Particular Node (e.g., Gateway, Bridge, Router, Etc.) For Directing Data And Applying Cryptography Patents (Class 713/153)
  • Patent number: 8914543
    Abstract: A method, system and computer program product of prioritizing network services is provided. Such prioritization may comprise a better level of service, more timely system response and/or preferential treatment of traffic. In an embodiment, prioritization is controlled by defining modes and levels of prioritization typically based on criteria, such as the value of a transaction, the standing of a user, or the type of transaction. Prioritization can also be established, for example, for a length of time or for a given transaction. The modes of prioritization may comprise remapping TCP ports to which a communication is directed, remapping uniform resource locators and/or Internet Protocol addresses to which a communication is directed and/or tagging communications with quality of service information. The levels of prioritization define the type(s) of priority service offered to a user, such as timeliness of system response and preference of traffic treatment, and may be arbitrarily defined.
    Type: Grant
    Filed: December 1, 2006
    Date of Patent: December 16, 2014
    Assignee: Catchfire Systems, Inc.
    Inventors: Mark Jasen, Guy Daley
  • Patent number: 8914841
    Abstract: A system capable of automated mapping between a connectivity request and an ordered security rule-set and a method of operating thereof. The system includes an interface operable to obtain data characterizing at least one connectivity request; a module for automated recognizing at least one rule within the rule-set, the rule controlling traffic requested in the at least one connectivity request, wherein the recognizing is provided by comparing a set of combinations specified in the connectivity request with a set of combinations specified in the rule and matching connectivity-related actions specified in the connectivity request; a module for automated evaluating relationship between traffic controlled by the recognized at least one rule and traffic requested in the at least one connectivity request; and a module for automated classifying, in accordance with evaluation results, the at least one connectivity request with respect to the at least one rules and/or vice versa.
    Type: Grant
    Filed: November 23, 2011
    Date of Patent: December 16, 2014
    Assignee: Tufin Software Technologies Ltd.
    Inventor: Reuven Harrison
  • Patent number: 8914871
    Abstract: A system and method for a distributed multi-processing security gateway establishes a host side session, selects a proxy network address for a server, uses the proxy network address to establish a server side session, receives a data packet, assigns a central processing unit core from a plurality of central processing unit cores in a multi-core processor of the security gateway to process the data packet, processes the data packet according to security policies, and sends the processed data packet. The proxy network address is selected such that a same central processing unit core is assigned to process data packets from the server side session and the host side session. By assigning central processing unit cores in this manner, higher capable security gateways are provided.
    Type: Grant
    Filed: May 1, 2013
    Date of Patent: December 16, 2014
    Assignee: A10 Networks, Inc.
    Inventors: Lee Chen, Ronald Wai Lun Szeto
  • Publication number: 20140365761
    Abstract: A method and apparatus for use in securely relaying data. The data is received by a first relay unit from a data provider. The data is sent by the first relay unit to a mail server. The data is retrieved by a second relay unit in a second network from the mail server. The data is sent by the second relay unit to a data subscriber.
    Type: Application
    Filed: January 31, 2014
    Publication date: December 11, 2014
    Applicant: THE BOEING COMPANY
    Inventor: Robert L. Deyoung
  • Patent number: 8910296
    Abstract: Techniques are disclosed for hiding sensitive information from a provider of support services. In one embodiment, a first network device determines that network device information includes non-sensitive data and sensitive data. In response to the determining, the first network device generates mapping data that maps dummy information to the sensitive data. The first network device generates output data that comprises the non-sensitive data and the dummy data and sends the output data to a second network device. In other embodiments, the user may select the network parameters that are sensitive. The first network device may also receive first report data from the second network device that identifies a network problem and includes the dummy data and generate second report data by using the mapping data to replace the dummy information with the sensitive data.
    Type: Grant
    Filed: October 31, 2011
    Date of Patent: December 9, 2014
    Assignee: Cisco Technology, Inc.
    Inventors: Ammar Rayes, Subrata Dasgupta, Gaurav Garg, Mark Whitteker
  • Patent number: 8909967
    Abstract: A technique for secure computation obfuscates program execution such that observers cannot detect what instructions are being run at any given time. Rather, program execution and memory access patterns are made to appear uniform. A processor operates based on encrypted inputs and produces encrypted outputs. In various examples, obfuscation is achieved by exercising computational circuits in a similar way for a wide range of instructions, such that all such instructions, regardless of their operational differences, affect the processor's power dissipation and processing time substantially uniformly. Obfuscation is further achieved by limiting memory accesses to predetermined time intervals, with memory interface circuits exercised regardless of whether a running program requires a memory access or not. The resulting processor thus reduces leakage of any meaningful information relating to the program or its inputs, which could otherwise be detectable to observers.
    Type: Grant
    Filed: December 31, 2012
    Date of Patent: December 9, 2014
    Assignee: EMC Corporation
    Inventor: Marten van Dijk
  • Patent number: 8910237
    Abstract: Systems and methods are disclosed with which queries can be sent to various clients of a trusted query network in a trusted query network message. In one embodiment, each registered client receives the message and determines whether or not it will participate in the query. If so, the client adds to the message in a first data round a true response to the query and obfuscation data, and then forwards the message on to the next client (or back to the client that initiated the query if each client has added its data to the message). In a second round, the message is again sent to each participating client, which this time removes its obfuscation data. Once each client has removed its obfuscation data, a final result is obtained that can be sent to each of the clients.
    Type: Grant
    Filed: July 16, 2010
    Date of Patent: December 9, 2014
    Assignee: Georgia State University Research Foundation, Inc.
    Inventors: Richard Baskerville, Art Vandenberg, Daniele Bertolotti, Saravanaraj Duraisamy
  • Publication number: 20140359276
    Abstract: A method begins by a source processing module securing data based on a key stream to produce secured data, where the key stream is derived from a unilateral encryption key accessible only to the source processing module, and sending the secure data to an intermediator processing module, where desecuring the secured data is divided into two partial desecuring stages. The method continues with the intermediator processing module partially desecuring the secure data in accordance with a first partial desecuring stage to produce partially desecured data and sending the partially desecured data to a destination processing module. The method continues with the destination processing module further partially desecuring the partially desecured data in accordance with a second desecuring stage to recover the data, where the destination processing module does not have access to the encryption key or to the key stream.
    Type: Application
    Filed: April 18, 2014
    Publication date: December 4, 2014
    Applicant: CLEVERSAFE, INC.
    Inventors: Jason K. Resch, Greg Dhuse
  • Publication number: 20140359275
    Abstract: Multi-protocol label switching (MPLS) data is typically sent non-encrypted over MPLS-based networks. If encryption is applied to MPLS data frames and MPLS labels are encrypted, each node receiving any of the MPLS data frame would have to perform decryption in order to direct the data frames to a next node, therefore resulting in extra processing and data latency. According to an example embodiment, encryption and decryption mechanisms for MPLS data include encrypting/decrypting payload data while keeping the MPLS labels in the clear (i.e., unencrypted). A MPLS encryption label is also employed within the MPLS label stack to indicate that encryption is applied. The MPLS encryption label is inserted in the MPLS label stack when encrypting the payload and is removed when decrypting the payload.
    Type: Application
    Filed: April 16, 2014
    Publication date: December 4, 2014
    Applicant: Certes Networks, Inc.
    Inventors: Ganesh Murugesan, Todd L. Cignetti
  • Publication number: 20140359277
    Abstract: In one embodiment, a method includes receiving from a secure device, an encrypted rule at a first network device, receiving at the first network device, a packet containing at least one encrypted subfield from a second network device, the subfield encrypted based on a key received at the second network device from the secure device, and determining if the encrypted subfield matches the encrypted rule. An apparatus and logic are also disclosed herein.
    Type: Application
    Filed: June 4, 2013
    Publication date: December 4, 2014
    Inventor: David McGrew
  • Patent number: 8904503
    Abstract: A computer-implemented method for providing access to data accounts within user profiles via cloud-based storage services may include (1) identifying a user profile associated with a user of a cloud-based storage service, (2) identifying a plurality of data accounts within the user profile associated with the user of the cloud-based storage service, (3) detecting a request from a client-based application associated with the user of the cloud-based storage service to access at least a portion of data stored in a data account within the user profile, (4) locating a unique account name that identifies the data account in the request, and then (5) satisfying the request from the client-based application associated with the user to access the portion of data stored in the data account via the cloud-based storage service. Various other methods, systems, and computer-readable media are also disclosed.
    Type: Grant
    Filed: January 15, 2013
    Date of Patent: December 2, 2014
    Assignee: Symantec Corporation
    Inventor: Paul Agbabian
  • Patent number: 8904167
    Abstract: In order to mitigate the security risk posed by the insertion of a relay node within a communication network, both device authentication and subscriber authentication are performed on the relay node. Device and subscriber authentication may be bound together so that a relay node is granted access to operate within the network only if both device and subscriber authentication are successful. Additionally, a communication network (or authentication node) may further verify that a subscriber identifier (received as part of subscriber authentication) is associated with the corresponding device type (identified by the device identifier in the corresponding device authentication) as part of the subscriber authentication process.
    Type: Grant
    Filed: January 21, 2011
    Date of Patent: December 2, 2014
    Assignee: QUALCOMM Incorporated
    Inventors: Adrian Edward Escott, Anand Palanigounder, Fatih Ulupinar, Brian M. Rosenberg
  • Patent number: 8904036
    Abstract: Described are a secure geo-location obscurity network and ingress nodes, transit nodes and egress nodes used in such a network. In particular, a novel device is provided and comprises: a node for a network, the node comprising: a private portion for allowing high bandwidth secure private traffic to be received and transmitted by the node on a private pathway through the node; and a public portion for allowing low bandwidth secure public traffic to be received and transmitted by the node on a plurality of public pathways through the node.
    Type: Grant
    Filed: December 7, 2010
    Date of Patent: December 2, 2014
    Assignee: Chickasaw Management Company, LLC
    Inventors: James Andrew Reynolds, Philip Desch, Brett Burley, Gene Ward, Joe Kenny, Michael Howland, Christopher Allen Howland
  • Patent number: 8904558
    Abstract: The detection of web browser-based attacks using browser tests launched from a remote source is described. In one example, a digest is computed based on the content of an HTTP response message. The message is modified and sent to a client device that also computes a digest. The digests are compared to determine whether content has been modified by malware on the HTTP client. The results of the test are analyzed and defensive measures are taken.
    Type: Grant
    Filed: June 5, 2014
    Date of Patent: December 2, 2014
    Assignee: Imperva, Inc.
    Inventors: Amichai Shulman, Tal Arieh Be'ery
  • Patent number: 8904478
    Abstract: Code is associated to a target based on an inspection of the code. A target may be a device or a user. A number of code components may be inspected at one time and then transferred or otherwise associated to a target based on the target's profile. A code component may be a policy of an information management system.
    Type: Grant
    Filed: January 28, 2014
    Date of Patent: December 2, 2014
    Assignee: NextLabs, Inc.
    Inventor: Keng Lim
  • Patent number: 8904512
    Abstract: A system and method for a distributed multi-processing security gateway establishes a host side session, selects a proxy network address for a server, uses the proxy network address to establish a server side session, receives a data packet, assigns a central processing unit core from a plurality of central processing unit cores in a multi-core processor of the security gateway to process the data packet, processes the data packet according to security policies, and sends the processed data packet. The proxy network address is selected such that a same central processing unit core is assigned to process data packets from the server side session and the host side session. By assigning central processing unit cores in this manner, higher capable security gateways are provided.
    Type: Grant
    Filed: May 1, 2013
    Date of Patent: December 2, 2014
    Assignee: A10 Networks, Inc.
    Inventors: Lee Chen, Ronald Wai Lun Szeto
  • Patent number: 8904516
    Abstract: A system for connecting a first network device and a second network device includes one or more servers. The servers are configured to: (a) receive, from the first network device, a request to look up a network address of the second network device based on an identifier associated with the second network device; (b) determine, in response to the request, whether the second network device is available for a secure communications service; and (c) initiate a virtual private network communication link between the first network device and the second network device based on a determination that the second network device is available for the secure communications service, wherein the secure communications service uses the virtual private network communication link.
    Type: Grant
    Filed: June 6, 2013
    Date of Patent: December 2, 2014
    Assignee: VirnetX, Inc.
    Inventors: Victor Larson, Robert Dunham Short, III, Edmund Colby Munger, Michael Williamson
  • Publication number: 20140351573
    Abstract: Methods, systems, and apparatus, including computer programs encoded on computer storage media, for selectively performing man in the middle decryption. One of the methods includes receiving a first request to access a first resource hosted by a server outside the network, determining whether requests from the client device to access the first resource outside the network should be redirected to a second resource hosted by a proxy within the network, providing a redirect response to the client device, the redirect response including the second universal resource identifier, establishing a first encrypted connected between the client device and the proxy hosting the second resource, and a second encrypted connection between the proxy hosting the second domain and the server hosting the first resource, and decrypting and inspecting the encrypted communication traffic passing between the client device and the server hosting the first resource.
    Type: Application
    Filed: May 23, 2013
    Publication date: November 27, 2014
    Applicant: Phantom Technologies, Inc.
    Inventor: Paul Michael Martini
  • Patent number: 8898452
    Abstract: A system and method for securing data by receiving encrypted data at a security appliance transmitted from a client, wherein at least a portion of the encrypted data is encrypted according to a first encryption protocol, and wherein the encrypted data is transmitted to the security appliance according to a first data transfer protocol. The encrypted data is then decrypted at the security appliance, wherein at least a portion of the decrypted data is re-encrypted according to a second encryption protocol at the security appliance. The re-encrypted data is transmitted from the security appliance to a storage device, wherein the re-encrypted data is transmitted according to a second data transfer protocol that is different than the first data transfer protocol.
    Type: Grant
    Filed: September 8, 2005
    Date of Patent: November 25, 2014
    Assignee: NetApp, Inc.
    Inventors: Serge Plotkin, Hristo Bojinov, Yuval Frandzel, Andrew Narver, Zi-Bin Yang
  • Patent number: 8898780
    Abstract: Methods, servers, and systems for encoding security labels in a dynamic language value to allow cross script communications within client application while limiting the types of information that is allowed to be communicated back to a host server. Static analysis is performed during compilation, and the results are used to generate and insert additional code that updates, modifies and propagates labels (e.g., JavaScript labels) attached to values (e.g., JavaScript values) during execution of a program. To support popular language features that allow for strong integration with other web-based systems, malicious code is allowed to perform operations locally (e.g., on the client), and a detection and prevention mechanism identifies and stops malicious code from sending requests or gathered information over the network, naturalizing attacks and improving the security of applications that embed dynamic language code.
    Type: Grant
    Filed: February 17, 2012
    Date of Patent: November 25, 2014
    Assignee: QUALCOMM Incorporated
    Inventors: Christoph Kerschbaumer, Mohammad H. Reshadi
  • Patent number: 8898768
    Abstract: A computer or microchip comprising a central controller that connected by a secure control bus with the other parts of the computer or microchip, including a volatile random access memory (RAM) located in a portion of the computer or microchip that is connected to a network. The secure control bus is isolated from any input from the network and provides and ensures direct preemptive control by the central controller over the volatile random access memory (RAM). The direct preemptive control includes transmission of data and/or code to the volatile random access memory (RAM) or erasure of data and/or code in the volatile random access memory (RAM) and includes control of the connection between the central controller and the volatile random access memory (RAM) and between the volatile random access memory (RAM) and a microprocessor having a connection for the network.
    Type: Grant
    Filed: March 15, 2013
    Date of Patent: November 25, 2014
    Inventor: Frampton E. Ellis
  • Patent number: 8891772
    Abstract: Embodiments are directed to allowing a user to store encrypted, third-party-accessible data in a data store and to providing third party data access to a user's encrypted data according to a predefined policy. A data storage system receives encrypted data from a user at a data storage system. The data is encrypted using the user's private key. The data storage system stores the received encrypted data according to a predefined policy. The encryption prevents the storage system from gaining access to the encrypted data, while the policy allows the encrypted data to be released upon receiving a threshold number of requests from verified third parties. The data storage system implements a verifiable secret sharing scheme to verify that the encrypted data can be reconstituted without the data storage system accessing the encrypted data. The data storage system synchronously acknowledges that the received encrypted data has been verified and successfully stored.
    Type: Grant
    Filed: June 17, 2011
    Date of Patent: November 18, 2014
    Assignee: Microsoft Corporation
    Inventors: Roy Peter D'Souza, Omkant Pandey
  • Patent number: 8893259
    Abstract: The present disclosure provides solutions that may enable an enterprise providing services to a number of clients to determine whether to establish a client based SSL VPN session or a clientless SSL VPN session with a client based on an information associated with the client. An intermediary establishing SSL VPN sessions between clients and servers may receive a request from a client to access a server. The intermediary may identify a session policy based on the request. The session policy may indicate whether to establish a client based SSL VPN session or clientless SSL VPN session with the server. The intermediary may determine, responsive to the policy, to establish a clientless or client based SSL VPN session between the client and the server.
    Type: Grant
    Filed: January 26, 2009
    Date of Patent: November 18, 2014
    Assignee: Citrix Systems, Inc.
    Inventors: Puneet Agarwal, Saibal Kumar Adhya, Srinivasan Thirunarayanan, Akshat Choudhary
  • Patent number: 8893290
    Abstract: A method and a system for detecting anomalies within a voluminous private data are provided. The voluminous private data, including sensitive information corresponding to one or more objects within the voluminous private data is received. The sensitive information within the voluminous private data is identified, and identified sensitive information is modified to generate a modified voluminous private data. The sensitive information is marked in the modified voluminous private data to generate a marked voluminous private data. The anomaly within the marked voluminous private data is detected.
    Type: Grant
    Filed: September 5, 2012
    Date of Patent: November 18, 2014
    Assignee: Xerox Corporation
    Inventors: Nischal M. Piratla, Chithralekha Balamurugan, Raja Bala, Aaron M. Burry
  • Patent number: 8892877
    Abstract: A method and a device are provided for accessing data files of a secure file server, wherein a user or a process is authenticated; wherein access to the data files of the secure file server takes place by way of an encryption module of the secure file server; wherein the encryption module comprises an encryption agreement of a centralized security application; and wherein the access of the authenticated user or process to the secure file server takes place by way of an encrypted protocol taking into consideration the encryption agreement. Such a device may be included in a corresponding computer network.
    Type: Grant
    Filed: May 17, 2012
    Date of Patent: November 18, 2014
    Assignee: Bayerische Motoren Werke Akteingesellschaft
    Inventor: Sirko Molau
  • Patent number: 8892868
    Abstract: A method of using a hardware security module and an adjunct application programming interface to harden tokenization security and encryption key rotation is disclosed. In various embodiments, the method comprises receiving encrypted data at a processor of a computer system, decrypting the encrypted data to cleartext in the processor, and issuing a unique token associated with the data.
    Type: Grant
    Filed: September 30, 2008
    Date of Patent: November 18, 2014
    Assignee: Amazon Technologies, Inc.
    Inventors: Jason Jenks, Tushaar Sethi, Brandon B. Low, Jason Cetina, Jesper Johansson, Waylon Brunette, Hanson Char, Spencer Proffit
  • Patent number: 8892778
    Abstract: A method for securing remote access to private networks includes a receiver intercepting from a data link layer a packet in a first plurality of packets destined for a first system on a private network. A filter intercepts from the data link layer a packet in a second plurality of packets transmitted from a second system on the private network, destined for an system on a second network. A transmitter in communication with the receiver and the filter performing a network address translation on at least one intercepted packet and transmitting the at least one intercepted packet to a destination.
    Type: Grant
    Filed: September 14, 2012
    Date of Patent: November 18, 2014
    Assignee: Citrix Systems, Inc.
    Inventors: Goutham P. Rao, Robert A. Rodriguez, Eric R. Brueggemann
  • Publication number: 20140337615
    Abstract: A system and method for providing secure and anonymous communication between a plurality of individuals relying on the cryptographic method of the one-time pad (OTP) is described. Unique, randomly generated blocks of data are generated to serve as one-time pads, and each is given a unique identification that serves as a system address. One-time pads are anonymously distributed to communicants with a copy of each being retained by a service provider that operates a One-Time Pad Hub. Messages may be exchanged among holders of one-time pads through the Hub using the identifier addresses.
    Type: Application
    Filed: May 6, 2014
    Publication date: November 13, 2014
    Inventor: Terrance A. Tomkow
  • Patent number: 8887293
    Abstract: Embodiments disclosed herein provide secure communication among enterprise users utilizing social networking sites. A server computer may encrypt a post intended for a social networking site and forward the encrypted data or may save the post locally and send a placeholder to the social networking site. The server may receive a message from the social networking site containing the encrypted data or placeholder and determine that a recipient is authorized to view the original post. The server may then decrypt the data or retrieve the original post for servicing the request. In this way, authorized users of an enterprise can utilize social networking sites, which are independently owned and operated, to communicate with each other in a secure manner.
    Type: Grant
    Filed: June 17, 2013
    Date of Patent: November 11, 2014
    Assignee: Socialware, Inc.
    Inventors: Cameron Blair Cooper, Christopher Lee Richter
  • Patent number: 8885823
    Abstract: A method for delivering encrypted content to a subscriber terminal on-demand through a communication network is provided. The method begins when SRM receives a request for content from the subscriber terminal. In response to the request, the SRM directs a video server to transmit the content as an unencrypted transport stream to an encryptor. The packets in the unencrypted transport stream include a header with a destination address associated with the subscriber terminal. The encryptor encrypts the content in the unencrypted transport stream to generate an encrypted transport stream. The encryptor also inserts in the packet headers of the packets in the encrypted transport stream the destination address associated with the subscriber terminal obtained from the packet headers in the unencrypted transport stream. Finally, the encrypted transport stream is transmitted to the subscriber terminal over the communication network.
    Type: Grant
    Filed: September 24, 2007
    Date of Patent: November 11, 2014
    Assignee: General Instrument Corporation
    Inventors: Christopher Poli, Joseph M. Amorese, Robert Mack, Lawrence D. Vince, Charles A. Zimmerman
  • Patent number: 8886954
    Abstract: Systems and methods verifying a user during authentication of an integrated device. In one embodiment, the system includes an integrated device and an authentication unit. The integrated device stores biometric data of a user and a plurality of codes and other data values comprising a device ID code uniquely identifying the integrated device and a secret decryption value in a tamper proof format, and when scan data is verified by comparing the scan data to the biometric data, wirelessly sends one or more codes and other data values including the device ID code. The authentication unit receives and sends the one or more codes and the other data values to an agent for authentication, and receives an access message from the agent indicating that the agent successfully authenticated the one or more codes and other data values and allows the user to access an application.
    Type: Grant
    Filed: December 10, 2012
    Date of Patent: November 11, 2014
    Assignee: Proxense, LLC
    Inventor: John J. Giobbi
  • Patent number: 8887251
    Abstract: A handover method of a mobile terminal between heterogeneous networks for facilitating the handover with pre-authentication procedure is provided. A handover method between heterogeneous networks includes receiving, at a mobile terminal connected to a source network, information on at least one target authenticator of a target network from a source authenticator in response to an attach request; creating an authentication key between the mobile terminal and the target authenticator selected among the at least one target authenticator through a pre-authentication process; determining, when the mobile terminal transmits a handover request to the selected target authenticator, whether the authentication key contained in the handover request matches with the authentication key stored in the selected target authenticator; and connecting, when the authentication keys match with each other, to the target network via the selected target authenticator.
    Type: Grant
    Filed: December 23, 2009
    Date of Patent: November 11, 2014
    Assignee: Samsung Electronics Co., Ltd.
    Inventors: Peng Lei, Jeong Jae Won, Young Seok Kim
  • Patent number: 8885557
    Abstract: To reduce the effectiveness of eavesdropping attacks, a filler such as one utilized in a data frame for link-layer LAPDm signaling may be dynamically selected to utilize a first bit pattern (first filler) generated utilizing a first algorithm when the transmissions are unencrypted, and to utilize a second bit pattern (second filler) generated utilizing a second algorithm different from the first algorithm when the transmissions are encrypted.
    Type: Grant
    Filed: September 23, 2011
    Date of Patent: November 11, 2014
    Assignee: QUALCOMM Incorporated
    Inventors: Simon Walke, Nicholas J. Tebbit, Mungal S. Dhanda
  • Patent number: 8880870
    Abstract: Bridges 30, 40 are interposed between a server 10 or a client 20 having two channels 2ch, one of the two channels making a LAN connection to either the server or the client and the other channel making the LAN connection to the internet. Each of bridges 30, 40 performs a LAN packet scramble, a scramble purpose encryption key management, a scramble purpose encryption key management, and a bridging system authentication. Furthermore, each of bridges 30, 40 performs a LAN packet scramble, a scramble purpose encryption key management, and a bridging system authentication for a packet derived from the server or the client. Furthermore, a composite authentication having a plurality of authentication purpose interfaces is carried out in each of the bridges. Furthermore, a composite authentication having a plurality of authentication purpose interfaces is carried out in each of the bridges. The bridge has a plurality of authentication purpose interfaces to perform a composite authentication.
    Type: Grant
    Filed: May 5, 2009
    Date of Patent: November 4, 2014
    Assignee: Meidensha Corporation
    Inventor: Kazumasa Aizawa
  • Patent number: 8881238
    Abstract: In the event of an authentication process failure, a mobile station bans a connection profile storing the credentials provided by the mobile station when initiating the failed authentication process, thus affecting how subsequent scans—other than discovery scans—and connection attempts are handled. In the event of an authentication process failure, a mobile station bans or suppresses an access point with which the mobile station initiated the failed authentication process. The mobile station refrains from transmitting any communications addressed to the unique identifier of any banned access point. The mobile station may ignore any communications received from a banned access point. Suppressed access points are occasionally not made available to the mobile station for selection as a target for a connection attempt.
    Type: Grant
    Filed: January 30, 2014
    Date of Patent: November 4, 2014
    Assignee: BlackBerry Limited
    Inventors: Ahmad Mohammad Mohammad Kholaif, Ion Barbu, Krishna Kumar Bakthavathsalu, Nayef Fawaz Mendahawi, Denis Fedotenko
  • Patent number: 8881277
    Abstract: A method and system are described for collecting addresses for remotely accessible information sources. Messages, such as emails, carried by a messaging network (N1) are intercepted before reaching a destined terminal. Addresses for remotely accessible information sources (i.e. URLs) are identified from the intercepted email messages. The messages are analyzed to be classified as either a first type of message (e.g. spam or virus messages) or a second, different, type of message. If the intercepted message is classified as the first spam/virus type then data indicative of the identified address (URL) is transmitted to a filtering system (100) which controls access to the remotely accessible information sources. As a result, addresses (URLs) are gleaned from transmitted messages such as spam e-mail and supplied to a filtering system (100) which controls access to the resources accessible at those addresses.
    Type: Grant
    Filed: January 4, 2008
    Date of Patent: November 4, 2014
    Assignee: Websense Hosted R&D Limited
    Inventor: James Kay
  • Patent number: 8880905
    Abstract: According to one aspect of the invention, a file received from a first user is stored in a storage device, where the file includes private metadata encrypted by a secret key associated with a second user. A private metadata identifier is stored in a predetermined storage location, indicating that private metadata of the file has not been decrypted and indexed. In response to an inquiry subsequently received from the second user, the predetermined storage location is scanned to identify the private metadata identifier based on the inquiry. The encrypted metadata identified by the private metadata identifier is transmitted to the second user for decryption. In response to the metadata that has been decrypted by the second user, the decrypted metadata is indexed for the purpose of subsequent searches of at least one of the metadata and the file.
    Type: Grant
    Filed: October 27, 2010
    Date of Patent: November 4, 2014
    Assignee: Apple Inc.
    Inventors: Kaelin L. Colclasure, John M. Hörnkvist, Braden J. Thomas
  • Patent number: 8880871
    Abstract: Disclosed are various embodiments for improving hash table utilization. A key corresponding to a data item to be inserted into a hash table can be transformed to improve the entropy of the key space and the resultant hash codes that can generated. Transformation data can be inserted into the key in various ways, which can result in a greater degree of variance in the resultant hash code calculated based upon the transformed key.
    Type: Grant
    Filed: September 27, 2012
    Date of Patent: November 4, 2014
    Assignee: Broadcom Corporation
    Inventors: Brad Matthews, Bruce Kwan, Puneet Agarwal
  • Patent number: 8874898
    Abstract: Technologies for establishing and managing a connection with a power line communication network include establishing a communication connection between an electronic device and a security server. A default device encryption key associated with the electronic device is changed to correspond with a new device encryption key of the security server. Thereafter, the electronic device may only join a power line communication network of a particular security server using a network membership key, which is encrypted with the device encryption key that the particular security server associates to the electronic device. The electronic device contains a circuit interrupt to interrupt a circuit of the electronic device if the electronic device is not able to successfully decrypt the network membership key.
    Type: Grant
    Filed: December 14, 2012
    Date of Patent: October 28, 2014
    Assignee: Intel Corporation
    Inventors: Saurabh Dadu, Gyan Prakash
  • Patent number: 8875218
    Abstract: In an information management system, policies are deployed to targets and targets can evaluate the policies whether they are connected or disconnected to the system. The policies may be transferred to the target, which may be a device or user. Relevant policies may be transferred while not relevant policies are not. The policies may have policy abstractions.
    Type: Grant
    Filed: December 22, 2006
    Date of Patent: October 28, 2014
    Assignee: NextLabs, Inc.
    Inventor: Keng Lim
  • Patent number: 8874897
    Abstract: A system and methods for facilitating secure communications on a website are presented. The system comprising a security server configured to receive a secure message from a creator device is disclosed. The security server encodes the received message and sends the encoded message or a representation of the encoded message for posting on the website so that one or more users of the website have the ability to request that the security server make the message available after the encoded message has been decoded.
    Type: Grant
    Filed: August 21, 2012
    Date of Patent: October 28, 2014
    Assignee: Reputation.com, Inc.
    Inventors: Gang (Tiger) Lan, Michael Fertik, Saad Mir, Abbey Sparrow, Jeffrey A. Harnois, II
  • Patent number: 8874685
    Abstract: A process for centrally managing a large number of computers from a central location when technical expertise is not available at each end point nor can other remote management techniques be employed such as remote desktop or direct connection to an agent. This process consists of the generation of processing instructions at a central point which can then be distributed to any number of endpoints in an asynchronous manner where they will be automatically applied and, if requested, response returned to the central management point asynchronously. The communication mechanisms are secure, verifiable, and require no special expertise at the endpoint to employ. Asynchronous refers to the ability for processing instructions and responses to be transferred by a variety of methods but not solely dependent on direct communications, such as via a store-and-forward mechanism, and can also include server-side push directly to the endpoint and client-side pull from a predetermined rendezvous point.
    Type: Grant
    Filed: September 22, 2010
    Date of Patent: October 28, 2014
    Assignee: ThreatGuard, Inc.
    Inventors: Robert L. Hollis, Gunnar Engelbach, Randal Scot Taylor
  • Patent number: 8874922
    Abstract: In accordance with the present disclosure, a system and method for multilayered authentication of trusted platform updates is described. The method may include storing first cryptographic data in a personality module of an information handling system, with the first cryptographic data corresponding to a verified firmware component. A second cryptographic data may also be determined, with the second cryptographic data corresponding to an unverified firmware component. The unverified firmware component may be stored in a memory element of the information handling system, and the second cryptographic data may be determined using a processor of the information handling system.
    Type: Grant
    Filed: January 17, 2012
    Date of Patent: October 28, 2014
    Assignee: Dell Products L.P.
    Inventors: Muhammed Jaber, Mukund Khatri
  • Patent number: 8874544
    Abstract: A system and method for exposing internal search indices to Internet search engines. The internal search indices are exposed to external search engines in such a way that the data may be segregated into at least two types including one layer of search data specifically for the search engines, and another for potential users of the application. This significantly improves the probability of discovery by search engines and also provides for presentation of discovered content to users in a manner consistent with the content itself, or consistent with the intended controls or presentations established by the content's owner. The system and method also includes one or more components that reproduce information about IP in a format that search engines can recognize and locate. The component also forwards users coming through the search engines to the actual IP graphical user interface (GUI) instead of the files that the search engine discovered.
    Type: Grant
    Filed: January 13, 2005
    Date of Patent: October 28, 2014
    Assignee: International Business Machines Corporation
    Inventors: Clifton E. Grim, III, Christopher I. Schmidt, John D. Wilson
  • Publication number: 20140317397
    Abstract: A device within the network receives a domain name service (DNS) request for an address of a first resource outside the network, the first resource associated with a security policy of the network. An address of a second resource within the network is returned to the device within the network in response the DNS request, the second resource address having previously been associated with the first resource address. A first encrypted connection is established between the device and the second resource, and a second encrypted connection is established between the second resource and the first resource, to facilitate encrypted communication traffic between the device and the first resource. The encrypted communication traffic passing between the device and the first resource is selectively decrypted and inspected depending on the address of the first resource.
    Type: Application
    Filed: April 30, 2014
    Publication date: October 23, 2014
    Applicant: iboss, Inc.
    Inventor: Paul Michael Martini
  • Patent number: 8869260
    Abstract: A computer or microchip securely controlled through a private network including a connection to a network of computers including the Internet; a separate connection to at least a private network of computers located in a hardware protected area of said computer or microchip, a first microprocessor, core or processing unit configured to connect to the connection to the network of computers including the Internet; a master controlling device for the computer or microchip located in the hardware protected area; and a secure control bus configured to connect at least said master controlling device with said microprocessor, core or processing unit, and isolated from input from the network and components other than said master controlling device. The master controlling device securely controls an operation executed by the microprocessor, core or processing unit, with secure control being provided through the private network to the private network connection through the secure control bus.
    Type: Grant
    Filed: February 15, 2013
    Date of Patent: October 21, 2014
    Inventor: Frampton E. Ellis
  • Patent number: 8869236
    Abstract: One embodiment includes a non-transitory computer readable medium having instructions executable by a processor to implement a method. The method includes receiving user configuration data for a network device, the configuration system being coupled to a service network. The method also includes storing device configuration data in a configuration database coupled to the service network, the device configuration data being based on the user configuration data and service network data. The method also includes receiving a configuration request at the configuration system from the network device in response to the network device being unconfigured and connected in a user network. The method further includes transmitting the device configuration data from the configuration database to the network device in response to the configuration request.
    Type: Grant
    Filed: January 11, 2013
    Date of Patent: October 21, 2014
    Assignee: Shoretel, Inc.
    Inventors: Dale Tonogai, Darren J. Croke
  • Patent number: 8869235
    Abstract: A system is disclosed that includes components and features for enabling enterprise users to securely access enterprise resources (documents, data, application servers, etc.) using their mobile devices. An enterprise can use some or all components of the system to, for example, securely but flexibly implement a BYOD (bring your own device) policy in which users can run both personal applications and secure enterprise applications on their mobile devices. The system may, for example, implement policies for controlling mobile device accesses to enterprise resources based on device attributes (e.g., what mobile applications are installed), user attributes (e.g., the user's position or department), behavioral attributes, and other criteria.
    Type: Grant
    Filed: October 10, 2012
    Date of Patent: October 21, 2014
    Assignee: Citrix Systems, Inc.
    Inventors: Waheed Qureshi, Kelly Brian Roach, John M. McGinty, Olivier Andre, Shafaq Abdullah, Thomas H. DeBenning, Ahmed Datoo
  • Patent number: 8869276
    Abstract: To improve network reliability and management in today's high-speed communication networks, we propose an intelligent system using adaptive statistical approaches. The system learns the normal behavior of the network. Deviations from the norm are detected and the information is combined in the probabilistic framework of a Bayesian network. The proposed system is thereby able to detect unknown or unseen faults. As demonstrated on real network data, this method can detect abnormal behavior before a fault actually occurs, giving the network management system (human or automated) the ability to avoid a potentially serious problem.
    Type: Grant
    Filed: June 29, 2006
    Date of Patent: October 21, 2014
    Assignee: Trustees of Boston University
    Inventors: Mark Crovella, Anukool Lakhina
  • Publication number: 20140310513
    Abstract: A method and system for managing data security in a computing environment. A processor at the gateway server receives, from a user device, at least one message. Each message requests that an encryption key be downloaded to the user device. The gateway server interfaces between the user device and a cloud that includes interconnected computing systems external to the user device. In response to the received at least one message, the processor generates at least one unique encryption key for each message and sends the at least one generated encryption key to the user device, but does not store any of the generated encryption keys in the cloud. For each encryption key having been sent to the user device, the processor receives each encryption key returned from the user device. For each encryption key received from the user device, the processor stores each received encryption key in the cloud.
    Type: Application
    Filed: February 19, 2014
    Publication date: October 16, 2014
    Applicant: INTERNATIONAL BUSINESS MACHINES CORPORATION
    Inventors: Jonathan M. Barney, Cataldo Mega, Edmond Plattier, Daniel Suski