Particular Node (e.g., Gateway, Bridge, Router, Etc.) For Directing Data And Applying Cryptography Patents (Class 713/153)
-
Patent number: 8914543Abstract: A method, system and computer program product of prioritizing network services is provided. Such prioritization may comprise a better level of service, more timely system response and/or preferential treatment of traffic. In an embodiment, prioritization is controlled by defining modes and levels of prioritization typically based on criteria, such as the value of a transaction, the standing of a user, or the type of transaction. Prioritization can also be established, for example, for a length of time or for a given transaction. The modes of prioritization may comprise remapping TCP ports to which a communication is directed, remapping uniform resource locators and/or Internet Protocol addresses to which a communication is directed and/or tagging communications with quality of service information. The levels of prioritization define the type(s) of priority service offered to a user, such as timeliness of system response and preference of traffic treatment, and may be arbitrarily defined.Type: GrantFiled: December 1, 2006Date of Patent: December 16, 2014Assignee: Catchfire Systems, Inc.Inventors: Mark Jasen, Guy Daley
-
Patent number: 8914841Abstract: A system capable of automated mapping between a connectivity request and an ordered security rule-set and a method of operating thereof. The system includes an interface operable to obtain data characterizing at least one connectivity request; a module for automated recognizing at least one rule within the rule-set, the rule controlling traffic requested in the at least one connectivity request, wherein the recognizing is provided by comparing a set of combinations specified in the connectivity request with a set of combinations specified in the rule and matching connectivity-related actions specified in the connectivity request; a module for automated evaluating relationship between traffic controlled by the recognized at least one rule and traffic requested in the at least one connectivity request; and a module for automated classifying, in accordance with evaluation results, the at least one connectivity request with respect to the at least one rules and/or vice versa.Type: GrantFiled: November 23, 2011Date of Patent: December 16, 2014Assignee: Tufin Software Technologies Ltd.Inventor: Reuven Harrison
-
Patent number: 8914871Abstract: A system and method for a distributed multi-processing security gateway establishes a host side session, selects a proxy network address for a server, uses the proxy network address to establish a server side session, receives a data packet, assigns a central processing unit core from a plurality of central processing unit cores in a multi-core processor of the security gateway to process the data packet, processes the data packet according to security policies, and sends the processed data packet. The proxy network address is selected such that a same central processing unit core is assigned to process data packets from the server side session and the host side session. By assigning central processing unit cores in this manner, higher capable security gateways are provided.Type: GrantFiled: May 1, 2013Date of Patent: December 16, 2014Assignee: A10 Networks, Inc.Inventors: Lee Chen, Ronald Wai Lun Szeto
-
Publication number: 20140365761Abstract: A method and apparatus for use in securely relaying data. The data is received by a first relay unit from a data provider. The data is sent by the first relay unit to a mail server. The data is retrieved by a second relay unit in a second network from the mail server. The data is sent by the second relay unit to a data subscriber.Type: ApplicationFiled: January 31, 2014Publication date: December 11, 2014Applicant: THE BOEING COMPANYInventor: Robert L. Deyoung
-
Patent number: 8910296Abstract: Techniques are disclosed for hiding sensitive information from a provider of support services. In one embodiment, a first network device determines that network device information includes non-sensitive data and sensitive data. In response to the determining, the first network device generates mapping data that maps dummy information to the sensitive data. The first network device generates output data that comprises the non-sensitive data and the dummy data and sends the output data to a second network device. In other embodiments, the user may select the network parameters that are sensitive. The first network device may also receive first report data from the second network device that identifies a network problem and includes the dummy data and generate second report data by using the mapping data to replace the dummy information with the sensitive data.Type: GrantFiled: October 31, 2011Date of Patent: December 9, 2014Assignee: Cisco Technology, Inc.Inventors: Ammar Rayes, Subrata Dasgupta, Gaurav Garg, Mark Whitteker
-
Patent number: 8909967Abstract: A technique for secure computation obfuscates program execution such that observers cannot detect what instructions are being run at any given time. Rather, program execution and memory access patterns are made to appear uniform. A processor operates based on encrypted inputs and produces encrypted outputs. In various examples, obfuscation is achieved by exercising computational circuits in a similar way for a wide range of instructions, such that all such instructions, regardless of their operational differences, affect the processor's power dissipation and processing time substantially uniformly. Obfuscation is further achieved by limiting memory accesses to predetermined time intervals, with memory interface circuits exercised regardless of whether a running program requires a memory access or not. The resulting processor thus reduces leakage of any meaningful information relating to the program or its inputs, which could otherwise be detectable to observers.Type: GrantFiled: December 31, 2012Date of Patent: December 9, 2014Assignee: EMC CorporationInventor: Marten van Dijk
-
Patent number: 8910237Abstract: Systems and methods are disclosed with which queries can be sent to various clients of a trusted query network in a trusted query network message. In one embodiment, each registered client receives the message and determines whether or not it will participate in the query. If so, the client adds to the message in a first data round a true response to the query and obfuscation data, and then forwards the message on to the next client (or back to the client that initiated the query if each client has added its data to the message). In a second round, the message is again sent to each participating client, which this time removes its obfuscation data. Once each client has removed its obfuscation data, a final result is obtained that can be sent to each of the clients.Type: GrantFiled: July 16, 2010Date of Patent: December 9, 2014Assignee: Georgia State University Research Foundation, Inc.Inventors: Richard Baskerville, Art Vandenberg, Daniele Bertolotti, Saravanaraj Duraisamy
-
Publication number: 20140359276Abstract: A method begins by a source processing module securing data based on a key stream to produce secured data, where the key stream is derived from a unilateral encryption key accessible only to the source processing module, and sending the secure data to an intermediator processing module, where desecuring the secured data is divided into two partial desecuring stages. The method continues with the intermediator processing module partially desecuring the secure data in accordance with a first partial desecuring stage to produce partially desecured data and sending the partially desecured data to a destination processing module. The method continues with the destination processing module further partially desecuring the partially desecured data in accordance with a second desecuring stage to recover the data, where the destination processing module does not have access to the encryption key or to the key stream.Type: ApplicationFiled: April 18, 2014Publication date: December 4, 2014Applicant: CLEVERSAFE, INC.Inventors: Jason K. Resch, Greg Dhuse
-
Publication number: 20140359275Abstract: Multi-protocol label switching (MPLS) data is typically sent non-encrypted over MPLS-based networks. If encryption is applied to MPLS data frames and MPLS labels are encrypted, each node receiving any of the MPLS data frame would have to perform decryption in order to direct the data frames to a next node, therefore resulting in extra processing and data latency. According to an example embodiment, encryption and decryption mechanisms for MPLS data include encrypting/decrypting payload data while keeping the MPLS labels in the clear (i.e., unencrypted). A MPLS encryption label is also employed within the MPLS label stack to indicate that encryption is applied. The MPLS encryption label is inserted in the MPLS label stack when encrypting the payload and is removed when decrypting the payload.Type: ApplicationFiled: April 16, 2014Publication date: December 4, 2014Applicant: Certes Networks, Inc.Inventors: Ganesh Murugesan, Todd L. Cignetti
-
Publication number: 20140359277Abstract: In one embodiment, a method includes receiving from a secure device, an encrypted rule at a first network device, receiving at the first network device, a packet containing at least one encrypted subfield from a second network device, the subfield encrypted based on a key received at the second network device from the secure device, and determining if the encrypted subfield matches the encrypted rule. An apparatus and logic are also disclosed herein.Type: ApplicationFiled: June 4, 2013Publication date: December 4, 2014Inventor: David McGrew
-
Patent number: 8904503Abstract: A computer-implemented method for providing access to data accounts within user profiles via cloud-based storage services may include (1) identifying a user profile associated with a user of a cloud-based storage service, (2) identifying a plurality of data accounts within the user profile associated with the user of the cloud-based storage service, (3) detecting a request from a client-based application associated with the user of the cloud-based storage service to access at least a portion of data stored in a data account within the user profile, (4) locating a unique account name that identifies the data account in the request, and then (5) satisfying the request from the client-based application associated with the user to access the portion of data stored in the data account via the cloud-based storage service. Various other methods, systems, and computer-readable media are also disclosed.Type: GrantFiled: January 15, 2013Date of Patent: December 2, 2014Assignee: Symantec CorporationInventor: Paul Agbabian
-
Patent number: 8904167Abstract: In order to mitigate the security risk posed by the insertion of a relay node within a communication network, both device authentication and subscriber authentication are performed on the relay node. Device and subscriber authentication may be bound together so that a relay node is granted access to operate within the network only if both device and subscriber authentication are successful. Additionally, a communication network (or authentication node) may further verify that a subscriber identifier (received as part of subscriber authentication) is associated with the corresponding device type (identified by the device identifier in the corresponding device authentication) as part of the subscriber authentication process.Type: GrantFiled: January 21, 2011Date of Patent: December 2, 2014Assignee: QUALCOMM IncorporatedInventors: Adrian Edward Escott, Anand Palanigounder, Fatih Ulupinar, Brian M. Rosenberg
-
Patent number: 8904036Abstract: Described are a secure geo-location obscurity network and ingress nodes, transit nodes and egress nodes used in such a network. In particular, a novel device is provided and comprises: a node for a network, the node comprising: a private portion for allowing high bandwidth secure private traffic to be received and transmitted by the node on a private pathway through the node; and a public portion for allowing low bandwidth secure public traffic to be received and transmitted by the node on a plurality of public pathways through the node.Type: GrantFiled: December 7, 2010Date of Patent: December 2, 2014Assignee: Chickasaw Management Company, LLCInventors: James Andrew Reynolds, Philip Desch, Brett Burley, Gene Ward, Joe Kenny, Michael Howland, Christopher Allen Howland
-
Patent number: 8904558Abstract: The detection of web browser-based attacks using browser tests launched from a remote source is described. In one example, a digest is computed based on the content of an HTTP response message. The message is modified and sent to a client device that also computes a digest. The digests are compared to determine whether content has been modified by malware on the HTTP client. The results of the test are analyzed and defensive measures are taken.Type: GrantFiled: June 5, 2014Date of Patent: December 2, 2014Assignee: Imperva, Inc.Inventors: Amichai Shulman, Tal Arieh Be'ery
-
Patent number: 8904478Abstract: Code is associated to a target based on an inspection of the code. A target may be a device or a user. A number of code components may be inspected at one time and then transferred or otherwise associated to a target based on the target's profile. A code component may be a policy of an information management system.Type: GrantFiled: January 28, 2014Date of Patent: December 2, 2014Assignee: NextLabs, Inc.Inventor: Keng Lim
-
Patent number: 8904512Abstract: A system and method for a distributed multi-processing security gateway establishes a host side session, selects a proxy network address for a server, uses the proxy network address to establish a server side session, receives a data packet, assigns a central processing unit core from a plurality of central processing unit cores in a multi-core processor of the security gateway to process the data packet, processes the data packet according to security policies, and sends the processed data packet. The proxy network address is selected such that a same central processing unit core is assigned to process data packets from the server side session and the host side session. By assigning central processing unit cores in this manner, higher capable security gateways are provided.Type: GrantFiled: May 1, 2013Date of Patent: December 2, 2014Assignee: A10 Networks, Inc.Inventors: Lee Chen, Ronald Wai Lun Szeto
-
Patent number: 8904516Abstract: A system for connecting a first network device and a second network device includes one or more servers. The servers are configured to: (a) receive, from the first network device, a request to look up a network address of the second network device based on an identifier associated with the second network device; (b) determine, in response to the request, whether the second network device is available for a secure communications service; and (c) initiate a virtual private network communication link between the first network device and the second network device based on a determination that the second network device is available for the secure communications service, wherein the secure communications service uses the virtual private network communication link.Type: GrantFiled: June 6, 2013Date of Patent: December 2, 2014Assignee: VirnetX, Inc.Inventors: Victor Larson, Robert Dunham Short, III, Edmund Colby Munger, Michael Williamson
-
Publication number: 20140351573Abstract: Methods, systems, and apparatus, including computer programs encoded on computer storage media, for selectively performing man in the middle decryption. One of the methods includes receiving a first request to access a first resource hosted by a server outside the network, determining whether requests from the client device to access the first resource outside the network should be redirected to a second resource hosted by a proxy within the network, providing a redirect response to the client device, the redirect response including the second universal resource identifier, establishing a first encrypted connected between the client device and the proxy hosting the second resource, and a second encrypted connection between the proxy hosting the second domain and the server hosting the first resource, and decrypting and inspecting the encrypted communication traffic passing between the client device and the server hosting the first resource.Type: ApplicationFiled: May 23, 2013Publication date: November 27, 2014Applicant: Phantom Technologies, Inc.Inventor: Paul Michael Martini
-
Patent number: 8898452Abstract: A system and method for securing data by receiving encrypted data at a security appliance transmitted from a client, wherein at least a portion of the encrypted data is encrypted according to a first encryption protocol, and wherein the encrypted data is transmitted to the security appliance according to a first data transfer protocol. The encrypted data is then decrypted at the security appliance, wherein at least a portion of the decrypted data is re-encrypted according to a second encryption protocol at the security appliance. The re-encrypted data is transmitted from the security appliance to a storage device, wherein the re-encrypted data is transmitted according to a second data transfer protocol that is different than the first data transfer protocol.Type: GrantFiled: September 8, 2005Date of Patent: November 25, 2014Assignee: NetApp, Inc.Inventors: Serge Plotkin, Hristo Bojinov, Yuval Frandzel, Andrew Narver, Zi-Bin Yang
-
Patent number: 8898780Abstract: Methods, servers, and systems for encoding security labels in a dynamic language value to allow cross script communications within client application while limiting the types of information that is allowed to be communicated back to a host server. Static analysis is performed during compilation, and the results are used to generate and insert additional code that updates, modifies and propagates labels (e.g., JavaScript labels) attached to values (e.g., JavaScript values) during execution of a program. To support popular language features that allow for strong integration with other web-based systems, malicious code is allowed to perform operations locally (e.g., on the client), and a detection and prevention mechanism identifies and stops malicious code from sending requests or gathered information over the network, naturalizing attacks and improving the security of applications that embed dynamic language code.Type: GrantFiled: February 17, 2012Date of Patent: November 25, 2014Assignee: QUALCOMM IncorporatedInventors: Christoph Kerschbaumer, Mohammad H. Reshadi
-
Patent number: 8898768Abstract: A computer or microchip comprising a central controller that connected by a secure control bus with the other parts of the computer or microchip, including a volatile random access memory (RAM) located in a portion of the computer or microchip that is connected to a network. The secure control bus is isolated from any input from the network and provides and ensures direct preemptive control by the central controller over the volatile random access memory (RAM). The direct preemptive control includes transmission of data and/or code to the volatile random access memory (RAM) or erasure of data and/or code in the volatile random access memory (RAM) and includes control of the connection between the central controller and the volatile random access memory (RAM) and between the volatile random access memory (RAM) and a microprocessor having a connection for the network.Type: GrantFiled: March 15, 2013Date of Patent: November 25, 2014Inventor: Frampton E. Ellis
-
Patent number: 8891772Abstract: Embodiments are directed to allowing a user to store encrypted, third-party-accessible data in a data store and to providing third party data access to a user's encrypted data according to a predefined policy. A data storage system receives encrypted data from a user at a data storage system. The data is encrypted using the user's private key. The data storage system stores the received encrypted data according to a predefined policy. The encryption prevents the storage system from gaining access to the encrypted data, while the policy allows the encrypted data to be released upon receiving a threshold number of requests from verified third parties. The data storage system implements a verifiable secret sharing scheme to verify that the encrypted data can be reconstituted without the data storage system accessing the encrypted data. The data storage system synchronously acknowledges that the received encrypted data has been verified and successfully stored.Type: GrantFiled: June 17, 2011Date of Patent: November 18, 2014Assignee: Microsoft CorporationInventors: Roy Peter D'Souza, Omkant Pandey
-
Patent number: 8893259Abstract: The present disclosure provides solutions that may enable an enterprise providing services to a number of clients to determine whether to establish a client based SSL VPN session or a clientless SSL VPN session with a client based on an information associated with the client. An intermediary establishing SSL VPN sessions between clients and servers may receive a request from a client to access a server. The intermediary may identify a session policy based on the request. The session policy may indicate whether to establish a client based SSL VPN session or clientless SSL VPN session with the server. The intermediary may determine, responsive to the policy, to establish a clientless or client based SSL VPN session between the client and the server.Type: GrantFiled: January 26, 2009Date of Patent: November 18, 2014Assignee: Citrix Systems, Inc.Inventors: Puneet Agarwal, Saibal Kumar Adhya, Srinivasan Thirunarayanan, Akshat Choudhary
-
Patent number: 8893290Abstract: A method and a system for detecting anomalies within a voluminous private data are provided. The voluminous private data, including sensitive information corresponding to one or more objects within the voluminous private data is received. The sensitive information within the voluminous private data is identified, and identified sensitive information is modified to generate a modified voluminous private data. The sensitive information is marked in the modified voluminous private data to generate a marked voluminous private data. The anomaly within the marked voluminous private data is detected.Type: GrantFiled: September 5, 2012Date of Patent: November 18, 2014Assignee: Xerox CorporationInventors: Nischal M. Piratla, Chithralekha Balamurugan, Raja Bala, Aaron M. Burry
-
Patent number: 8892877Abstract: A method and a device are provided for accessing data files of a secure file server, wherein a user or a process is authenticated; wherein access to the data files of the secure file server takes place by way of an encryption module of the secure file server; wherein the encryption module comprises an encryption agreement of a centralized security application; and wherein the access of the authenticated user or process to the secure file server takes place by way of an encrypted protocol taking into consideration the encryption agreement. Such a device may be included in a corresponding computer network.Type: GrantFiled: May 17, 2012Date of Patent: November 18, 2014Assignee: Bayerische Motoren Werke AkteingesellschaftInventor: Sirko Molau
-
Patent number: 8892868Abstract: A method of using a hardware security module and an adjunct application programming interface to harden tokenization security and encryption key rotation is disclosed. In various embodiments, the method comprises receiving encrypted data at a processor of a computer system, decrypting the encrypted data to cleartext in the processor, and issuing a unique token associated with the data.Type: GrantFiled: September 30, 2008Date of Patent: November 18, 2014Assignee: Amazon Technologies, Inc.Inventors: Jason Jenks, Tushaar Sethi, Brandon B. Low, Jason Cetina, Jesper Johansson, Waylon Brunette, Hanson Char, Spencer Proffit
-
Patent number: 8892778Abstract: A method for securing remote access to private networks includes a receiver intercepting from a data link layer a packet in a first plurality of packets destined for a first system on a private network. A filter intercepts from the data link layer a packet in a second plurality of packets transmitted from a second system on the private network, destined for an system on a second network. A transmitter in communication with the receiver and the filter performing a network address translation on at least one intercepted packet and transmitting the at least one intercepted packet to a destination.Type: GrantFiled: September 14, 2012Date of Patent: November 18, 2014Assignee: Citrix Systems, Inc.Inventors: Goutham P. Rao, Robert A. Rodriguez, Eric R. Brueggemann
-
Publication number: 20140337615Abstract: A system and method for providing secure and anonymous communication between a plurality of individuals relying on the cryptographic method of the one-time pad (OTP) is described. Unique, randomly generated blocks of data are generated to serve as one-time pads, and each is given a unique identification that serves as a system address. One-time pads are anonymously distributed to communicants with a copy of each being retained by a service provider that operates a One-Time Pad Hub. Messages may be exchanged among holders of one-time pads through the Hub using the identifier addresses.Type: ApplicationFiled: May 6, 2014Publication date: November 13, 2014Inventor: Terrance A. Tomkow
-
Patent number: 8887293Abstract: Embodiments disclosed herein provide secure communication among enterprise users utilizing social networking sites. A server computer may encrypt a post intended for a social networking site and forward the encrypted data or may save the post locally and send a placeholder to the social networking site. The server may receive a message from the social networking site containing the encrypted data or placeholder and determine that a recipient is authorized to view the original post. The server may then decrypt the data or retrieve the original post for servicing the request. In this way, authorized users of an enterprise can utilize social networking sites, which are independently owned and operated, to communicate with each other in a secure manner.Type: GrantFiled: June 17, 2013Date of Patent: November 11, 2014Assignee: Socialware, Inc.Inventors: Cameron Blair Cooper, Christopher Lee Richter
-
Patent number: 8885823Abstract: A method for delivering encrypted content to a subscriber terminal on-demand through a communication network is provided. The method begins when SRM receives a request for content from the subscriber terminal. In response to the request, the SRM directs a video server to transmit the content as an unencrypted transport stream to an encryptor. The packets in the unencrypted transport stream include a header with a destination address associated with the subscriber terminal. The encryptor encrypts the content in the unencrypted transport stream to generate an encrypted transport stream. The encryptor also inserts in the packet headers of the packets in the encrypted transport stream the destination address associated with the subscriber terminal obtained from the packet headers in the unencrypted transport stream. Finally, the encrypted transport stream is transmitted to the subscriber terminal over the communication network.Type: GrantFiled: September 24, 2007Date of Patent: November 11, 2014Assignee: General Instrument CorporationInventors: Christopher Poli, Joseph M. Amorese, Robert Mack, Lawrence D. Vince, Charles A. Zimmerman
-
Patent number: 8886954Abstract: Systems and methods verifying a user during authentication of an integrated device. In one embodiment, the system includes an integrated device and an authentication unit. The integrated device stores biometric data of a user and a plurality of codes and other data values comprising a device ID code uniquely identifying the integrated device and a secret decryption value in a tamper proof format, and when scan data is verified by comparing the scan data to the biometric data, wirelessly sends one or more codes and other data values including the device ID code. The authentication unit receives and sends the one or more codes and the other data values to an agent for authentication, and receives an access message from the agent indicating that the agent successfully authenticated the one or more codes and other data values and allows the user to access an application.Type: GrantFiled: December 10, 2012Date of Patent: November 11, 2014Assignee: Proxense, LLCInventor: John J. Giobbi
-
Patent number: 8887251Abstract: A handover method of a mobile terminal between heterogeneous networks for facilitating the handover with pre-authentication procedure is provided. A handover method between heterogeneous networks includes receiving, at a mobile terminal connected to a source network, information on at least one target authenticator of a target network from a source authenticator in response to an attach request; creating an authentication key between the mobile terminal and the target authenticator selected among the at least one target authenticator through a pre-authentication process; determining, when the mobile terminal transmits a handover request to the selected target authenticator, whether the authentication key contained in the handover request matches with the authentication key stored in the selected target authenticator; and connecting, when the authentication keys match with each other, to the target network via the selected target authenticator.Type: GrantFiled: December 23, 2009Date of Patent: November 11, 2014Assignee: Samsung Electronics Co., Ltd.Inventors: Peng Lei, Jeong Jae Won, Young Seok Kim
-
Patent number: 8885557Abstract: To reduce the effectiveness of eavesdropping attacks, a filler such as one utilized in a data frame for link-layer LAPDm signaling may be dynamically selected to utilize a first bit pattern (first filler) generated utilizing a first algorithm when the transmissions are unencrypted, and to utilize a second bit pattern (second filler) generated utilizing a second algorithm different from the first algorithm when the transmissions are encrypted.Type: GrantFiled: September 23, 2011Date of Patent: November 11, 2014Assignee: QUALCOMM IncorporatedInventors: Simon Walke, Nicholas J. Tebbit, Mungal S. Dhanda
-
Patent number: 8880870Abstract: Bridges 30, 40 are interposed between a server 10 or a client 20 having two channels 2ch, one of the two channels making a LAN connection to either the server or the client and the other channel making the LAN connection to the internet. Each of bridges 30, 40 performs a LAN packet scramble, a scramble purpose encryption key management, a scramble purpose encryption key management, and a bridging system authentication. Furthermore, each of bridges 30, 40 performs a LAN packet scramble, a scramble purpose encryption key management, and a bridging system authentication for a packet derived from the server or the client. Furthermore, a composite authentication having a plurality of authentication purpose interfaces is carried out in each of the bridges. Furthermore, a composite authentication having a plurality of authentication purpose interfaces is carried out in each of the bridges. The bridge has a plurality of authentication purpose interfaces to perform a composite authentication.Type: GrantFiled: May 5, 2009Date of Patent: November 4, 2014Assignee: Meidensha CorporationInventor: Kazumasa Aizawa
-
Patent number: 8881238Abstract: In the event of an authentication process failure, a mobile station bans a connection profile storing the credentials provided by the mobile station when initiating the failed authentication process, thus affecting how subsequent scans—other than discovery scans—and connection attempts are handled. In the event of an authentication process failure, a mobile station bans or suppresses an access point with which the mobile station initiated the failed authentication process. The mobile station refrains from transmitting any communications addressed to the unique identifier of any banned access point. The mobile station may ignore any communications received from a banned access point. Suppressed access points are occasionally not made available to the mobile station for selection as a target for a connection attempt.Type: GrantFiled: January 30, 2014Date of Patent: November 4, 2014Assignee: BlackBerry LimitedInventors: Ahmad Mohammad Mohammad Kholaif, Ion Barbu, Krishna Kumar Bakthavathsalu, Nayef Fawaz Mendahawi, Denis Fedotenko
-
Patent number: 8881277Abstract: A method and system are described for collecting addresses for remotely accessible information sources. Messages, such as emails, carried by a messaging network (N1) are intercepted before reaching a destined terminal. Addresses for remotely accessible information sources (i.e. URLs) are identified from the intercepted email messages. The messages are analyzed to be classified as either a first type of message (e.g. spam or virus messages) or a second, different, type of message. If the intercepted message is classified as the first spam/virus type then data indicative of the identified address (URL) is transmitted to a filtering system (100) which controls access to the remotely accessible information sources. As a result, addresses (URLs) are gleaned from transmitted messages such as spam e-mail and supplied to a filtering system (100) which controls access to the resources accessible at those addresses.Type: GrantFiled: January 4, 2008Date of Patent: November 4, 2014Assignee: Websense Hosted R&D LimitedInventor: James Kay
-
Patent number: 8880905Abstract: According to one aspect of the invention, a file received from a first user is stored in a storage device, where the file includes private metadata encrypted by a secret key associated with a second user. A private metadata identifier is stored in a predetermined storage location, indicating that private metadata of the file has not been decrypted and indexed. In response to an inquiry subsequently received from the second user, the predetermined storage location is scanned to identify the private metadata identifier based on the inquiry. The encrypted metadata identified by the private metadata identifier is transmitted to the second user for decryption. In response to the metadata that has been decrypted by the second user, the decrypted metadata is indexed for the purpose of subsequent searches of at least one of the metadata and the file.Type: GrantFiled: October 27, 2010Date of Patent: November 4, 2014Assignee: Apple Inc.Inventors: Kaelin L. Colclasure, John M. Hörnkvist, Braden J. Thomas
-
Patent number: 8880871Abstract: Disclosed are various embodiments for improving hash table utilization. A key corresponding to a data item to be inserted into a hash table can be transformed to improve the entropy of the key space and the resultant hash codes that can generated. Transformation data can be inserted into the key in various ways, which can result in a greater degree of variance in the resultant hash code calculated based upon the transformed key.Type: GrantFiled: September 27, 2012Date of Patent: November 4, 2014Assignee: Broadcom CorporationInventors: Brad Matthews, Bruce Kwan, Puneet Agarwal
-
Patent number: 8874898Abstract: Technologies for establishing and managing a connection with a power line communication network include establishing a communication connection between an electronic device and a security server. A default device encryption key associated with the electronic device is changed to correspond with a new device encryption key of the security server. Thereafter, the electronic device may only join a power line communication network of a particular security server using a network membership key, which is encrypted with the device encryption key that the particular security server associates to the electronic device. The electronic device contains a circuit interrupt to interrupt a circuit of the electronic device if the electronic device is not able to successfully decrypt the network membership key.Type: GrantFiled: December 14, 2012Date of Patent: October 28, 2014Assignee: Intel CorporationInventors: Saurabh Dadu, Gyan Prakash
-
Patent number: 8875218Abstract: In an information management system, policies are deployed to targets and targets can evaluate the policies whether they are connected or disconnected to the system. The policies may be transferred to the target, which may be a device or user. Relevant policies may be transferred while not relevant policies are not. The policies may have policy abstractions.Type: GrantFiled: December 22, 2006Date of Patent: October 28, 2014Assignee: NextLabs, Inc.Inventor: Keng Lim
-
Patent number: 8874897Abstract: A system and methods for facilitating secure communications on a website are presented. The system comprising a security server configured to receive a secure message from a creator device is disclosed. The security server encodes the received message and sends the encoded message or a representation of the encoded message for posting on the website so that one or more users of the website have the ability to request that the security server make the message available after the encoded message has been decoded.Type: GrantFiled: August 21, 2012Date of Patent: October 28, 2014Assignee: Reputation.com, Inc.Inventors: Gang (Tiger) Lan, Michael Fertik, Saad Mir, Abbey Sparrow, Jeffrey A. Harnois, II
-
Patent number: 8874685Abstract: A process for centrally managing a large number of computers from a central location when technical expertise is not available at each end point nor can other remote management techniques be employed such as remote desktop or direct connection to an agent. This process consists of the generation of processing instructions at a central point which can then be distributed to any number of endpoints in an asynchronous manner where they will be automatically applied and, if requested, response returned to the central management point asynchronously. The communication mechanisms are secure, verifiable, and require no special expertise at the endpoint to employ. Asynchronous refers to the ability for processing instructions and responses to be transferred by a variety of methods but not solely dependent on direct communications, such as via a store-and-forward mechanism, and can also include server-side push directly to the endpoint and client-side pull from a predetermined rendezvous point.Type: GrantFiled: September 22, 2010Date of Patent: October 28, 2014Assignee: ThreatGuard, Inc.Inventors: Robert L. Hollis, Gunnar Engelbach, Randal Scot Taylor
-
Patent number: 8874922Abstract: In accordance with the present disclosure, a system and method for multilayered authentication of trusted platform updates is described. The method may include storing first cryptographic data in a personality module of an information handling system, with the first cryptographic data corresponding to a verified firmware component. A second cryptographic data may also be determined, with the second cryptographic data corresponding to an unverified firmware component. The unverified firmware component may be stored in a memory element of the information handling system, and the second cryptographic data may be determined using a processor of the information handling system.Type: GrantFiled: January 17, 2012Date of Patent: October 28, 2014Assignee: Dell Products L.P.Inventors: Muhammed Jaber, Mukund Khatri
-
Patent number: 8874544Abstract: A system and method for exposing internal search indices to Internet search engines. The internal search indices are exposed to external search engines in such a way that the data may be segregated into at least two types including one layer of search data specifically for the search engines, and another for potential users of the application. This significantly improves the probability of discovery by search engines and also provides for presentation of discovered content to users in a manner consistent with the content itself, or consistent with the intended controls or presentations established by the content's owner. The system and method also includes one or more components that reproduce information about IP in a format that search engines can recognize and locate. The component also forwards users coming through the search engines to the actual IP graphical user interface (GUI) instead of the files that the search engine discovered.Type: GrantFiled: January 13, 2005Date of Patent: October 28, 2014Assignee: International Business Machines CorporationInventors: Clifton E. Grim, III, Christopher I. Schmidt, John D. Wilson
-
Publication number: 20140317397Abstract: A device within the network receives a domain name service (DNS) request for an address of a first resource outside the network, the first resource associated with a security policy of the network. An address of a second resource within the network is returned to the device within the network in response the DNS request, the second resource address having previously been associated with the first resource address. A first encrypted connection is established between the device and the second resource, and a second encrypted connection is established between the second resource and the first resource, to facilitate encrypted communication traffic between the device and the first resource. The encrypted communication traffic passing between the device and the first resource is selectively decrypted and inspected depending on the address of the first resource.Type: ApplicationFiled: April 30, 2014Publication date: October 23, 2014Applicant: iboss, Inc.Inventor: Paul Michael Martini
-
Patent number: 8869260Abstract: A computer or microchip securely controlled through a private network including a connection to a network of computers including the Internet; a separate connection to at least a private network of computers located in a hardware protected area of said computer or microchip, a first microprocessor, core or processing unit configured to connect to the connection to the network of computers including the Internet; a master controlling device for the computer or microchip located in the hardware protected area; and a secure control bus configured to connect at least said master controlling device with said microprocessor, core or processing unit, and isolated from input from the network and components other than said master controlling device. The master controlling device securely controls an operation executed by the microprocessor, core or processing unit, with secure control being provided through the private network to the private network connection through the secure control bus.Type: GrantFiled: February 15, 2013Date of Patent: October 21, 2014Inventor: Frampton E. Ellis
-
Patent number: 8869236Abstract: One embodiment includes a non-transitory computer readable medium having instructions executable by a processor to implement a method. The method includes receiving user configuration data for a network device, the configuration system being coupled to a service network. The method also includes storing device configuration data in a configuration database coupled to the service network, the device configuration data being based on the user configuration data and service network data. The method also includes receiving a configuration request at the configuration system from the network device in response to the network device being unconfigured and connected in a user network. The method further includes transmitting the device configuration data from the configuration database to the network device in response to the configuration request.Type: GrantFiled: January 11, 2013Date of Patent: October 21, 2014Assignee: Shoretel, Inc.Inventors: Dale Tonogai, Darren J. Croke
-
Patent number: 8869235Abstract: A system is disclosed that includes components and features for enabling enterprise users to securely access enterprise resources (documents, data, application servers, etc.) using their mobile devices. An enterprise can use some or all components of the system to, for example, securely but flexibly implement a BYOD (bring your own device) policy in which users can run both personal applications and secure enterprise applications on their mobile devices. The system may, for example, implement policies for controlling mobile device accesses to enterprise resources based on device attributes (e.g., what mobile applications are installed), user attributes (e.g., the user's position or department), behavioral attributes, and other criteria.Type: GrantFiled: October 10, 2012Date of Patent: October 21, 2014Assignee: Citrix Systems, Inc.Inventors: Waheed Qureshi, Kelly Brian Roach, John M. McGinty, Olivier Andre, Shafaq Abdullah, Thomas H. DeBenning, Ahmed Datoo
-
Patent number: 8869276Abstract: To improve network reliability and management in today's high-speed communication networks, we propose an intelligent system using adaptive statistical approaches. The system learns the normal behavior of the network. Deviations from the norm are detected and the information is combined in the probabilistic framework of a Bayesian network. The proposed system is thereby able to detect unknown or unseen faults. As demonstrated on real network data, this method can detect abnormal behavior before a fault actually occurs, giving the network management system (human or automated) the ability to avoid a potentially serious problem.Type: GrantFiled: June 29, 2006Date of Patent: October 21, 2014Assignee: Trustees of Boston UniversityInventors: Mark Crovella, Anukool Lakhina
-
Publication number: 20140310513Abstract: A method and system for managing data security in a computing environment. A processor at the gateway server receives, from a user device, at least one message. Each message requests that an encryption key be downloaded to the user device. The gateway server interfaces between the user device and a cloud that includes interconnected computing systems external to the user device. In response to the received at least one message, the processor generates at least one unique encryption key for each message and sends the at least one generated encryption key to the user device, but does not store any of the generated encryption keys in the cloud. For each encryption key having been sent to the user device, the processor receives each encryption key returned from the user device. For each encryption key received from the user device, the processor stores each received encryption key in the cloud.Type: ApplicationFiled: February 19, 2014Publication date: October 16, 2014Applicant: INTERNATIONAL BUSINESS MACHINES CORPORATIONInventors: Jonathan M. Barney, Cataldo Mega, Edmond Plattier, Daniel Suski