Packet Header Designating Cryptographically Protected Data Patents (Class 713/160)
  • Patent number: 8582642
    Abstract: A system for transmitting a transport stream including a robust stream is provided. The transmitting system includes an adaptor for, when receiving a first stream, making a space in the first stream to insert a second stream; a Reed-Solomon (RS) encoder for RS-encoding the input second stream; a Cyclic Redundancy Check (CRC) processor for converting the RS-encoded second stream to a stream comprising an added CRC bit sequence; and a stuffer for inserting the stream to the space in the first stream and outputting a transport stream. Hence, the robust stream can be efficiently transmitted.
    Type: Grant
    Filed: December 15, 2008
    Date of Patent: November 12, 2013
    Assignee: Samsung Electronics Co., Ltd.
    Inventors: Yong-sik Kwon, Hae-joo Jeong, June-hee Lee, Jung-pil Yu, Chan-sub Park, Jung-jin Kim
  • Patent number: 8584228
    Abstract: Systems and methods provide logic for distributing cryptographic keys in a physical network comprising a plurality of physical nodes. In one implementation, a computer-implemented method is provided for distributing cryptographic keys in a physical network. The method includes receiving information mapping a virtual network address of a virtual node to a physical network address of a physical node. The virtual node may be associated with a virtual network hosted by the physical node, and the received mapping information identifies a virtual network address of the node and the physical network address of the node. The mapping service transmits a current version of a cryptographic key and an identifier of the current version to the physical node.
    Type: Grant
    Filed: December 29, 2009
    Date of Patent: November 12, 2013
    Assignee: Amazon Technologies, Inc.
    Inventors: Eric J. Brandwine, Ian R. Searle
  • Patent number: 8577024
    Abstract: An apparatus generally having a first circuit and a second circuit is disclosed. The first circuit may be configured to (i) divide a plain text into at least three input blocks and (ii) generate at least three scrambled blocks by scrambling the input blocks using a first cipher process. The first cipher process may be configured such that a first of the input blocks does not affect the generation of a last scrambled block. The second circuit may be configured to (i) generate at least three output blocks by de-scrambling the scrambled blocks using a second cipher process and (ii) reconstruct the plain text from the output blocks. The second cipher process may be configured such that a first of the scrambled blocks affects the generation of all of the output blocks.
    Type: Grant
    Filed: July 28, 2009
    Date of Patent: November 5, 2013
    Assignee: VIXS Systems, Inc
    Inventors: Paul D. Ducharme, Weiguo Jao
  • Patent number: 8577022
    Abstract: To improve encryption technology for a data processing apparatus in order to reduce a possibility of having communication broken by a third party. The data processing apparatus encrypts subject data and renders it as encrypted data to record it on a predetermined recording medium, and decrypts the encrypted data recorded on the recording medium to change it back to the subject data. The encryption is performed in units of plain text cut data generated by cutting the subject data by a predetermined number of bits, where the number of bits of the plain text cut data is varied and dummy data of a size having the number of bits matching with a piece of the plain text cut data of the largest number of bits is mixed with pieces of the plain text cut data other than that of the largest number of bits out of the plain text cut data.
    Type: Grant
    Filed: March 7, 2006
    Date of Patent: November 5, 2013
    Assignee: NTI, Inc.
    Inventor: Takatoshi Nakamura
  • Patent number: 8572721
    Abstract: In a method and system for routing packets between clients, a packet is received from a first client connected to a secure sockets layer virtual private network (an SSL/VPN) network appliance. An identification is made, responsive to an inspection of the received packet, of i) a type of connection required for transmission of the received packet to a destination address identified by the received packet and ii) a second client connected via an SSL/VPN connection to the SSL/VPN network appliance and associated with the identified destination address. A request is made for establishment by the second client of a connection of the identified type within the SSL/VPN connection. The received packet is transmitted to the second client via the established connection of the identified type.
    Type: Grant
    Filed: August 3, 2006
    Date of Patent: October 29, 2013
    Assignee: Citrix Systems, Inc.
    Inventors: Arkesh Kumar, James Harris, Ajay Soni
  • Patent number: 8572372
    Abstract: Users of mobile terminals in a communication network are provided controlled access to files in a file system through the steps of configuring the files as a file body containing a file content and a file header containing content profile information; providing a security identity module and a secure agent; storing in the security identity module user profile information identifying a set of content profiles allowed for access to the file system; extracting, via the secure agent, the content profile information from the headers of the files; retrieving, via the secure agent, the user profile information stored in the security identity module; checking the user profile information and the content profile information; and providing the user with access to those files in the file system for which the user profile information and the content profile information are found to match.
    Type: Grant
    Filed: October 18, 2005
    Date of Patent: October 29, 2013
    Assignee: Telecom Italia S.p.A.
    Inventors: Anronio Varriale, Laura Colazzo, Alberto Bianco, Maura Turolla
  • Patent number: 8572369
    Abstract: Various embodiments, in the form of at least one of systems, methods, and software, are provided that include security solutions for use of collaboration services. Some embodiments include encrypting data to be sent to and stored by a collaboration service. These and other embodiments include capturing, within a computer application used to post data to a collaboration service, data to be sent to the collaboration service, encrypting the captured data, and returning the data in an encrypted form to the computer application for posting to the collaboration service.
    Type: Grant
    Filed: December 11, 2009
    Date of Patent: October 29, 2013
    Assignee: SAP AG
    Inventors: Markus Schmidt-Karaca, Peter Eberlein
  • Publication number: 20130283044
    Abstract: A switch equipment and data processing method for supporting link layer security transmission are provided. The switch equipment for supporting link layer security transmission comprises a switch module and multiple port modules, each port module is electrically connected with the switch module respectively; the port module supports a link layer key management capability, and is used for establishing a share key for encrypting and decrypting data frames between the switch equipment and other network nodes.
    Type: Application
    Filed: June 17, 2011
    Publication date: October 24, 2013
    Applicant: CHINA IWNCOMM Co., Ltd
    Inventors: Manxia Tie, Qin Li, Zhiqiang Du
  • Publication number: 20130283045
    Abstract: There are a terminal device capable of link layer encryption and decryption and a data process method thereof, and the terminal device includes a link layer processing module including a control module, a data frame encryption module, a data frame decryption module, a key management module, an algorithm module, a transmission port and a reception port; and the control module is connected with the transmission port through the data frame encryption module, the reception port is connected with the control module through the data frame decryption module, the control module is connected with the key management module, the data frame encryption module is connected with the data frame decryption module through the key management module, and the data frame encryption module is connected with the data frame decryption module through the algorithm module.
    Type: Application
    Filed: June 17, 2011
    Publication date: October 24, 2013
    Applicant: China IWNCOMM Co., Ltd.
    Inventors: Qin Li, Jun Cao, Manxia Tie
  • Patent number: 8566583
    Abstract: A method of handling IP packets transmitted from a correspondent node to a mobile node via an intermediate node using the IPsec security protocol. The method comprises, at the correspondent node, identifying specified selector information within the part of the packet to be encrypted, and incorporating the identified information or a digest thereof into a header part of the packet which is to be sent unencrypted, transmitting the packet from the correspondent node to said intermediate node, and, at the intermediate node, receiving the transmitted packet and identifying a policy to be applied to the packet using said information or digest contained in the packet, and applying the policy to the packet.
    Type: Grant
    Filed: November 30, 2006
    Date of Patent: October 22, 2013
    Assignee: Telefonaktiebolaget L M Ericsson (publ)
    Inventors: Tero Kauppinen, Petri Jokela, Heikki Mahkonen
  • Patent number: 8561199
    Abstract: A system and method for processing an information unit/packet (IU) in a stream processing system includes decomposing an IU into sub-information units persisted other than in the IU. An index or reference is generated in the IU for retrieving the persisted sub-information units during processing.
    Type: Grant
    Filed: January 11, 2007
    Date of Patent: October 15, 2013
    Assignee: International Business Machines Corporation
    Inventors: Kay Schwendimann Anderson, Joseph Phillip Bigus, Eric Bouillet, Parijat Dube, Mark David Feblowitz, David Alson George, Nagui Halim
  • Patent number: 8561140
    Abstract: A method and apparatus for including network security information in a frame is disclosed. Network security information is included in a secure portion of overhead of a frame. The network security information is configured to facilitate network security. A network device configured to process a frame is also disclosed. The frame includes frame security information and network security information. The frame security information is configured to facilitate securing a portion of overhead of the frame, and the network security information is located in the secure portion of the overhead of the frame and is configured to facilitate network security.
    Type: Grant
    Filed: May 13, 2010
    Date of Patent: October 15, 2013
    Assignee: Cisco Technology, Inc.
    Inventors: Norman W. Finn, Michael R. Smith
  • Patent number: 8555056
    Abstract: A method and system for including security information with a packet is disclosed. A packet is detected as it exits a first network and enters a second network. The first network is configured to support a network security technique, and the second network is not configured to support the network security technique. Network security information associated with the network security technique is included with the packet. A network device is configured to include network security information in overhead of a packet. A method for identifying a first network device in a network is also disclosed. Identification information of the first network is communicated to a second network device.
    Type: Grant
    Filed: January 24, 2011
    Date of Patent: October 8, 2013
    Assignee: Cisco Technology, Inc.
    Inventors: Michael R. Smith, Padmanabha Nallur, Wilson Kok, Michael Fine
  • Patent number: 8549282
    Abstract: A method for efficiently decrypting asymmetric SSL pre-master keys is divided into a key agent component that runs in user mode, and an SSL driver running in kernel mode. The key agent can take advantage of multiple threads for decoding keys in a multi-processor environment, while the SSL driver handles the task of symmetric decryption of the SSL encrypted data stream. The method is of advantage in applications such as firewalls with deep packet inspection in which all encrypted data traffic passing through the firewall must be decrypted for inspection.
    Type: Grant
    Filed: June 22, 2007
    Date of Patent: October 1, 2013
    Assignee: Trend Micro Incorporated
    Inventors: Dale Sabo, Gerrard Eric Rosenquist
  • Patent number: 8549285
    Abstract: Methods, apparatus, system and computer program are provided for concealing the identity of a network device transmitting a datagram having a network layer header. A unique local identifier and broadcast address are determined in accordance with a next-hop address. A partially encrypted network layer header is determined by encrypting a plurality of identifying portions of the network layer header, where one portion of the network layer header is the unique local identifier. The datagram is encapsulated with another network layer header whose address is set to the broadcast address. The encapsulated datagram can be received and detunneled, and an address of a recipient can be extracted from the network layer header. The datagram is then admitted into a network domain.
    Type: Grant
    Filed: June 14, 2010
    Date of Patent: October 1, 2013
    Assignees: Verizon Corporate Services Group Inc., Raytheon BBN Technologies Corp.
    Inventors: Russell A. Fink, Edward A. Bubnis, Jr., Thomas E. Keller
  • Patent number: 8542593
    Abstract: In one embodiment of the invention, a system and method for error tolerant delivery of data is provided. A data file is received for transmission which includes metadata and data. The metadata includes mandatory portions and optional portions, which are grouped together, respectively. The mandatory portions of the metadata include file control data. The file is parsed into packets and transmitted as a data stream to a plurality of receiver devices. In some cases this data stream may be transmitted multiple times for redundancy. Once the data stream is received, the receiver device may look for transmission errors in the control data of the data stream. If such an error is present the data stream is discarded; otherwise, the receiver device converts the data stream back into the native file format and stored for later playback or queued processing.
    Type: Grant
    Filed: October 20, 2010
    Date of Patent: September 24, 2013
    Assignee: Vucast Media, Inc.
    Inventors: Derek D. Kumar, Gregg Brian Levin
  • Patent number: 8543813
    Abstract: Computer-implemented methods and apparatus to perform a valid transfer of an electronic mobile ticket on a mobile device by a ticketing application system of a ticket processing center. One method includes: receiving a first electronic message from a first user, where the first message includes an encrypted electronic mobile ticket and a mobile device number of a second user, and where the electronic mobile ticket is encrypted with a key shared between the first user and the ticketing application system; decrypting the encrypted electronic mobile ticket; generating an electronic mobile ticket encrypted with a key shared by the ticketing application system and the second user; and transmitting a second electronic message that includes the electronic mobile ticket encrypted with the key shared between the ticketing application system and the second user to a mobile device of the second user.
    Type: Grant
    Filed: September 29, 2010
    Date of Patent: September 24, 2013
    Assignee: International Business Machines Corporation
    Inventors: Chen Hua Feng, He Yuan Huang, Xiao Xi Liu, Bin Wang
  • Patent number: 8544080
    Abstract: An apparatus for establishing a virtual private network with an internet protocol multimedia subsystem (IMS) device that includes a key derivation module, a tunneling protocol module, a tunnel management module, and a security policies module. The apparatus includes a non-volatile memory configured to store a first routing table that maps host addresses and IMS addresses of security devices allowing access to those hosts, such that when an application running in the IMS device requests communication to a host address, the apparatus initiates a session with the IMS address to which the host address is mapped. The session is initiated by a message that includes a body that contains, for each tunneling protocol supported by the tunneling protocol module, data about the local tunnel endpoint (e.g.
    Type: Grant
    Filed: June 12, 2008
    Date of Patent: September 24, 2013
    Assignee: Telefonaktiebolaget L M Ericsson (publ)
    Inventor: Jesus Javier Arauz Rosado
  • Patent number: 8542837
    Abstract: A key selection vector for a revocation list in an HDCP system as well as a mobile device and a method for processing a key selection vector, a digital content output device using a key selection vector and a revocation list for use in an HDCP system comprising a key selection vector are described. It is desired to improve handling of key selection vectors of revocation lists. A structured key selection vector for a revocation list is provided. The key selection vector is structured to contain at least one bit field with a predetermined number of bits and at a predetermined location in the key selection vector. The bit field contains information relating to a group property of a device, which group property allows to process as a group a plurality of key selection vectors storing the same or similar group property information in said at least one bit field.
    Type: Grant
    Filed: February 23, 2009
    Date of Patent: September 24, 2013
    Assignees: Sony Corporation, Sony Mobile Communications AB
    Inventors: Stefan Andersson, Per Gunnar Tobias Melin
  • Patent number: 8542825
    Abstract: This specification describes technologies relating to imparting cryptographic information in network communications.
    Type: Grant
    Filed: June 10, 2011
    Date of Patent: September 24, 2013
    Assignee: Adobe Systems Incorporated
    Inventors: Asa Whillock, Edward Chan, Srinivas Manapragada, Matthew Kaufman, Pritham Shetty, Michael Thornburgh
  • Patent number: 8544079
    Abstract: This invention provides a method for providing network security services, such as those provided by the IPSEC protocol, through network address translation (NAT). The method is based on determining the transformations that occur on a packet and compensating for the transformations. Because only TCP and UDP protocols work through NATs, the IPSEC AH/ESP packets are encapsulated into UDP packets for transport. Special operations are performed to allow reliable communications in such environments.
    Type: Grant
    Filed: August 24, 2010
    Date of Patent: September 24, 2013
    Assignee: Tectia Oyj
    Inventors: Tero Kivinen, Tatu Ylonen
  • Patent number: 8539227
    Abstract: In a digital broadcast receiving apparatus, a receiver receives video packets or audio packets configuring a program of digital broadcast. A selector selects a part of the video packets or the audio packets of each channel received by the receiver. A determination unit determines whether or not decoding of the part of the packets selected by the selector has been completed normally. A decision unit decides requirement for descramble processing of each channel based on the determination result of the determination unit.
    Type: Grant
    Filed: January 7, 2009
    Date of Patent: September 17, 2013
    Assignee: Funai Electric Co., Ltd.
    Inventor: Yasuhiro Inui
  • Patent number: 8533457
    Abstract: The disclosure provides a method and apparatus for transmitting data securely using an unreliable communication protocol, such as User Datagram Protocol. In one variation, the disclosure describes retaining compatibility with conventional Secure Sockets Layer (SSL) and SOCKS protocols, such that secure UDP datagrams can be transmitted between a proxy server and a client computer in a manner analogous to conventional SOCKS processing. Further, the disclosure describes a network arrangement that employs a cache having copies distributed among a plurality of different locations. SSL/TLS session information for a session with each of the proxy servers is stored in the cache so that it is accessible to at least one other proxy server. Using this arrangement, cached SSL/TLS communication session information may be retrieved and used by a second proxy server to accept a session with the client device when the client device switches proxy servers.
    Type: Grant
    Filed: January 11, 2011
    Date of Patent: September 10, 2013
    Assignee: Aventail LLC
    Inventors: Marc D. VanHeyningen, Rodger D. Erickson
  • Patent number: 8533792
    Abstract: E-mail based user authentication is described herein. A user can access resources of a service provider by submitting only an e-mail address to which the user has access. The service provider generates an authentication ticket corresponding to the user's login request, and transmits the authentication ticket to the e-mail service provider indicated by the submitted e-mail address. The e-mail service provider processes the authentication ticket, and enables either approval or denial of the authentication ticket, whether by explicit user action or by automated processing.
    Type: Grant
    Filed: February 17, 2011
    Date of Patent: September 10, 2013
    Assignee: Microsoft Corporation
    Inventor: Fei Chua
  • Patent number: 8533801
    Abstract: A system for binding a subscription-based computer to an internet service provider (ISP) may include a binding module and a security module residing on the computer. The binding module may identify and authenticate configuration data from peripheral devices that attempt to connect to the computer, encrypt any requests for data from the computer to the ISP, and decrypt responses from the ISP. If the binding module is able to authenticate the configuration data and the response to the request for data from the ISP, then the security module may allow the communication between the computer and the ISP. However, if either the configuration cycle or the response cannot be properly verified, then the security module may degrade operation of the computer.
    Type: Grant
    Filed: June 14, 2011
    Date of Patent: September 10, 2013
    Assignee: Microsoft Corporation
    Inventors: Todd Carpenter, Shon Schmidt, David J. Sebesta, William J. Westerinen
  • Patent number: 8527750
    Abstract: Embodiments may include generating a first protected version of content, which may include packetizing the content into multiple packets that each includes content information and non-content information and using initialization vectors to perform chained encryption on multiple blocks of the packetized content. At least some of the initialization vectors are generated dependent upon the non-content information. Embodiments may also include using the encrypted blocks to generate a second protected version of the content without re-encrypting the content. The second protected version of the content may include multiple encrypted content samples each including multiple encrypted blocks from the first protected version of the content. For a given encrypted content sample, different sets of encrypted blocks in that sample may form different encryption chains.
    Type: Grant
    Filed: December 29, 2010
    Date of Patent: September 3, 2013
    Assignee: Adobe Systems Incorporated
    Inventor: Viswanathan Swaminathan
  • Publication number: 20130227278
    Abstract: The disclosed technology generates two relative prime numbers and, then, using the relative prime numbers converts a super-increasing (SI) knapsack into a non-super increasing (NSI) knapsack. The NSI knapsack becomes a public key and the corresponding SI knapsack, along with the two relative prime numbers, becomes a private key. A message is encrypted using a subset S of the private key that totals a number N. The message, the public key and the number N are transmitted to a recipient, who knows the value of the two relative prime numbers. The recipient uses the relative prime numbers to convert the public key into the private key and, then, generates the subset S by solving the private key with respect to the number N. Using the subset, the message is decrypted.
    Type: Application
    Filed: April 12, 2013
    Publication date: August 29, 2013
    Applicant: International Business Machines Corporation
    Inventor: International Business Machines Corporation
  • Patent number: 8522007
    Abstract: A dual cryptographic keying system. In particular implementations, a method includes responsive to an initial session key negotiation, storing security association information for a tunnel in a security association memory; responsive to a session key renegotiation, storing security association information for the tunnel in a cache; decrypting received packets associated with the tunnel conditionally using the security association information in the cache or the security association information in the security association memory; and upon an expiration condition, overwriting the security association information, for the tunnel, in the security association memory with the security association information, for the tunnel, copied from the cache.
    Type: Grant
    Filed: March 6, 2012
    Date of Patent: August 27, 2013
    Assignee: Cisco Technology, Inc.
    Inventors: Santanu Sinha, Kenneth William Batcher
  • Patent number: 8522034
    Abstract: Methods and systems are disclosed for providing secure transmissions across a network comprising a transmitting device and a receiving device. At the transmitting device, a stream of watermark bits is generated. Next, a plurality of watermarks is generated, each of the plurality of watermarks comprising an index number and a portion of the stream of watermark bits. The watermarks are inserted into each header of a plurality of outgoing packets. At the receiving device, the plurality of outgoing packets are received and it is determined if a received packet is valid based on the watermark in the header of the received packet. The stream of watermark bits may be generated using a stream cipher such as RC4, a block cipher such as 3DES in CBC mode, or other equivalent pseudo-random stream generating techniques.
    Type: Grant
    Filed: August 19, 2011
    Date of Patent: August 27, 2013
    Assignee: Google Inc.
    Inventors: Úlfar Erlingsson, Xavier Boyen, Darrell Anderson, Wayne Gray
  • Patent number: 8522359
    Abstract: An apparatus and method for automatic update are provided. The method includes storing authentication information for data, including first and second data, receiving the first data from the device, performing an authentication of the first data using the authentication information, and determining whether to receive the data, including the first data and the second data, according to the authentication.
    Type: Grant
    Filed: October 18, 2006
    Date of Patent: August 27, 2013
    Assignee: Samsung Electronics Co., Ltd.
    Inventors: Young-suk Kim, Jong-suk Lee
  • Publication number: 20130219175
    Abstract: A network node for communicating data packets secured with a security protocol over a communications network includes a host information handling system (IHS) and one or more external security offload devices coupled by a secure data link. The host IHS communicates state information about data packets, and the external offload security device provides stateless secure data encapsulation and decapsulation of packets using a security protocol. An external network interface controller or internal network interface controller communicates encapsulated data packets over the communications network to a final destination. Encapsulation and decapsulation of packets by the external security offload device reduces network latency and reduces the computational load on the processor in the host IHS. Maintaining state information in the host IHS allows hot-swapping of external security offload devices without information loss.
    Type: Application
    Filed: February 26, 2013
    Publication date: August 22, 2013
    Applicant: INTERNATIONAL BUSINESS MACHINES CORPORATION
    Inventor: INTERNATIONAL BUSINESS MACHINES CORPORATION
  • Publication number: 20130219174
    Abstract: A plurality of computer nodes communicates using seemingly random IP source and destination addresses and (optionally) a seemingly random discriminator field. Data packets matching criteria defined by a moving window of valid addresses are accepted for further processing, while those that do not meet the criteria are rejected. In addition to “hopping” of IP addresses and discriminator fields, hardware addresses such as Media Access Control addresses can be hopped. The hopped addresses are generated by random number generators having non-repeating sequence lengths that are easily determined a-priori, which can quickly jump ahead in sequence by an arbitrary number of random steps and which have the property that future random numbers are difficult to guess without knowing the random number generator's parameters. Synchronization techniques can be used to re-establish synchronization between sending and receiving nodes.
    Type: Application
    Filed: September 14, 2012
    Publication date: August 22, 2013
    Applicant: Virnetx, INC.
    Inventors: Edmund Colby Munger, Vincent J. Sabio, Robert Dunham Short, III, Virgil D. Gligor, Douglas Charles Schmidt
  • Patent number: 8516240
    Abstract: In order for intermediary WAAS devices to process and accelerate ICA traffic, they must decrypt the ICA traffic in order to examine it. Disclosed is a mechanism by which the ICA traffic may be re-encrypted for transport over the WAN in a manner that does not require explicit configuration by the administrator of the WAAS devices.
    Type: Grant
    Filed: October 12, 2011
    Date of Patent: August 20, 2013
    Assignee: Cisco Technology, Inc.
    Inventors: Hui Wang, Michael A. DeMoney, Arindam Paul, Arivu Ramasamy
  • Patent number: 8514851
    Abstract: The invention consists of an authentication protocol for the Home Agent to authenticate and authorize the Mobile Node's Binding Update message. Two new mobility options compatible with RADIUS AAA are used to exchange a shared secret between the Home Agent and the Mobile Node so the Mobile Node can be authenticated. A Mobile Node-AAA authenticator option is added to the Binding Update message. The Home Agent generates the Mobile Node-AAA authenticator as a shared secret that it communicates as authentication data to the RADIUS AAA server on the home network. The RADIUS AAA server authenticates the communication and generates an Access-Accept message with a Mobile Node-Home Agent authenticator option. After receipt at the Home Agent, a Binding Update message with the Mobile Node-Home Agent authenticator option is transmitted from the Home Agent to the Mobile Node to use as an authenticator.
    Type: Grant
    Filed: January 24, 2012
    Date of Patent: August 20, 2013
    Assignee: Microsoft Corporation
    Inventors: Mohamed Khalil, Haseeb Akhtar, Kuntal Chowdhury
  • Patent number: 8514926
    Abstract: Disclosed is a system and method for encryption of a scalable video coding (SVC) bitstream, which is the next-generation coding technology. The encryption method encrypts Network Abstraction Layer (NAL) data identified according to multidimensional scalability for space, time, and quality with respect to a bitstream created after an SVC encoding, thereby providing a multidimensional scalability function for space, time, and quality even after the encryption, so that the scalability is also maintained even in a bitstream extraction process after the encryption. According to such a scalable encryption method, a specific portion of an encrypted bitstream is removed in a bitstream extraction process, and user access to the bitstream is limited based on a combination of keys for accessing a specific scalability. Therefore, it is possible to protect scalable video content and to access the video content based on scalabilities.
    Type: Grant
    Filed: November 17, 2006
    Date of Patent: August 20, 2013
    Assignees: Samsung Electronics Co., Ltd, Research and Industrial Cooperation Group
    Inventors: Yong-Man Ro, Yong-Geun Won, Tae-Meon Bae
  • Patent number: 8510551
    Abstract: A device, receives a unicast packet designating a unicast source and a unicast destination, and determines whether the received unicast packet is a Data Register message. The device extracts information relating to a multicast packet encapsulated within the unicast packet when the unicast packet is a Data Register message, and performs a security policy lookup based on the extracted multicast packet information to identify a security policy associated with the multicast packet. The device determines whether the identified security policy authorizes forwarding of the unicast packet, and establishes a multicast data session when the identified security policy authorizes forwarding of the unicast packet. The device establishes a multicast control session based on the multicast data session, where the multicast control session authorizes transmission of PIM-related control messages associated with the multicast packet.
    Type: Grant
    Filed: November 10, 2008
    Date of Patent: August 13, 2013
    Assignee: Juniper Networks, Inc.
    Inventors: Purvi Desai, Kannan Varadhan
  • Patent number: 8509435
    Abstract: Methods and systems for a transport single key change point for all package identifier channels are disclosed and may include descrambling a received transport stream comprising multiple package identifier (PID) channels with multiple key change points, and synchronizing at least a portion of the multiple key change points to occur at a common time. The transport stream may be conditional access or copy protect scrambled. The timing of the key change points may be synchronized by modifying one or more scrambling control bits for the descrambled received transport stream. At least one PID channel in said descrambled received transport stream may be re-scrambled utilizing one or more of the scrambling control bits, and a portion of the PID channels may bypass the re-scrambling. The re-scrambling may include one or more of CP re-scrambling and CA re-scrambling. Each PID channel may be de-scrambled and/or re-scrambled utilizing a separate key.
    Type: Grant
    Filed: May 2, 2007
    Date of Patent: August 13, 2013
    Assignee: Broadcom Corporation
    Inventor: Rajesh Mamidwar
  • Patent number: 8503677
    Abstract: A communication device receives secure communication frames on which a security transform has been performed to permit authentication. The communication device maintains an authentication history and a local time varying parameter. In multi-hop communication, the communication device provisionally verifies the freshness of a received secure communication frame by verifying that identifying information extracted from the frame is not already present in the authentication history and that a received time varying parameter extracted from the frame is not older than the local time varying parameter by more than a certain margin. If these freshness tests both pass, the frame is authenticated. If authentication succeeds, the frame is transmitted on the next hop without performance of a new security transform.
    Type: Grant
    Filed: November 18, 2010
    Date of Patent: August 6, 2013
    Assignee: Oki Electric Industry Co., Ltd.
    Inventors: Taketsugu Yao, Kiyoshi Fukui, Jun Nakashima
  • Patent number: 8504825
    Abstract: A packetized transport stream for protecting viewing content from unauthorized access and methods for manufacturing and using same. The transport stream includes a plurality of content frames, each having a frame header and a frame payload. Each frame header includes information for handling the content frame; whereas, the frame payload includes selected viewing content for which protection from unauthorized access is desirable. By encrypting only the frame payload, the header remains unencrypted and can be applied to prepare the encrypted frame payload for presentation. The viewing content thereby can be stored in an encrypted format and can be decrypted on-the-fly as the viewing content is needed for presentation. The combination of the unencrypted frame header and the encrypted frame payload advantageously enables the viewing content to be protected against unauthorized use, copying, and dissemination without impairing the presentation of the viewing content.
    Type: Grant
    Filed: June 27, 2011
    Date of Patent: August 6, 2013
    Assignee: Panasonic Avionics Corporation
    Inventors: Philip Watson, Kenshi Taniguchi, Randall Schwarz
  • Publication number: 20130191628
    Abstract: Techniques are provided for obtaining header information from a packet configured for real-time communications transport over a network. The header information is used to monitor network performance of one or more secure portions of the network. The packet is encrypted using a security protocol and encapsulated using a transport protocol to produce a transport packet for transmission over the network. The transport packet header information is inserted into the transport packet prior to transmission over the network. The header information is used by a downstream network device or network analyzer to determine performance metrics for the network without decrypting the encrypted packet.
    Type: Application
    Filed: January 25, 2012
    Publication date: July 25, 2013
    Applicant: CISCO TECHNOLOGY, INC.
    Inventor: Plamen Nedeltchev Nedeltchev
  • Publication number: 20130185554
    Abstract: One network protocol (RTP) each, having data packets (dp) comprising an expandable header (KE) is provided for a data stream (ds1 . . . n) encoded in a manner individual to said data stream, and the key information (si1 . . . n) formed in a data stream manner individual to said data stream is inserted into an expandable header (RTPH) of a data packet (dp) of the respective data stream (ds1 . . . n) and transmitted. The key information (sp1 . . . n) is selected in a manner individual to said data stream from the expanded headers (KE) of received data packets (dp) of the respective data stream (ds1 . . . n), and the associated encoded data stream (ds1 . . . n) is decoded by means of at least one piece of selected data stream individual key information (si1 . . . n). The forming and inserting of key information (si1 . . .
    Type: Application
    Filed: February 21, 2013
    Publication date: July 18, 2013
    Applicant: Siemens Enterprise Communications GmbH & Co. KG
    Inventors: Siegfried Hartmann, Jorg Krumbock
  • Publication number: 20130179682
    Abstract: The disclosed technology generates two relative prime numbers and, then, using the relative prime numbers converts a super-increasing (SI) knapsack into a non-super-increasing (NSI) knapsack. The NSI knapsack becomes a public key and the corresponding SI knapsack, along with the two relative prime numbers, becomes a private key. A message is encrypted using a subset S of the private key that totals a number N. The message, the public key and the number N are transmitted to a recipient, who knows the value of the two relative prime numbers. The recipient uses the relative prime numbers to convert the public key into the private key and, then, generates the subset S by solving the private key with respect to the number N. Using the subset, the message is decrypted.
    Type: Application
    Filed: January 6, 2012
    Publication date: July 11, 2013
    Applicant: INTERNATIONAL BUSINESS MACHINES CORPORATION
    Inventors: Arun Ramachandran, Puvichakravarthy Ramachandran, Lakshmanan Velusamy
  • Patent number: 8484476
    Abstract: A computer-implemented system and method for embedding and authenticating ancillary information in digitally signed content are disclosed. The method and system include loading digital content containing a digitally signed executable into memory for execution, while checking for the integrity of a digital signature and the contents of the executable; and erasing any non-authenticated regions of the digital content by zeroing out or value-filling memory locations corresponding to the non-authenticated regions.
    Type: Grant
    Filed: January 29, 2010
    Date of Patent: July 9, 2013
    Assignee: Rovi Technologies Corporation
    Inventors: Andres M. Torrubia, Jordi Salvat
  • Patent number: 8484462
    Abstract: This invention relates to a system and method for providing secure reliable expansion of a mobile network. The system includes one or more portable communications devices (PCDs) which incorporate routing, authentication and encryption capabilities and are adapted to provide a connection between a peripheral device and a base-station either directly or indirectly via other similarly configured PCDs. The PCDs also incorporate tamper-proofing features to provide added security.
    Type: Grant
    Filed: November 7, 2008
    Date of Patent: July 9, 2013
    Assignee: Lockheed Martin Corporation
    Inventor: Elliott Reitz
  • Patent number: 8478994
    Abstract: One network protocol (RTP) each, having data packets (dp) comprising an expandable header (KE) is provided for a data stream (ds1 . . . n) encoded in a manner individual to said data stream, and the key information (si1 . . . n) formed in a data stream manner individual to said data stream is inserted into an expandable header (RTPH) of a data packet (dp) of the respective data stream (ds1 . . . n) and transmitted. The key information (sp1 . . . n) is selected in a manner individual to said data stream from the expanded headers (KE) of received data packets (dp) of the respective data stream (ds1 . . . n), and the associated encoded data stream (ds1 . . . n) is decoded by means of at least one piece of selected data stream individual key information (si1 . . . n). The forming and inserting of key information (si1 . . .
    Type: Grant
    Filed: July 3, 2008
    Date of Patent: July 2, 2013
    Assignee: Siemens Enterprise Communications GmbH & Co. KG
    Inventors: Siegfried Hartmann, Jörg Krumböck
  • Patent number: 8478985
    Abstract: An improved method, apparatus, and computer instructions for processing outbound traffic passing through a port. This port is for a server and receives a request from a client. The request includes a universal resource identifier to a destination. A determination is made as to whether the request requires encryption using the universal resource identifier in the request. The request is sent through the port to the destination in an encrypted form, in response to a determination that the request requires encryption.
    Type: Grant
    Filed: June 12, 2008
    Date of Patent: July 2, 2013
    Assignee: International Business Machines Corporation
    Inventors: Alexandre Polozoff, Kulvir Singh Bhogal
  • Patent number: 8479276
    Abstract: A virtual machine computing platform uses a security virtual machine (SVM) in operational communications with a risk engine which has access to a database including stored patterns corresponding to patterns of filtered operational data that are expected to be generated during operation of the monitored virtual machine when malware is executing. The stored patterns may have been generated during preceding design and training phases. The SVM is operated to (1) receive raw operational data from a virtual machine monitor, the raw operational data obtained from file system operations and network operations of the monitored virtual machine; (2) apply rule-based filtering to the raw operational data to generate filtered operational data; and (3) in conjunction with the risk engine, perform a mathematical (e.g., Bayesian) analysis based on the filtered operational data and the stored patterns in the database to calculate a likelihood that the malware is executing in the monitored virtual machine.
    Type: Grant
    Filed: December 29, 2010
    Date of Patent: July 2, 2013
    Assignee: EMC Corporation
    Inventors: Alex Vaystikh, Robert Polansky, Samir Dilipkumar Saklikar, Liron Liptz
  • Patent number: 8478997
    Abstract: A multi-level security software architecture includes various components configured to provide full data separation across multiple processors while limiting the number and size of high assurance components. The architecture includes a domain separator for ensuring that messages exchanged between domains that are distributed on different microprocessors are securely routed between domain members. The domain separator verifies a message label including a domain identifier provided by a domain gateway and cryptographically binds the message label to each message via cryptographic keys. This prevents misrouting messages caused by accidental or malicious corruption of message labels. Additionally, the domain separator can encrypt messages as necessary to enforce data separation on shared network buses. The domain separator is also responsible for managing the cryptographic keys used to label or encrypt messages.
    Type: Grant
    Filed: September 10, 2010
    Date of Patent: July 2, 2013
    Assignee: Raytheon Company
    Inventors: Douglas Edward Lapp, Thomas Robert Woodall
  • Patent number: 8473738
    Abstract: The mode is intended for application in simplex and duplex channels of arbitrary including low, quality with implementation of tasks for complex protection of information. The unified signal structure of stochastic q-ary (n, k, q, m)-code is used on the basis of any initial binary (n, k)-code with l-interleaving (q=2l) with m-fold repetition of blocks of the code (m=1, 2, . . . , mmax) with identical values of the data portion. Direct randomization of q-ary characters is performed on the transmitting side before transmission to the channel, on the receiving one—reverse randomization of q-ary characters. The code structure being applied represents ensemble of random codes varying for each block and q-ary character and ensuring transmission of any of all possible 2n signals to a data link on binary sequence of length n as result of change in the strategy in the course of fight against random interferences.
    Type: Grant
    Filed: October 22, 2007
    Date of Patent: June 25, 2013
    Inventor: Stanislav Antonovich Osmolovsky
  • Patent number: 8466775
    Abstract: An electronic label authenticating method is provided, the method includes: the electronic label receives an accessing authenticating request group sent by a reader-writer, the group carries a first parameter selected by the reader-writer; the electronic label sends a response group of the accessing authenticating to the reader-writer, the response group of the accessing authenticating includes the first parameter and a second parameter selected by the electronic label; the electronic label receives an acknowledgement group of the accessing authenticating feed back by the reader-writer; the electronic label validates the acknowledgement group of the accessing authenticating. An electronic label authenticating system is also provided, the system includes a reader-writer and an electronic label.
    Type: Grant
    Filed: July 24, 2009
    Date of Patent: June 18, 2013
    Assignee: China Iwncomm Co., Ltd.
    Inventors: Liaojun Pang, Manxia Tie, Xiaolong Lai, Zhenhai Huang