Packet Header Designating Cryptographically Protected Data Patents (Class 713/160)
-
Patent number: 8582642Abstract: A system for transmitting a transport stream including a robust stream is provided. The transmitting system includes an adaptor for, when receiving a first stream, making a space in the first stream to insert a second stream; a Reed-Solomon (RS) encoder for RS-encoding the input second stream; a Cyclic Redundancy Check (CRC) processor for converting the RS-encoded second stream to a stream comprising an added CRC bit sequence; and a stuffer for inserting the stream to the space in the first stream and outputting a transport stream. Hence, the robust stream can be efficiently transmitted.Type: GrantFiled: December 15, 2008Date of Patent: November 12, 2013Assignee: Samsung Electronics Co., Ltd.Inventors: Yong-sik Kwon, Hae-joo Jeong, June-hee Lee, Jung-pil Yu, Chan-sub Park, Jung-jin Kim
-
Patent number: 8584228Abstract: Systems and methods provide logic for distributing cryptographic keys in a physical network comprising a plurality of physical nodes. In one implementation, a computer-implemented method is provided for distributing cryptographic keys in a physical network. The method includes receiving information mapping a virtual network address of a virtual node to a physical network address of a physical node. The virtual node may be associated with a virtual network hosted by the physical node, and the received mapping information identifies a virtual network address of the node and the physical network address of the node. The mapping service transmits a current version of a cryptographic key and an identifier of the current version to the physical node.Type: GrantFiled: December 29, 2009Date of Patent: November 12, 2013Assignee: Amazon Technologies, Inc.Inventors: Eric J. Brandwine, Ian R. Searle
-
Patent number: 8577024Abstract: An apparatus generally having a first circuit and a second circuit is disclosed. The first circuit may be configured to (i) divide a plain text into at least three input blocks and (ii) generate at least three scrambled blocks by scrambling the input blocks using a first cipher process. The first cipher process may be configured such that a first of the input blocks does not affect the generation of a last scrambled block. The second circuit may be configured to (i) generate at least three output blocks by de-scrambling the scrambled blocks using a second cipher process and (ii) reconstruct the plain text from the output blocks. The second cipher process may be configured such that a first of the scrambled blocks affects the generation of all of the output blocks.Type: GrantFiled: July 28, 2009Date of Patent: November 5, 2013Assignee: VIXS Systems, IncInventors: Paul D. Ducharme, Weiguo Jao
-
Patent number: 8577022Abstract: To improve encryption technology for a data processing apparatus in order to reduce a possibility of having communication broken by a third party. The data processing apparatus encrypts subject data and renders it as encrypted data to record it on a predetermined recording medium, and decrypts the encrypted data recorded on the recording medium to change it back to the subject data. The encryption is performed in units of plain text cut data generated by cutting the subject data by a predetermined number of bits, where the number of bits of the plain text cut data is varied and dummy data of a size having the number of bits matching with a piece of the plain text cut data of the largest number of bits is mixed with pieces of the plain text cut data other than that of the largest number of bits out of the plain text cut data.Type: GrantFiled: March 7, 2006Date of Patent: November 5, 2013Assignee: NTI, Inc.Inventor: Takatoshi Nakamura
-
Patent number: 8572721Abstract: In a method and system for routing packets between clients, a packet is received from a first client connected to a secure sockets layer virtual private network (an SSL/VPN) network appliance. An identification is made, responsive to an inspection of the received packet, of i) a type of connection required for transmission of the received packet to a destination address identified by the received packet and ii) a second client connected via an SSL/VPN connection to the SSL/VPN network appliance and associated with the identified destination address. A request is made for establishment by the second client of a connection of the identified type within the SSL/VPN connection. The received packet is transmitted to the second client via the established connection of the identified type.Type: GrantFiled: August 3, 2006Date of Patent: October 29, 2013Assignee: Citrix Systems, Inc.Inventors: Arkesh Kumar, James Harris, Ajay Soni
-
Patent number: 8572372Abstract: Users of mobile terminals in a communication network are provided controlled access to files in a file system through the steps of configuring the files as a file body containing a file content and a file header containing content profile information; providing a security identity module and a secure agent; storing in the security identity module user profile information identifying a set of content profiles allowed for access to the file system; extracting, via the secure agent, the content profile information from the headers of the files; retrieving, via the secure agent, the user profile information stored in the security identity module; checking the user profile information and the content profile information; and providing the user with access to those files in the file system for which the user profile information and the content profile information are found to match.Type: GrantFiled: October 18, 2005Date of Patent: October 29, 2013Assignee: Telecom Italia S.p.A.Inventors: Anronio Varriale, Laura Colazzo, Alberto Bianco, Maura Turolla
-
Patent number: 8572369Abstract: Various embodiments, in the form of at least one of systems, methods, and software, are provided that include security solutions for use of collaboration services. Some embodiments include encrypting data to be sent to and stored by a collaboration service. These and other embodiments include capturing, within a computer application used to post data to a collaboration service, data to be sent to the collaboration service, encrypting the captured data, and returning the data in an encrypted form to the computer application for posting to the collaboration service.Type: GrantFiled: December 11, 2009Date of Patent: October 29, 2013Assignee: SAP AGInventors: Markus Schmidt-Karaca, Peter Eberlein
-
Publication number: 20130283044Abstract: A switch equipment and data processing method for supporting link layer security transmission are provided. The switch equipment for supporting link layer security transmission comprises a switch module and multiple port modules, each port module is electrically connected with the switch module respectively; the port module supports a link layer key management capability, and is used for establishing a share key for encrypting and decrypting data frames between the switch equipment and other network nodes.Type: ApplicationFiled: June 17, 2011Publication date: October 24, 2013Applicant: CHINA IWNCOMM Co., LtdInventors: Manxia Tie, Qin Li, Zhiqiang Du
-
Publication number: 20130283045Abstract: There are a terminal device capable of link layer encryption and decryption and a data process method thereof, and the terminal device includes a link layer processing module including a control module, a data frame encryption module, a data frame decryption module, a key management module, an algorithm module, a transmission port and a reception port; and the control module is connected with the transmission port through the data frame encryption module, the reception port is connected with the control module through the data frame decryption module, the control module is connected with the key management module, the data frame encryption module is connected with the data frame decryption module through the key management module, and the data frame encryption module is connected with the data frame decryption module through the algorithm module.Type: ApplicationFiled: June 17, 2011Publication date: October 24, 2013Applicant: China IWNCOMM Co., Ltd.Inventors: Qin Li, Jun Cao, Manxia Tie
-
Patent number: 8566583Abstract: A method of handling IP packets transmitted from a correspondent node to a mobile node via an intermediate node using the IPsec security protocol. The method comprises, at the correspondent node, identifying specified selector information within the part of the packet to be encrypted, and incorporating the identified information or a digest thereof into a header part of the packet which is to be sent unencrypted, transmitting the packet from the correspondent node to said intermediate node, and, at the intermediate node, receiving the transmitted packet and identifying a policy to be applied to the packet using said information or digest contained in the packet, and applying the policy to the packet.Type: GrantFiled: November 30, 2006Date of Patent: October 22, 2013Assignee: Telefonaktiebolaget L M Ericsson (publ)Inventors: Tero Kauppinen, Petri Jokela, Heikki Mahkonen
-
Patent number: 8561199Abstract: A system and method for processing an information unit/packet (IU) in a stream processing system includes decomposing an IU into sub-information units persisted other than in the IU. An index or reference is generated in the IU for retrieving the persisted sub-information units during processing.Type: GrantFiled: January 11, 2007Date of Patent: October 15, 2013Assignee: International Business Machines CorporationInventors: Kay Schwendimann Anderson, Joseph Phillip Bigus, Eric Bouillet, Parijat Dube, Mark David Feblowitz, David Alson George, Nagui Halim
-
Patent number: 8561140Abstract: A method and apparatus for including network security information in a frame is disclosed. Network security information is included in a secure portion of overhead of a frame. The network security information is configured to facilitate network security. A network device configured to process a frame is also disclosed. The frame includes frame security information and network security information. The frame security information is configured to facilitate securing a portion of overhead of the frame, and the network security information is located in the secure portion of the overhead of the frame and is configured to facilitate network security.Type: GrantFiled: May 13, 2010Date of Patent: October 15, 2013Assignee: Cisco Technology, Inc.Inventors: Norman W. Finn, Michael R. Smith
-
Patent number: 8555056Abstract: A method and system for including security information with a packet is disclosed. A packet is detected as it exits a first network and enters a second network. The first network is configured to support a network security technique, and the second network is not configured to support the network security technique. Network security information associated with the network security technique is included with the packet. A network device is configured to include network security information in overhead of a packet. A method for identifying a first network device in a network is also disclosed. Identification information of the first network is communicated to a second network device.Type: GrantFiled: January 24, 2011Date of Patent: October 8, 2013Assignee: Cisco Technology, Inc.Inventors: Michael R. Smith, Padmanabha Nallur, Wilson Kok, Michael Fine
-
Patent number: 8549282Abstract: A method for efficiently decrypting asymmetric SSL pre-master keys is divided into a key agent component that runs in user mode, and an SSL driver running in kernel mode. The key agent can take advantage of multiple threads for decoding keys in a multi-processor environment, while the SSL driver handles the task of symmetric decryption of the SSL encrypted data stream. The method is of advantage in applications such as firewalls with deep packet inspection in which all encrypted data traffic passing through the firewall must be decrypted for inspection.Type: GrantFiled: June 22, 2007Date of Patent: October 1, 2013Assignee: Trend Micro IncorporatedInventors: Dale Sabo, Gerrard Eric Rosenquist
-
Patent number: 8549285Abstract: Methods, apparatus, system and computer program are provided for concealing the identity of a network device transmitting a datagram having a network layer header. A unique local identifier and broadcast address are determined in accordance with a next-hop address. A partially encrypted network layer header is determined by encrypting a plurality of identifying portions of the network layer header, where one portion of the network layer header is the unique local identifier. The datagram is encapsulated with another network layer header whose address is set to the broadcast address. The encapsulated datagram can be received and detunneled, and an address of a recipient can be extracted from the network layer header. The datagram is then admitted into a network domain.Type: GrantFiled: June 14, 2010Date of Patent: October 1, 2013Assignees: Verizon Corporate Services Group Inc., Raytheon BBN Technologies Corp.Inventors: Russell A. Fink, Edward A. Bubnis, Jr., Thomas E. Keller
-
Patent number: 8542593Abstract: In one embodiment of the invention, a system and method for error tolerant delivery of data is provided. A data file is received for transmission which includes metadata and data. The metadata includes mandatory portions and optional portions, which are grouped together, respectively. The mandatory portions of the metadata include file control data. The file is parsed into packets and transmitted as a data stream to a plurality of receiver devices. In some cases this data stream may be transmitted multiple times for redundancy. Once the data stream is received, the receiver device may look for transmission errors in the control data of the data stream. If such an error is present the data stream is discarded; otherwise, the receiver device converts the data stream back into the native file format and stored for later playback or queued processing.Type: GrantFiled: October 20, 2010Date of Patent: September 24, 2013Assignee: Vucast Media, Inc.Inventors: Derek D. Kumar, Gregg Brian Levin
-
Patent number: 8543813Abstract: Computer-implemented methods and apparatus to perform a valid transfer of an electronic mobile ticket on a mobile device by a ticketing application system of a ticket processing center. One method includes: receiving a first electronic message from a first user, where the first message includes an encrypted electronic mobile ticket and a mobile device number of a second user, and where the electronic mobile ticket is encrypted with a key shared between the first user and the ticketing application system; decrypting the encrypted electronic mobile ticket; generating an electronic mobile ticket encrypted with a key shared by the ticketing application system and the second user; and transmitting a second electronic message that includes the electronic mobile ticket encrypted with the key shared between the ticketing application system and the second user to a mobile device of the second user.Type: GrantFiled: September 29, 2010Date of Patent: September 24, 2013Assignee: International Business Machines CorporationInventors: Chen Hua Feng, He Yuan Huang, Xiao Xi Liu, Bin Wang
-
Patent number: 8544080Abstract: An apparatus for establishing a virtual private network with an internet protocol multimedia subsystem (IMS) device that includes a key derivation module, a tunneling protocol module, a tunnel management module, and a security policies module. The apparatus includes a non-volatile memory configured to store a first routing table that maps host addresses and IMS addresses of security devices allowing access to those hosts, such that when an application running in the IMS device requests communication to a host address, the apparatus initiates a session with the IMS address to which the host address is mapped. The session is initiated by a message that includes a body that contains, for each tunneling protocol supported by the tunneling protocol module, data about the local tunnel endpoint (e.g.Type: GrantFiled: June 12, 2008Date of Patent: September 24, 2013Assignee: Telefonaktiebolaget L M Ericsson (publ)Inventor: Jesus Javier Arauz Rosado
-
Patent number: 8542837Abstract: A key selection vector for a revocation list in an HDCP system as well as a mobile device and a method for processing a key selection vector, a digital content output device using a key selection vector and a revocation list for use in an HDCP system comprising a key selection vector are described. It is desired to improve handling of key selection vectors of revocation lists. A structured key selection vector for a revocation list is provided. The key selection vector is structured to contain at least one bit field with a predetermined number of bits and at a predetermined location in the key selection vector. The bit field contains information relating to a group property of a device, which group property allows to process as a group a plurality of key selection vectors storing the same or similar group property information in said at least one bit field.Type: GrantFiled: February 23, 2009Date of Patent: September 24, 2013Assignees: Sony Corporation, Sony Mobile Communications ABInventors: Stefan Andersson, Per Gunnar Tobias Melin
-
Patent number: 8542825Abstract: This specification describes technologies relating to imparting cryptographic information in network communications.Type: GrantFiled: June 10, 2011Date of Patent: September 24, 2013Assignee: Adobe Systems IncorporatedInventors: Asa Whillock, Edward Chan, Srinivas Manapragada, Matthew Kaufman, Pritham Shetty, Michael Thornburgh
-
Patent number: 8544079Abstract: This invention provides a method for providing network security services, such as those provided by the IPSEC protocol, through network address translation (NAT). The method is based on determining the transformations that occur on a packet and compensating for the transformations. Because only TCP and UDP protocols work through NATs, the IPSEC AH/ESP packets are encapsulated into UDP packets for transport. Special operations are performed to allow reliable communications in such environments.Type: GrantFiled: August 24, 2010Date of Patent: September 24, 2013Assignee: Tectia OyjInventors: Tero Kivinen, Tatu Ylonen
-
Patent number: 8539227Abstract: In a digital broadcast receiving apparatus, a receiver receives video packets or audio packets configuring a program of digital broadcast. A selector selects a part of the video packets or the audio packets of each channel received by the receiver. A determination unit determines whether or not decoding of the part of the packets selected by the selector has been completed normally. A decision unit decides requirement for descramble processing of each channel based on the determination result of the determination unit.Type: GrantFiled: January 7, 2009Date of Patent: September 17, 2013Assignee: Funai Electric Co., Ltd.Inventor: Yasuhiro Inui
-
Patent number: 8533457Abstract: The disclosure provides a method and apparatus for transmitting data securely using an unreliable communication protocol, such as User Datagram Protocol. In one variation, the disclosure describes retaining compatibility with conventional Secure Sockets Layer (SSL) and SOCKS protocols, such that secure UDP datagrams can be transmitted between a proxy server and a client computer in a manner analogous to conventional SOCKS processing. Further, the disclosure describes a network arrangement that employs a cache having copies distributed among a plurality of different locations. SSL/TLS session information for a session with each of the proxy servers is stored in the cache so that it is accessible to at least one other proxy server. Using this arrangement, cached SSL/TLS communication session information may be retrieved and used by a second proxy server to accept a session with the client device when the client device switches proxy servers.Type: GrantFiled: January 11, 2011Date of Patent: September 10, 2013Assignee: Aventail LLCInventors: Marc D. VanHeyningen, Rodger D. Erickson
-
Patent number: 8533792Abstract: E-mail based user authentication is described herein. A user can access resources of a service provider by submitting only an e-mail address to which the user has access. The service provider generates an authentication ticket corresponding to the user's login request, and transmits the authentication ticket to the e-mail service provider indicated by the submitted e-mail address. The e-mail service provider processes the authentication ticket, and enables either approval or denial of the authentication ticket, whether by explicit user action or by automated processing.Type: GrantFiled: February 17, 2011Date of Patent: September 10, 2013Assignee: Microsoft CorporationInventor: Fei Chua
-
Patent number: 8533801Abstract: A system for binding a subscription-based computer to an internet service provider (ISP) may include a binding module and a security module residing on the computer. The binding module may identify and authenticate configuration data from peripheral devices that attempt to connect to the computer, encrypt any requests for data from the computer to the ISP, and decrypt responses from the ISP. If the binding module is able to authenticate the configuration data and the response to the request for data from the ISP, then the security module may allow the communication between the computer and the ISP. However, if either the configuration cycle or the response cannot be properly verified, then the security module may degrade operation of the computer.Type: GrantFiled: June 14, 2011Date of Patent: September 10, 2013Assignee: Microsoft CorporationInventors: Todd Carpenter, Shon Schmidt, David J. Sebesta, William J. Westerinen
-
Patent number: 8527750Abstract: Embodiments may include generating a first protected version of content, which may include packetizing the content into multiple packets that each includes content information and non-content information and using initialization vectors to perform chained encryption on multiple blocks of the packetized content. At least some of the initialization vectors are generated dependent upon the non-content information. Embodiments may also include using the encrypted blocks to generate a second protected version of the content without re-encrypting the content. The second protected version of the content may include multiple encrypted content samples each including multiple encrypted blocks from the first protected version of the content. For a given encrypted content sample, different sets of encrypted blocks in that sample may form different encryption chains.Type: GrantFiled: December 29, 2010Date of Patent: September 3, 2013Assignee: Adobe Systems IncorporatedInventor: Viswanathan Swaminathan
-
Publication number: 20130227278Abstract: The disclosed technology generates two relative prime numbers and, then, using the relative prime numbers converts a super-increasing (SI) knapsack into a non-super increasing (NSI) knapsack. The NSI knapsack becomes a public key and the corresponding SI knapsack, along with the two relative prime numbers, becomes a private key. A message is encrypted using a subset S of the private key that totals a number N. The message, the public key and the number N are transmitted to a recipient, who knows the value of the two relative prime numbers. The recipient uses the relative prime numbers to convert the public key into the private key and, then, generates the subset S by solving the private key with respect to the number N. Using the subset, the message is decrypted.Type: ApplicationFiled: April 12, 2013Publication date: August 29, 2013Applicant: International Business Machines CorporationInventor: International Business Machines Corporation
-
Patent number: 8522007Abstract: A dual cryptographic keying system. In particular implementations, a method includes responsive to an initial session key negotiation, storing security association information for a tunnel in a security association memory; responsive to a session key renegotiation, storing security association information for the tunnel in a cache; decrypting received packets associated with the tunnel conditionally using the security association information in the cache or the security association information in the security association memory; and upon an expiration condition, overwriting the security association information, for the tunnel, in the security association memory with the security association information, for the tunnel, copied from the cache.Type: GrantFiled: March 6, 2012Date of Patent: August 27, 2013Assignee: Cisco Technology, Inc.Inventors: Santanu Sinha, Kenneth William Batcher
-
Patent number: 8522034Abstract: Methods and systems are disclosed for providing secure transmissions across a network comprising a transmitting device and a receiving device. At the transmitting device, a stream of watermark bits is generated. Next, a plurality of watermarks is generated, each of the plurality of watermarks comprising an index number and a portion of the stream of watermark bits. The watermarks are inserted into each header of a plurality of outgoing packets. At the receiving device, the plurality of outgoing packets are received and it is determined if a received packet is valid based on the watermark in the header of the received packet. The stream of watermark bits may be generated using a stream cipher such as RC4, a block cipher such as 3DES in CBC mode, or other equivalent pseudo-random stream generating techniques.Type: GrantFiled: August 19, 2011Date of Patent: August 27, 2013Assignee: Google Inc.Inventors: Úlfar Erlingsson, Xavier Boyen, Darrell Anderson, Wayne Gray
-
Patent number: 8522359Abstract: An apparatus and method for automatic update are provided. The method includes storing authentication information for data, including first and second data, receiving the first data from the device, performing an authentication of the first data using the authentication information, and determining whether to receive the data, including the first data and the second data, according to the authentication.Type: GrantFiled: October 18, 2006Date of Patent: August 27, 2013Assignee: Samsung Electronics Co., Ltd.Inventors: Young-suk Kim, Jong-suk Lee
-
Publication number: 20130219175Abstract: A network node for communicating data packets secured with a security protocol over a communications network includes a host information handling system (IHS) and one or more external security offload devices coupled by a secure data link. The host IHS communicates state information about data packets, and the external offload security device provides stateless secure data encapsulation and decapsulation of packets using a security protocol. An external network interface controller or internal network interface controller communicates encapsulated data packets over the communications network to a final destination. Encapsulation and decapsulation of packets by the external security offload device reduces network latency and reduces the computational load on the processor in the host IHS. Maintaining state information in the host IHS allows hot-swapping of external security offload devices without information loss.Type: ApplicationFiled: February 26, 2013Publication date: August 22, 2013Applicant: INTERNATIONAL BUSINESS MACHINES CORPORATIONInventor: INTERNATIONAL BUSINESS MACHINES CORPORATION
-
Publication number: 20130219174Abstract: A plurality of computer nodes communicates using seemingly random IP source and destination addresses and (optionally) a seemingly random discriminator field. Data packets matching criteria defined by a moving window of valid addresses are accepted for further processing, while those that do not meet the criteria are rejected. In addition to “hopping” of IP addresses and discriminator fields, hardware addresses such as Media Access Control addresses can be hopped. The hopped addresses are generated by random number generators having non-repeating sequence lengths that are easily determined a-priori, which can quickly jump ahead in sequence by an arbitrary number of random steps and which have the property that future random numbers are difficult to guess without knowing the random number generator's parameters. Synchronization techniques can be used to re-establish synchronization between sending and receiving nodes.Type: ApplicationFiled: September 14, 2012Publication date: August 22, 2013Applicant: Virnetx, INC.Inventors: Edmund Colby Munger, Vincent J. Sabio, Robert Dunham Short, III, Virgil D. Gligor, Douglas Charles Schmidt
-
Patent number: 8516240Abstract: In order for intermediary WAAS devices to process and accelerate ICA traffic, they must decrypt the ICA traffic in order to examine it. Disclosed is a mechanism by which the ICA traffic may be re-encrypted for transport over the WAN in a manner that does not require explicit configuration by the administrator of the WAAS devices.Type: GrantFiled: October 12, 2011Date of Patent: August 20, 2013Assignee: Cisco Technology, Inc.Inventors: Hui Wang, Michael A. DeMoney, Arindam Paul, Arivu Ramasamy
-
Patent number: 8514851Abstract: The invention consists of an authentication protocol for the Home Agent to authenticate and authorize the Mobile Node's Binding Update message. Two new mobility options compatible with RADIUS AAA are used to exchange a shared secret between the Home Agent and the Mobile Node so the Mobile Node can be authenticated. A Mobile Node-AAA authenticator option is added to the Binding Update message. The Home Agent generates the Mobile Node-AAA authenticator as a shared secret that it communicates as authentication data to the RADIUS AAA server on the home network. The RADIUS AAA server authenticates the communication and generates an Access-Accept message with a Mobile Node-Home Agent authenticator option. After receipt at the Home Agent, a Binding Update message with the Mobile Node-Home Agent authenticator option is transmitted from the Home Agent to the Mobile Node to use as an authenticator.Type: GrantFiled: January 24, 2012Date of Patent: August 20, 2013Assignee: Microsoft CorporationInventors: Mohamed Khalil, Haseeb Akhtar, Kuntal Chowdhury
-
Patent number: 8514926Abstract: Disclosed is a system and method for encryption of a scalable video coding (SVC) bitstream, which is the next-generation coding technology. The encryption method encrypts Network Abstraction Layer (NAL) data identified according to multidimensional scalability for space, time, and quality with respect to a bitstream created after an SVC encoding, thereby providing a multidimensional scalability function for space, time, and quality even after the encryption, so that the scalability is also maintained even in a bitstream extraction process after the encryption. According to such a scalable encryption method, a specific portion of an encrypted bitstream is removed in a bitstream extraction process, and user access to the bitstream is limited based on a combination of keys for accessing a specific scalability. Therefore, it is possible to protect scalable video content and to access the video content based on scalabilities.Type: GrantFiled: November 17, 2006Date of Patent: August 20, 2013Assignees: Samsung Electronics Co., Ltd, Research and Industrial Cooperation GroupInventors: Yong-Man Ro, Yong-Geun Won, Tae-Meon Bae
-
Patent number: 8510551Abstract: A device, receives a unicast packet designating a unicast source and a unicast destination, and determines whether the received unicast packet is a Data Register message. The device extracts information relating to a multicast packet encapsulated within the unicast packet when the unicast packet is a Data Register message, and performs a security policy lookup based on the extracted multicast packet information to identify a security policy associated with the multicast packet. The device determines whether the identified security policy authorizes forwarding of the unicast packet, and establishes a multicast data session when the identified security policy authorizes forwarding of the unicast packet. The device establishes a multicast control session based on the multicast data session, where the multicast control session authorizes transmission of PIM-related control messages associated with the multicast packet.Type: GrantFiled: November 10, 2008Date of Patent: August 13, 2013Assignee: Juniper Networks, Inc.Inventors: Purvi Desai, Kannan Varadhan
-
Patent number: 8509435Abstract: Methods and systems for a transport single key change point for all package identifier channels are disclosed and may include descrambling a received transport stream comprising multiple package identifier (PID) channels with multiple key change points, and synchronizing at least a portion of the multiple key change points to occur at a common time. The transport stream may be conditional access or copy protect scrambled. The timing of the key change points may be synchronized by modifying one or more scrambling control bits for the descrambled received transport stream. At least one PID channel in said descrambled received transport stream may be re-scrambled utilizing one or more of the scrambling control bits, and a portion of the PID channels may bypass the re-scrambling. The re-scrambling may include one or more of CP re-scrambling and CA re-scrambling. Each PID channel may be de-scrambled and/or re-scrambled utilizing a separate key.Type: GrantFiled: May 2, 2007Date of Patent: August 13, 2013Assignee: Broadcom CorporationInventor: Rajesh Mamidwar
-
Patent number: 8503677Abstract: A communication device receives secure communication frames on which a security transform has been performed to permit authentication. The communication device maintains an authentication history and a local time varying parameter. In multi-hop communication, the communication device provisionally verifies the freshness of a received secure communication frame by verifying that identifying information extracted from the frame is not already present in the authentication history and that a received time varying parameter extracted from the frame is not older than the local time varying parameter by more than a certain margin. If these freshness tests both pass, the frame is authenticated. If authentication succeeds, the frame is transmitted on the next hop without performance of a new security transform.Type: GrantFiled: November 18, 2010Date of Patent: August 6, 2013Assignee: Oki Electric Industry Co., Ltd.Inventors: Taketsugu Yao, Kiyoshi Fukui, Jun Nakashima
-
Patent number: 8504825Abstract: A packetized transport stream for protecting viewing content from unauthorized access and methods for manufacturing and using same. The transport stream includes a plurality of content frames, each having a frame header and a frame payload. Each frame header includes information for handling the content frame; whereas, the frame payload includes selected viewing content for which protection from unauthorized access is desirable. By encrypting only the frame payload, the header remains unencrypted and can be applied to prepare the encrypted frame payload for presentation. The viewing content thereby can be stored in an encrypted format and can be decrypted on-the-fly as the viewing content is needed for presentation. The combination of the unencrypted frame header and the encrypted frame payload advantageously enables the viewing content to be protected against unauthorized use, copying, and dissemination without impairing the presentation of the viewing content.Type: GrantFiled: June 27, 2011Date of Patent: August 6, 2013Assignee: Panasonic Avionics CorporationInventors: Philip Watson, Kenshi Taniguchi, Randall Schwarz
-
Publication number: 20130191628Abstract: Techniques are provided for obtaining header information from a packet configured for real-time communications transport over a network. The header information is used to monitor network performance of one or more secure portions of the network. The packet is encrypted using a security protocol and encapsulated using a transport protocol to produce a transport packet for transmission over the network. The transport packet header information is inserted into the transport packet prior to transmission over the network. The header information is used by a downstream network device or network analyzer to determine performance metrics for the network without decrypting the encrypted packet.Type: ApplicationFiled: January 25, 2012Publication date: July 25, 2013Applicant: CISCO TECHNOLOGY, INC.Inventor: Plamen Nedeltchev Nedeltchev
-
Publication number: 20130185554Abstract: One network protocol (RTP) each, having data packets (dp) comprising an expandable header (KE) is provided for a data stream (ds1 . . . n) encoded in a manner individual to said data stream, and the key information (si1 . . . n) formed in a data stream manner individual to said data stream is inserted into an expandable header (RTPH) of a data packet (dp) of the respective data stream (ds1 . . . n) and transmitted. The key information (sp1 . . . n) is selected in a manner individual to said data stream from the expanded headers (KE) of received data packets (dp) of the respective data stream (ds1 . . . n), and the associated encoded data stream (ds1 . . . n) is decoded by means of at least one piece of selected data stream individual key information (si1 . . . n). The forming and inserting of key information (si1 . . .Type: ApplicationFiled: February 21, 2013Publication date: July 18, 2013Applicant: Siemens Enterprise Communications GmbH & Co. KGInventors: Siegfried Hartmann, Jorg Krumbock
-
Publication number: 20130179682Abstract: The disclosed technology generates two relative prime numbers and, then, using the relative prime numbers converts a super-increasing (SI) knapsack into a non-super-increasing (NSI) knapsack. The NSI knapsack becomes a public key and the corresponding SI knapsack, along with the two relative prime numbers, becomes a private key. A message is encrypted using a subset S of the private key that totals a number N. The message, the public key and the number N are transmitted to a recipient, who knows the value of the two relative prime numbers. The recipient uses the relative prime numbers to convert the public key into the private key and, then, generates the subset S by solving the private key with respect to the number N. Using the subset, the message is decrypted.Type: ApplicationFiled: January 6, 2012Publication date: July 11, 2013Applicant: INTERNATIONAL BUSINESS MACHINES CORPORATIONInventors: Arun Ramachandran, Puvichakravarthy Ramachandran, Lakshmanan Velusamy
-
Patent number: 8484476Abstract: A computer-implemented system and method for embedding and authenticating ancillary information in digitally signed content are disclosed. The method and system include loading digital content containing a digitally signed executable into memory for execution, while checking for the integrity of a digital signature and the contents of the executable; and erasing any non-authenticated regions of the digital content by zeroing out or value-filling memory locations corresponding to the non-authenticated regions.Type: GrantFiled: January 29, 2010Date of Patent: July 9, 2013Assignee: Rovi Technologies CorporationInventors: Andres M. Torrubia, Jordi Salvat
-
Patent number: 8484462Abstract: This invention relates to a system and method for providing secure reliable expansion of a mobile network. The system includes one or more portable communications devices (PCDs) which incorporate routing, authentication and encryption capabilities and are adapted to provide a connection between a peripheral device and a base-station either directly or indirectly via other similarly configured PCDs. The PCDs also incorporate tamper-proofing features to provide added security.Type: GrantFiled: November 7, 2008Date of Patent: July 9, 2013Assignee: Lockheed Martin CorporationInventor: Elliott Reitz
-
Patent number: 8478994Abstract: One network protocol (RTP) each, having data packets (dp) comprising an expandable header (KE) is provided for a data stream (ds1 . . . n) encoded in a manner individual to said data stream, and the key information (si1 . . . n) formed in a data stream manner individual to said data stream is inserted into an expandable header (RTPH) of a data packet (dp) of the respective data stream (ds1 . . . n) and transmitted. The key information (sp1 . . . n) is selected in a manner individual to said data stream from the expanded headers (KE) of received data packets (dp) of the respective data stream (ds1 . . . n), and the associated encoded data stream (ds1 . . . n) is decoded by means of at least one piece of selected data stream individual key information (si1 . . . n). The forming and inserting of key information (si1 . . .Type: GrantFiled: July 3, 2008Date of Patent: July 2, 2013Assignee: Siemens Enterprise Communications GmbH & Co. KGInventors: Siegfried Hartmann, Jörg Krumböck
-
Patent number: 8478985Abstract: An improved method, apparatus, and computer instructions for processing outbound traffic passing through a port. This port is for a server and receives a request from a client. The request includes a universal resource identifier to a destination. A determination is made as to whether the request requires encryption using the universal resource identifier in the request. The request is sent through the port to the destination in an encrypted form, in response to a determination that the request requires encryption.Type: GrantFiled: June 12, 2008Date of Patent: July 2, 2013Assignee: International Business Machines CorporationInventors: Alexandre Polozoff, Kulvir Singh Bhogal
-
Patent number: 8479276Abstract: A virtual machine computing platform uses a security virtual machine (SVM) in operational communications with a risk engine which has access to a database including stored patterns corresponding to patterns of filtered operational data that are expected to be generated during operation of the monitored virtual machine when malware is executing. The stored patterns may have been generated during preceding design and training phases. The SVM is operated to (1) receive raw operational data from a virtual machine monitor, the raw operational data obtained from file system operations and network operations of the monitored virtual machine; (2) apply rule-based filtering to the raw operational data to generate filtered operational data; and (3) in conjunction with the risk engine, perform a mathematical (e.g., Bayesian) analysis based on the filtered operational data and the stored patterns in the database to calculate a likelihood that the malware is executing in the monitored virtual machine.Type: GrantFiled: December 29, 2010Date of Patent: July 2, 2013Assignee: EMC CorporationInventors: Alex Vaystikh, Robert Polansky, Samir Dilipkumar Saklikar, Liron Liptz
-
Patent number: 8478997Abstract: A multi-level security software architecture includes various components configured to provide full data separation across multiple processors while limiting the number and size of high assurance components. The architecture includes a domain separator for ensuring that messages exchanged between domains that are distributed on different microprocessors are securely routed between domain members. The domain separator verifies a message label including a domain identifier provided by a domain gateway and cryptographically binds the message label to each message via cryptographic keys. This prevents misrouting messages caused by accidental or malicious corruption of message labels. Additionally, the domain separator can encrypt messages as necessary to enforce data separation on shared network buses. The domain separator is also responsible for managing the cryptographic keys used to label or encrypt messages.Type: GrantFiled: September 10, 2010Date of Patent: July 2, 2013Assignee: Raytheon CompanyInventors: Douglas Edward Lapp, Thomas Robert Woodall
-
Patent number: 8473738Abstract: The mode is intended for application in simplex and duplex channels of arbitrary including low, quality with implementation of tasks for complex protection of information. The unified signal structure of stochastic q-ary (n, k, q, m)-code is used on the basis of any initial binary (n, k)-code with l-interleaving (q=2l) with m-fold repetition of blocks of the code (m=1, 2, . . . , mmax) with identical values of the data portion. Direct randomization of q-ary characters is performed on the transmitting side before transmission to the channel, on the receiving one—reverse randomization of q-ary characters. The code structure being applied represents ensemble of random codes varying for each block and q-ary character and ensuring transmission of any of all possible 2n signals to a data link on binary sequence of length n as result of change in the strategy in the course of fight against random interferences.Type: GrantFiled: October 22, 2007Date of Patent: June 25, 2013Inventor: Stanislav Antonovich Osmolovsky
-
Patent number: 8466775Abstract: An electronic label authenticating method is provided, the method includes: the electronic label receives an accessing authenticating request group sent by a reader-writer, the group carries a first parameter selected by the reader-writer; the electronic label sends a response group of the accessing authenticating to the reader-writer, the response group of the accessing authenticating includes the first parameter and a second parameter selected by the electronic label; the electronic label receives an acknowledgement group of the accessing authenticating feed back by the reader-writer; the electronic label validates the acknowledgement group of the accessing authenticating. An electronic label authenticating system is also provided, the system includes a reader-writer and an electronic label.Type: GrantFiled: July 24, 2009Date of Patent: June 18, 2013Assignee: China Iwncomm Co., Ltd.Inventors: Liaojun Pang, Manxia Tie, Xiaolong Lai, Zhenhai Huang