Proxy Server Or Gateway Patents (Class 726/12)
  • Patent number: 9015469
    Abstract: A proxy server in a cloud-based proxy service receives a secure session request from a client device for a secure session. The secure session request is received at the proxy server as a result of a Domain Name System (DNS) request for a domain resolving to the proxy server. The proxy server participates in a secure session negotiation with the client device including transmitting a digital certificate to the client device that is bound to domain and multiple other domains. The proxy server receives an encrypted request from the client device for an action to be performed on a resource that is hosted at an origin server corresponding to the domain. The proxy server decrypts the request and participates in a secure session negotiation with the origin server including receiving a digital certificate from the origin server. The proxy server encrypts the decrypted request using the digital certificate from the origin server and transmits the encrypted request to the origin server.
    Type: Grant
    Filed: July 28, 2011
    Date of Patent: April 21, 2015
    Assignee: CloudFlare, Inc.
    Inventors: Matthew Browning Prince, Lee Hahn Holloway, Srikanth N. Rao, Ian Gerald Pye
  • Patent number: 9015823
    Abstract: Some embodiments provide a method for configuring a logical firewall in a hosting system that includes a set of nodes. The logical firewall is part of a logical network that includes a set of logical forwarding elements. The method receives a configuration for the firewall that specifies packet processing rules for the firewall. The method identifies several of the nodes on which to implement the logical forwarding elements. The method distributes the firewall configuration for implementation on the identified nodes. At a node, the firewall of some embodiments receives a packet, from a managed switching element within the node, through a software port between the managed switching element and the distributed firewall application. The firewall determines whether to allow the packet based on the received configuration. When the packet is allowed, the firewall the packet back to the managed switching element through the software port.
    Type: Grant
    Filed: November 15, 2012
    Date of Patent: April 21, 2015
    Assignee: Nicira, Inc.
    Inventors: Teemu Koponen, Ronghua Zhang, Pankaj Thakkar, Martin Casado
  • Publication number: 20150106910
    Abstract: A method and apparatus for enabling peer networks to reduce the exchange of unwanted traffic are disclosed. For example, the method receives at least one of: a source Internet Protocol (IP) address or a source IP address prefix that has been identified as a source of the unwanted traffic, by an originating peer network from a terminating peer network. The method then blocks the unwanted traffic destined to the terminating peer network by the originating peer network.
    Type: Application
    Filed: December 19, 2014
    Publication date: April 16, 2015
    Inventor: BALACHANDER KRISHNAMURTHY
  • Publication number: 20150106911
    Abstract: A processing device receives an unauthenticated provisioning request from a hardware resource. Responsive to determining that the hardware resource satisfies one or more provisioning criteria, the processing device forwards the provisioning request to a server residing behind a firewall, receives provisioning data from the server, removes sensitive information from the provisioning data to create modified provisioning data, and forwards the modified provisioning data to the hardware resource.
    Type: Application
    Filed: December 22, 2014
    Publication date: April 16, 2015
    Inventors: Amos Benari, Ohad Levy
  • Publication number: 20150106909
    Abstract: Techniques for configuring and managing remote security devices are disclosed. In some embodiments, configuring and managing remote security devices includes receiving a registration request for a remote security device at a device for configuring and managing a plurality of remote security devices; verifying the registration request to determine that the remote security device is an authorized remote security device for an external network; and sending a response identifying one or more security gateways to the remote security device, in which the remote security device is automatically configured to connect to each of the one or more security gateways using a distinct Layer 3 protocol tunnel (e.g., a virtual private network (VPN)).
    Type: Application
    Filed: September 24, 2014
    Publication date: April 16, 2015
    Inventors: Yueh-Zen Chen, Wilson Xu, Monty Sher Gill
  • Patent number: 9009461
    Abstract: A HTTP request addressed to a first resource on a second device outside the network is received from a first device within the network. The HTTP request is redirected to a third device within the network. A first encrypted connection is established between the first device and the third device, and a second encrypted connection between the third device and the second device. The third device retrieves the first resource from the second device. The first resource is modified to change pointers within the first resource to point to location in a domain associated with the third device within the network. The third device serves, to the first device, the second resource.
    Type: Grant
    Filed: August 14, 2013
    Date of Patent: April 14, 2015
    Assignee: iboss, Inc.
    Inventor: Paul Michael Martini
  • Patent number: 9009832
    Abstract: According to one embodiment, a computing device is coupled to a set of web application layer attack detectors (ADs), which are coupled between HTTP clients and web application servers. The computing device automatically learns a new condition shared by a plurality of alert packages reported by the set of ADs due to a triggering of one or more rules that is indicative of a web application layer attack. The computing device automatically generates a new set of attribute values by analyzing the plurality of alert packages to identify the condition shared by the plurality of alert packages, and transmits the new set of attribute values for delivery to the set of ADs for a different rule to be used to protect against the web application layer attack from the HTTP clients or any other HTTP client.
    Type: Grant
    Filed: July 22, 2013
    Date of Patent: April 14, 2015
    Assignee: Imperva, Inc.
    Inventors: Tal Arieh Be'ery, Shelly Hershkovitz, Nitzan Niv, Amichai Shulman
  • Patent number: 9009810
    Abstract: An approach is provided for providing reactive authorization for accessing a semantic network resource. An access application of a resource owner entity detects an authorization proxy entity acting between at least a semantic network resource and a requesting entity that requests access to the semantic network resource. The access application determines to cause, at least in part, actions that result in transmission of a query for whether to accept the requesting entity to an owner entity of the semantic network resource.
    Type: Grant
    Filed: May 28, 2010
    Date of Patent: April 14, 2015
    Assignee: Nokia Corporation
    Inventors: Nikolai Grigoriev, Sylvain Fortin, Halli Thorkelsson
  • Patent number: 9009459
    Abstract: A computer-implemented method for neutralizing file-format-specific exploits contained within electronic communications may include (1) identifying an electronic communication, (2) identifying at least one file contained within the electronic communication, and then (3) neutralizing any file-format-specific exploits contained within the file. In one example, neutralizing any file-format-specific exploits contained within the file may include applying at least one file-format-conversion operation to the file. Additionally or alternatively, neutralizing any file-format-specific exploits contained within the file may include constructing a sterile version of the file that selectively omits at least a portion of any exploitable content contained within the file. Various other methods, systems, and computer-readable media are also disclosed.
    Type: Grant
    Filed: March 12, 2012
    Date of Patent: April 14, 2015
    Assignee: Symantec Corporation
    Inventors: Carey Nachenberg, Fanglu Guo, Susanta Nanda, Sandeep Bhatkar, Darren Shou, Marc Dacier
  • Publication number: 20150101009
    Abstract: For allowing a simple and reliable differentiation of UEs behind a GW from an AF side a method for providing access of an User End device (UE) to a service provided by an Application Function (AF) within a network structure is claimed, wherein the UE is authenticated by a Gateway (GW) to which the UE is attached and which provides access to the AF via a Broadband Access Network (BB Access Network).
    Type: Application
    Filed: March 1, 2012
    Publication date: April 9, 2015
    Applicant: NEC EUROPE LTD.
    Inventors: Hans-Joerg Kolbe, Mischa Schmidt, Martin Stiemerling
  • Patent number: 9003036
    Abstract: The instant application describes a method for enabling manipulation of a HTTP header of content that is being downloaded through a datapower to include content-length information. The method includes steps of receiving, from a mobile device and at a mobile service provider network, a request for downloading content over a wireless network; forwarding the request to a datapower, which acquires the content from a server and removes content-length information from the content; enabling the datapower to recreate the content-length information of the downloaded content and repopulate the HTTP header of downloaded content with the content-length information; and sending the downloaded content to the mobile device.
    Type: Grant
    Filed: October 22, 2010
    Date of Patent: April 7, 2015
    Assignee: Cellco Partnership
    Inventor: Vijayanarayana Gopal Mudalegundi
  • Patent number: 9003509
    Abstract: A method and system for improving the security and control of internet/network web application processes, such as web applications. The invention enables validation of requests from web clients before the request reaches a web application server. Incoming web client requests are compared to an application model that may include an allowed navigation path within an underlying web application. Requests inconsistent with the application model are blocked before reaching the application server. The invention may also verify that application state data sent to application servers has not been inappropriately modified. Furthermore, the invention enables application models to be automatically generated by employing, for example, a web crawler to probe target applications. Once a preliminary application model is generated it can be operated in a training mode. An administrator may tune the application model by adding a request that was incorrectly marked as non-compliant to the application model.
    Type: Grant
    Filed: December 10, 2008
    Date of Patent: April 7, 2015
    Assignee: F5 Networks, Inc.
    Inventor: David Movshovitz
  • Patent number: 9003498
    Abstract: A method and apparatus for routing Application Programming Interface (API) calls from a partner entity to a telephony service provider (TSP) network are provided herein. In some embodiments, a method for routing API calls may include receiving a first message including an API call and a partner API key used to authenticate the partner entity on the TSP network to access a partner API layer disposed on the TSP network, extracting the partner API key from the first message, performing an authentication process to authenticate an identity of the partner entity using at least the extracted partner API key, and routing the first message based on results of the authentication process. In some embodiments, the first message is routed to the partner API layer disposed on the TSP network when the identity of the partner entity is authenticated.
    Type: Grant
    Filed: June 26, 2013
    Date of Patent: April 7, 2015
    Assignee: Vonage Network LLC
    Inventors: Mabrouk Aboughanaima, Chakrapani Gorrepati, Deepak Ottur, John Erickson
  • Patent number: 9003191
    Abstract: An intermediary system facilitates a connection request from a client to a server. The intermediary system may participate in either or both of a token creation phase and a server connection phase. If participating in the token creation phase, the intermediary system generates a token that may later be used by the client during a server connection phase. The token includes a session identifier and is returned to the client. If participating in the server connection phase, the intermediary receives the token, which is sent from the client in conjunction with a connection request, extracts the session identifier from the token, and compares against the session identifier for the session in which the token was created. If the session identifiers match, then the intermediary connects to the server to complete the connection request for the client.
    Type: Grant
    Filed: August 8, 2014
    Date of Patent: April 7, 2015
    Assignee: Microsoft Technology Licensing, LLC
    Inventor: Dimitrios Soulios
  • Patent number: 9003188
    Abstract: When the terminal device attempts to use a special content, which has an attribute including information distinguishing the special content from regular contents and is stored in the recording medium device, the recording medium device refers to the revocation information indicating terminal devices restricted from using the special content. When the recording medium device determines the terminal device as a terminal device to be restricted from using the special content based on the terminal identifying information of the terminal device, the usage information output unit of the recording medium device does not transmit the necessary information for using the special content to the terminal device.
    Type: Grant
    Filed: August 29, 2012
    Date of Patent: April 7, 2015
    Assignee: Panasonic Corporation
    Inventors: Takahiro Yamaguchi, Yuichi Futa, Toshihisa Nakano
  • Patent number: 8997232
    Abstract: According to one embodiment, a computing device is coupled to a set of web application layer attack detectors (AD), which are coupled between HTTP clients and web application servers. The computing device learns a new set of attribute values for a set of attribute identifiers for each of a sequence of rules through an iterative process having a plurality of iterations. The iterative process begins with an attack specific rule, and the sequence of rules includes an attacker specific rule and another attack specific rule. Each iteration includes receiving a current alert package from one of the ADs sent responsive to a set of packets carrying a web application layer request meeting a condition of a current rule used by the AD, automatically generating a new set of attribute values based upon the current alert package, and transmitting the new set of attribute values to the set of ADs.
    Type: Grant
    Filed: July 22, 2013
    Date of Patent: March 31, 2015
    Assignee: Imperva, Inc.
    Inventors: Tal Arieh Be'ery, Shelly Hershkovitz, Nitzan Niv, Amichai Shulman
  • Patent number: 8997201
    Abstract: In one embodiment, a method includes initiating integrity monitoring at a network device, continuously monitoring the network device to detect changes at the network device over a period of time, and transmitting information collected during said integrity monitoring to a security device for use in determining if the network device is allowed access to a trusted network. An apparatus and logic are also disclosed.
    Type: Grant
    Filed: May 14, 2012
    Date of Patent: March 31, 2015
    Assignee: Cisco Technology, Inc.
    Inventor: Brian Wotring
  • Patent number: 8997196
    Abstract: Systems, methods and apparatus for accessing at least one resource hosted by at least one server of a cloud service provider. In some embodiments, a client computer sends authentication information associated with a user of the client computer and a statement of health regarding the client computer to an access control gateway deployed in an enterprise's managed network. The access control gateway authenticates the user and determines whether the user is authorized to access the at least one resource hosted in the cloud. If the user authentication and authorization succeeds, the access control gateway requests a security token from a security token service trusted by an access control component in the cloud and forwards the security token to the client computer. The client computer sends the security token to the access component in the cloud to access the at least one resource from the at least one server.
    Type: Grant
    Filed: June 14, 2010
    Date of Patent: March 31, 2015
    Assignee: Microsoft Corporation
    Inventors: Asaf Kariv, Oleg Ananiev, Eli Tovbeyn, Daniel Kershaw, Eugene (John) Neystadt
  • Patent number: 8997202
    Abstract: A system for securely transferring information from an industrial control system network, including, within the secure domain, one or more remote terminal units coupled by a first network, one or more client computers coupled by a second network, and a send server coupled to the first and second networks. The send server acts as a proxy for communications between the client computers and the remote terminals and transmits first information from such communications on an output. The send server also transmits a poll request to a remote terminal unit via the first network and transmits second information received in response to the poll on the output. The system also includes, outside the secure domain, a receive server having an input coupled to the output of the send server via a one-way data link. The receive server receives and stores the first and second information provided via the input.
    Type: Grant
    Filed: December 6, 2012
    Date of Patent: March 31, 2015
    Assignee: Owl Computing Technologies, Inc.
    Inventors: John Curry, Ronald Mraz
  • Patent number: 8996618
    Abstract: A method for facilitating a sequenced, anonymous communications session in a communications environment is provided in one example that includes receiving, from a first endpoint, an anonymous, sequenced request for a communication session involving a second endpoint. The communication session is sequenced to occur at designated periods provided by the end user(s) and/or an administrator, while maintaining end user(s) anonymity.
    Type: Grant
    Filed: November 23, 2013
    Date of Patent: March 31, 2015
    Assignee: Match.com, L.L.C.
    Inventor: Michael G. Bustamente
  • Publication number: 20150089577
    Abstract: A managed container may be configured to manage enterprise applications, manage enterprise information stored on a device, manage a protected storage area used by the managed container to store and reference the enterprise applications during execution, and manage a database storing enterprise rules related to management of the enterprise applications and the enterprise information. The managed container may communicate with an application gateway server to control download and update of the enterprise applications, the enterprise information, and the enterprise rules. The application gateway server may be coupled to a backend enterprise application. At least one of the enterprise applications may be configured to execute in conjunction with the backend enterprise application according to at least one of the enterprise rules, and is configured to, according to another one of the enterprise rules, manage the enterprise information associated with the backend enterprise application.
    Type: Application
    Filed: September 19, 2014
    Publication date: March 26, 2015
    Inventors: Gregory Beckman, Robert Laird, Alain Gagne
  • Publication number: 20150089627
    Abstract: Methods and systems are provided for securing email communications. According to one embodiment, a network device receives an outbound email originated by a computing device of an internal network and directed to a target recipient. It is determined whether a domain name of the target recipient is present in a global doppelganger database. When the domain name is determined to be present in the global doppelganger database, transmission of the outbound email to the target recipient is prevented if the domain name is an unacceptable domain name and transmission of the outbound email to the target recipient is permitted if the domain name is an acceptable domain name.
    Type: Application
    Filed: December 3, 2014
    Publication date: March 26, 2015
    Applicant: Fortinet, Inc.
    Inventors: Carl M. Windsor, Jiandong Cheng
  • Publication number: 20150089626
    Abstract: The embodiments herein disclose a system and method for providing a marketplace for Big Data applications. The system facilitates a repository of applications, data sets, process compositions and extension modules received from the various vendors. The assets provided by the marketplace are deployed upon receiving the requests on public and private clouds. The marketplace comprises the algorithms, data sets and software systems to generate, share and save the insights for a plurality of cloud users. The system provides Big Data applications on demand from the cloud users and installs the requested application on a dedicated platform adopted for online Big Data processing.
    Type: Application
    Filed: November 3, 2014
    Publication date: March 26, 2015
    Inventors: Fred Korangy, Hamed Ghasemzadeh, Mohsen Arjmandi, Reza Azmi
  • Patent number: 8990917
    Abstract: Systems and methods for authenticating applications that access web services. In one embodiment, a web service gateway intercepts a request for a web service from an application, and determines if the application is authorized by a service provider based on information provided in the web service request. If the application is authorized, then the web service gateway identifies a profile for an end user that initiated the web service using the application, and determines if the web service is allowed for the end user based on the profile. If the web service is allowed for the end user, then the web service gateway determines that the application is authenticated, converts the web service request to a protocol used by a server that provides the web service, and transmits the web service request to the server.
    Type: Grant
    Filed: December 27, 2012
    Date of Patent: March 24, 2015
    Assignee: Alcatel Lucent
    Inventors: Yigang Cai, Alok Sharma
  • Patent number: 8990387
    Abstract: A system and an article of manufacture for automatically determining configuration completeness during information technology (IT) transformation from a pre-transformation source environment to a post-transformation target environment include obtaining a record of each of multiple data flows in a source environment, transforming each data flow in the source environment to a transformed data flow that corresponds to a target environment, and automatically determining that each of the transformed data flows is covered by a firewall configuration of one or more interfaces in the target environment.
    Type: Grant
    Filed: September 14, 2012
    Date of Patent: March 24, 2015
    Assignee: International Business Machines Corporation
    Inventors: Nancy Burchfield, Nathaniel Hang, Rafah A. Hosn, James Murray, Harigovind V. Ramasamy
  • Patent number: 8990904
    Abstract: Mechanisms are provided for collecting configuration data from components of a managed computing system environment. A portion of code is obtained, in a data processing system, from a data collection system that does not have security credentials to allow the data collection system to directly access to the managed computing system environment. The portion of code is executed by the data processing system using security credentials maintained in the data processing system. Executing the portion of code causes the data processing system to access the managed computing system environment and collect configuration data from the managed computing system environment. The data processing system, via the portion of code, provides the configuration data collected from the managed computing system to the data collection system which stores the collected configuration data in a data storage.
    Type: Grant
    Filed: June 29, 2012
    Date of Patent: March 24, 2015
    Assignee: International Business Machines Corporation
    Inventors: Joel W. Branch, Michael E. Nidd, Ruediger Rissmann
  • Patent number: 8990918
    Abstract: The present invention provides a system and method for providing a closed or secure network on another closed or secure network. The system enables linking at least one acquirer network operating a closed network to at least one operator by a central server. The acquirer network includes one or more terminals and optionally an acquirer server. The central server is linked to the acquirer network and to the operator. The central server is configurable to communicate with at least a subset of the one or more terminals, and also with the operator, and to establish one or more serve; communication links between the operator and the one or more terminals. The central server acts as a trusted intermediary between the acquirer network and the operator for enabling the operator to communicate with the one or more terminals via the closed acquirer network.
    Type: Grant
    Filed: May 6, 2013
    Date of Patent: March 24, 2015
    Inventor: John Henry Dunstan
  • Patent number: 8990915
    Abstract: A system for providing local access by means of a local data appliance to data collected from remote monitors and sensors is described. The system includes a plurality of remote monitors and sensors, the remote monitors and sensors reporting data over a wide area communications network, and a data collection center receiving the data from the remote monitors and sensors, the data collection center operable to process the data and generate customer defined reports based on the data. A local data appliance placed in the customer's network operates to receive the data from the data collection center, and to process the customer data, generate reports based on the data and send instructions to the remote monitors and sensors. The appliance resides behind the customer's firewall but is separate from the customers network and data center equipment.
    Type: Grant
    Filed: March 30, 2012
    Date of Patent: March 24, 2015
    Assignee: Numerex Corp.
    Inventors: Stephen P. Emmons, Jeffrey O. Smith, Richard Burtner, Henry S. Rosen
  • Patent number: 8990893
    Abstract: Mechanisms are provided for performing centralized control of application sessions across a distributed computing environment comprising a plurality of application servers. A request to perform an application session control operation to control the application sessions associated with a specified user account identifier across the plurality of application servers in the distributed computing environment is received. A plurality of application instances upon which to perform the requested application session control operation are identified. An application session control request is transmitted to a plurality of session control clients associated with the application instances on the plurality of application servers of the distributed computing environment.
    Type: Grant
    Filed: November 12, 2012
    Date of Patent: March 24, 2015
    Assignee: International Business Machines Corporation
    Inventors: Gordan G. Greenlee, Richard J. McCarty
  • Patent number: 8990916
    Abstract: A method is provided in one example embodiment and includes receiving a discover message over a network; determining that the discover message is associated with an unauthenticated client (e.g., identifying a media access control (MAC) address); communicating a proxy binding update (PBU) having a binding type value set to a temporary status; and establishing a bidirectional tunnel for transporting traffic for the client.
    Type: Grant
    Filed: July 20, 2012
    Date of Patent: March 24, 2015
    Assignee: Cisco Technology, Inc.
    Inventors: Rajesh S. Pazhyannur, Kent K. Leung, Srinath Gundavelli
  • Patent number: 8990569
    Abstract: A device receives an encrypted key generating value from a first device and decrypts the encrypted key generating value. A temporary session key associated with the first device is generated based on the key generating value. A secure session invitation message is received from the first device. A master session key is generated and encrypted using the temporary session key associated with the first device. The encrypted master session key is transmitted to the first device.
    Type: Grant
    Filed: December 3, 2008
    Date of Patent: March 24, 2015
    Assignee: Verizon Patent and Licensing Inc.
    Inventors: Thomas W. Haynes, Steven R. Rados
  • Patent number: 8990908
    Abstract: A method, a computer readable medium and a system of multi-domain login and messaging are provided. The method for multi-domain login comprises inputting a local password by an agent, accessing a password vault with the local password, and retrieving at least one hidden password from the password vault, and logging the agent into at least one agent application using the at least one hidden password. The method for multi-domain messaging comprises retrieving information of an agent from a database, retrieving at least one skill group to which the agent belongs from the information, retrieving a message linked to the at least one skill group, and sending the message to the agent.
    Type: Grant
    Filed: November 19, 2013
    Date of Patent: March 24, 2015
    Assignee: West Corporation
    Inventors: Jeffrey William Cordell, Larry Trent Larson, Michael S. Fecci, Raymond Onslow Morris, Kevin Peter Pierson
  • Patent number: 8990582
    Abstract: Techniques for memory compartmentalization for trusted execution of a virtual machine (VM) on a multi-core processing architecture are described. Memory compartmentalization may be achieved by encrypting layer 3 (L3) cache lines using a key under the control of a given VM within the trust boundaries of the processing core on which that VMs is executed. Further, embodiments described herein provide an efficient method for storing and processing encryption related metadata associated with each encrypt/decrypt operation performed for the L3 cache lines.
    Type: Grant
    Filed: May 27, 2010
    Date of Patent: March 24, 2015
    Assignee: Cisco Technology, Inc.
    Inventors: Fabio R. Maino, Pere Monclus, David A. McGrew
  • Publication number: 20150082415
    Abstract: A broadband gateway may be used to authorize transactions associated with one or more accounts, which may be associated with a user of the broadband gateway. The transaction may be handled by the broadband gateway. The authorizations may be performed based on information associated with the accounts, whose storage may be controlled by the broadband gateway. The broadband gateway may block and/or terminate transactions failing authentication and/or validation, which may be performed based on the stored information. The transactions may be initiated within a network serviced by the broadband gateway. The transactions may also be initiated outside the serviced network. The stored information may comprise a user profile, which may comprise a plurality of settings for controlling and/or managing authorization performed by the broadband gateway. The user profiles may be configurable by users, wherein configuration may comprise initializing and/or modifying one or more of the transaction related settings.
    Type: Application
    Filed: November 19, 2014
    Publication date: March 19, 2015
    Inventors: David Garrett, Jeyhan KARAOGUZ, Xuemin CHEN, Wael DIAB, David LUNDGREN, Rich PRODAN
  • Publication number: 20150081427
    Abstract: There is provided a system for regulating access and managing distribution of content in a network, such as the Internet. The system includes communication gateways, installed at a subscriber site, internet control points, installed remotely, and various network elements installed throughout the network. The communication gateways and network elements operate in conjunction with the internet control points to restrict or allow access to specified Internet sites and to manage efficient distribution of content such as music, video, games, broadband data, real-time audio and voice applications, and software to subscribers.
    Type: Application
    Filed: July 22, 2014
    Publication date: March 19, 2015
    Inventors: Robert M. Burke, II, David Z. Carman
  • Publication number: 20150082416
    Abstract: Systems and methods for obfuscating user data in a remote web-based application are disclosed. According to one method, user inputs to a displayed web page of the remote web-based application are received at a first web browser that is used by the user, wherein at least a portion of the user inputs comprise user-inputted data intended to be stored at the web-based application. The user inputs are transmitted to a management component that is configured to interact with a second web browser that communicates with the web-based application. The management component obfuscates at least a portion of the user-inputted data and forwards the obfuscated and un-obfuscated portions of the user inputs to the second web browser, which correspondingly transmits the obfuscated and un-obfuscated portions of the user inputs to the remote web-based application.
    Type: Application
    Filed: November 20, 2014
    Publication date: March 19, 2015
    Inventors: Steven Henry STRASSMANN, Zachary James SHEPHERD
  • Publication number: 20150082414
    Abstract: An integrated security system integrates broadband and mobile access and control with conventional security systems and premise devices to provide a tri-mode security network having remote connectivity and access. The integrated security system delivers remote premise monitoring and control functionality to conventional monitored premise protection and complements existing premise protection equipment. The integrated security system integrates into the premise network and couples wirelessly with the conventional security panel, enabling broadband access to premise security systems. Automation devices can be added, enabling users to remotely see live video or pictures and control home devices via a personal web portal or other client device. Camera management enables automatic configuration and management of cameras in the premise network.
    Type: Application
    Filed: September 2, 2014
    Publication date: March 19, 2015
    Inventor: Paul J. DAWES
  • Publication number: 20150082413
    Abstract: A secure network resource access system facilitates network access by network terminals to network resources located behind an enterprise firewall, and comprises a proxy server and a polling server. The proxy server is located logically outside the enterprise firewall for receiving application data from the network terminals. The polling server is located logically behind the enterprise firewall, and is configured to poll the proxy server to initiate transmission of the received application data from the proxy server to the polling server, to receive application data and associated network resource data from the proxy server in response to the poll, and to direct the application data to one of the network resources in accordance with the associated network resource data.
    Type: Application
    Filed: June 24, 2014
    Publication date: March 19, 2015
    Inventors: Steven Spicer, Christopher Martin, Larry Kuhl, Brian Hollander, Patrick Pidduck, Phillip Von Hatten, Mark Onischke, Clayton Grassick, Tim Lehan, Steven Coutts
  • Patent number: 8984617
    Abstract: Systems and methods for facilitating transmitting messages to remote host are provided. Method includes receiving request to connect client computing device to remote host, wherein client computing device resides on client side of firewall, and wherein request is associated with identification of local port, first port forward, and remote host. Method includes facilitating connection of client computing device to client proxy via local port. Method includes facilitating connection of client proxy to server proxy via splitting protocol. Method includes facilitating connection of server proxy to remote host via tunnel associated with the port forward or second port forward through tunnel. Method includes facilitating communication between client computing device and remote host via tunnel and splitting protocol, wherein facilitating communication comprises translating data between default format of client proxy corresponding to local port, default format of server proxy, and protocol of tunnel.
    Type: Grant
    Filed: June 1, 2012
    Date of Patent: March 17, 2015
    Assignee: Wyse Technology L.L.C.
    Inventor: Andrew T. Fausak
  • Patent number: 8984596
    Abstract: An electronic device may include a finger biometric sensor, a display, and a processor coupled with the finger biometric sensor and the display. The processor is capable of displaying a plurality of finger representations on the display corresponding to different fingers of a hand, enrolling respective user's fingers for the plurality of finger representations using the finger biometric sensor, displaying a menu of available functions on the display, associating at least some of the available functions with respective enrolled user's fingers, and performing a given function based upon a match of a newly sensed user's finger with a respective enrolled user's finger using the finger biometric sensor.
    Type: Grant
    Filed: September 30, 2009
    Date of Patent: March 17, 2015
    Assignee: Authentec, Inc.
    Inventor: Stephanie Griffin
  • Patent number: 8984616
    Abstract: Efficient routing for a client-server session or connection is provided in an application layer of multi-layered systems interconnect stack by caching a plurality of application-specific information at an intermediary network point; using the application specific information to route messages for an application connection; and indexing the application-specific information with a key provided by the application. Optionally, a second key may be used to retrieve the application-specific information if the first key is not provided in an application connection request, where the second key is optionally opaque to the application program. The intermediary network point may be an edge of network Internet Protocol (IP) switch, and the application layer in which the routing is performed may be layer seven of the Open Systems Interconnection model.
    Type: Grant
    Filed: December 8, 2010
    Date of Patent: March 17, 2015
    Assignee: International Business Machines Corporation
    Inventors: Daniel M Jamrog, David Scott Kern, Jason Dana LaVoie, Chester E Ryder, III
  • Patent number: 8984618
    Abstract: Disclosed are a system for managing virtual private networks (VPNs) includes: terminals configured to transmit user data; a manager configured to transmit information for concealing networks and managing the VPNs; border gateways configured to decrypt the user data and perform a network address translation (NAT) procedure and a filtering procedure on the decrypted user data based on the information; and servers configured to receive the user data subjected to the NAT procedure and the filtering procedure, wherein the filtering procedure is a procedure discarding the user data to be transferred to the servers that are not allowed so as to allow the terminals to access only the allowed servers, the NAT procedure is a procedure changing an Internet protocol (IP) address used in a first network to an IP address used in a second network, and the first network and the second network are different networks.
    Type: Grant
    Filed: September 12, 2012
    Date of Patent: March 17, 2015
    Assignee: Electronics and Telecommunications Research Institute
    Inventors: Ho Sun Yoon, Sung Back Hong, Jung Sik Kim, Seong Moon, Sun Cheul Kim, Seung Woo Hong, Sang Jin Hong, Pyung Koo Park, Young Soo Shin, Ho Yong Ryu, Soon Seok Lee
  • Patent number: 8984615
    Abstract: Systems and methods are for registering and authenticating an unmanaged IP device to an IP multimedia subsystem (IMS). An exemplary method includes implementing a system from which an unmanaged IP device retrieves IMS credentials needed to register and authenticate to the IMS. The system is remote to the unmanaged IP device and is accessible to the unmanaged IP device through an IP access network. The method further includes permitting the unmanaged IP device to register and authenticate to the IMS with the IMS credentials received from the system.
    Type: Grant
    Filed: December 29, 2009
    Date of Patent: March 17, 2015
    Assignee: AT&T Mobility II, LLC
    Inventors: Krishna Bhuyan, Hong Thi Nguyen
  • Patent number: 8984619
    Abstract: According to one aspect, the subject matter described herein includes a method for communicating an encrypted data packet. The method includes steps occurring at a first gateway node. The method also includes receiving a data packet from a first host. The method further includes determining that a first security association (SA) instance associated with the data packet is in an inactive state. The method further includes identifying a second SA instance that is both associated with the data packet and in an active state. The method further includes forwarding the data packet to the second SA instance.
    Type: Grant
    Filed: July 12, 2013
    Date of Patent: March 17, 2015
    Assignee: Gendband US LLC
    Inventors: Allain Legacy, Matthew Lorne Peters
  • Patent number: 8984598
    Abstract: Mechanisms are provided for collecting configuration data from components of a managed computing system environment. A portion of code is obtained, in a data processing system, from a data collection system that does not have security credentials to allow the data collection system to directly access to the managed computing system environment. The portion of code is executed by the data processing system using security credentials maintained in the data processing system. Executing the portion of code causes the data processing system to access the managed computing system environment and collect configuration data from the managed computing system environment. The data processing system, via the portion of code, provides the configuration data collected from the managed computing system to the data collection system which stores the collected configuration data in a data storage.
    Type: Grant
    Filed: June 27, 2012
    Date of Patent: March 17, 2015
    Assignee: International Business Machines Corporation
    Inventors: Joel W. Branch, Michael E. Nidd, Ruediger Rissmann
  • Patent number: 8984627
    Abstract: A method may include receiving session control messages and counting the session control messages of a same type having a same transaction identifier (ID). The method may further include blocking the session control messages of the same type having the same transaction ID when the count exceeds a threshold number. The method may further include determining whether the blocked session control messages are associated with an anomalous event and, when the blocked session control messages are not associated with the anomalous event, increasing the threshold number.
    Type: Grant
    Filed: December 30, 2010
    Date of Patent: March 17, 2015
    Assignee: Verizon Patent and Licensing Inc.
    Inventor: Gaston Ormazabal
  • Publication number: 20150074789
    Abstract: A secure network resource access system facilitates network access by network terminals to network resources located behind an enterprise firewall, and comprises a proxy server and a polling server. The proxy server is located logically outside the enterprise firewall for receiving application data from the network terminals. The polling server is located logically behind the enterprise firewall, and is configured to poll the proxy server to initiate transmission of the received application data from the proxy server to the polling server, to receive application data and associated network resource data from the proxy server in response to the poll, and to direct the application data to one of the network resources in accordance with the associated network resource data.
    Type: Application
    Filed: June 17, 2014
    Publication date: March 12, 2015
    Inventors: Steven Spicer, Christopher Martin, Larry Kuhl, Brian Hollander, Patrick Pidduck, Phillip Von Hatten, Mark Onischke, Clayton Grassick, Tim Lehan, Steven Coutts
  • Publication number: 20150074790
    Abstract: A secure network resource access system facilitates network access by network terminals to network resources located behind an enterprise firewall, and comprises a proxy server and a polling server. The proxy server is located logically outside the enterprise firewall for receiving application data from the network terminals. The polling server is located logically behind the enterprise firewall, and is configured to poll the proxy server to initiate transmission of the received application data from the proxy server to the polling server, to receive application data and associated network resource data from the proxy server in response to the poll, and to direct the application data to one of the network resources in accordance with the associated network resource data.
    Type: Application
    Filed: June 17, 2014
    Publication date: March 12, 2015
    Inventors: Steven Spicer, Christopher Martin, Larry Kuhl, Brian Hollander, Patrick Pidduck, Phillip Von Hatten, Mark Onischke, Clayton Grassick, Tim Lehan, Steven Coutts
  • Publication number: 20150074791
    Abstract: A secure network resource access system facilitates network access by network terminals to network resources located behind an enterprise firewall, and comprises a proxy server and a polling server. The proxy server is located logically outside the enterprise firewall for receiving application data from the network terminals. The polling server is located logically behind the enterprise firewall, and is configured to poll the proxy server to initiate transmission of the received application data from the proxy server to the polling server, to receive application data and associated network resource data from the proxy server in response to the poll, and to direct the application data to one of the network resources in accordance with the associated network resource data.
    Type: Application
    Filed: June 17, 2014
    Publication date: March 12, 2015
    Inventors: Steven Spicer, Christopher Martin, Larry Kuhl, Brian Hollander, Patrick Pidduck, Phillip Von Hatten, Mark Onischke, Clayton Grassick, Tim Lehan, Steven Coutts
  • Patent number: 8978096
    Abstract: A system and method transfers information relating to quality or standards of an organization from a server to a wireless handheld computing device and from the wireless handheld computing device to the server in real-time or near real-time. Each member of an organization can have the same policies and procedures as soon as any of the policies and procedures are updated. The inventive system can allow an organization to also measure compliance and conformance with the distributed policies and procedures. With the handheld computing devices, each member of an organization can complete tests that are closely tied to the distributed policies and procedures. The results of these tests can be transmitted in real-time or near real-time from the handheld computing devices to a central computer server so that an organization can track current performance of all its members relative to the policies and procedures and relative to each other.
    Type: Grant
    Filed: May 25, 2013
    Date of Patent: March 10, 2015
    Assignee: Reflexis Systems Inc.
    Inventor: Stan Hawkins