Particular Node (e.g., Gateway, Bridge, Router, Etc.) For Directing Data And Applying Cryptography Patents (Class 713/153)
  • Patent number: 8495035
    Abstract: A method for data integrity protection includes arranging data in a plurality of data blocks. A respective block signature is computed over each of the data blocks, thereby generating multiple block signatures. The data blocks and the block signatures in an integrity hierarchy are stored in a storage medium, the hierarchy comprising multiple levels of signature blocks containing signatures computed over lower levels in the hierarchy, culminating in a top-level block containing a top-level signature computed over all of the hierarchy. A modification is made in the data stored in a given data block within the hierarchy. The respective block signature of the given data block is recomputed in response to the modification, and the recomputed block signature is stored in the top-level block for use in verifying a subsequent requests to read data from the given data block.
    Type: Grant
    Filed: October 23, 2008
    Date of Patent: July 23, 2013
    Assignee: SanDisk IL Ltd.
    Inventor: Arseniy Aharonov
  • Patent number: 8489548
    Abstract: A method for data synchronization (DS) is provided, which includes comparing data fingerprints in databases of two parties in need of DS, determining data that needs to be synchronized, and DS is then performed on the data that needs to be synchronized. A system and two devices for DS are further provided. Therefore, DS is implemented through data fingerprints in the technical solutions, thus avoiding transmitting a mass of data between the two parties in need of DS.
    Type: Grant
    Filed: April 12, 2010
    Date of Patent: July 16, 2013
    Assignee: Huawei Technologies Co., Ltd.
    Inventors: Rui Wang, Kepeng Li
  • Patent number: 8489875
    Abstract: Methods, systems and devices for transmitting DHCP message are provided according to the present invention so that encrypted transmission of user sensitive information is achieved. The method includes receiving, by a Dynamic Host Configuration Protocol (DHCP) server, a DHCP request from a DHCP relay agent, wherein the request carries encrypted relay agent options; decrypting, by the DHCP server, the encrypted relay agent options to obtain the relay agent options. With the present invention, safe transmission of the user sensitive information in the DHCP message is ensured.
    Type: Grant
    Filed: August 12, 2009
    Date of Patent: July 16, 2013
    Assignee: Huawei Technologies Co., Ltd.
    Inventor: Yuping Zhao
  • Patent number: 8490154
    Abstract: There is provided a computer-implemented method for authentication, the method comprising: defining a demanded level of security in an authorization service of a server; providing at least one authentication mechanism comprising at least one instance for at least one client; providing a policy comprising a security level for the at least one instance; receiving at least one request from the client to the server; authenticating the request based on the policy and the demanded level of security by the authentication service; and permitting the request if the demanded level of security is reached.
    Type: Grant
    Filed: September 21, 2007
    Date of Patent: July 16, 2013
    Assignee: SAP AG
    Inventors: Laurent Y. Gomez, Ivonne Thomas
  • Patent number: 8490189
    Abstract: A method, system, and computer program product for a host software tamper detection and protection service. A secure partition that is isolated from a host operating system of the host system, which may be implemented by firmware of a chipset of the host system, obtains file metadata from the host system and uses the file metadata to identify a first file for examination for tampering. The secure partition obtains data blocks for the first file, communicates with a service via an out-of-band communication channel, and uses information obtained from the service and the data blocks to determine whether the first file has been corrupted. The secure partition obtains the file metadata and the data blocks for the first file without invoking an operating system or file system of the host system.
    Type: Grant
    Filed: September 25, 2009
    Date of Patent: July 16, 2013
    Assignee: Intel Corporation
    Inventors: Gyan Prakash, Saurabh Dadu, Hormuzd M. Khosravi, Mousumi M. Hazra
  • Patent number: 8490172
    Abstract: According to one aspect, the subject matter described herein includes a method for communicating an encrypted data packet. The method includes steps occurring at a first gateway node. The method also includes receiving a data packet from a first host. The method further includes determining that a first security association (SA) instance associated with the data packet is in an inactive state. The method further includes identifying a second SA instance that is both associated with the data packet and in an active state. The method further includes forwarding the data packet to the second SA instance.
    Type: Grant
    Filed: May 25, 2011
    Date of Patent: July 16, 2013
    Assignee: Genband US LLC
    Inventors: Allain Legacy, Matthew Peters
  • Publication number: 20130179680
    Abstract: Systems and methods for secure content distribution to playback devices connected to a local network via a residential gateway using secure links are disclosed. One embodiment of the invention includes a content server, a rights management server, a residential gateway configured to communicate with the content server and the rights management server via a network, and a playback device configured to communicate with the residential gateway via a local network.
    Type: Application
    Filed: July 20, 2011
    Publication date: July 11, 2013
    Applicant: Verimatrix, Inc.
    Inventors: Petr Peterka, Niels Thorwirth
  • Patent number: 8484457
    Abstract: A wireless access point and method of using a wireless access point to allow a user to use a pre-determined security key provided with the access point or a personal security key that is provided by the user. The access point is purchased with a pre-determined security key. A user of the access point may press a pairing button on the access point to automatically pair other devices with the access point using the pre-determined security key. A label with a passphrase that corresponds to the pre-determined security key is provided with the access point, allowing the user to manually enter the passphrase into devices that cannot automatically pair with the access point. The wireless access point also has a “security on/off” button. When the user presses the security on/off button, the access point may cease use of the pre-determined security key in favor of a personal security key.
    Type: Grant
    Filed: March 10, 2009
    Date of Patent: July 9, 2013
    Assignee: T-Mobile USA, Inc.
    Inventors: David B. Winkler, Yaro P. Brock, Jasdeep S. Chugh, Michael C. Kemery
  • Patent number: 8484459
    Abstract: Disclosed is a method for secure transfer of information through a centralized system. The method comprising: maintaining user account information, a user account of a certain user comprising at least a user id and associated public and private keys, the private key being retrievable by means of a password of said certain user; receiving (411) identification information relating to a recipient; retrieving public key of said recipient from said user account information by means of said identification information; receiving (412) information content addressed to said recipient; storing (415) said information content for said recipient in encrypted form, said retrieved public key having been used in connection with encrypting said information content; and notifying (416) said recipient of the stored information content.
    Type: Grant
    Filed: August 15, 2008
    Date of Patent: July 9, 2013
    Assignee: Exove Oy
    Inventors: Janne Kalliola, Erno Kaikkonen, Kalle Virta, Janne Salo, Sundeep Pundamale
  • Patent number: 8484456
    Abstract: An electronic messaging system, including: a first message transfer server for receiving a message for a party, mapping the destination address of the message to a trusted address for the party, and substituting the trusted address for the destination address; and a second message transfer server for establishing an authenticated transport session with the first message transfer server to receive the message and transfer the message to a location corresponding to the trusted address.
    Type: Grant
    Filed: December 8, 2005
    Date of Patent: July 9, 2013
    Assignee: Alien Camel Pty Ltd.
    Inventors: Sydney Gordon Low, Matthew Iain Walker
  • Patent number: 8484458
    Abstract: A system that incorporates teachings of the present disclosure may include, for example, a gateway comprising a controller to receive from a communication device a request for media content, receive a key and a record associated with the communications device from an interactive Television (iTV) system, wherein the record comprises a list of entitled media content, determine whether the requested media content is in the list of entitled media content, retrieve the requested media content from the iTV system when the requested media content is determined to be in the list of entitled media content, encrypt the retrieved media content utilizing the key, and transmit the encrypted media content to the communications device. Other embodiments are disclosed.
    Type: Grant
    Filed: March 17, 2009
    Date of Patent: July 9, 2013
    Assignee: AT&T Mobility II, LLC
    Inventors: Robert Johnston, Frank R. Coppa, James A. Wood, III
  • Publication number: 20130173907
    Abstract: A PKI gateway allows an enterprise to maintain a limited number of PKI protocol interfaces while servicing every standard and proprietary PKI protocol used by a customer of the enterprise. The PKI gateway listens for a PKI management request, adds contextual information needed by the certificate authority, translates the request into the appropriate protocol, and executes the request.
    Type: Application
    Filed: January 4, 2012
    Publication date: July 4, 2013
    Applicant: GENERAL ELECTRIC COMPANY
    Inventors: Sitaraman Suthamali Lakshminarayanan, Temidayo Temidoyo Yembra
  • Publication number: 20130173908
    Abstract: Disclosed are various embodiments for improving hash table utilization. A key corresponding to a data item to be inserted into a hash table can be transformed to improve the entropy of the key space and the resultant hash codes that can generated. Transformation data can be inserted into the key in various ways, which can result in a greater degree of variance in the resultant hash code calculated based upon the transformed key.
    Type: Application
    Filed: September 27, 2012
    Publication date: July 4, 2013
    Applicant: Broadcom Corporation
    Inventor: Broadcom Corporation
  • Publication number: 20130173909
    Abstract: A network includes encryption devices at customer sites and transport devices provide transport functionality for encrypted data for transmission across networks. A method of controlling access to a first plurality of functions of the encryption devices and access to a second plurality functions of the transport devices is disclosed. The method involves providing a customer with access to at least some of the first plurality of functions and providing a network service provider with access to at least some of the second plurality of functions. The method also involves providing the network service provider with restricted access to a first subset of the first plurality of functions and/or providing the network service provider with restricted access to a second subset of the second plurality of functions. This allows the customer and the service provider to share access to hardware resources such as the encryption devices and the transport devices.
    Type: Application
    Filed: December 20, 2012
    Publication date: July 4, 2013
    Applicant: Superna Business Consulting, Inc.
    Inventor: Superna Business Consulting, Inc.
  • Publication number: 20130173910
    Abstract: A method for sharing a secret key between a source node and a destination node includes (a) adding, at each forward intermediate node, a secret key between the forward intermediate node and a node before the forward intermediate node to the secret key sharing request message; (b) generating a shared secret key between the source node and the destination node from the secret key between the forward intermediate node and the node before the forward intermediate node added in the secret key sharing request message; (c) adding, at each backward intermediate node, a secret key between the backward intermediate node and a node before it to the secret key sharing response message; and (d) generating the shared secret key between the destination node and the source node from the secret key between the backward intermediate node and the node before it added in the secret key sharing response message.
    Type: Application
    Filed: February 25, 2013
    Publication date: July 4, 2013
    Applicant: INTELLECTUAL DISCOVERY CO., LTD.
    Inventor: Intellectual Discovery Co., Ltd.
  • Patent number: 8478981
    Abstract: A system and method providing for appending of a note or instruction to the contents of an email such that the note or instructions is only appended to emails of selected recipients of a group of recipients, with only the email going to the other recipients of the group of recipients is provided.
    Type: Grant
    Filed: February 27, 2009
    Date of Patent: July 2, 2013
    Assignee: Rpost International Limited
    Inventors: Zafar Khan, Terrance Tomkow
  • Patent number: 8479190
    Abstract: There is provided a management system having a terminal device and a management server for managing terminal firmware of the terminal device. The terminal device includes: storing means storing the firmware to be capable of being updated by a user of the terminal device, and storing firmware version information to be incapable of being updated by the user; firmware updating means updating, on the basis of the version information, the firmware stored in the storing means with newer version firmware; and version information updating means updating the version information stored in the storing means with that of the updated firmware updated, and the management server includes: judging means judging, on the basis of the terminal firmware version information, a need or not to update the firmware; and transmitting means transmitting the newer version firmware to the terminal device if the firmware needs to be updated.
    Type: Grant
    Filed: January 15, 2008
    Date of Patent: July 2, 2013
    Assignee: Sony Corporation
    Inventors: Masahiro Sueyoshi, Yoshiaki Hirano
  • Patent number: 8478985
    Abstract: An improved method, apparatus, and computer instructions for processing outbound traffic passing through a port. This port is for a server and receives a request from a client. The request includes a universal resource identifier to a destination. A determination is made as to whether the request requires encryption using the universal resource identifier in the request. The request is sent through the port to the destination in an encrypted form, in response to a determination that the request requires encryption.
    Type: Grant
    Filed: June 12, 2008
    Date of Patent: July 2, 2013
    Assignee: International Business Machines Corporation
    Inventors: Alexandre Polozoff, Kulvir Singh Bhogal
  • Patent number: 8478987
    Abstract: A method of activating a wireless IP device by providing access to an installer to a customer's personal router or modem/router combination and providing access to the installer to a wireless Access Point which is supplied by the installer where the Access Point has a first slot for a default SSID2 password for a first wireless IP device and a second slot for an SSID1 password for a second wireless IP device. Connecting a first wireless IP device while in its initial or default state to the first slot where the first device and the wireless Access Point have a common default SSID2 code and factory preprogrammed public key and where, as soon as the device is powered up, the IP device immediately begins communicating through the wireless access point and the customer's router or modem/router to the internet, checking into a control server.
    Type: Grant
    Filed: March 14, 2011
    Date of Patent: July 2, 2013
    Inventors: Thomas F. Karl, Jose Colucciello
  • Patent number: 8478986
    Abstract: A method is provided for establishing a split-terminated secure communication connection between a client and a server. A first network intermediary intercepts a secure communication connection request directed from the client to the server. A second intermediary having a digital certificate in the name of the server (and a corresponding private key) acts in place of the server to establish a first secure communication session with the client, during which it receives a secret from the client for generating the session key. The second intermediary supplies the secret and/or the session key to the first intermediary, which allows the first intermediary to establish follow-on secure communication sessions in which the secret is reused. The second intermediary may also supply the first intermediary with a copy of its certificate so that it can respond to new secure communication requests and, yet further, may also supply a copy of the private key.
    Type: Grant
    Filed: December 3, 2008
    Date of Patent: July 2, 2013
    Assignee: Riverbed Technology, Inc.
    Inventors: Shashidhar Merugu, Case Thomas Larsen, Naveen Maveli
  • Patent number: 8477796
    Abstract: A system, method, and computer program product are provided for processing different content each stored in one of a plurality of queues. In use, a plurality of different content is identified for processing. Additionally, each of the different content is stored in one of a plurality of queues based on a classification thereof. Furthermore, the plurality of different content stored in the plurality of queues is processed.
    Type: Grant
    Filed: February 12, 2008
    Date of Patent: July 2, 2013
    Assignee: McAfee, Inc.
    Inventors: Ravi Honnavalli Ramachandra Rao, Arun Rajaraman, Harish Balasubramanian
  • Patent number: 8478984
    Abstract: A RAID system includes a RAID controller that sends to a disc apparatus data to be encrypted by a data relay apparatus connected to the RAID controller and the disk apparatus. When receiving a data transfer request packet indicating a first receivable size, the data relay apparatus establishes a second receivable size that is equal to or greater than the first receivable size and that is a multiple of an encryption data size. When the RAID controller receives a data transfer request packet containing the established second receivable size, and in response to the data transfer request packet thus received, the data relay apparatus receives data of the second receivable size sent from the RAID controller. The data relay apparatus also encrypts the received data in units of the encryption data size, and then the encrypted data is sent to the disk apparatus in units of the first receivable size.
    Type: Grant
    Filed: December 21, 2007
    Date of Patent: July 2, 2013
    Assignee: Fujitsu Limited
    Inventor: Terumasa Haneda
  • Patent number: 8479271
    Abstract: Mobile network services are performed in a mobile data network in a way that is transparent to most of the existing equipment in the mobile data network. The mobile data network includes a radio access network and a core network. A breakout component in the radio access network breaks out data coming from a basestation, and hosts edge applications, including third party edge applications, that perform one or more mobile network services at the edge of the mobile data network based on the broken out data.
    Type: Grant
    Filed: December 20, 2011
    Date of Patent: July 2, 2013
    Assignee: International Business Machines Corporation
    Inventors: William F. Berg, Jeremiah D. Carlin, Michael T. Kalmbach, Mark D. Schroeder
  • Patent number: 8478997
    Abstract: A multi-level security software architecture includes various components configured to provide full data separation across multiple processors while limiting the number and size of high assurance components. The architecture includes a domain separator for ensuring that messages exchanged between domains that are distributed on different microprocessors are securely routed between domain members. The domain separator verifies a message label including a domain identifier provided by a domain gateway and cryptographically binds the message label to each message via cryptographic keys. This prevents misrouting messages caused by accidental or malicious corruption of message labels. Additionally, the domain separator can encrypt messages as necessary to enforce data separation on shared network buses. The domain separator is also responsible for managing the cryptographic keys used to label or encrypt messages.
    Type: Grant
    Filed: September 10, 2010
    Date of Patent: July 2, 2013
    Assignee: Raytheon Company
    Inventors: Douglas Edward Lapp, Thomas Robert Woodall
  • Patent number: 8473734
    Abstract: An integrated, multi-service network client for cellular mobile devices is described. The multi-service network client can be deployed as a single software package on cellular mobile network devices to provide integrated services including secure enterprise virtual private network (VPN) connectivity, acceleration, security management including monitored and enforced endpoint compliance, and collaboration services. Once installed on the cellular mobile device, the multi-service client establishes the VPN connection to concurrently include both a layer three (L3) tunnel that uses a first type of transport layer protocol of the operating system and a layer four (L4) tunnel that uses a second type of transport layer protocol of the operating system. The VPN handler determines whether network ports associated with the L3 tunnel are unblocked by an operating system and, when the network ports are unblocked, automatically transitions from the L4 tunnel to the L3 tunnel without terminating the VPN connection.
    Type: Grant
    Filed: December 14, 2010
    Date of Patent: June 25, 2013
    Assignee: Juniper Networks, Inc.
    Inventors: Yin Wei, Subramanian Iyer, Richard Campagna, James Wood
  • Patent number: 8474033
    Abstract: A computer or microchip configured to be securely controlled through a secure control bus, including through a private network. The computer or microchip includes a secure private unit protected by an inner hardware-based access barrier or firewall; an unprotected public unit including at least one network connection configured to connect to a network; a separate private network connection located in the secure private unit; a microprocessor, core or processing unit configured for general purposes located in the unprotected public unit and separate from the access barrier or firewall; a secure control bus isolated from input from both the network and components of the unprotected public unit; and a master controlling device in the private unit being configured for securely controlling an operation executed by the microprocessor, core or processing unit via a connection to the secure control bus, including through the separate private network to the separate private network connection.
    Type: Grant
    Filed: July 23, 2012
    Date of Patent: June 25, 2013
    Inventor: Frampton E. Ellis
  • Patent number: 8468338
    Abstract: Security in wireless communication networks that employ relay stations to facilitate communications between base stations and mobile stations is enhanced. In one embodiment, resource information provided to one or more relay stations from a base station or another relay station is encrypted prior to being delivered to the one or more relay stations. Only authorized relay stations are allocated an appropriate key necessary to decrypt the resource information. As such, only appropriate relay stations are able to access and use the resource information to effect communications directly or indirectly between the base stations and the mobile stations. In certain embodiments, the resource information is delivered between the various base and relay stations using either unicast or multicast delivery techniques.
    Type: Grant
    Filed: July 6, 2007
    Date of Patent: June 18, 2013
    Assignee: Apple, Inc.
    Inventors: Hang Zhang, Peiying Zhu, Mo-Han Fong, Wen Tong, Gamini Senarath, Derek Yu, David Steer
  • Patent number: 8468202
    Abstract: An aggregation system including a computer, and networking hardware connecting the computer to a network. The computer is programmed so that the aggregation system presents an interface which is respectively presented to one or more users and which receives input from said one or more users, parses the input to produce an aggregation, enables executing user-defined rules which include a capacity to initiate an alert process so that a communication corresponding to the aggregation is sent to a recipient, and renders the aggregation as output.
    Type: Grant
    Filed: August 2, 2012
    Date of Patent: June 18, 2013
    Inventors: Jared Polis, Payal Goyal, Jeffery D. Herman, Samuel C. Wu, Eric Wu, Michael C. Wilson, Chris Young, Andrew Hyde, Michael D. McMahon, Andrew Hartman, Peter K. Trzyna, David L. Calone, Scott Shaver
  • Patent number: 8468589
    Abstract: A computerized system and method for processing network content in accordance with at least one content processing rule. In accordance with the inventive method, the network content is received at a first interface. The inventive system identifies a transmission protocol information of the received network content and uses the identified transmission protocol information to intercept at least a portion of the received network content formatted in accordance with a transmission protocol. The intercepted portion of the network content is redirected to a proxy, which buffers the redirected portion of network content. The buffered network content is scanned in accordance with a scanning criterion and processed in accordance with the at least one content processing rule based on the result of the scanning. The processed portion of network content may be forwarded using the second interface.
    Type: Grant
    Filed: January 13, 2006
    Date of Patent: June 18, 2013
    Assignee: Fortinet, Inc.
    Inventor: Andrew Krywaniuk
  • Patent number: 8468337
    Abstract: A system and method are described for secure data transfer over a network. According to an exemplary embodiment a system for secure data transfer over a network includes memory and a memory controller configured to transfer data received from the network to the memory. The system includes a processor, having logic configured to retrieve a portion of the data from the memory using the memory controller. The processor also includes logic configured to perform security operations on the retrieved portion of the data, and logic configured to store the operated-on portion of the data in the memory using the memory controller. The memory controller is further configured to transfer the operated-on portion of the data from the memory to the network.
    Type: Grant
    Filed: March 2, 2004
    Date of Patent: June 18, 2013
    Assignee: International Business Machines Corporation
    Inventors: Santosh P. Gaur, William Eric Hall
  • Patent number: 8468590
    Abstract: A network device coordinates with other devices in a network to create a distributed filtering system. The device detects an attack in the network, such as a distributed denial of service attack, and forwards attack information to the other devices. The devices may categorize data into one or more groups and rate limit the amount of data being forwarded based on rate limits for the particular categories. The rate limits may also be updated based on the network conditions. The rate limits may further be used to guarantee bandwidth for certain categories of data.
    Type: Grant
    Filed: February 25, 2011
    Date of Patent: June 18, 2013
    Assignee: Juniper Networks, Inc.
    Inventors: Ross W Callon, Frank Kastenholz
  • Publication number: 20130151845
    Abstract: The subject matter described herein includes systems, methods, and computer readable media for encrypting Diameter identification information contained in Diameter signaling messages. The system includes a Diameter agent that comprises a network interface configured to receive, from a first Diameter node, a Diameter signaling message that includes Diameter identification information associated with the first Diameter node and a Diameter encryption topology hiding module (ETHM) configured to encrypt the Diameter identification information to generate encrypted Diameter identification information and to replace the Diameter identification information in the Diameter signaling message with the encrypted Diameter identification information. The Diameter agent further includes a routing module configured to route the Diameter signaling message with the encrypted Diameter identification information to a second Diameter node.
    Type: Application
    Filed: December 12, 2012
    Publication date: June 13, 2013
    Applicant: TEKELEC, INC.
    Inventor: Tekelec, Inc.
  • Publication number: 20130151844
    Abstract: An electronic device includes a first connection interface and a second connection interface. The first connection interface is operable to exchange security information with another electronic device for use in encrypting data transmissions with the other electronic device. The first connection interface is inoperable to communicate payload data encrypted using the security information. The second connection interface is different than the first connection interface and operable to securely communicate payload data with the other electronic device over an unsecure medium in accordance with the security information exchanged via the first connection interface.
    Type: Application
    Filed: December 8, 2011
    Publication date: June 13, 2013
    Applicant: Lantiq Deutschland GmbH
    Inventor: André Messerschmidt
  • Patent number: 8464324
    Abstract: A system to verify user identity on a computer uses a server with a set of stored or created images. An image is selected and transmitted over a computer network to the computer whose user identity is to be verified. The user captures the image on a mobile communication device using, by way of example, a built-in camera. The captured image is transmitted via a public mobile network back to the server where the captured image is compared with the stored image. If the images match, the user identity is verified. In another embodiment, multiple images may be displayed and user-selectable options are selected by capturing one of the multiple images.
    Type: Grant
    Filed: December 6, 2010
    Date of Patent: June 11, 2013
    Assignee: MobileSphere Holdings LLC
    Inventor: Robert G. Mechaley, Jr.
  • Patent number: 8464333
    Abstract: A system and method for a distributed multi-processing security gateway establishes a host side session, selects a proxy network address for a server, uses the proxy network address to establish a server side session, receives a data packet, assigns a central processing unit core from a plurality of central processing unit cores in a multi-core processor of the security gateway to process the data packet, processes the data packet according to security policies, and sends the processed data packet. The proxy network address is selected such that a same central processing unit core is assigned to process data packets from the server side session and the host side session. By assigning central processing unit cores in this manner, higher capable security gateways are provided.
    Type: Grant
    Filed: January 10, 2012
    Date of Patent: June 11, 2013
    Assignee: A10 Networks, Inc.
    Inventors: Lee Chen, Ronald Wai Lun Szeto
  • Patent number: 8462943
    Abstract: A system, method, and network interface obscures the existence of data encryption in a communication network is provided. A set of characters is generated by using a set of encryption keys as an input to a pseudo-random function. Each character corresponds to an index value. The encrypted data is divided into a plurality of parts. Each part is sectioned into a plurality of groups. Each group of the plurality of groups is encoded by mapping the group to a character in the set of characters according to its corresponding index value. The mapped characters are transmitted through the communication network.
    Type: Grant
    Filed: October 10, 2011
    Date of Patent: June 11, 2013
    Assignee: Rockstar Consortium US LP
    Inventor: Marcus D. Leech
  • Patent number: 8464331
    Abstract: A data transmission management server for managing a terminal device to access a network resource providing server by a source gateway in a virtual private network (VPN) obtains current resource information of a plurality of gateways in the VPN periodically. The data transmission management server selects one from the gateways as a destination gateway according to the resource information, transmits an internet protocol address of the destination gateway to the source gateway to make the source gateway establish a secure communication tunnel to the selected destination gateway and access the network resource providing server over the secure communication tunnel.
    Type: Grant
    Filed: March 3, 2011
    Date of Patent: June 11, 2013
    Assignee: Hon Hai Precision Industry Co., Ltd.
    Inventors: Chi-Feng Lee, Ming-Chin Ho
  • Patent number: 8464330
    Abstract: An agent device is connected with one or more image-forming devices in a local network having a firewall provided therein. A management device carries out remote management of the image-forming devices in the local network through the Internet. The agent device includes a command receiving unit which starts connection with the management device and receives a management command from the management device via the firewall, the command being sent by the management device in response to the connection. An image-forming-device communication unit receives device-state information of a corresponding one of the image-forming devices according to the management command. A command response transmitting unit transmits the device-state information to the management device through the Internet.
    Type: Grant
    Filed: December 15, 2008
    Date of Patent: June 11, 2013
    Assignee: Ricoh Company, Ltd.
    Inventor: Tatsuya Imai
  • Patent number: 8464335
    Abstract: The present disclosure provides distributed, multi-tenant Virtual Private Network (VPN) cloud systems and methods for mobile security and user based policy enforcement. In an exemplary embodiment, plural mobile devices are configured to connect to one or more enforcement or processing nodes over VPN connections. The enforcement or processing nodes are configured to perform content filtering, policy enforcement, and the like on some or all of the traffic from the mobile devices. The present invention is described as multi-tenant as it can connect to plural clients across different companies with different policies in a single distributed system. Advantageously, the present invention allows smartphone and tablet users to protect themselves from mobile malware, without requiring a security applications on the device. It allows administrators to seamless enforce policy for a user regardless of the device or network they are connecting to, as well as get granular visibility into the user's network behavior.
    Type: Grant
    Filed: April 28, 2011
    Date of Patent: June 11, 2013
    Assignee: Zscaler, Inc.
    Inventors: Amit Sinha, Srikanth Devarajan, Patrick Foxhoven
  • Patent number: 8464044
    Abstract: A wireless network probe method intercepts a data packet sent from a certain station, which has established communication with an access point (AP) connected to a wireless network before a service set identifier (SSID) of the wireless network has been closed. The method further amends data in the data packet to generate two attacked data packets, transmits the two attacked data packets using a media control access (MAC) address of the certain station, to interrupt the communication between the AP and the certain station. Furthermore, the method intercepts a re-association data packet sent to the AP from the certain station, retrieves the SSID from the re-association data packet, and stores the SSID into a second station, so as to connect the second station to the wireless network.
    Type: Grant
    Filed: January 13, 2010
    Date of Patent: June 11, 2013
    Assignee: Hon Hai Precision Industry Co., Ltd.
    Inventor: Cheng-Wen Tang
  • Patent number: 8464043
    Abstract: Provided is a migration system considering security authentication levels and data protection strength levels of the both security devices between which data is migrated. A first terminal includes a mechanism for protecting data by a private key in the public key method held by TPM, and a second terminal includes a key in the private key method encrypted by the private key in the public key method held by TPM and a mechanism for protecting the data by the key. A Migration Authority holds a security policy table describing a security policy and judges whether data movement from the first terminal to the second terminal is enabled according to the security policy table.
    Type: Grant
    Filed: June 23, 2008
    Date of Patent: June 11, 2013
    Assignee: Panasonic Corporation
    Inventors: Hideki Matsushima, Yuichi Futa, Hisashi Takayama, Takayuki Ito, Tomoyuki Haga, Taichi Sato
  • Publication number: 20130145145
    Abstract: A system and method for increasing security of data is presented. This system uses a remote server to increase the security of locally stored data, even in the presence of physical and software security threats. This method is significantly bolstered when at least a small portion of memory on the local machine used to temporarily store the encryption key is safe from physical and software attacks and can be further bolstered if user-interaction is required upon authentication.
    Type: Application
    Filed: September 27, 2012
    Publication date: June 6, 2013
    Inventor: Bjorn Michael Dittmer-Roche
  • Publication number: 20130145147
    Abstract: A method for protecting content to be distributed to a pool of receiving terminals connected to a content distribution network and each having a specific security level depending on the technical securing means used, the method comprising the following steps: when sending, generating a key for scrambling said content, transforming said scrambling key using a first calculation module 26 arranged at the headend of said content distribution network, scrambling the content using the transformed key, transmitting the scrambled content and the scrambling key to the terminals, and, upon reception of said content and of the scrambling key by a terminal, transforming said scrambling key using a second calculation module arranged in said terminal, descrambling the content with the transformed scrambling key, the method also characterized by the steps consisting of, when sending, applying to said scrambling key, by means of said first calculation module, a function F defined according to the specific security lev
    Type: Application
    Filed: July 19, 2011
    Publication date: June 6, 2013
    Applicant: VIACCESS
    Inventor: Louis Neau
  • Publication number: 20130145146
    Abstract: A method for using a network appliance to efficiently buffer and encrypt data for transmission includes: receiving, by an appliance via a connection, two or more SSL records comprising encrypted messages; decrypting the two or more messages; buffering, by the appliance, the two or more decrypted messages; determining, by the appliance, that a transmittal condition has been satisfied; encrypting, by the appliance in response to the determination, the first decrypted message and a portion of the second decrypted message to produce a third SSL record; and transmitting, by the appliance via a second connection, the third record. Corresponding systems are also described.
    Type: Application
    Filed: December 12, 2012
    Publication date: June 6, 2013
    Inventors: Josephine Suganthi, Tushar Kanekar, Sivaprasad Udupa
  • Patent number: 8458786
    Abstract: Systems, methods and apparatus for tunneling in a cloud based security system. In an aspect, tunnel session data describing authentication and unauthenticated sessions, and location data describing tunnel identifiers for tunnels, locations, and security policies specific to the locations are accessed. Tunnel packets are received, and for each tunnel packet it is determined, from the tunnel identifier associated with the packet, whether a session entry in the session data exists for the tunnel identified by the tunnel identifier. In response to determining that a session entry does not exist in the session data, then a session entry is created for the tunnel identifier, an authentication process to determine a location to be associated with the session entry is performed, and an entry in the location data for the location is associated with the session entry.
    Type: Grant
    Filed: August 13, 2010
    Date of Patent: June 4, 2013
    Assignee: Zscaler, Inc.
    Inventors: Kailash Kailash, Jose Raphel, Srikanth Devarajan
  • Patent number: 8458256
    Abstract: An aggregation system, process, article, and necessary intermediates, illustratively the system includes: a device capable of both networking and executing software programs, the device programmed from memory so that the aggregation apparatus: connects to a plurality of servers via the Internet, and authenticates itself with each of the plurality of servers, and retrieves information from each of the plurality of servers, and parses the information from each of the plurality of servers so as to produce an aggregation of parsed information, and renders the aggregation as output.
    Type: Grant
    Filed: May 3, 2012
    Date of Patent: June 4, 2013
    Inventors: Jared Polis, Payal Goyal, Jeffery D Herman, Samuel C Wu, Eric Wu, Michael C Wilson, Chris Young, Andrew Hyde, Michael D. McMahon, Andrew Hartman, Peter K. Trzyna, David L. Calone, Scott Shaver
  • Patent number: 8458763
    Abstract: A computer-implemented method of enabling security in network resources provisioned as part of a service landscape instance is provided. The method includes initiating an orchestration process for creating a landscape service instance to provide services to a service subscriber over a data communications network. The method further includes deriving from the orchestration process at least one parameter, and generating at least one security configuration profile based upon the at least one parameter for at least one system of the landscape service instance.
    Type: Grant
    Filed: July 1, 2008
    Date of Patent: June 4, 2013
    Assignee: International Business Machines Corporation
    Inventors: Sivaram Gottimukkala, Lap Huynh, Dinakaran Joseph, Michael Law, Linwood Overby, Jr., Wesley Devine, Michael Behrendt, Gerd Breiter
  • Patent number: 8456653
    Abstract: A data processing apparatus includes a storage unit configured to store electronic data including first data for identifying policy data that is information indicating an authority for handling the electronic data and is managed by a server apparatus. The data processing apparatus includes a print job data production unit configured to produce print job data based on electronic data to be printed, an acquisition unit configured to acquire the first data included in the electronic data, an adding unit configured to add the first data acquired by the acquisition unit to the print job data, and a sending unit configured to send the print job data having the first data added thereto to an image processing apparatus.
    Type: Grant
    Filed: November 28, 2006
    Date of Patent: June 4, 2013
    Assignee: Canon Kabushiki Kaisha
    Inventor: Hirotomo Tanaka
  • Patent number: 8458467
    Abstract: Application message payload data elements are transformed within a network infrastructure element such as a packet data router or switch. The network element has application message transformation logic for receiving one or more packets representing an input application message logically associated with OSI network model Layer 5 or above; extracting an application message payload from the input application message; identifying one or more first content elements in the application message payload; transforming the first content elements into one or more second content elements of an output application message; and forwarding the output application message to a destination that is identified in the input application message. Transformations performed in the network element can include field reordering, field enrichment, field filtering, and presentation transformation.
    Type: Grant
    Filed: April 5, 2006
    Date of Patent: June 4, 2013
    Assignee: Cisco Technology, Inc.
    Inventors: Vinod Dashora, Sandeep Kumar
  • Patent number: 8458347
    Abstract: Machine, method for use and method for making, and corresponding products produced thereby, as well as data structures, computer-readable media tangibly embodying program instructions, manufactures, and necessary intermediates of the foregoing, each pertaining to digital aspects of a computerized aggregation system. The system can include a user computer system interposed between a segment of a network allowing communication between the user computer system and at least one server system, and other segments allowing communication between the user computer system and a plurality of third party server systems. The one server system enables the user computer system to access the plurality of other servers. The access permits forming an aggregation of information obtained from the third party server systems.
    Type: Grant
    Filed: March 21, 2011
    Date of Patent: June 4, 2013
    Assignee: Confluence Commons, Inc.
    Inventors: Jared Polis, Payal Goyal, Jeffery D. Herman, Samuel C. Wu, Eric Wu, Michael D. McMahon, Michael C. Wilson, Andrew Hartman, Peter K. Trzyna, David L. Calone, Chris Young, Scott Shaver, Andrew Hyde