Proxy Server Or Gateway Patents (Class 726/12)
  • Patent number: 8893255
    Abstract: Methods and systems for providing device authentication using device-specific proxy addresses are described. One example method includes associating a particular proxy network address with a device; receiving, over a network, a request to access a network resource, the request being received at the particular proxy network address; authenticating the device based on the particular proxy network address; and after authenticating the device, authenticating a user of the device based on user-specific credentials associated with the user.
    Type: Grant
    Filed: October 23, 2013
    Date of Patent: November 18, 2014
    Assignee: iboss, Inc.
    Inventor: Paul Michael Martini
  • Patent number: 8891518
    Abstract: A routing device includes means for executing a function of translation between at least one address of a first network and at least one address of a second network; means for receiving an association request from a terminal of said first network; means for generating a second request by substituting a source address in the association request by an address of the routing device in the second network; means for sending the second request to an address translation server of the second network; and means for sending said terminal, in response to said association request, a response received from said address translation server in response to sending said second request.
    Type: Grant
    Filed: September 30, 2009
    Date of Patent: November 18, 2014
    Assignee: Orange
    Inventor: RĂ©gis Corbel
  • Patent number: 8893233
    Abstract: A referer verification apparatus and method for controlling web traffic having malicious code are provided. In the referer verification method, whether a referer is present in a Hypertext Transfer Protocol (HTTP) packet is determined. If it is determined that the referer is present in the HTTP packet, Uniform Resource Locators (URLs) are extracted from a referer web page corresponding to the referer. The referer is verified based on a URL corresponding to a referer verification request received from a server and the extracted URLs. A Completely Automated Public Test to tell Computers and Humans Apart (CAPTCHA) verification procedure conducted by a user is performed based on results of the verification of the referer.
    Type: Grant
    Filed: September 10, 2012
    Date of Patent: November 18, 2014
    Assignee: Electronics and Telecommunications Research
    Inventors: Chul-Woo Lee, Deok-Jin Kim, Byoung-Jin Han, Byung-Chul Bae, Sang-Woo Park, Man-Hee Lee, E-Joong Yoon
  • Patent number: 8892754
    Abstract: Disclosed are various embodiments for executing untrusted content in a trusted network through the use of an external proxy server application. An identification of a resource specified by a user is obtained in one or more computing devices. The user is associated with one of a plurality of network sites hosted by the one or more computing devices. The one or more computing devices are within a trusted network that is separated from an untrusted network by a firewall. The resource is obtained from an external proxy server application executed in the untrusted network. One or more network pages are generated for the one of the network sites based at least in part on the resource.
    Type: Grant
    Filed: November 10, 2010
    Date of Patent: November 18, 2014
    Assignee: Amazon Technologies, Inc.
    Inventors: Andrew S. Huntwork, Jeremy Boynes, Benjamin Elliott Pew, Shashank Shekhar, Anna Catherine Bell, Prashant J. Thakare
  • Publication number: 20140337961
    Abstract: A system for implementing dynamic access to a private cloud environment via a public network is provided. The private cloud environment includes a gateway device linking to the public network and a plurality of storage devices connected to the gateway device. The system includes an intermediary server and a user terminal. The user terminal is linked to the intermediary server, via the public network, for acquiring a public IP address associated with the gateway device and a port information associated with the storage devices after being authenticated by the intermediary server. Then, the user terminal is linked to the gateway device in accordance with the public IP address, and is connected to the storage devices in accordance with the port information to access data from the storage devices.
    Type: Application
    Filed: May 8, 2013
    Publication date: November 13, 2014
    Applicant: PROMISE TECHNOLOGY, INC.
    Inventors: Hung-Ming Hammer Chien, Teng-Yu Denny Tsai
  • Publication number: 20140337932
    Abstract: In a dispersed storage network where slices of secure user data are stored on geographically separated storage units (44), a managing unit (18) connected to the network (20) may seek to broadcast and update secure access control list information across the network (20). Upon a target device (e.g., devices 12, 14, 16, 18, or 44) receiving the broadcast, the target device creates and sends an access control list change notification message to all other system devices that should have received the same broadcast if the broadcast is a valid request to update access control list information. The target device waits for responses from the other system devices to validate that the broadcast has been properly sent to a threshold number of other system devices before taking action to operationally change local data in accordance with the broadcast.
    Type: Application
    Filed: May 30, 2014
    Publication date: November 13, 2014
    Applicant: CLEVERSAFE, INC.
    Inventors: Wesley Leggette, Greg Dhuse, Jason K. Resch
  • Publication number: 20140337962
    Abstract: A computer communication system including a client computer with an installed virtual private network (VPN) client and located in a public network, a server computer located in a corporate network, a web server remote from the client computer, a gateway computer located in the corporate network, and a VPN server computer located in the corporate network. The computer communication system is adapted to run following steps of providing a safe VPN communication connection between the client and the server computers: the client computer, using a WEB browser, downloads an application from the VPN server computer, and the downloaded application automatically configures the VPN client installed on the client computer and establishes a tunnelled connection from the client computer to the corporate network. All packets generated by the installed VPN client are forwarded through the tunnelled connection via the gateway computer to the VPN server in the corporate network.
    Type: Application
    Filed: July 30, 2014
    Publication date: November 13, 2014
    Inventor: Klaus BRANDSTATTER
  • Patent number: 8887253
    Abstract: Discussed is a method of operating a CPNS (converged personal network service) gateway apparatus. The method includes transmitting a registration request message including user information to a server; transmitting an installation request message including the user information to a terminal; generating first authentication data on the basis of authentication information received by a user input; transmitting a trigger message including the first authentication data to the terminal; receiving a key assignment request message including second authentication data from the terminal in response to the trigger message; transmitting the received key assignment request message to the server; receiving a key assignment response message including a user key for the terminal in response to the key assignment request message; and transmitting the received key assignment response message to the terminal.
    Type: Grant
    Filed: September 28, 2011
    Date of Patent: November 11, 2014
    Assignee: LG Electronics Inc.
    Inventors: Younsung Chu, Jihye Lee
  • Patent number: 8887283
    Abstract: Methods and systems for content filtering of remote file-system access protocols are provided. According to one embodiment, a remote file-system access protocol request issued by a client to a server is received at a network device logically interposed between the client and the server. The request is issued to the server by the network device. A single shared holding buffer, used for both read and write accesses to the file and used by multiple processes running on the client, is implemented by the network device for the file during a remote file-system access protocol session. Data being read from or written to the file as a result of the request is buffered into the buffer. Responsive to a predetermined event in relation to the remote file-system access protocol or the buffer, the existence or non-existence of malicious, dangerous or unauthorized content is determined by performing content filtering on the buffer.
    Type: Grant
    Filed: March 2, 2014
    Date of Patent: November 11, 2014
    Assignee: Fortinet, Inc.
    Inventor: William Jeffrey Crawford
  • Patent number: 8885825
    Abstract: This method of establishing a cryptographic session key comprises: a subscription phase (104) during which an identifier of a local loop to the end of which a receiver must be connected is acquired, and an authentication step comprising: a) an operation (142) of automatically obtaining an identifier of the local loop to the end of which the receiver is actually connected, and b) an operation (146) of verifying that the identifier obtained during the operation a) corresponds to the identifier acquired during the subscription phase so as to authenticate the receiver.
    Type: Grant
    Filed: February 21, 2007
    Date of Patent: November 11, 2014
    Assignee: Viaccess
    Inventor: Philippe Carles
  • Patent number: 8887265
    Abstract: A proxy device such as a firewall uses an internal socket namespace such as a text string such that connection requests must be explicitly redirected to a listening socket in the alternate namespace in order to connect to a service. Because external connections cannot directly address the listening socket or service, greater security is provided than with traditional firewall or proxy devices. To receive a redirected proxy connection, a service process creates a listening socket and binds a name in an alternate namespace to the socket before listening for connections.
    Type: Grant
    Filed: March 27, 2013
    Date of Patent: November 11, 2014
    Assignee: McAfee, Inc.
    Inventors: Michael Green, David F. Diehl, Michael J. Karels
  • Patent number: 8887263
    Abstract: A firewall cluster system comprises a first node operable to receive a connection in a firewall cluster having three or more nodes, determine user data associated with the connection, and share the user data with at least another node in the firewall cluster.
    Type: Grant
    Filed: September 8, 2011
    Date of Patent: November 11, 2014
    Assignee: McAfee, Inc.
    Inventors: Tylor Allison, Anish Thomas, Andrew Nissen, Michael James Silbersack
  • Patent number: 8887266
    Abstract: A method is provided for computing network reachability in a computer network. The method includes: identifying each of the subnetworks that comprise a computer network; determining, for each pair of subnetworks, data paths between the two subnetworks; for each identified data path, identifying access control lists implemented along a given data path and formulating a diagram that merges reachability sets derived from the access control lists along the given data path; and, deriving, for each pair of subnetworks, a set of network packets that can traverse between the subnetworks from the formulated diagrams.
    Type: Grant
    Filed: January 7, 2011
    Date of Patent: November 11, 2014
    Assignee: Board of Trustees of Michigan State University
    Inventors: Xiang-Yang A. Liu, Amir Khakpour
  • Patent number: 8887284
    Abstract: An improved technique employs an automated agent inside the network perimeter, which generates and sends data packets to a listener outside the network perimeter. Along these lines, the automated agent generates data packets over a specified range of security parameters including port number, payload format, and communications protocol. The agent attempts to send these data packets across the network boundary through a firewall at an egress or other point of the network. The listener receives the data packets and analyzes the payload content of each received data packet for each value of the security parameters (e.g., port number, file type, and protocol). The listener then sends the results of the analysis to a report generator, which summarizes the analysis for an administrator of the network.
    Type: Grant
    Filed: February 10, 2012
    Date of Patent: November 11, 2014
    Assignee: Circumventive, LLC
    Inventors: Matthew Kovar, Joseph Bai
  • Patent number: 8887264
    Abstract: In various embodiments, the present disclosure provides a system and method for establishing a secure tunnel between a client device and a remote server utilizing multiple user identities, and in some embodiments, a client device identity, to authenticate access to the remote server.
    Type: Grant
    Filed: September 20, 2010
    Date of Patent: November 11, 2014
    Assignee: Ram International Corporation
    Inventors: Richard Fendall Johnston, II, Dean Edward Pierce, William Jonathan Strauss
  • Publication number: 20140331310
    Abstract: Architecture for generating a temporary account (e.g., an email address) with a user-supplied friendly name and a secret used to the sign the temporary account. For example, when a user wishes to create a temporary email address to use with an online organization, a friendly name is provided and the system generates a temporary email address including the friendly name. A signing component signs the temporary email address with a secret. One or more of these secrets can be provisioned prior to the user's creation of a friendly name, which eliminates propagation delay. During use, only incoming email messages having the temporary email address signed with the secret are validated. When the user revokes the temporary email address, the secret is revoked and the revocation is propagated to network gateways, rejecting any email sent to that address.
    Type: Application
    Filed: July 10, 2014
    Publication date: November 6, 2014
    Applicant: MICROSOFT CORPORATION
    Inventors: Charles R. Salada, Mayerber Carvalho Neto, Charlie Chung, Mayank Mehta
  • Publication number: 20140331309
    Abstract: Apparatuses, computer readable media, methods, and systems are described for requesting creation of virtual machine (VM) in a cloud environment comprising a virtual private cloud. Through various communications between a cloud DMZ, cloud provider, and/or company's network, a VM instance may be securely created, initialized, booted, unlocked, and/or monitored through a series of interactions building, in some examples, upon a root of trust.
    Type: Application
    Filed: July 1, 2014
    Publication date: November 6, 2014
    Inventors: Bradford Thomas Spiers, Miroslav Halas, Richard A. Schimmel, Donald P. Provencher
  • Publication number: 20140331308
    Abstract: A method for remote triggered black hole filtering can include advertising a first modified next hop address for a destination address of network traffic, and advertising a second modified next hop address for a source address of network traffic. The first next hop address of the destination address might be overwritten with the first modified next hop address. Filtered traffic then can be forwarded to the first modified next hop address, wherein filtered traffic comprises only network traffic addressed to the destination address or from the source address. In some cases, the filtered traffic is transported and received via a sinkhole tunnel. A second next hop address of the source address can be overwritten to a second modified next hop address. The attack traffic, which can be filtered traffic that is both addressed to the destination address and from the source address, might be forwarded to a discard interface.
    Type: Application
    Filed: May 1, 2014
    Publication date: November 6, 2014
    Applicant: CenturyLink Intellectual Property LLC
    Inventors: Donald J. Smith, John A. Schiel
  • Patent number: 8879713
    Abstract: A system and method to select and retrieve contact center transactions from a set of transactions stored in a queuing mechanism. The system includes an interactive voice response system configured to accept at least one call and dynamically populate a web form with call data associated with the at least one call. The system also includes a queuing engine configured to allow a call agent to access the call data prior to the at least one call being connected to the call agent.
    Type: Grant
    Filed: August 15, 2012
    Date of Patent: November 4, 2014
    Assignee: Nuance Communications, Inc.
    Inventors: Peeyush Jaiswal, Naveen Narayan
  • Patent number: 8881272
    Abstract: A system for controlling selection of filters for protecting against vulnerabilities of a computer network includes a vulnerability management system analyzes the computer network and determines network vulnerabilities for the computer network. The vulnerability management system is configured to receive real-time data on a status of filters protecting against vulnerabilities of the computer network. A database contains a pre-generated mapping of network vulnerabilities to filters for protecting against the network vulnerabilities. The vulnerability management system enables user control of filters for protecting against vulnerabilities of the computer network based upon the determined network vulnerabilities of the computer network, the pre-generated mapping of network vulnerabilities to the filters for protecting against the network vulnerabilities and the real-time data on the status of the filters.
    Type: Grant
    Filed: March 18, 2010
    Date of Patent: November 4, 2014
    Assignee: Achilles Guard, Inc.
    Inventors: Eva Bunker, Nelson Bunker, Kevin Mitchell, David Harris
  • Patent number: 8881260
    Abstract: Cross-Domain guard with authentication and authorization function used to protect data transferred between two separate and secure networks. The guard utilizes an existing audit port to provide the capability augment or replace data-forwarding decisions, which were previously being based solely on whether the data is in a well-formed packet. The authentication and authorization may be resident in a partition, a side car processor or a separate network.
    Type: Grant
    Filed: September 29, 2010
    Date of Patent: November 4, 2014
    Assignee: Rockwell Collins, Inc.
    Inventors: David S. Hardin, Raymond J. Richards, Matthew M. Wilding
  • Patent number: 8880873
    Abstract: An authentication method, system and device are provided by the embodiments of the present invention. Said method includes the following steps: an Application Server (AS) receives an AS access request, which carries a user identifier, transmitted by a User Equipment (UE); the AS generates a key generation request based on the user identifier and transmits it to a network side; the AS receives the key transmitted by the network side, and authenticates the UE according to the key. In the present invention, generating the key between a terminal without a card and the AS is implemented, and the AS authenticates the UE using the generated key, and the security of the data transmission is improved.
    Type: Grant
    Filed: December 28, 2010
    Date of Patent: November 4, 2014
    Assignee: China Mobile Communications Corporation
    Inventor: Xiaoming Lu
  • Patent number: 8879382
    Abstract: A system is configured to: receive a message from a gateway device; identify one or more sessions corresponding to an identifier included in the message; and clear the one or more corresponding sessions. The identifier may correspond to a part of the gateway device where a session is stored or maintained for a mobile device to connect to a server device.
    Type: Grant
    Filed: December 30, 2010
    Date of Patent: November 4, 2014
    Assignee: Juniper Networks, Inc.
    Inventors: Venkatesh Badakere Ramachandra, Apurva Mehta, Jagadishchandra Sarnaik, Gazal Sahai, Roopa Bayar, Rohini Kasturi, Ram Prasad, Sreenivasa Tellakula, Vitaly Dzhitenov
  • Patent number: 8875274
    Abstract: A method for a user agent to access a session policy in a network is provided. The method comprises sending, from the user agent, a single session policy request to a single network component, the single network component contacting a plurality of network components, wherein sending the single session policy request to the single network component utilizes a lower layer protocol. The lower layer protocol is at least one of Extensible Authentication Protocol (EAP), Point to Point Protocol (PPP), and General Packet Radio Service (GPRS) Activate Packet Data Protocol (PDP) context. The method further comprises aggregating policy information and providing the aggregated policy information to the user agent.
    Type: Grant
    Filed: November 10, 2009
    Date of Patent: October 28, 2014
    Assignee: BlackBerry Limited
    Inventors: Michael Montemurro, Andrew Allen, Adrian Buckley
  • Patent number: 8874691
    Abstract: A method of circumventing network obstacles to provide a peer-to-peer communication channel between peers utilizing hypertext transfer protocol (HTTP) includes communicating a HTTP request from a peer device to a relay through a network including an obstacle where the HTTP request is intended for another peer device. The method further includes communicating a HTTP response from the relay to the peer device and establishing a communication channel between the peer device and the another peer device via the relay. The communication channel permits the peer device and the another peer device to send and receive data.
    Type: Grant
    Filed: June 22, 2005
    Date of Patent: October 28, 2014
    Assignee: Core Wireless Licensing S.A.R.L.
    Inventor: Titos Saridakis
  • Patent number: 8875225
    Abstract: A method, apparatus and system for obtaining user information are disclosed by the present invention. The present invention solves the problem of lower security of user information. The method includes: obtaining the interactive state of the service requester in the service request process, wherein the interactive state is used for indicating the specific state in which the service requester and its service are during the process of interaction with each other; determining if the interactive state of the service requester, in the process of requesting the service, meets the preset access-authorized-policy of the user information in the service request; when the interactive state of the service requester, in the process of requesting the service, meets the preset access-authorized-policy of the user information in said service request, obtaining the user information and sending the user information to the service.
    Type: Grant
    Filed: June 8, 2012
    Date of Patent: October 28, 2014
    Assignee: Huawei Technologies Co., Ltd.
    Inventors: Heng Chang, Weiliang Chen, Xiaomin Shi, Qifeng Ma, Huan Wang, Shan Chen, Yan Li
  • Patent number: 8875220
    Abstract: In certain embodiments, a method includes receiving, at a proxy, a request for access to a network from an application on an endpoint. The method also includes determining, by the proxy, information about the application on the endpoint by examining one or more headers of the request received at the proxy from the application. The method further includes determining, by the proxy, whether the one or more headers comprise expected information based on the determined information about the application. In response to determining that the one or more headers do not comprise the expected information, the method includes denying, by the proxy, the request for access to the network. In addition, in response to determining that the one or more headers comprise the expected information, the method includes forwarding, by the proxy, the request to the network on behalf of the application.
    Type: Grant
    Filed: July 1, 2010
    Date of Patent: October 28, 2014
    Assignee: Raytheom Company
    Inventor: Monty D. McDougal
  • Patent number: 8875226
    Abstract: A method for disambiguating entities on a multi-level security display includes receiving a selection of a particular security level and rendering entities having a different security level in a visually distinct way. Visual distinction may include not drawing the entities on the multi-level security display.
    Type: Grant
    Filed: June 14, 2012
    Date of Patent: October 28, 2014
    Assignee: Rockwell Collins, Inc.
    Inventor: James A. Marek
  • Patent number: 8875223
    Abstract: Techniques for configuring and managing remote security devices are disclosed. In some embodiments, configuring and managing remote security devices includes receiving a registration request for a remote security device at a device for configuring and managing a plurality of remote security devices; verifying the registration request to determine that the remote security device is an authorized remote security device for an external network; and sending a response identifying one or more security gateways to the remote security device, in which the remote security device is automatically configured to connect to each of the one or more security gateways using a distinct Layer 3 protocol tunnel (e.g., a virtual private network (VPN)).
    Type: Grant
    Filed: August 31, 2011
    Date of Patent: October 28, 2014
    Assignee: Palo Alto Networks, Inc.
    Inventors: Yueh-Zen Chen, Wilson Xu, Monty Sher Gill
  • Patent number: 8875276
    Abstract: A firewall security device, system and corresponding method are provided that includes an operating system of an entirely new architecture. The operating system is based fundamentally around a protocol stack (e.g., TCP/IP stack), rather than including a transport/network layer in a conventional core operating system. The firewall security device may include a processor and an operating system (OS) embedded in the processor. The OS may include a kernel. The operating system kernel is a state machine and may include a protocol stack for communicating with one or more devices via a network interface. The OS may be configured to receive and transmit data packets and block unauthorized data packets within one or more layers of the protocol stack based on predetermined firewall policies.
    Type: Grant
    Filed: September 2, 2011
    Date of Patent: October 28, 2014
    Assignee: IOTA Computing, Inc.
    Inventors: Ian Henry Stuart Cullimore, Jeremy Walker
  • Patent number: 8875277
    Abstract: A process is disclosed in which all network traffic between a mobile device and an untrusted network arriving before the establishment of a VPN tunnel are dropped in response to rules imposed by the mobile device's operating system. Once a VPN tunnel is established all communication from the mobile device is secured, without an intervention on the part of the user of the device. A device supporting such a process is also disclosed.
    Type: Grant
    Filed: June 4, 2012
    Date of Patent: October 28, 2014
    Assignee: Google Inc.
    Inventor: Jeff Sharkey
  • Publication number: 20140317719
    Abstract: Some embodiments of cloud-based gateway security scanning have been presented. In one embodiment, some data packets are received sequentially at a gateway device. The data packets constitute at least a part of a file being addressed to a client machine coupled to the gateway device. The gateway device forwards an identification of the file to a remote datacenter in parallel with forwarding the data packets to the client machine. The datacenter performs signature matching on the identification and returns a result of the signature matching to the gateway device. The gateway device determining whether to block the file from the client machine based on the result of the signature matching from the datacenter.
    Type: Application
    Filed: June 27, 2014
    Publication date: October 23, 2014
    Inventors: Aleksandr Dubrovsky, Senthilkumar G. Cheetancheri, Boris Yanovsky
  • Patent number: 8869290
    Abstract: A broadband gateway, which enables communication with a plurality of devices, handles at least one physical layer connection to at least one corresponding network access service provider. Security boundaries such as conditional access (CA) and/or digital right management (DRM) boundaries associated with the broadband gateway are identified based on security profiles associated with the plurality of devices and/or a service from networks. The identified security boundaries are utilized to determine or negotiate CA information for content access for the service. The received content may be distributed according to the determined CA information and the security profiles of the corresponding devices. The broadband gateway may be automatically and dynamically configured based on the identified security boundaries to secure content distribution to the devices.
    Type: Grant
    Filed: December 30, 2010
    Date of Patent: October 21, 2014
    Assignee: Broadcom Corporation
    Inventors: Xuemin Chen, Jeyhan Karaoguz, Wael Diab, David Garrett, David Albert Lundgren, Rich Prodan
  • Patent number: 8868034
    Abstract: Embodiments may comprise logic such as hardware and/or code to provide a secure device area network. Many embodiments comprise a gateway node or enterprise enhanced node with a services distribution frame installed on a customer's premises. The gateway node or enterprise enhanced node may interconnect the secure wireless device area network at the customer's premises with a cellular network. In many embodiments, the cellular network core may provision authentication credentials and security keys, and manage access polies to facilitate access by Application Service Providers to devices on premises including smart devices via a security and policy enforcement function of a services distribution frame of the gateway node or enterprise enhanced node, Authorized members of the secure wireless device area network may connect to the Wide Area Network (WAN) through the gateway node and the cellular network core.
    Type: Grant
    Filed: December 25, 2010
    Date of Patent: October 21, 2014
    Assignee: Intel Corporation
    Inventors: Rakesh Dodeja, Ashok Sunder Rajan, Kevin D. Johnson, Martin Mcdonnell, William J. Tiso, Todd A. Keaffaber, Adam P. Burns
  • Patent number: 8869262
    Abstract: A method for allowing or denying, by an appliance, access to a resource by an application on a client via a virtual private network connection includes basing the decision to allow or deny access on identification of the application. The appliance intercepts a request from an application on a client on a first network to access via a virtual private network connection a resource on a second network. The appliance identifies the application and associates with the intercepted request an authorization policy based on the identity of the application. The appliance determines, using the authorization policy and the identity of the application, to either allow or deny access by the application to the resource.
    Type: Grant
    Filed: August 3, 2006
    Date of Patent: October 21, 2014
    Assignee: Citrix Systems, Inc.
    Inventors: Amarnath Mullick, Shashi Nanjundaswamy, Charu Venkatraman, Junxiao He, James Harris, Ajay Soni
  • Patent number: 8869236
    Abstract: One embodiment includes a non-transitory computer readable medium having instructions executable by a processor to implement a method. The method includes receiving user configuration data for a network device, the configuration system being coupled to a service network. The method also includes storing device configuration data in a configuration database coupled to the service network, the device configuration data being based on the user configuration data and service network data. The method also includes receiving a configuration request at the configuration system from the network device in response to the network device being unconfigured and connected in a user network. The method further includes transmitting the device configuration data from the configuration database to the network device in response to the configuration request.
    Type: Grant
    Filed: January 11, 2013
    Date of Patent: October 21, 2014
    Assignee: Shoretel, Inc.
    Inventors: Dale Tonogai, Darren J. Croke
  • Patent number: 8869270
    Abstract: Systems and methods for implementing content, streaming, and network security inside a chip or inside a computing device are disclosed. In exemplary embodiments, a system comprises a communication chip and a second processor. The communication chip comprises a router and security instructions. The router is configured to intercept untrusted data between a network, and a first router. The second processor is configured to receive the untrusted data from the router, process the untrusted data with the security instructions to produce trusted data, and provide the trusted data to the router.
    Type: Grant
    Filed: March 11, 2009
    Date of Patent: October 21, 2014
    Assignee: Cupp Computing AS
    Inventor: Shlomo Touboul
  • Patent number: 8868913
    Abstract: A network device initiates a transmission control protocol (TCP) connection to establish a TCP session with a management device, and performs, via the TCP session, a secure protocol client/server role reversal for the management device. The network device receives, from the management device, initiation of a secure connection over the TCP session in accordance with a secure protocol, and provides, to the management device, a trusted certificate with an embedded host key that is dynamically generated using a cryptographic processor of the network device, based on the initiation of the secure connection. The network device also establishes the secure connection with the management device based on an authentication of the host key by the management device via the trusted certificate.
    Type: Grant
    Filed: September 29, 2011
    Date of Patent: October 21, 2014
    Assignee: Juniper Networks, Inc.
    Inventor: Kent A. Watsen
  • Publication number: 20140310794
    Abstract: Disclosed is a network system and a control method thereof, the network system including a gateway connected to a plurality of home appliances through a home area network, an outdoor apparatus connected to the gateway through a network, and a dynamic domain name system (DDNS) server to manage dynamic internet protocol (IP) address information about an apparatus using a dynamic IP address. A communication connection is achieved through a dynamic IP between a gateway inside the home and an apparatus outside the home in a smart grid network environment, so a user can easily access in-home services based on a dynamic IP. In addition, unauthorized traffic, which may be introduced into the home, is automatically blocked, so that the quality of the home network service is improved.
    Type: Application
    Filed: June 24, 2014
    Publication date: October 16, 2014
    Inventors: Dong Ik LEE, Dong Yun HWANG, Jai Ick CHUN
  • Publication number: 20140310795
    Abstract: When a plurality of user terminals request a plurality of contents, the numbers of user terminals which request the content are managed. For each of the plurality of contents, the number of content servers which provide that content is decided using the managed numbers. For each of the plurality of contents, the content is installed in content servers as many as the number decided in association with that content, and user terminals which request the content are permitted to access the content servers which provide the content.
    Type: Application
    Filed: October 31, 2012
    Publication date: October 16, 2014
    Inventor: Tetsuji Iwasaki
  • Patent number: 8863268
    Abstract: A security module and method within an information handling system are disclosed. In a particular form, a processing module can include a local processor configurable to initiate access to resources of a host processing system. The processing module can also include a security module configured to enable use of the resources of the host processing system using a security metric. According to an aspect, the security module can be further configured to detect the security metric, and enable access to a resource of the host processing system in response to the security metric. The security module can further be configured to disable access to another resource of the host processing system in response to the security metric.
    Type: Grant
    Filed: October 29, 2008
    Date of Patent: October 14, 2014
    Assignee: Dell Products, LP
    Inventors: Roy W. Stedman, Andrew T. Sultenfuss, David Loadman
  • Patent number: 8863286
    Abstract: Techniques for notification of reassembly-free file scanning are described herein. According to one embodiment, a first request for accessing a document provided by a remote node is received from a client. In response to the first request, it is determined whether a second request previously for accessing the document of the remote node indicates that the requested document from the remote node contains offensive data. If the requested document contains offensive data, a message is returned to the client, without accessing the requested document of the remote node, indicating that the requested document is not delivered to the client.
    Type: Grant
    Filed: August 13, 2007
    Date of Patent: October 14, 2014
    Assignee: SonicWALL, Inc.
    Inventors: Aleksandr Dubrovsky, Igor Korsunsky, Roman Yanovsky, Boris Yanovsky
  • Patent number: 8862871
    Abstract: A device implemented, carrier independent packet delivery universal addressing networking protocol for communication over a network between network nodes utilizing a packet. The protocol has an IP stack having layers. At least some of the layers have privacy preserving source node attribution and network admission control. The packet is admitted to the network only if a source node of the network nodes admits the packet.
    Type: Grant
    Filed: March 22, 2012
    Date of Patent: October 14, 2014
    Assignee: Architecture Technology, Inc.
    Inventor: Ranga Sri Ramanujan
  • Patent number: 8863267
    Abstract: A subscriber network can provide services. External applications can use the services on the subscriber network. A service access gateway can control application access to services of the subscriber network. The service access gateway can filter requests from an external application to access services on the subscriber network based on the customer for which the external application is accessing the service.
    Type: Grant
    Filed: June 26, 2009
    Date of Patent: October 14, 2014
    Assignee: Oracle International Corporation
    Inventors: Boris Selitser, Daniel Jansson
  • Patent number: 8861692
    Abstract: A system may include a Web Real-Time Communication (WebRTC) backend server configured to receive a request for a Uniform Resource Identifier (URI) for a WebRTC call session requested by a browser application and generate the URI for the WebRTC call session; and a validation proxy configured to receive the URI from a WebRTC gateway and validate the URI with the WebRTC backend server. The WebRTC backend server may be receive a request to validate the URI from the validation proxy, determine whether the URI corresponds to a valid URI, and send a validation message to the validation proxy, if the received URI is valid. The validation proxy may generate a Session Initiation Protocol (SIP) message based on the received validation message and send the generated SIP message to a contact center services system to initiate a real-time call between the contact center services system and the browser application.
    Type: Grant
    Filed: May 15, 2013
    Date of Patent: October 14, 2014
    Assignee: Verizon Patent and Licensing Inc.
    Inventors: David E. Phelps, Brian S. Badger
  • Patent number: 8856930
    Abstract: Download control is disclosed. An apparatus includes one or more processors, and one or more memories including computer program code. The one or more memories and the computer program code configured to, with the one or more processors, cause the apparatus at least to perform: obtain one or more cryptographic hash values of a target file to be downloaded; cause transmission of the one or more cryptographic hash values to a trusted source; obtain reputation data relating to the target file originated from the trusted source in response to the transmission of the one or more cryptographic hash values; and control download of the target file on the basis of the reputation data.
    Type: Grant
    Filed: March 30, 2012
    Date of Patent: October 7, 2014
    Assignee: F-Secure Corporation
    Inventor: Timo Hirvonen
  • Patent number: 8856869
    Abstract: Methods, systems, and apparatus relating to enforcement of same origin policy of sensitive data are described. In an embodiment, a security agent may help ensure release of sensitive data is only triggered by authorized sources. The security agent may help ensure sensitive data is only released to authorized destinations. A security agent may translate or obfuscate sensitive data. Sensitive data may include HTTP cookies, session data, authentication information, authorization information, personal information, user credentials, and/or other data sensitive in nature. Sensitive data destinations and/or sensitive data origins may be identified. Identification may be performed using secure means (such as for example a SSL/TLS handshake). Other embodiments are also disclosed and claimed.
    Type: Grant
    Filed: June 22, 2010
    Date of Patent: October 7, 2014
    Assignee: NexWavSec Software Inc.
    Inventor: Jeffrey E. Brinskelle
  • Patent number: 8856910
    Abstract: Techniques for detecting encrypted tunneling traffic are disclosed. In some embodiments, detecting encrypted tunneling traffic includes monitoring encrypted network communications between a client and a remote server, in which the encrypted network communications are encrypted using a first protocol (e.g., Secure Shell (SSH) protocol or another protocol for encrypted network communications); and determining if the client sends a request to create a tunnel using the first protocol with the remote server. In some embodiments, detecting encrypted tunneling traffic further includes performing an action in response to determining that the client sent a request to create a tunnel using the first protocol with the remote server.
    Type: Grant
    Filed: August 31, 2011
    Date of Patent: October 7, 2014
    Assignee: Palo Alto Networks, Inc.
    Inventors: Shadi Rostami-Hesarsorkh, Michael Jacobsen
  • Patent number: 8856920
    Abstract: A system and method are provided for supporting storage and analysis by law enforcement agency premises equipment of intercepted network traffic. The system and method provide integrity of the intercepted network traffic stored in an archive in accordance with lawful intercept requirements by storing all of the intercepted traffic, both benign and malicious, in the archive in its original form. The system and method furthermore provide for security from any malicious data packets of the archive by separating the malicious packets from the benign packets and forwarding only the benign packets to analysis applications of the law enforcement agency premises equipment.
    Type: Grant
    Filed: September 18, 2006
    Date of Patent: October 7, 2014
    Assignee: Alcatel Lucent
    Inventors: Faud Ahmad Khan, Dmitri Vinokurov, Vinod Kumar Choyi
  • Patent number: 8856915
    Abstract: A negotiation unit, of a logical network control apparatus connected to a LAN, judges settings of processing to be performed on communication data by a network connection apparatus, from properties of an application to be used in communication, and decides parameters to be used for a VPN connection. The VPN connection is performed using the determined parameters.
    Type: Grant
    Filed: January 7, 2009
    Date of Patent: October 7, 2014
    Assignee: Canon Kabushiki Kaisha
    Inventor: Kensuke Yasuma