, Wataru Tachibana, Hiroyuki Wada
  • Patent number: 9038160
    Abstract: A method of ensuring secure and cost effective communication of aeronautical data to and from an aircraft is provided. The method includes uplinking air-ground aircraft data communications via an aeronautical safety data link and downlinking air-ground aircraft data communications via a consumer data link separated from the aeronautical safety data link by a one-way firewall.
    Type: Grant
    Filed: June 23, 2014
    Date of Patent: May 19, 2015
    Assignee: Honeywell International Inc.
    Inventors: Donald C. Kauffman, Thomas D. Judd, Michael L. Olive
  • Patent number: 9032534
    Abstract: A system administrator of a wireless LAN 100 manipulates a personal computer PC1 to change a WEP key. The personal computer PC1 authenticates a memory card MC as genuine under management of the system administrator. In the case of the authenticated memory card MC, changed setting information, as well as a previous WEP key before the change of the setting information, is written into the memory card MC. The system administrator then inserts this memory card MC into a memory card slot of a printer PRT1. The printer PRT1 authenticates the memory card MC as genuine under management of the system administrator. In the case of the authenticated memory card MC, the setting information is updated. This arrangement effectively relieves the user's workload in setting wireless communication devices, while ensuring the sufficiently high security.
    Type: Grant
    Filed: December 21, 2004
    Date of Patent: May 12, 2015
    Assignee: Seiko Epson Corporation
    Inventor: Katsuyuki Koga
  • Patent number: 9030680
    Abstract: An information processing apparatus includes a control unit that, in a case where it is determined that proxy response processing should be performed, performs control such that an inputted job is processed without causing the information processing apparatus to transition from a second power mode to a first power mode, and, in a case where it is determined that proxy response processing should not be performed, performs control such that inputted job is processed after causing the information processing apparatus to transition from the second power mode to the first power mode.
    Type: Grant
    Filed: March 12, 2012
    Date of Patent: May 12, 2015
    Assignee: Canon Kabushiki Kaisha
    Inventor: Yoshinobu Umeda
  • Patent number: 9027088
    Abstract: Systems and methods are provided for authenticating Internet Protocol (IP) Multimedia Subsystem (IMS) applications in a User Equipment (UE). A method includes: receiving a first Session Initiation Protocol (SIP) REGISTER message from an IMS application operating on the UE; transmitting a response message to the IMS application based on the received first SIP REGISTER message; receiving a second SIP REGISTER message from the IMS application operating on the UE; determining authentication for the IMS application based on the received second SIP REGISTER message from the IMS application operating on the UE; and based on the step of determining authentication for the IMS application, if the IMS application is authorized, then transmitting information associated with the first and second SIP REGISTER messages toward a SIP node or if the IMS application is unauthorized, then discarding data associated with the first and second SIP REGISTER messages.
    Type: Grant
    Filed: April 19, 2013
    Date of Patent: May 5, 2015
    Assignee: Ericsson Modems SA
    Inventors: Stefan Runeson, Per Stahl
  • Patent number: 9026784
    Abstract: An example method includes identifying a transport layer security (TLS) session between a client and a server, parsing one or more TLS messages to identify a session ticket associated with the session, transforming the session ticket into a fixed size session token, and managing the session using the session token to identify the session. The transforming may include computing a hash value of the session ticket using a hashing algorithm. If any of the TLS messages is spread across more than one TLS protocol record, the method can include computing a hash value of a portion of the session ticket encountered in a TLS protocol record using a hashing algorithm, incrementally computing another hash value of another portion of the session ticket encountered in a subsequent TLS protocol record from the previously computed hash value, and repeating the incremental computing until portions of the session ticket have been processed.
    Type: Grant
    Filed: January 26, 2012
    Date of Patent: May 5, 2015
    Assignee: McAfee, Inc.
    Inventors: Shivakumar Buruganahalli, Venu Vissamsetty
  • Patent number: 9021593
    Abstract: The present invention discloses a XSS detection method for detecting the XSS vulnerabilities in a web page, comprising for each parameter-value pair in a set of parameter-value pairs that can be accepted by the web page: constructing a parameter-value pair in which a dedicated script is inserted; assembling a URL corresponding to the web page based on the parameter-value pair in which a dedicated script is inserted; acquiring the dynamic web page content corresponding to the assembled URL; and simulating the execution of the acquired dynamic web page content, if the dedicated script is executed, it is determined that the processing of the parameter in the web page contains XSS vulnerabilities. The present invention further discloses a corresponding XSS detection device and a web site security scanning system and a web scanning system using such a device.
    Type: Grant
    Filed: July 23, 2010
    Date of Patent: April 28, 2015
    Assignee: NSFOCUS Information Technology Co., Ltd.
    Inventors: Guangxu Liu, Yujie Wen, Da Zhou, Xiaoming Wang, Xiaoxia Liu
  • Patent number: 9021272
    Abstract: The present invention relates to key management in a secure microcontroller, and more particularly, to systems, devices and methods of automatically and transparently employing logic or physical address based keys that may also be transferred using dedicated buses. A cryptographic engine translates a logic address to at least one physical address, and processes a corresponding data word based on at least one target key. The target key is selected from a plurality of keys based on the logic or physical address. A universal memory controller stores each processed data word in the corresponding physical address within a memory. Each key is associated with a memory region within the memory, and therefore, the logic or physical address associated with a memory region may be used to automatically identify the corresponding target key. A dedicated secure link may be used to transport key request commands and the plurality of keys.
    Type: Grant
    Filed: August 28, 2012
    Date of Patent: April 28, 2015
    Assignee: Maxim Integrated Products, Inc.
    Inventors: Vincent Debout, Frank Lhermet, Yann Yves René Loisel, Grégory Rome, Christophe Tremlet
  • Patent number: 9021547
    Abstract: This disclosure is directed toward an integrated switching and routing security device that provides zone-based security directly between layer two (L2) interfaces of L2 bridge domains and/or layer three (L3) interfaces of L3 routing instances within the security device. The integrated switching and routing security device supports both switching and routing functionalities for packets on L2 and L3 interfaces, and supports security within and between L2 bridge domains and L3 routing instances. The integrated switching and routing security device configures L2 security zones for one or more L2 interfaces and configures L3 security zones for one or more L3 interfaces. The integrated switching and routing security device then applies security policies to incoming packets according to the L2 security zones and/or the L3 security zones associated with the incoming interface and an outgoing interface for the packets to provide end-to-end security within the security device.
    Type: Grant
    Filed: December 21, 2011
    Date of Patent: April 28, 2015
    Assignee: Juniper Networks, Inc.
    Inventors: Tsai-Zong Lin, Chih-Wei Chao, Jin Shang, Dongyi Jiang, Anchung Chung
  • Patent number: 9021249
    Abstract: The need for upload security arises during content sharing between users in communication link with each other and a server. In one embodiment, providing the upload security involves the server identifying a mobile device that sends an upload message destined to a user. Providing the upload security further involves the server accessing opt-in parameters predetermined by the user, determining if the identity of the sending mobile device is included in the opt-in parameters, and, if so, allowing the upload to the user's account, otherwise blocking the upload. The opt-in parameters include the identity of mobile devices that are authorized by the user to upload data to the user's account. In one embodiment, the communication link includes a wireless carrier network with capability for security screening of the upload message before it reaches the server based on the identity of the wireless carrier network.
    Type: Grant
    Filed: September 9, 2010
    Date of Patent: April 28, 2015
    Assignee: Yahoo! Inc.
    Inventors: Zhaowei Charlie Jiang, Christopher Wu, Joy Sato, Yingqing Lawrence Cui
  • Patent number: 9021577
    Abstract: A network element (NE) comprising a memory device configured to store instructions, and a processor configured to execute the instructions by dividing a first plurality of data packets of a data flow into a first plurality of sub-flows, and causing the first plurality of sub-flows to be transmitted to a second NE via a network, wherein the first plurality of sub-flows are transmitted using a first Internet Protocol Security (IPsec) security association (SA) cluster comprising a plurality of parallel sub-SAs. The disclosure also includes a NE comprising a processor configured to create an IPsec SA cluster comprising a first plurality of sub-SAs between the NE and a second NE using an internet key exchange (IKE) or an IKEv2, wherein the first sub-SAs are unidirectional, and wherein the first sub-SAs are configured to transport a first plurality of data packets in a common direction.
    Type: Grant
    Filed: March 28, 2013
    Date of Patent: April 28, 2015
    Assignee: Futurewei Technologies, Inc.
    Inventors: Jifei Song, Xiaoyong Yi, Xiangyang Zhang
  • Publication number: 20150113264
    Abstract: Systems and methods for inline security protocol inspection are provided. According to one embodiment, a security device receives an encrypted raw packet from a first network appliance and buffers the encrypted raw packet in a buffer. An inspection module accesses the encrypted raw packet from the buffer, decrypts the encrypted raw packet to produce a plain text and scans the plain text by the inspection module.
    Type: Application
    Filed: October 17, 2013
    Publication date: April 23, 2015
    Applicant: FORTINET, INC.
    Inventors: Wei David Wang, Junfeng Jia, Hongbin Lu
  • Patent number: 9015469
    Abstract: A proxy server in a cloud-based proxy service receives a secure session request from a client device for a secure session. The secure session request is received at the proxy server as a result of a Domain Name System (DNS) request for a domain resolving to the proxy server. The proxy server participates in a secure session negotiation with the client device including transmitting a digital certificate to the client device that is bound to domain and multiple other domains. The proxy server receives an encrypted request from the client device for an action to be performed on a resource that is hosted at an origin server corresponding to the domain. The proxy server decrypts the request and participates in a secure session negotiation with the origin server including receiving a digital certificate from the origin server. The proxy server encrypts the decrypted request using the digital certificate from the origin server and transmits the encrypted request to the origin server.
    Type: Grant
    Filed: July 28, 2011
    Date of Patent: April 21, 2015
    Assignee: CloudFlare, Inc.
    Inventors: Matthew Browning Prince, Lee Hahn Holloway, Srikanth N. Rao, Ian Gerald Pye
  • Patent number: 9015691
    Abstract: A method includes loading a software class containing class information for a lock state. The method includes allocating an instance of a software object derived from the software class, wherein the allocating includes allocating of a lock word as part of the instance of the software object. The lock word defines whether the object is locked by a thread of multiple threads. The method includes observing activity relative to the instance of the software object. The method includes responsive to observing the activity relative to the instance of the software object that indicates that the lock state of the instance of the software object is non-locking, removing the lock word from the instance of the software object.
    Type: Grant
    Filed: December 27, 2013
    Date of Patent: April 21, 2015
    Assignee: International Business Machines Corporation
    Inventor: Peter W. Burka
  • Patent number: 9009837
    Abstract: Systems and methods which provide a new application security assessment framework that allows auditing and testing systems to automatically perform security and compliance audits, detect technical security vulnerabilities, and illustrate the associated security risks affecting business-critical applications.
    Type: Grant
    Filed: July 1, 2011
    Date of Patent: April 14, 2015
    Assignee: Onapsis S.R.L.
    Inventor: Mariano Nunez Di Croce
  • Patent number: 9003478
    Abstract: Framework for conditionally attaching web service policies to a policy subject (e.g., a web service client or service endpoint) at subject runtime. In one set of embodiments, a constraint expression can be defined that specifies one or more runtime conditions under which a policy should be attached to a policy subject. The constraint expression can be associated with the policy and the policy subject via policy attachment metadata. The constraint expression can then be evaluated at runtime of the policy subject to determine whether attachment of the policy to the policy subject should occur. If the evaluation indicates that the policy should be attached, the attached policy can be processed at the policy subject (e.g., enforced or advertised) as appropriate. Using these techniques, the policy subject can be configured to dynamically exhibit different behaviors based on its runtime context.
    Type: Grant
    Filed: August 28, 2012
    Date of Patent: April 7, 2015
    Assignee: Oracle International Corporation
    Inventors: Nickolas Kavantzas, Jeffrey Jason Bryan, Cecilia Zhao
  • Patent number: 9003481
    Abstract: A computer-implemented method, network management system, and network clients are provided for out-of-band network security management. The network management system includes routers, firewalls, and out-of-band interfaces. The out-of-band interface of the network management system transmits access control lists to network clients connected to a trusted network. The trusted network connects the routers, firewalls, and network clients. The firewalls receive access control lists from the network management system to police communications that traverse the trusted network and an untrusted network. The routers receive access control lists from the network management system to police communications that traverse the router within the trusted network. The access control lists for the routers and firewalls are transmitted over a network interface to the trusted network and are transmitted separately from the access control lists for the network clients.
    Type: Grant
    Filed: July 8, 2013
    Date of Patent: April 7, 2015
    Assignee: Sprint Communications Company L.P.
    Inventors: David Wayne Haney, Usman Muhammad Naim, Andrew Lee Davey
  • Patent number: 9003179
    Abstract: A communication method for a host and a wireless Internet access module, and a data card, are provided so that the host implements wireless Internet access with the wireless Internet access module of a secure digital interface. The method includes simulating each port on a wireless Internet access processing function unit in a wireless Internet access module into a secure digital card partition and reporting the secure digital card partition to a host side; receiving downlink interaction information from the host side encapsulated in a secure digital card interface format, decapsulating the downlink interaction information, and delivering the decapsulated downlink interaction information to a corresponding port; and receiving uplink interaction information reported to the host side from each port, encapsulating the received uplink interaction information in the secure digital card interface format.
    Type: Grant
    Filed: October 24, 2012
    Date of Patent: April 7, 2015
    Assignee: Huawei Device Co., Ltd.
    Inventors: Xiaozhi Fang, Guiying Xue, Lei Lin, Wenchun Jiang, Meiwen Yang, Keqiang Gao
  • Patent number: 8996855
    Abstract: A client application, when executed by a processor, is operative to create a HyperText Transfer Protocol (HTTP) request containing a target header that includes a confidential value. The HTTP request is to be sent over a Secure Sockets Layer (SSL) 3.0 connection or a Transport Layer Security (TLS) 1.0 connection to a web server. The client application implements at its HTTP layer a countermeasure to a blockwise chosen-boundary attack. The client application generates an additional header having a header name that is not recognizable by the web server and inserts the additional header into the HTTP request ahead of the target header, thus creating a modified HTTP request. The modified HTTP request is to be sent, instead of the unmodified HTTP request, over the SSL 3.0 connection or the TLS 1.0 connection to the web server.
    Type: Grant
    Filed: November 14, 2012
    Date of Patent: March 31, 2015
    Assignees: BlackBerry Limited, Certicom Corp.
    Inventors: Alexander Sherkin, Gregory Marc Zaverucha, Alexander Truskovsky, Michael Matovsky, Osman Zohaib Arfeen
  • Patent number: 8996854
    Abstract: The method is for downloading applications takes place in a network that has a server, a mobile terminal, a trusted operator and preferably, a personal computer. In the method a user selects an application to be downloaded at his computer or mobile terminal. The user then sends a request to the server for downloading the selected application to the mobile terminal. The server sends a message to the mobile terminal with instructions for downloading of the application. This message is sent via a trusted operator in order to ensure a secure downloading. Thereafter, the application is downloaded to the mobile terminal.
    Type: Grant
    Filed: February 16, 2004
    Date of Patent: March 31, 2015
    Assignee: Giesecke & Devrient GmbH
    Inventor: Antti Hamalainen
  • Patent number: 8996856
    Abstract: A method, product and system for selective encryption in a mobile device. The method comprising: selectively encrypting requests issued by the mobile device, wherein said selectively encrypting comprises: obtaining a request issued by an application executed by the mobile device, the request having one or more characteristics, the request has a destination; determining, based on the one or more characteristics, whether to encrypt the request; and in response to a determination to encrypt the request, re-routing the request to be transmitted to the destination through a secure channel; whereby the request is encrypted regardless of the destination being a priori associated with the secure channel.
    Type: Grant
    Filed: June 13, 2013
    Date of Patent: March 31, 2015
    Assignee: Skycure Ltd
    Inventors: Yair Amit, Adi Sharabani
  • Patent number: 8997178
    Abstract: A method and system for securing hosting web pages from malicious third party modules. The method includes uploading a third party module to a hosting web page; validating a proxy API call received from the third party module, wherein the proxy API call includes at least a payload parameter provided by the third party module; generating an engine API call including at least the payload parameter; validating the engine API call; and executing the payload parameter if the engine API call is validated.
    Type: Grant
    Filed: December 12, 2012
    Date of Patent: March 31, 2015
    Assignee: Sizmek Technologies Ltd.
    Inventor: Efraeim Cohen
  • Patent number: 8990886
    Abstract: In an information management system, policies are deployed to targets and targets can evaluate the policies whether they are connected or disconnected to the system. The policies may be transferred to the target, which may be a device or user. Relevant policies may be transferred while not relevant policies are not. The policies may have policy abstractions.
    Type: Grant
    Filed: September 24, 2013
    Date of Patent: March 24, 2015
    Assignee: NextLabs, Inc.
    Inventor: Keng Lim
  • Patent number: 8990552
    Abstract: A transmit portion of a network device including a medium access control (MAC) module configured to receive a frame of data to be transmitted from the network device in accordance with a MAC security (MACsec) protocol. In response to the frame of data being a precise time protocol (PTP) frame, the MAC module is configured to encrypt the PTP frame in accordance with the MACsec protocol, and associate an identifier with the encrypted PTP frame. A physical layer module includes a transmit module configured to transmit the encrypted PTP frame from the network device at a particular time. A PTP module configured to, based on the identifier associated with the encrypted PTP frame, generate a time stamp indicating the particular time that the transmit module transmits the encrypted PTP frame from the network device. The time stamp is transmitted from the network device along with the encrypted PTP frame.
    Type: Grant
    Filed: April 8, 2013
    Date of Patent: March 24, 2015
    Assignee: Marvell World Trade Ltd.
    Inventors: Raghu Kondapalli, Guy T. Hutchison
  • Publication number: 20150082021
    Abstract: An example method and system for a mobile proxy for WebRTC interoperability is discussed. The method may include receiving a DTLS security handshake from a WebRTC API of a browser endpoint, negotiating an encryption mechanism through a signaling protocol with a non-WebRTC enabled endpoint, completing, using one or more hardware processors, the DTLS security handshake with the WebRTC API of the browser endpoint based on the encryption mechanism, and exchanging, through a mobile proxy, first media traffic from the browser endpoint with the non-WebRTC enabled endpoint and second media traffic from the non-WebRTC enabled endpoint with the browser endpoint. In various embodiments, if the non-WebRTC endpoint uses SDES for negotiation of the encryption mechanism, the encryption mechanism may include SDES-conveyed key information.
    Type: Application
    Filed: June 30, 2014
    Publication date: March 19, 2015
    Inventors: Giridhar Dhati Mandyam, Arungundram Chandrasekaran Mahendran, Nikolai Konrad Leung, Thomas Towle
  • Patent number: 8984268
    Abstract: The invention provides a method and apparatus for transmitting data securely using an unreliable communication protocol, such as User Datagram Protocol. In one variation, the invention retains compatibility with conventional Secure Sockets Layer (SSL) and SOCKS protocols, such that secure UDP datagrams can be transmitted between a proxy server and a client computer in a manner analogous to conventional SOCKS processing. In contrast to conventional SSL processing, which relies on a guaranteed delivery service such as TCP and encrypts successive data records with reference to a previously-transmitted data record, encryption is performed using a nonce that is embedded in each transmitted data record. This nonce acts both as an initialization vector for encryption/decryption of the record, and as a unique identifier to authenticate the record.
    Type: Grant
    Filed: October 29, 2007
    Date of Patent: March 17, 2015
    Assignee: Aventail LLC
    Inventor: Marc D. VanHeyningen
  • Patent number: 8984285
    Abstract: Embodiments are directed towards decrypting encrypted content. A key for decrypting the encrypted content may be provided to a web application executing within a browser. The application may employ a generic cryptography application program interface (GCAPI) to perform actions on the key, including, storing the key, decrypting an encrypted key, generating another key, converting the key to a different encryption type, or the like. The GCAPI may or may not be enabled to explicitly share the key with the browser's media engine. In response to receiving encrypted content, the GCAPI may provide the key to the application, explicitly or inexplicitly to the browser's media engine, or the like. The key may be utilized by the application, the browser, the media element, browser's media engine, and/or the GCAPI to decrypt the encrypted content. The decrypted content may be displayed within the browser to a user of a client device.
    Type: Grant
    Filed: December 12, 2012
    Date of Patent: March 17, 2015
    Assignee: Google Inc.
    Inventors: David Kimbal Dorwin, Ryan David Sleevi, Andrew Martin Scherkus
  • Patent number: 8984619
    Abstract: According to one aspect, the subject matter described herein includes a method for communicating an encrypted data packet. The method includes steps occurring at a first gateway node. The method also includes receiving a data packet from a first host. The method further includes determining that a first security association (SA) instance associated with the data packet is in an inactive state. The method further includes identifying a second SA instance that is both associated with the data packet and in an active state. The method further includes forwarding the data packet to the second SA instance.
    Type: Grant
    Filed: July 12, 2013
    Date of Patent: March 17, 2015
    Assignee: Gendband US LLC
    Inventors: Allain Legacy, Matthew Lorne Peters
  • Patent number: 8976813
    Abstract: Methods and apparatus are provided for communicating a flow of packets with a requested quality of service. An exemplary method involves receiving a first packet of a flow, determining a first reference value for the packet flow identification field of the first packet using a key value, and facilitating the requested quality of service for the first packet when the received value of the packet flow identification field of the first packet matches the first reference value. The method continues by receiving a second packet of the flow, determining a second reference value for the packet flow identification field using the key value, and facilitating the requested quality of service for the second packet when the received value of the packet flow identification field of the second packet matches the second reference value.
    Type: Grant
    Filed: September 8, 2011
    Date of Patent: March 10, 2015
    Assignee: Motorola Solutions, Inc.
    Inventors: Tyrone D. Bekiares, Robert A. Fredericks, Adam C. Lewis
  • Patent number: 8978102
    Abstract: Methods, devices, and systems are disclosed for simulating a large, realistic computer network. Virtual actors statistically emulate the behaviors of humans using networked devices or responses and automatic functions of networked equipment, and their stochastic actions are queued in buffer pools by a behavioral engine. An abstract machine engine creates the minimal interfaces needed for each actor, and the interfaces then communicate persistently over a network with each other and real and virtual network resources to form realistic network traffic. The network can respond to outside stimuli, such as a network mapping application, by responding with false views of the network in order to spoof hackers, and the actors can respond by altering a software defined network upon which they operate.
    Type: Grant
    Filed: March 15, 2013
    Date of Patent: March 10, 2015
    Assignee: Shadow Networks, Inc.
    Inventors: Chad O. Hughes, Steven M. Silva
  • Patent number: 8976964
    Abstract: In a key pair management method for use in an image forming device, one or more key pairs which are usable for secure communication between the image forming device and an external device are stored into a first area of a memory. A key pair required for the secure communication with the external device is received from the first area of the memory. After the key pair is received from the first area of the memory, the key pair required for the secure communication with the external device is generated in an asynchronous mode and stored into the first area of the memory again. The secure communication between the image forming device and the external device is performed using the key pair received from the first area of the memory.
    Type: Grant
    Filed: August 30, 2012
    Date of Patent: March 10, 2015
    Assignee: Ricoh Company, Ltd.
    Inventor: Katsuya Shimamura
  • Patent number: 8972716
    Abstract: A communication method for a host and a wireless Internet access module, and a data card, are provided so that the host implements wireless Internet access with the wireless Internet access module of a secure digital interface. The method includes simulating each port on a wireless Internet access processing function unit in a wireless Internet access module into a secure digital card partition and reporting the secure digital card partition to a host side; receiving downlink interaction information from the host side encapsulated in a secure digital card interface format, decapsulating the downlink interaction information, and delivering the decapsulated downlink interaction information to a corresponding port; and receiving uplink interaction information reported to the host side from each port, encapsulating the received uplink interaction information in the secure digital card interface format.
    Type: Grant
    Filed: October 24, 2012
    Date of Patent: March 3, 2015
    Assignee: Huawei Device Co., Ltd.
    Inventors: Xiaozhi Fang, Guiying Xue, Lei Lin, Wenchun Jiang, Meiwen Yang, Keqiang Gao
  • Patent number: 8966243
    Abstract: This invention provides a method and system for data encryption and decryption in data transmission through the web. The method includes: a browser sends a cryptographic information acquisition request to a cryptographic information providing equipment; the cryptographic information providing equipment sends cryptographic information back to the browser via an HTTPS channel; the cryptographic information includes a cryptographic algorithm and a cryptographic index; the browser uses the cryptographic algorithm to encrypt the data to be transmitted, and sends the encrypted data and the cryptographic index to the web server via an HTTP channel; the web server obtains the cryptographic algorithm corresponding to the cryptographic index from the cryptographic information providing equipment, then decrypts the encrypted data. Embodiments of the present invention can alleviate the load in the HTTPS channel, and improve the overall performance.
    Type: Grant
    Filed: September 14, 2011
    Date of Patent: February 24, 2015
    Assignee: Tencent Technology (Shenzhen) Company Limited
    Inventors: Qian Yang, Heng Xiao, Tao Yu
  • Patent number: 8966240
    Abstract: Techniques are provided to append packet handling information “in the clear” ahead of security related information in a packet to be routed over a network to optimize wide area network deployments of security-configured equipment. In one form, at a network device that performs connectionless secure communication and network routing of packets, data is received from a source device to be sent through a network to a destination device. Packet handling information is inserted in a packet that is to be used to transport the data. The packet handling information is configured to enable controlled handling of the packet in the network and is inserted in an unprotected portion of the packet. Encrypted payload data is generated from the data received from the source device. The encrypted payload data and security information are inserted in a protected portion of the packet and the packet is sent to the network.
    Type: Grant
    Filed: October 5, 2011
    Date of Patent: February 24, 2015
    Assignee: Cisco Technology, Inc.
    Inventor: Rakesh Chopra
  • Publication number: 20150052348
    Abstract: A first application at a first device selects one of multiple encapsulation format types based on a cost or bandwidth associated with a network, or associated with a link of the network, connected between the first application at the first device and a second application at a second device. The first application receives, at the first application from Open Systems Interconnection (OSI) layers above an OSI session layer, payload data associated with a session, and generates one or more session layer encapsulated blocks of the payload data using the selected one of the multiple encapsulated format types. The first application encrypts the payload data, and other data of the one or more session layer encapsulated blocks, and passes the encrypted session layer encapsulated block to OSI layers below the session layer for sending to the second application at the second device.
    Type: Application
    Filed: April 30, 2014
    Publication date: February 19, 2015
    Applicant: Verizon Patent and Licensing Inc.
    Inventor: Robert Moskowitz
  • Publication number: 20150052347
    Abstract: A data communication security system is disclosed that includes a network interface including a first security module implementing a first security architecture, and a second security module implementing a second security architecture different from the first security architecture. The network interface further includes a file-based application programming interface defining a plurality of attributes of the network interface and including at least one attribute associated with data security managed by one of the first and second security modules. The file-based application programming interface includes at least one attribute from among the plurality of attributes that is associated with selecting between the first or second security modules.
    Type: Application
    Filed: November 11, 2011
    Publication date: February 19, 2015
    Inventor: Michael T. Kain
  • Patent number: 8959610
    Abstract: A network media gateway is used to bridge trust between a Service Provider network and subscriber devices. The gateway is authenticated by the Service Provider by using knowledge of network topology. Subscriber devices are authenticated in response to subscriber input to the gateway via an interface. Trusted subscriber devices can be tightly coupled with the Service Provider network, thereby facilitating delivery of QoE. Mobile and remote subscriber devices may also be authenticated. The gateway may also facilitate establishment of VPNs for peer-to-peer communications, and dynamically adjustable traffic, policy and queue weightings based on usage patterns.
    Type: Grant
    Filed: December 26, 2012
    Date of Patent: February 17, 2015
    Assignee: Constellation Technologies LLC.
    Inventors: Hassler Hayes, Nannra Anoop, John Watkins