Proxy Server Or Gateway Patents (Class 726/12)
  • Patent number: 8938804
    Abstract: An inventive system and method for creating source profiles to detect spoofed traffic comprises obtaining a routing path for data to traverse nodes using traffic profiles, each routing path comprising at least a target AS, initializing one or more AS sets with last hop ASes, enhancing the AS sets by connecting the AS sets to routers, for each enhanced AS set, filtering observed traffic flows, and using the filtered flows to associate enhanced AS sets with network monitoring points to create the source profiles. In one aspect, filtering flows comprise TCP session filtering and/or destination bogon filtering. In one aspect, the routers are border gateway protocol routers. In one aspect, the last hop ASes are one hop away from the target AS.
    Type: Grant
    Filed: July 12, 2012
    Date of Patent: January 20, 2015
    Assignees: Telcordia Technologies, Inc., KDDI Corporation
    Inventors: Ravichander Vaidyanathan, Abhrajit Ghosh, Akira Yamada, Yukiko Sawaya, Ayumu Kubota
  • Patent number: 8938794
    Abstract: A gateway device disposed at front stage before a server has a dispersion rule of data dispersed on server side and analyzes communication data to specify a server to be accessed finally, so that identification information of the specified server is added to packet option of IP layer to thereby omit higher-rank routing processing than IP layer of gateway devices on the way. Consequently, transfer processing of a gateway device at back stage can be performed at high speed and access passing through a network route intended by manager is possible.
    Type: Grant
    Filed: August 6, 2012
    Date of Patent: January 20, 2015
    Assignee: Hitachi, Ltd.
    Inventors: Naokazu Nemoto, Kunihiko Toumura, Naoki Haraguchi
  • Patent number: 8938782
    Abstract: A computer-implemented method for providing network access control in virtual environments. The method may include: 1) injecting a transient security agent into a virtual machine that is running on a host machine; 2) receiving, from the transient security agent, an indication of whether the virtual machine complies with one or more network access control policies; and 3) controlling network access of the virtual machine based on the indication of whether the virtual machine complies with the one or more network access control policies. Various other methods, systems, and computer-readable media are also disclosed herein.
    Type: Grant
    Filed: March 15, 2010
    Date of Patent: January 20, 2015
    Assignee: Symantec Corporation
    Inventors: Sanjay Sawhney, Matthew Conover, Bruce Montague
  • Patent number: 8938793
    Abstract: Secure management of electronic transactions is provided by a system server that is communicatively coupled to terminals configured as thin client devices (TCD) and to one or more application servers. A TCD completes a secure communications link with the system server, and transfers information concerning the identity of a user and account information from a secure transaction card (STC). Upon authentication, the system server drives the display of available applications at the TCD, allowing the user to select and engage in a desired transaction with the application server hosting the selected application. During the transaction, the system server brokers communications according to the different security schemes used by the TCD and the application server and, ultimately, stores a transaction ticket that memorializes the transaction. The transaction ticket can later be retrieved by presenting appropriate authentication information.
    Type: Grant
    Filed: October 3, 2007
    Date of Patent: January 20, 2015
    Assignee: GMX SAS
    Inventors: Michiel Reinier Ausems, Gerard Jean-Marie Eugene Compain, Gregoire Mardinian, Jean-Pierre Fortune, Benedict John Kahan, Olivier Yves Marie Condemine
  • Patent number: 8938788
    Abstract: Method and computer storage media for sharing resources between a plurality of computing devices associated with a common non-enterprise network. A common set of credentials is stored on at least two or more of a plurality of computing devices that reside behind a routing device and are associated through a common non-enterprise network. Upon storing the common set of credentials, each of the two or more of a plurality of computing devices create a local account that contains, at least, the common set of credentials. The common set of credentials allow for the sharing, among the two or more of the plurality of computing devices, of resource that reside on or are associated with the computing devices.
    Type: Grant
    Filed: July 9, 2013
    Date of Patent: January 20, 2015
    Assignee: Microsoft Corporation
    Inventors: Brian L. McNeil, Michael G. Sheldon, Steve Seixeiro, Ramkumar Ramasubramanian, Jerry K. Koh, Anshul Rawat, Andrew V. Davidson, Daniel Oliver, Michael D. McCormack
  • Publication number: 20150019862
    Abstract: Systems and methods are provided for FAA-certified avionics devices to safely interface with non-certified mobile telecommunications devices before, during, and after flight. Data transmitted to the certified devices do not affect functionality of the certified device unless and until a user acknowledges and/or confirms the data on the certified device. Thus, the integrity of the certified device is maintained.
    Type: Application
    Filed: July 23, 2012
    Publication date: January 15, 2015
    Applicant: Aspen Avionics, Inc.
    Inventors: John Uczekaj, Brad Hayden, Peter Lyons, Constantinos Kyriakos
  • Publication number: 20150020182
    Abstract: A method, an equipment, and a system for pushing network content are provided that relate to the field of communications technologies. The method for pushing network content includes: setting, by a user, selected network content as a feature of a mobile equipment according to the interest point of the user on a network portal, and pushing an identifier of the network content and setting information to the mobile equipment, so the mobile equipment obtains the corresponding network content according to the identifier of the network content, and sets the network content as an attribute of the mobile equipment according to the setting information. With the present invention, the mobile equipment automatically sets the attribute of the mobile equipment according to the received identifier of network content and setting information pushed by a network side, thereby reducing operations of the user, and improving the user experience.
    Type: Application
    Filed: September 10, 2014
    Publication date: January 15, 2015
    Inventor: Fengming Zhang
  • Patent number: 8935747
    Abstract: An authentication includes a unit that issues right transfer information that is to be transmitted to a service providing device and a token that corresponds to the right transfer information and is to be transmitted to a service proxy access device on a basis of information about a user to whom a right is transferred and a condition under which the right is transferred, a unit that provides the token to the service proxy access device, and a unit that receives from the service providing device the token transferred from the service proxy access device and transmits to the service providing device the right transfer information that corresponds to the token and is kept by the authentication device.
    Type: Grant
    Filed: September 4, 2013
    Date of Patent: January 13, 2015
    Assignee: NEC Corporation
    Inventor: Makoto Hatakeyama
  • Patent number: 8935773
    Abstract: A transparent proxy for malware detection includes a monitor module, a protocol determination module, a challenge generation module, a response determination module, and a data control module. The monitor module examines data originating from an application towards a remote server. The protocol determination module identifies the protocol type used for the data. The challenge generation module produces a challenge for the application based upon the protocol type, sends the challenge to the application, and maintains a state related to the data and the challenge. The response determination module makes a determination if an automatic non-interactive application response is received in response to the challenge from the application. The data control module allows the first data to continue to the remote server when the determination is valid. The data control module reports malware detection and blocks the data to continue to the remote server when the determination is invalid.
    Type: Grant
    Filed: April 9, 2010
    Date of Patent: January 13, 2015
    Assignee: George Mason Research Foundation, Inc.
    Inventors: Angelos Stavrou, Sushil Jajodia, Anup Ghosh, Rhandi Martin, Charalampos Andrianakis
  • Patent number: 8935742
    Abstract: Secure content management is enabled as a cloud-based service through which security protection and policy enforcement may be implemented for both on-premise network users and roaming users. The global SCM service integrates the security functionalities—such as anti-virus, spyware, and phishing protection, firewall, intrusion detection, centralized management, and the like—that are typically provided by enterprise network SCM appliance hardware or servers into a cloud-based service that users reach via Internet-based points-of-presence (“POPs”). The POPs are configured with forward proxy servers, and in some implementations, caching and network acceleration components, and coupled to hubs which provide configuration management and identity management services such as active directory services.
    Type: Grant
    Filed: August 18, 2008
    Date of Patent: January 13, 2015
    Assignee: Microsoft Corporation
    Inventors: Nir Nice, Oleg Ananiev, John Wohlfert, Amit Finkelstein, Alik Teplitsky
  • Patent number: 8935772
    Abstract: A double firewalled system is disclosed for protecting remote enterprise servers that provide communication services to telecommunication network customers from unauthorized third parties. A first router directs all connection requests to one or more secure web servers, which may utilize a load balancer to efficiently distribute the session connection load among a high number of authorized client users. On the network side of the web servers, a second router directs all connection requests to a dispatcher server, which routes application server calls to a proxy server for the application requested. A plurality of data security protocols are also employed. The protocols provide for an identification of the user, and an authentication of the user to ensure the user is who he/she claims to be and a determination of entitlements that the user may avail themselves of within the enterprise system.
    Type: Grant
    Filed: October 10, 2012
    Date of Patent: January 13, 2015
    Assignee: Verizon Patent and Licensing Inc.
    Inventors: Carol Y. Devine, Gerald A. Shifrin, Richard W. Shoulberg
  • Publication number: 20150012997
    Abstract: A method for achieving code domain isolation. A first set of data is received in a first domain format. The first set of data is changed to a second domain format. The first set of data in the second domain format is captured. The first set of data in the second domain format is changed to a third domain format. The first set of data in the third domain format is prepared for receipt by a user computer system.
    Type: Application
    Filed: September 26, 2014
    Publication date: January 8, 2015
    Inventors: Phillip John SOBOLEWSKI, Mark DOYLE
  • Patent number: 8931036
    Abstract: A system is provided comprising at least one processor, a memory, and an application stored in the memory that, when executed, receives a first request from a client device for access to a first web service and accesses a policy associated with the first web service. The system also selects a second plurality of data elements from a first plurality of data elements based on the first request and based on the policy wherein the second plurality of data elements is associated with the first web service. The system also provides the second plurality of data elements to the client device and receives a second request from the client device for a first set of data values associated with the second plurality of data elements. The system also authenticates the second request and provides the first set of data values in response to the second request.
    Type: Grant
    Filed: December 22, 2010
    Date of Patent: January 6, 2015
    Assignee: Sprint Communications Company L.P.
    Inventors: Vijaykumar Cherukumudi, David K. Fultz, Richard A. Rofail
  • Patent number: 8931058
    Abstract: Systems and methods disclosed allow a permitting party to share personal information with a receiving party. The receiving party may use the information to authenticate the permitting party, assess the permitting party, determine if the permitting party is compatible with one or more other users associated with the receiving party, or validate the permitting party. The permitting party may define how much of the permitting party's personal information is shared, and/or limit the use of the information for one or more specific purposes. A requesting party may also set up criteria for the types of information it wants to review along with the intended use of the information. The systems and methods disclosed also enables permitting parties the ability to grant requesting parties access to requested information.
    Type: Grant
    Filed: July 1, 2011
    Date of Patent: January 6, 2015
    Assignee: Experian Information Solutions, Inc.
    Inventors: Christer J. DiChiara, Kristin M. LeFevre, Randall P. Mitchum, Bryan David Wresinski
  • Patent number: 8931061
    Abstract: Techniques for providing access to data in dynamic shared accounts are disclosed. In one particular exemplary embodiment, the techniques may be realized as a system for providing data in dynamic shared accounts. The system may comprise one or more processors communicatively coupled to a network. The one or more processors may be configured to identify a first user associated with an account, identify a second user to have access to the account associated with the first user in the event the first user is unavailable to access data or perform functions associated with the account, map the second user to the account, and provide the second user access to the account based on the mapping and with access privileges associated with the first user.
    Type: Grant
    Filed: March 19, 2012
    Date of Patent: January 6, 2015
    Assignee: Symantec Corporation
    Inventors: Sharada Sundaram, Robert Koeten
  • Patent number: 8931085
    Abstract: There is provided a method for optimizing a download of requested data to an electronic data processing unit that is currently receiving unrequested multicast data through a router included in a network. The unrequested multicast data corresponds to at least one multicast data group. Internet Group Management Protocol (IGMP) V2 Leave Messages are sent to the router for the at least one multicast data group. IGMP Membership Queries issued by the router for the at least one multicast data group are ignored, so as to cause the router to terminate a transmission of the unrequested multicast data to free up available bandwidth for the download of the requested data.
    Type: Grant
    Filed: August 8, 2003
    Date of Patent: January 6, 2015
    Assignee: Thomson Licensing
    Inventor: William Henry Yost
  • Patent number: 8931077
    Abstract: A security system for a computer network that has a plurality of devices connected thereto comprises a security subsystem, a master system and a secure link. The security subsystem is implemented on a first computer and is connected to at least some of the devices in the network. The security subsystem is configured to monitor activities of the at least some devices on the network and detect attacks on the at least some devices. The master system is implemented on a second computer which is different from the first computer. The master system monitors the integrity of the security subsystem and registers information pertaining to attacks detected by the security subsystem. The secure link is connected between the security subsystem and the master system. The master system monitors the integrity of the security subsystem and receives the information pertaining to the attacks through the secure link.
    Type: Grant
    Filed: August 10, 2012
    Date of Patent: January 6, 2015
    Assignee: Solutionary, Inc.
    Inventors: Michael Hrabik, Jeffrey J. Guilfoyle, Edward “Mac” Beaver
  • Patent number: 8931074
    Abstract: A hardware secured flag mechanism which is activated by trusted Anti-Malware (AM) software. Upon being activated, the information handling system takes action to reduce user exposure even if the AM software is subsequently subverted. In certain embodiments, the flag mechanism is only reset by user intervention at a BIOS or other off-line mechanism. In certain embodiments, the flag mechanism may only be reset via a signed unlock key stored on an external memory device such as a universal serial bus (USB) key.
    Type: Grant
    Filed: October 10, 2012
    Date of Patent: January 6, 2015
    Assignee: Dell Products L.P.
    Inventors: Rocco Ancona, Roy Stedman
  • Patent number: 8931089
    Abstract: A technology for preventing network attacks. A service request is intercepted at an unaddressed port of a hidden device from a second device. The service request intended for a visible device is processed by the hidden device. A response may be provided based on the processing and sent to the second device.
    Type: Grant
    Filed: January 12, 2012
    Date of Patent: January 6, 2015
    Assignee: Korea Advanced Institute of Science and Technology
    Inventor: Brent ByungHoon Kang
  • Publication number: 20150007303
    Abstract: A network media gateway is used to bridge trust between a Service Provider network and subscriber devices. The gateway is authenticated by the Service Provider by using knowledge of network topology. Subscriber devices are authenticated in response to subscriber input to the gateway via an interface. Trusted subscriber devices can be tightly coupled with the Service Provider network, thereby facilitating delivery of QoE. Mobile and remote subscriber devices may also be authenticated. The gateway may also facilitate establishment of VPNs for peer-to-peer communications, and dynamically adjustable traffic, policy and queue weightings based on usage patterns.
    Type: Application
    Filed: September 16, 2014
    Publication date: January 1, 2015
    Inventors: Hassler HAYES, Nannra ANOOP, John WATKINS
  • Patent number: 8925066
    Abstract: A processing device receives an unauthenticated provisioning request from a hardware, wherein the processing device is in a first network zone that is accessible to the hardware resource. The processing device determines whether the hardware resource satisfies one or more provisioning criteria. Responsive to determining that the hardware resource satisfies the one or more provisioning criteria, the processing device forwards the provisioning request to a server residing behind a firewall in a second network zone that is inaccessible to the hardware resource, receives provisioning data from the server by the provisioning proxy, and forwards the provisioning data to the hardware resource.
    Type: Grant
    Filed: November 15, 2012
    Date of Patent: December 30, 2014
    Assignee: Red Hat Israel, Ltd.
    Inventors: Amos Benari, Ohad Levy
  • Patent number: 8925067
    Abstract: A network access method, an authentication method, a communications system, and relevant devices are provided to support implicit authentication based on subscriber line information in Internet Protocol version 6 (IPv6). The authentication method includes: receiving a request message sent from an Access Node (AN), wherein the request message carries subscriber line information and a Link-Local Address (LLA); sending an access request to an Authentication, Authorization and Accounting (AAA) server according to the subscriber line information; receiving an authentication result indicating the authentication is successful; determining whether an address matching the LLA carried in the request has been stored in the BNG; and storing the LLA in the BNG, if the address matching the LLA is not stored in the BNG.
    Type: Grant
    Filed: November 25, 2013
    Date of Patent: December 30, 2014
    Assignee: Huawei Technologies Co., Ltd
    Inventor: Ruobin Zheng
  • Patent number: 8924709
    Abstract: A method for encrypting print jobs that includes receiving output data, encrypting the output data with a randomly-generated symmetric session key, generating a session key header by encrypting the randomly-generated symmetric session key using an asymmetric user public key, and encrypting the session key header using a server public key.
    Type: Grant
    Filed: December 31, 2012
    Date of Patent: December 30, 2014
    Assignee: Lexmark International, Inc.
    Inventors: Forrest Steely, Albert Tyler Barnett
  • Patent number: 8918889
    Abstract: An information processing apparatus for determining whether or not to transmit a predetermined content to a reception apparatus connected to a network, in accordance with a response time taken to respond to a predetermined command, including: reception means receiving a response to a command; measuring means measuring the response time to the command; authentication means authenticating the reception apparatus; generation means generating authentication data to be inserted into the command; transmission means transmitting the command including predetermined one of the authentication data; storage means storing the authentication data contained in the command and the response data contained in the response; request means requesting the reception apparatus for transmission of the authentication data and the response data; and determination means determining whether the authentication data and the response data transmitted from the reception apparatus, and determining transmission permission/inhibition of a cont
    Type: Grant
    Filed: May 31, 2005
    Date of Patent: December 23, 2014
    Assignee: Sony Corporation
    Inventor: Hisato Shima
  • Patent number: 8918857
    Abstract: A system and method for a distributed multi-processing security gateway establishes a host side session, selects a proxy network address for a server, uses the proxy network address to establish a server side session, receives a data packet, assigns a central processing unit core from a plurality of central processing unit cores in a multi-core processor of the security gateway to process the data packet, processes the data packet according to security policies, and sends the processed data packet. The proxy network address is selected such that a same central processing unit core is assigned to process data packets from the server side session and the host side session. By assigning central processing unit cores in this manner, higher capable security gateways are provided.
    Type: Grant
    Filed: May 1, 2013
    Date of Patent: December 23, 2014
    Assignee: A10 Networks, Inc.
    Inventors: Lee Chen, Ronald Wai Lun Szeto
  • Patent number: 8918856
    Abstract: Embodiments of the invention provide a trusted intermediary for use in a system in which access control decisions may be based at least in part on information provided in claims. The intermediary may request claims on behalf of a network resource to which access is requested, and submit the claims for a decision whether to grant or deny access. The decision may be based at least in part on one or more access control policies, which may be pre-set or dynamically generated. Because the intermediary requests the claims and submits the claims for an access control decision, the network resource (e.g., a server application) need not be configured to process claims information.
    Type: Grant
    Filed: June 24, 2010
    Date of Patent: December 23, 2014
    Assignee: Microsoft Corporation
    Inventors: Yair Tor, Eugene (John) Neystadt, Patrik Schnell, Oleg Ananiev, Arthur Zavalkovsky, Daniel Rose
  • Patent number: 8918848
    Abstract: Methods and systems for third party client authentication of a client. A method includes displaying a user interface on a display of the client, the user interface including an option to select a supported credential type of a third party authentication server, receiving a command selecting the supported credential type, and sending credential information and the selected supported credential type to an authentication server for third party authentication by the third party authentication server. The third party authentication server may support a token-based authentication protocol for implementing single sign on (SSO).
    Type: Grant
    Filed: April 26, 2010
    Date of Patent: December 23, 2014
    Assignee: BlackBerry Limited
    Inventors: Girish Kumar Sharma, Lenny Kwok-Ming Hon, Joseph Daniel Burjoski, Kenneth Cyril Schneider
  • Publication number: 20140373129
    Abstract: A security gateway appliance is configured to evaluate network traffic according to security rules that classify traffic flows according to specifically identified application programs responsible for producing and/or consuming the network traffic and to enforce policies in accordance with network traffic classifications. The appliance includes an on-box anti-virus/anti-malware engine, on-box data loss prevention engine and on-box authentication engine. One or more of these engines is informed by an on-box dynamic real tie rating system that allows for determined levels of scrutiny to be paid to the network traffic. Security gateways of this type can be clustered together to provide a set of resources for one or more networks, and in some instances as the backbone of a cloud-based service.
    Type: Application
    Filed: August 28, 2014
    Publication date: December 18, 2014
    Inventors: Qing Li, Ronald Andrew Frederick, Thomas A. Clare
  • Patent number: 8914869
    Abstract: A gateway system for implementing access to various media is provided in the invention, and the gateway system includes: a communication media access module, for establishing a communication link with the corresponding media access network; a Media Independent Handover Functions module, for seamless handover between accesses to various media; and a handover decision module, for selecting a target network for the seamless handover. The gateway system may also include an authentication module, for sharing the authentication information of the User Equipment. Two methods for implementing access to various media are further disclosed in the invention. By the provided gateway system and methods, the User Equipment can access various media via the gateway system, seamlessly hand over between accesses to various media and achieve the access to a service network using the shared authentication information.
    Type: Grant
    Filed: December 23, 2008
    Date of Patent: December 16, 2014
    Assignee: Huawei Technologies Co., Ltd.
    Inventors: Guiming Shu, Hui Zhong
  • Patent number: 8912879
    Abstract: A security system may include a plurality of electronic devices, each having a unique identification (ID) associated therewith and configured to generate a temporary security code based upon the unique ID. The system may further include at least one mobile wireless communications device including a first Near-Field Communication (NFC) circuit, and a mobile controller configured to receive the temporary security code from a given electronic device from among the plurality of electronic devices. The system may also include an access control device associated with a personnel access position and including a second NFC sensor and a security controller. The security controller may be configured to receive the temporary security code from the first NFC sensor via NFC communications, selectively grant personnel access based upon the received temporary security code, and determine the unique ID associated with the given electronic device.
    Type: Grant
    Filed: September 23, 2010
    Date of Patent: December 16, 2014
    Assignee: BlackBerry Limited
    Inventors: Steven Henry Fyke, Jason Tyler Griffin
  • Patent number: 8914870
    Abstract: The present invention relates to a nodes and methods for use in a Universal Plug and Play (UPnP) system to provide support for both UPnP security and mobility of security aware UPnP nodes. A gateway is arranged to provide remote access to a UPnP network to remote UPnP nodes via the gateway. The gateway comprises means for creating a virtual UPnP node for emulating internal presence of a remote UPnP node on the UPnP network. The virtual UPnP node is arranged to obtain and store security information associated with the remote UPnP node. The security information specifies how the remote UPnP node is authorized to interact with other UPnP nodes in the UPnP network. The security information may be used to filter messages from the UPnP network to the remote UPnP node.
    Type: Grant
    Filed: May 8, 2007
    Date of Patent: December 16, 2014
    Assignee: Telefonaktiebolaget L M Ericsson (publ)
    Inventor: Vincent Huang
  • Patent number: 8914871
    Abstract: A system and method for a distributed multi-processing security gateway establishes a host side session, selects a proxy network address for a server, uses the proxy network address to establish a server side session, receives a data packet, assigns a central processing unit core from a plurality of central processing unit cores in a multi-core processor of the security gateway to process the data packet, processes the data packet according to security policies, and sends the processed data packet. The proxy network address is selected such that a same central processing unit core is assigned to process data packets from the server side session and the host side session. By assigning central processing unit cores in this manner, higher capable security gateways are provided.
    Type: Grant
    Filed: May 1, 2013
    Date of Patent: December 16, 2014
    Assignee: A10 Networks, Inc.
    Inventors: Lee Chen, Ronald Wai Lun Szeto
  • Patent number: 8914868
    Abstract: A technique that simplifies managing and configuring firewalls by provisioning a vendor-neutral firewall in an MPLS-VPN service network. In one example embodiment, this is accomplished by creating a vendor-neutral firewall policy using a service activation tool residing in a host server. One of the one or more VPNs requiring the provisioning of the vendor-neutral firewall in the MPLS-VPN service network is then selected. The created vendor-neutral firewall policy is then transformed to form a vendor-specific firewall policy associated with the selected one of the one or more VPNs.
    Type: Grant
    Filed: March 3, 2006
    Date of Patent: December 16, 2014
    Assignee: Hewlett-Packard Development Company, L.P.
    Inventors: Prasanna Anantharamiah, Venkata Raghavan Chekka, Jimmi Skaria, Vinodh T K Kumar
  • Publication number: 20140366118
    Abstract: Methods and systems are provided for providing access to a cloud-based logging service to a user without requiring user registration. Methods and systems are also provided for providing cloud-based logging service to users by integrating the cloud-based logging service within a network security gateway appliance, thereby enabling the users to use the cloud-based logging service by accessing the gateway appliance. The cloud-based logging service can be accessed via an Application Programming Interface (API) without requiring user registration and allows easy and efficient access to log files, viewing of log files, and data security to stored log files and generated reports.
    Type: Application
    Filed: June 5, 2013
    Publication date: December 11, 2014
    Inventor: Jun Yin
  • Patent number: 8910288
    Abstract: Data can be scanned using a network managed appliance. The network managed appliance may integrate commercial hardware elements connected through a basic or simplified operating system environment expressly developed for the appliance, thus being more malware resistant and less vulnerable to attacks from the scanned data or other sources. The network managed appliance may be a self-contained apparatus with an integrated chassis, designed and configured as “single-purpose” device. Such appliances may be connected to an appliance management network including central management servers in communication with appliances in remote locations. The central management servers may ensure that scanning software and the definitions lists for each of the appliances are current and match an enterprise-approved configuration.
    Type: Grant
    Filed: February 4, 2011
    Date of Patent: December 9, 2014
    Assignee: Leidos, Inc
    Inventors: Alan G. Young, Paul L. Bartruff, Eric E. Brown, Michael P. Miley
  • Patent number: 8910268
    Abstract: Secure content management is enabled as a cloud-based service through which security protection and policy enforcement may be implemented for both on-premise network users and roaming users. The global SCM service integrates the security functionalities—such as anti-virus, spyware, and phishing protection, firewall, intrusion detection, centralized management, and the like—that are typically provided by enterprise network SCM appliance hardware or servers into a cloud-based service that users reach via Internet-based points-of-presence (“POPs”). The POPs are configured with forward proxy servers, and in some implementations, caching and network acceleration components, and coupled to hubs which provide configuration management and identity management services such as active directory services.
    Type: Grant
    Filed: August 14, 2008
    Date of Patent: December 9, 2014
    Assignee: Microsoft Corporation
    Inventors: Efim Hudis, Yigal Edery, Oleg Ananiev, John Wohlfert, Nir Nice
  • Patent number: 8908864
    Abstract: Systems, methods, and computer readable media for detecting and mitigating address spoofing in messaging service transactions are disclosed. A messaging service firewall (MSF) separate from a short message service center (SMSC) receives a mobility management reply message (MMR) that is sent by a mobile location register element in response to an associated mobility management query (MMQ) and that includes a serving switch identifier. The MSF allocates a global title address (GTA) from a pool of GTAs and stores a correlation between the allocated GTA and the originating SMSC. The MSF replaces the serving switch identifier in the MMR with the allocated GTA and routes the modified MMR. The MSF then receives a messaging service message (MSM) that is addressed to the allocated GTA and that includes the purported originating SMSC. If the purported originating SMSC does not match the SMSC to which the GTA is correlated, the MSM is discarded.
    Type: Grant
    Filed: October 5, 2012
    Date of Patent: December 9, 2014
    Assignee: Tekelec Netherlands Group, B.V.
    Inventor: Eloy Johan Lambertus Nooren
  • Patent number: 8909556
    Abstract: A gateway device and methods performed therein to prevent unauthorized client devices from connecting to the host network of the gateway device is described. The gateway device does not respond right away to an individual client message sent to the gateway device. Instead, the gateway device only responds to a predetermined sequence of the client messages, which is only known to the gateway device and authorized client devices. Because the gateway device will not respond to random client messages and the likelihood that an unauthorized client device can correctly guess the predetermined sequence of the client messages is low, the risk of a malicious party being able to hack into the host network, for example, by using port scanning techniques, can be mitigated.
    Type: Grant
    Filed: July 20, 2012
    Date of Patent: December 9, 2014
    Assignee: Visa International Service Association
    Inventor: Horatio Nelson Huxham
  • Patent number: 8909533
    Abstract: A method and an apparatus for performing and controlling speech recognition and enrolment are provided. The method for performing speech recognition and enrolment includes: receiving a Speech Enrolment Start Request and a Speech Recognition Request sent from a media gateway controller (MGC); performing speech recognition and enrolment according to the Speech Enrolment Start Request and the Speech Recognition Request, and obtaining a recognition and enrolment result; and feeding back the recognition and enrolment result to the MGC.
    Type: Grant
    Filed: December 9, 2011
    Date of Patent: December 9, 2014
    Assignee: Huawei Technologies Co., Ltd.
    Inventors: Ning Zhu, Weiwei Yang
  • Patent number: 8903941
    Abstract: A method and apparatus for safe web browsing is disclosed. More specifically, the method and apparatus comprises receiving a webpage associated with a uniform resource locator (URL) access request. The webpage may further comprise a referenced link or script. A determination is made if any of the URL, the referenced link or script within the webpage are deemed unacceptable. The webpage is transcoded to block access to at least one of the URL, the referenced link or script deemed unacceptable. The transcoded webpage is sent to a computer that requested access to the URL.
    Type: Grant
    Filed: September 14, 2009
    Date of Patent: December 2, 2014
    Assignee: Symantec Corporation
    Inventor: Prateek Kaul
  • Patent number: 8904475
    Abstract: An appliance and method for authorizing a level of access of a client to a virtual private network connection, based on a client-side attribute includes the step of establishing, by an appliance, a control connection with a client upon receiving a client request to establish a virtual private network connection with a network. The appliance transmits, via the control connection, a request to the client to evaluate at least one clause of a security string, the at least one clause including an expression associated with a client-side attribute. The client transmits, via the control connection, a response to the appliance comprising a result of evaluating the at least one clause by the client. The appliance assigns the client to an authorization group based on the result of evaluation of the at least one clause.
    Type: Grant
    Filed: February 6, 2013
    Date of Patent: December 2, 2014
    Assignee: Citrix Systems, Inc.
    Inventors: Amarnath Mullick, Charu Venkatraman, Shashi Nanjundaswamy, Junxiao He, Ajay Soni
  • Patent number: 8904036
    Abstract: Described are a secure geo-location obscurity network and ingress nodes, transit nodes and egress nodes used in such a network. In particular, a novel device is provided and comprises: a node for a network, the node comprising: a private portion for allowing high bandwidth secure private traffic to be received and transmitted by the node on a private pathway through the node; and a public portion for allowing low bandwidth secure public traffic to be received and transmitted by the node on a plurality of public pathways through the node.
    Type: Grant
    Filed: December 7, 2010
    Date of Patent: December 2, 2014
    Assignee: Chickasaw Management Company, LLC
    Inventors: James Andrew Reynolds, Philip Desch, Brett Burley, Gene Ward, Joe Kenny, Michael Howland, Christopher Allen Howland
  • Patent number: 8904558
    Abstract: The detection of web browser-based attacks using browser tests launched from a remote source is described. In one example, a digest is computed based on the content of an HTTP response message. The message is modified and sent to a client device that also computes a digest. The digests are compared to determine whether content has been modified by malware on the HTTP client. The results of the test are analyzed and defensive measures are taken.
    Type: Grant
    Filed: June 5, 2014
    Date of Patent: December 2, 2014
    Assignee: Imperva, Inc.
    Inventors: Amichai Shulman, Tal Arieh Be'ery
  • Patent number: 8904512
    Abstract: A system and method for a distributed multi-processing security gateway establishes a host side session, selects a proxy network address for a server, uses the proxy network address to establish a server side session, receives a data packet, assigns a central processing unit core from a plurality of central processing unit cores in a multi-core processor of the security gateway to process the data packet, processes the data packet according to security policies, and sends the processed data packet. The proxy network address is selected such that a same central processing unit core is assigned to process data packets from the server side session and the host side session. By assigning central processing unit cores in this manner, higher capable security gateways are provided.
    Type: Grant
    Filed: May 1, 2013
    Date of Patent: December 2, 2014
    Assignee: A10 Networks, Inc.
    Inventors: Lee Chen, Ronald Wai Lun Szeto
  • Publication number: 20140351918
    Abstract: Methods and systems for processing application-level content of network service protocols are described. According to one embodiment, a firewall maintains multiple configuration schemes, each defining a set of administrator-configurable content filtering process settings. The firewall also maintains a security policy database including multiple firewall security policies. At least one of the firewall security policies includes an associated configuration scheme and an action to take with respect to a particular network session based on a set of source Internet Protocol (IP) addresses, a set of destination IP addresses and/or a network service protocol.
    Type: Application
    Filed: August 5, 2014
    Publication date: November 27, 2014
    Applicant: FORTINET, INC.
    Inventor: William J. Crawford
  • Publication number: 20140351919
    Abstract: A multi-tenant data center environment includes a dedicated domain having at least one dedicated server associated with a client and a cloud domain having at least one cloud server associated with the client. The cloud server may have a public interface to a public network and a private interface to a private network. In turn, a network device is coupled between the dedicated domain and the public network, and is further coupled to the cloud server via the private network. A controller of the data center may be used to determine presence of the cloud server, and configure the network device to allow certain traffic to pass directly to the dedicated domain, while preventing other traffic from this direct path, based on access controls of the network device.
    Type: Application
    Filed: August 11, 2014
    Publication date: November 27, 2014
    Inventor: Christopher Kuehl
  • Patent number: 8898794
    Abstract: One embodiment of a computer-implemented data structure synchronization mechanism comprises an interface for accessing a data structure and storing ownership data in a shared memory location. The method further comprises denying write operations if the thread attempting the write operation is not designated as the owner thread by said ownership data. The method further comprises denying requests to modify the ownership data if the thread making the request is not designated as the owner thread by said ownership data. The method further comprises effecting a write fence in the context of the thread making the request to modify ownership data prior to modifying the ownership data. Other embodiments are described.
    Type: Grant
    Filed: September 6, 2011
    Date of Patent: November 25, 2014
    Inventor: Andrei Teodor Borac
  • Publication number: 20140344915
    Abstract: A system and method are provided for secure network communications. A proxy server receives meter data, from a meter of a set of meters via a local network, for an energy management server. The proxy server uses secure communications to send the meter data via a non-secure network to the energy management server.
    Type: Application
    Filed: August 1, 2014
    Publication date: November 20, 2014
    Inventors: Robert James Burke, Prateek Sangal, Robert Daniel Maher, III
  • Publication number: 20140344890
    Abstract: A captive portal system includes a login database, a web server, and a name server. The name server receives a DNS request from a user device, queries the login database to determine whether the user device is logged in, and responds to the DNS request with the IP address of the web server as a resolved IP address of the specified domain name when the user device is not logged in. The web server accepts a connection request from the user device to the IP address of the web server, receives an HTTP request specifying a non-local target URL from the user device, queries the login database to determine whether the user device is logged in according to the source address of the user device, and acts as a transparent proxy between the user device and the non-local target URL when the user device is logged in.
    Type: Application
    Filed: May 15, 2014
    Publication date: November 20, 2014
    Applicant: Guest Tek Interactive Entertainment Ltd.
    Inventors: Peter S. Warrick, David T. Ong
  • Patent number: 8893254
    Abstract: A method for providing security for mobile device users, comprising a data service node receiving from a first device a first message directed to a web provider, inserting an anonymizing forward-to header comprising a list of anonymizing gateways; based on the list, forwarding the message to a gateway that performs anonymizing functionality and forwards the message to an embedded-scripts-extracting gateway based on the list; the embedded-scripts-extracting gateway performing an embedded-scripts-extracting functionality and forwarding the message to the web provider.
    Type: Grant
    Filed: March 6, 2013
    Date of Patent: November 18, 2014
    Assignee: Sprint Communications Company L.P.
    Inventors: Ameen Khanfar, Raymond Reeves