Having Particular Address Related Cryptography Patents (Class 713/162)
  • Publication number: 20020007455
    Abstract: An approach for providing retrieval of information over a packet switched network is disclosed. A client is configured to transmit a request message for information over the packet switched network. A stateless-server is configured to communicate with the client and to forward a portion of the information to the client in response to the request message, wherein the client transmits a selection message specifying whether the remaining portion of the information should be retrieved from the server. The server selectively forwards the remaining portion of the information to the client. The above approach has particular applicability to a communication system providing directory assistance services.
    Type: Application
    Filed: April 17, 2001
    Publication date: January 17, 2002
    Inventors: Shawn E. Wiederin, Richard G. Moore, Duraisamy Gunasekar, Gregory Mumford, Lonnie S. Clabaugh, Jon Abel, Kolin G. Hogue
  • Publication number: 20020002687
    Abstract: The invention relates notably to a method for enabling a user registered in an Network Access Server as already connected to a Virtual Private Network to communicate with at least a communication device not belonging to the Virtual Private Network. The Network Access Server enables access over a data communication network to the communication device as well as to a plurality of Virtual Private Networks.
    Type: Application
    Filed: June 27, 2001
    Publication date: January 3, 2002
    Applicant: ALCATEL
    Inventors: Dominique Chantrain, Stephane Focant, Christian Hublet, Christiaan Sierens, Yves T'Joens
  • Publication number: 20010051926
    Abstract: A method for safely encrypting transmission data is disclosed. The method can be used in a personal digital assistant (PDA) or a mobile phone handset for connecting to a network to download data. An access device serves to be connected to a network, and a series number is used as encrypting key. Thus, the data acquired from a network is encrypted. For the users to download data, the download data is only used through the access device of the user, other users can not use the data. Therefore, the objects of paying fees by users and encrypting transferring data are achieved.
    Type: Application
    Filed: May 29, 2001
    Publication date: December 13, 2001
    Applicant: TelePaq Technology Inc.
    Inventor: Ching-Feng Wang
  • Publication number: 20010042201
    Abstract: The object of the invention is to provide an apparatus, system and method for the security communication, wherein it is possible to determine the level of the security communication per user who performs the data transmission, it is easy to change the connection parameter for the security communication, and it is possible to determine automatically the level of the scurrility communication with the connected end.
    Type: Application
    Filed: April 5, 2001
    Publication date: November 15, 2001
    Inventors: Masashi Yamaguchi, Yutaka Tanaka, Hiroki Yamauchi, Yusaku Ota
  • Publication number: 20010039615
    Abstract: A broker application server for facilitating communication between one or more senders and one or more receivers over a digital packet network. Each receiver receives data in a preferred format. Information identifying the preferred data format of each receiver is stored in a database in the broker application server. The broker application server receives digital packets addressed to a receiver. It extracts data and address information from the packet and optionally decrypts the data. It examines the data to identify the data format. If the data is in the preferred format of the addressed receiver, the broker application server optionally encrypts the data, formats it into a packet, and transmits it to the appropriate receiver.
    Type: Application
    Filed: April 15, 1997
    Publication date: November 8, 2001
    Applicant: AT &T CORP.
    Inventors: DUANE OLIVER BOWKER, GERHARD BUHLER, CHRISTOS ALKIVIADIS POLYZOIS, BETHANY SCOTT ROBINSON
  • Patent number: 6308218
    Abstract: An address look-up mechanism in a multi-port bridge for controlling use of a memory as a look-up table for appropriately filtering and directing packets. The look-up table includes learned look-up tables, permanent look-up tables and linked lists. As a data packet originating from a node (source node) is received by a corresponding one of the ports (source port) of the multi-port bridge, a look-up cycle and then a learning cycle are each performed. During the learning cycle, an identification of the source port for the packet is stored in the learned look-up tables in association with a hashed node address of the source node. Each existing entry is examined to ensure that the appropriate port identification is stored and to determine whether two or more nodes share a same hashed node address. If two nodes have the same hashed node address, then a linked entry in the linked lists is formed.
    Type: Grant
    Filed: June 9, 1998
    Date of Patent: October 23, 2001
    Assignees: Sony Corporation, Sony Electronics, Inc.
    Inventor: Suresh Vasa
  • Patent number: 6304968
    Abstract: A method and a device for allocating an authentication device to a base station, with the base station delivering a search signal which is received by the authentication device and is compared with a previously stored reference signal assigned to a base station. If the search signal matches a reference signal, the authentication device sends a response signal. If they do not match, the authentication device checks whether the search signal matches another previously stored reference signal allocated to another base station.
    Type: Grant
    Filed: January 26, 1999
    Date of Patent: October 16, 2001
    Assignee: Robert Bosch GmbH
    Inventors: Heidrun Hacker, Stephan Schmitz
  • Patent number: 6304659
    Abstract: In a method of receiving packets of data addressed to one or more receivers each having an individual identifier, wherein the data is included in a digital signal having destination addresses successively encrypted from a sequence of control words and receiver identifiers, and control messages containing the control words in encrypted form, address flags and control flags. The method processes the control messages to construct receiver addresses from the control words and the receiver identifier; directs the receiver addresses to update a receiver address register selected by the associated control flag in response to the transmitted control flags; directs each destination address to be compared with the receiver address to one of the address registers selected by the associated address flag in response to the address flags and; accepts each packet of data having a destination address matching the receiver address to which it was compared.
    Type: Grant
    Filed: September 2, 1998
    Date of Patent: October 16, 2001
    Assignee: Tandberg Television ASA
    Inventors: Martin Gold, Paul Austin Merry, Nigel Stephen Dallard, Anthony Mountifield
  • Patent number: 6295604
    Abstract: A cryptographic packet processing unit performing cryptographic operations on a data portion of a data packet based on control information included in a header of the data packet. The cryptographic packet processing unit comprises a cryptographic bus interface unit, a crypto-processing unit, and a control storage unit. The cryptographic bus interface unit is capable of (i) receiving the data packet and (ii) removing the control information from the data portion. Coupled to the cryptographic bus interface unit, the crypto-processing unit is capable of performing a cryptographic operation on the data portion under the control of the control storage unit, which contains the control information.
    Type: Grant
    Filed: May 26, 1998
    Date of Patent: September 25, 2001
    Assignee: Intel Corporation
    Inventor: Roy Callum
  • Publication number: 20010023482
    Abstract: A security protocol entity (20) is provided that includes a mechanism for enabling a first party (11) to communicate securely with a second party (60) through an access-controlling intermediate party (13) by nesting within a first security session (64) established with the intermediate party (13) a second security session (65) with the second party (60). The protocol data units, PDUs, associated with the second security session (65) are encapsulated in PDUs associated with the first security session (64) when sent out by the first party, the intermediate party extracting the encapsulated PDUs for sending on to the second party (possibly with a change to the destination address included in the PDU to be sent on). Each PDU includes a message type field explicitly indicating to the intermediate party (13) if a received PDU encapsulates another PDU intended to be sent on.
    Type: Application
    Filed: December 7, 2000
    Publication date: September 20, 2001
    Applicant: HEWLETT-PACKARD COMPANY
    Inventor: Michael Wray
  • Publication number: 20010014945
    Abstract: Existing network systems based upon the client/server principle require on the server side the provision of open connection endpoints. The large number of server processes implies a large number of open connection endpoints. Each open connection endpoint is also a potential target for an ill-minded attacker. The present invention minimizes the risk of a break-in into a network with security critical data.
    Type: Application
    Filed: December 19, 2000
    Publication date: August 16, 2001
    Inventor: Hans-Joachim Muschenborn
  • Publication number: 20010014156
    Abstract: In an ID-NIKS using an electronic mail address as the identification information (ID information) of each entity, when generating a common key at each entity, if the electronic mail address of the communicating party does not contain a domain name, the common key is generated after adding the same domain name as the domain name in the electronic mail address of the entity to the electronic mail address of the communicating party.
    Type: Application
    Filed: January 22, 2001
    Publication date: August 16, 2001
    Applicant: MURATA KIKAI KABUSHIKI KAISHA and Masao KASAHARA
    Inventor: Yasuyuki Murakami
  • Patent number: 6263435
    Abstract: A logical tree structure and method for managing membership in a multicast group provides scalability and security from internal attacks. The structure defines key groups and subgroups, with each subgroup having a subgroup manager. Dual encryption allows the sender of the multicast data to manage distribution of a first set of encryption keys whereas the individual subgroup managers manage the distribution of a second set of encryption keys. The two key sets allow the sender to delegate much of the group management responsibilities without compromising security because a key from each set is required to access the multicast data. Security is further maintained via a method in which subgroup managers can be either member subgroup managers or participant subgroup managers. Access to both keys is provided to member subgroup managers whereas access to only one key is provided to participant subgroup managers.
    Type: Grant
    Filed: September 22, 1999
    Date of Patent: July 17, 2001
    Assignee: Matsushita Electric Industrial Co., Ltd.
    Inventors: Lakshminath R. Dondeti, Sarit Mukherjee, Ashok Samal
  • Patent number: 6253321
    Abstract: A data processing system implements a security protocol based on processing data in packets. The data processing system comprises processing packets for storing filter code and processing data packets according to stored filter code, and a policy managing function for generating filter code and communicating generated filter code for packet processing. The packet processing function is arranged to examine, whether the stored filter code is applicable for processing a certain packet. If the stored filter code is not applicable for the processing of a packet, the packet is communicated to the policy managing function, which generates filter code applicable for the processing of the packet and communicates the generated filter code for packet processing.
    Type: Grant
    Filed: June 19, 1998
    Date of Patent: June 26, 2001
    Assignee: SSH Communications Security Ltd.
    Inventors: Pekka Nikander, Tatu Ylonen
  • Publication number: 20010003202
    Abstract: The present invention relates to a system that enables the nearly real-time transmission of messages originated and received from/by heterogeneous communication networks. The purpose of instant messaging is to transmit high priority messages in (nearly) real-time between clients (man and machine). Unified messaging merges analog and digital transmitted messages such as facsimile, voice mail, e-mail, WWW and the cell phone short message service (GSM/SMS) to unified instant messages. A Unified Instant Messaging System (UIMS) consists of four major components: distributed gateways, message brokers, message processors and a client directory database. Messages of arbitrary form can be translated into Unified Instant Messages (UIM) by Instant Message Gateways (IMGateways). Instant Message Brokers (IMBrokers) control the message flow and further message processing. IMBrokers also ensure message authenticity and security.
    Type: Application
    Filed: November 30, 2000
    Publication date: June 7, 2001
    Inventors: Niels Mache, Erno Kovacs
  • Patent number: 6240188
    Abstract: A group key management system and method for providing secure many-to-many communication is presented. The system employs a binary distribution tree structure. The binary tree includes a first internal node having a first branch and a second branch depending therefrom. Each of the branches includes a first member assigned to a corresponding leaf node. The first member has a unique binary ID that is associated with the corresponding leaf node to which the first member is assigned. A first secret key of the first member is operable for encrypting data to be sent to other members. The first member is associated with a key association group that is comprised of other members. The other members have blinded keys. A blinded key derived from the first secret key of the first member is transmitted to the key association group. Wherein, the first member uses the blinded keys received from the key association group and the first secret key to calculate an unblinded key of the first internal node.
    Type: Grant
    Filed: November 11, 1999
    Date of Patent: May 29, 2001
    Assignee: Matsushita Electric Industrial Co., Ltd.
    Inventors: Lakshminath R. Dondeti, Sarit Mukherjee, Ashok Samal
  • Patent number: 6240514
    Abstract: A packet processing and packet transfer scheme capable of reducing the packet processing overhead by eliminating a need to decrypt and re-encrypt the entire packet at a time of relaying encrypted packets. In a packet processing device for relaying encrypted packets, a packet transferred to the packet processing device is received, where the packet has a packet processing key to be used in a prescribed packet processing with respect to a data portion of the packet, and the packet processing key is encrypted by using a first master key shared between a last device that applied a cipher communication related processing to the packet and the packet processing device.
    Type: Grant
    Filed: October 20, 1997
    Date of Patent: May 29, 2001
    Assignee: Kabushiki Kaisha Toshiba
    Inventors: Atsushi Inoue, Masahiro Ishiyama, Atsushi Fukumoto, Yoshiyuki Tsuda, Atsushi Shimbo, Toshio Okamoto
  • Patent number: 6237093
    Abstract: A procedure for setting up a secure service connection in a communication system which includes a first telecommunication network, a first terminal device connected to the first telecommunication network, a second telecommunication network, a second terminal device connected to the second telecommunication network, and a telecommunication server. The first terminal device is connected via a first telecommunication connection to the telecommunication server and the second terminal device is connected to the telecommunication server via a second telecommunication connection. The unique identifying address of the first terminal device and the data needed to verify that the first terminal device is permitted access to the services of the telecommunication server are transmitted to the telecommunication server via the second terminal device and second telecommunication connection, and the data sent by the second terminal device are verified at the telecommunication server.
    Type: Grant
    Filed: December 29, 1999
    Date of Patent: May 22, 2001
    Assignee: Sonera Oyj
    Inventor: Harri Vatanen
  • Patent number: 6226385
    Abstract: In an encryption communication system, an encrypt key ID of an encrypt apparatus appearing on a communication path between terminals is acquired by using a key seek packet, and an encrypt key ID is automatically learned based upon a key seek response packet for notifying the acquired encrypt key ID. As a result, communication data between the terminals are encrypted/decrypted, transparently relayed, and discarded by the respective encrypt apparatuses. Even when a communication network is made large and complex, the network for the encrypt communication can be readily managed.
    Type: Grant
    Filed: May 19, 1998
    Date of Patent: May 1, 2001
    Assignees: Mitsubishi Denki Kabushiki Kaisha, Nippon Telegraph & Telephone Corp.
    Inventors: Takuya Taguchi, Toru Inada, Yasuhisa Tokiniwa, Akira Watanabe, Tetsuo Ideguchi, Shigeaki Tanimoto, Hikoyuki Nakajima, Shin-Ichi Kato
  • Patent number: 6202159
    Abstract: A vault controller in an electronic business system includes a dispatcher for servicing browser requests initiated by a user for conducting business with an enterprise or organization using a vault process. The dispatcher further responds to a secure depositor receiving requests from other vault processes running in the controller. The request is in the form a URL containing an application domain/local context and application name. The request is detected and processed by event creator which forms an event object definitive of the request in the URL. An event handler parses the event object and enters a vault system application registry to locate the application in a shared memory. The location of the application is passed to a server pool, which assign a processing thread to handle the request. The thread engages a context manager which decrypts and imports application domain, application function and local context information from external storage to process the request.
    Type: Grant
    Filed: June 30, 1999
    Date of Patent: March 13, 2001
    Assignee: International Business Machines Corporation
    Inventors: Hatem Ghafir, Dieter Poetzschke
  • Patent number: 6195751
    Abstract: A system for secure multicast including a plurality of participants that can send and receive multicast messages. A traffic distribution component is coupled to the participating entities, where the traffic distribution component supports multiple receiver communication. A participant key management component operates within each participant entity where the participant key management component uses a first key that is shared with all of the other participants, and a second key that is shared with a subgroup of participants. A group key management component is implemented using a flat data structure having a size that is logarithmically proportional to the number of participants.
    Type: Grant
    Filed: April 24, 1998
    Date of Patent: February 27, 2001
    Assignee: Sun Microsystems, Inc.
    Inventors: Germano Caronni, Marcel Waldvogel
  • Patent number: 6189101
    Abstract: A secure network architecture method and apparatus that provides security at all levels of the network. The system and method of the present invention provides communications profiles for all network resources that uniquely identify the individual network resources and provide for absolute object identity. Communications over the network are managed at all levels by the network resources themselves by virtue of individual communications profiles that are policed by arbitrators and network resources alike.
    Type: Grant
    Filed: October 24, 1997
    Date of Patent: February 13, 2001
    Inventor: Richard G. Dusenbury, Jr.
  • Patent number: 6185308
    Abstract: A key recovery information distribution device is provided between a recoverer device and a key recovery device, recovers a data key for the recoverer device, and reduces the load of the recoverer device. Data is encrypted using the data key and stored with key recovery information. The recoverer device which decrypts the encrypted data distributes the key recovery information to key recovery devices through the key recovery information distribution device to recover key information. A recoverer is authenticated directly between the key recovery device and the recoverer device, and then the key information is transmitted to the recoverer device, and the recoverer device recovers the data key.
    Type: Grant
    Filed: March 26, 1998
    Date of Patent: February 6, 2001
    Assignees: Fujitsu Limited, NEC Corporation, Hitachi, Ltd.
    Inventors: Hiroyuki Ando, Ichir{overscore (o)}u M{overscore (o)}rita, Yasutsugu Kuroda, Naoya Torii, Masashi Yamazaki, Hiroshi Miyauchi, Kazue Sako, Seiichi Domyo, Hiroyoshi Tsuchiya, Seiko Kanno
  • Patent number: 6169805
    Abstract: Secure communication may be conducted between two or more parties over a network, e.g the Internet without prior security arrangements among the parties or agreed to encryption/decryption software. A sending party is connected to a data network through a computer and has access to a communications network, e.g. a public switched telephone network. The sender prepares a file designated, e.g. “X” containing confidential information for secure transmission over the Internet or the like to one or more receivers. In one embodiment, the sender downloads encryption/decryption or “crypto” software stored at a location on the Internet e.g. location “U” in a Uniform Resource Locator (URL). The “crypto” software is written in executable code or an interpretive language such as JAVA. The sender selects a key “K” and encrypts the plain text file “X” into cipher text.
    Type: Grant
    Filed: February 28, 1997
    Date of Patent: January 2, 2001
    Assignee: International Business Machines Corporation
    Inventors: James M. Dunn, Alan G. Ganek, Edith H. Stern, Barry E. Willner
  • Patent number: 6158004
    Abstract: A security system for an information storage medium is so structured that only file data including secret individual information is encrypted by an encryptor/decryptor circuit. Known file management data is written in a memory device in plain text. This encrypting device prevents any third person from reading the secret information without unnecessary encryption of non-secret data to realize an enhanced security function.
    Type: Grant
    Filed: November 25, 1997
    Date of Patent: December 5, 2000
    Assignee: Mitsubishi Denki Kabushiki Kaisha
    Inventors: Colin Mason, Takayuki Shinohara
  • Patent number: 6154839
    Abstract: One embodiment of the present invention includes a system that translates addresses in a data packet based upon a user identifier in the data packet. The system receives the data packet sent from a source node to a destination node by a user. This data packet includes a source address of the source node, a destination address of the destination node and the user identifier that identifies the user. The system uses the user identifier to look up communication privileges associated with the user. If the communication privileges allow the user to communicate with the destination node, the system replaces the source address in the data packet with a privileged address, and forwards the data packet to the destination node. In a variation on this embodiment, the privileged address is recognized by a system firewall so that it facilitates passage of the packet through firewall.
    Type: Grant
    Filed: April 23, 1998
    Date of Patent: November 28, 2000
    Assignee: VPNet Technologies, Inc.
    Inventors: Leslie J. Arrow, Henk J. Bots, Mark R. Hoke, William E. Hunt, Bruce T. Huntley
  • Patent number: 6151679
    Abstract: A network security device 10 is connected between a protected client 12 and a network 100. The network security device 10 negotiates a session key with any other protected client. Then, all communications between the two clients are encrypted. The inventive device is self-configuring and locks itself to the IP address of its client 12. Thus, the client 12 cannot change its IP address once set and therefore cannot emulate the IP address of another client. When a packet is transmitted from the protected host, the security device 10 translates the MAC address of the client to its own MAC address before transmitting the packet into the network. Packets addressed to the host, contain the MAC address of the security device. The security device 10 translates its MAC address to the client's 12 MAC address before transmitting the packet to the client 12.
    Type: Grant
    Filed: January 21, 1998
    Date of Patent: November 21, 2000
    Assignee: Fortress Technologies Inc. of Florida
    Inventors: Aharon Friedman, Ben Zion Levy
  • Patent number: 6141749
    Abstract: The invention provides improved computer network firewalls which include one or more features for increased processing efficiency. A firewall in accordance with the invention can support multiple security policies, multiple users or both, by applying any one of several distinct sets of access rules. The firewall can also be configured to utilize "stateful" packet filtering which involves caching rule processing results for one or more packets, and then utilizing the cached results to bypass rule processing for subsequent similar packets. To facilitate passage to a user, by a firewall, of a separate later transmission which is properly in response to an original transmission, a dependency mask can be set based on session data items such as source host address, destination host address, and type of service. The mask can be used to query a cache of active sessions being processed by the firewall, such that a rule can be selected based on the number of sessions that satisfy the query.
    Type: Grant
    Filed: September 12, 1997
    Date of Patent: October 31, 2000
    Assignee: Lucent Technologies Inc.
    Inventors: Michael John Coss, David L. Majette, Ronald L. Sharp
  • Patent number: 6131160
    Abstract: A method and apparatus for an adapter card, for use in a computer, to provide conditional access by the computer to incoming data streams while maintaining the security of information by maintaining a listing of addresses corresponding to data streams which the computer is authorized to receive, receiving and determining the address of a frame, determining whether the frame address matches an address maintained in an Access Table, and processing and transmitting only those frames of data streams which the computer is authorized to receive.
    Type: Grant
    Filed: April 9, 1999
    Date of Patent: October 10, 2000
    Assignee: Hughes Electronics Corporation
    Inventors: Douglas M. Dillon, Robert D. Cassagnol
  • Patent number: 6092191
    Abstract: A packet authentication and packet encryption/decryption scheme for a security gateway suitable for a hierarchically organized network system and a mobile computing environment. For the packet authentication, in addition to the end-to-end authentication at the destination side packet processing device, the link-by-link authentication at each intermediate packet processing device in the packet transfer route is used. The link-to-link authentication data being inspected by intermediate nodes and end-to-end data (different from link-to-link data) being inspected by destination node but not being inspected by intermediate nodes.
    Type: Grant
    Filed: November 29, 1996
    Date of Patent: July 18, 2000
    Assignee: Kabushiki Kaisha Toshiba
    Inventors: Atsushi Shimbo, Atsushi Inoue, Masahiro Ishiyama, Toshio Okamoto
  • Patent number: 6067620
    Abstract: A secured network interface unit (SNIU) for providing multi-level security on a network having a plurality of secured and unsecured users including: network interface means for communicating on the network; identifying the source and destination of a message intercepted on the network; determining the security levels of each of the plurality of users; a trusted computing base for determining whether the message, if transmitted to the destination user, will violate security parameters; and, cryptographically encrypting messages sent to, and decrypting messages received from another SNIU affiliated with the destination user.
    Type: Grant
    Filed: May 28, 1998
    Date of Patent: May 23, 2000
    Inventors: James M. Holden, Stephen E. Levin, James O. Nickel, Edwin H. Wrench
  • Patent number: 6041408
    Abstract: A key distribution method and system are disclosed in which a sender and receivers share a common key information for performing a secure broadcast communication. By use of a center side apparatus, a center generates key information of a receiver in association with a subset inclusive of two or more elements of a proper finite set S1 on the basis of a space determined by a subset inclusive of two or more elements of another finite set S2. A sender side apparatus, a sender makes the multi-address transmission of key distribution data W inclusive of data generated corresponding to each element of the finite set S1 and data generated corresponding to a set of plural receivers through a communication network. By use of a receiver side apparatus, a receiver generates common key information between the sender and the receiver from the key distribution data W and the key information of the receiver.
    Type: Grant
    Filed: June 25, 1997
    Date of Patent: March 21, 2000
    Assignee: Hitachi, Ltd.
    Inventors: Mototsugu Nishioka, Hisashi Umeki, Susumu Matsui
  • Patent number: 5995627
    Abstract: The present invention relates to a security device for section processor which can execute an information security function of high speed data in an super highway information network in real time by implementing an information security algorithm by hardware in the section processor. According to the present invention, related hardware can be easily implemented by simply imbedding an encoder and a decoder in the section processor of the super highway information network. Thus, a section processor having information security functions can be easily implemented in one integrated circuit. Also, the security device for section processor in accordance with the present invention is superior to other device in terms of an information security function itself, economicity, efficiency, and power consumption efficiency.
    Type: Grant
    Filed: November 4, 1997
    Date of Patent: November 30, 1999
    Assignee: Electronics and Telecommunications Research Institute
    Inventor: Chung Wook Suh