Proxy Server Or Gateway Patents (Class 726/12)
  • Patent number: 8856900
    Abstract: The disclosure relates to a method and a system for authorising a connection between a computer terminal and a source server, including an initialization phase wherein: the terminal connects to a gateway server, the gateway server sends a secret key to the terminal, the terminal hides the password in a data file by applying an encryption algorithm bootstrapped by the secret key, then deletes the secret key and the password, and a connection phase wherein: the terminal sends the data file containing the password to the gateway server, the gateway server extracts the files password by executing a reverse encryption algorithm bootstrapped by the secret key, and sends the password to the source server without saving it, the source server analysis the received password and authorizes the connection with the terminal if the password is authenticated.
    Type: Grant
    Filed: April 15, 2010
    Date of Patent: October 7, 2014
    Assignee: Synchronoss Technologies France
    Inventor: François Colon
  • Patent number: 8856911
    Abstract: Recommending a security policy to a firewall, includes receiving a request from a firewall for a recommendation as to whether the firewall should allow or block a detected present communication for which the firewall does not have an existing security policy. Information about past blocked and allowed communications at other firewalls on a network is searched to identify past communications that are similar to the present communication. The identified past communications are assigned a respective positive or negative vote. A positive vote indicates a past communication was allowed and a negative vote indicates a past communication was not allowed. A positive recommendation is sent to the requesting firewall to allow the present communication if the positive votes outnumber the negative votes, and a negative recommendation is sent to the requesting firewall to block the present communication if the negative votes outnumber the positive votes.
    Type: Grant
    Filed: July 26, 2012
    Date of Patent: October 7, 2014
    Assignee: AT&T Intellectual Property I, L.P.
    Inventor: Jeffrey Aaron
  • Patent number: 8856879
    Abstract: A backup account recovery authentication of last resort using social authentication is described. The account holder requests trustees who have been previously identified to obtain an account recovery code. The account recovery system sends a communication to the trustee for information to verify the trustee as one of the previously identified trustees. The account recovery system then may transmit a link and code with instructions for the trustee to return the link. The account recovery system then transmits a situational query to the trustee to provide additional security. Finally, if all the communications have been completed for the required level of security, the account recovery code is transmitted to the trustee. The trustee sends the account recovery code to the account holder for access to an account.
    Type: Grant
    Filed: May 14, 2009
    Date of Patent: October 7, 2014
    Assignee: Microsoft Corporation
    Inventors: Stuart Schechter, Robert Wilson Reeder
  • Publication number: 20140298444
    Abstract: A logical information-processing device is allocated based on a request from a terminal device. In an information-processing device, one of plural storage devices is connected to one of plural processing devices each including a managing unit. First correspondence information stores physical identification information identifying the information-processing device in association with address information of the managing unit. Second correspondence information stores the physical identification information in association with logical identification information identifying the logical information-processing device. A managing device obtains address information of the managing unit of the information-processing device corresponding to the logical information-processing device allocated to the terminal device, by using the physical identification information obtained, based on the logical identification information included in the request, from the second correspondence information.
    Type: Application
    Filed: February 24, 2014
    Publication date: October 2, 2014
    Applicant: FUJITSU LIMITED
    Inventors: Noboru IWAMATSU, Yotaro Konishi
  • Patent number: 8850512
    Abstract: Each virtual machine in a set of virtual machines managed by the virtual machine manager is identified. For each virtual machine in the set, it is determined whether the respective virtual machine is online. For at least the virtual machines determined to be offline, a machine image is collected for each offline virtual machine. Security of the offline virtual machines is assessed from the collected images. For virtual machines identified as online, an agent is loaded on each online virtual machine in the set via the virtual machine manager. The loaded agents are used to assess security of the online virtual machines in the set.
    Type: Grant
    Filed: October 13, 2011
    Date of Patent: September 30, 2014
    Assignee: McAfee, Inc.
    Inventors: Michael Price, Anthony Bettini
  • Patent number: 8850553
    Abstract: Embodiments for performing service binding between a client and a target server are disclosed. In accordance with one embodiment, a clear text client service binding value is received from a client at the target server, the client service binding value is compared to a server service binding value, and a communication channel is formed between the client and the target server when the client service binding value matches the server service binding value.
    Type: Grant
    Filed: September 12, 2008
    Date of Patent: September 30, 2014
    Assignee: Microsoft Corporation
    Inventors: Mark F. Novak, Daniel Kaminsky
  • Patent number: 8850200
    Abstract: A method and apparatus for a trusted intermediary server to assist with the secure exchange of data across a communications network, and in particular a packet-based network, such as the public Internet or an intranet. Communications are routed between private ports of the clients through the trusted intermediary server, with the private key transfer supported by a second type of communication medium. Although the trusted intermediary server negotiates the connection and is involved in the process, the communicants can perform their own key agreement and authentication for protecting data routed through the system.
    Type: Grant
    Filed: June 20, 2012
    Date of Patent: September 30, 2014
    Assignee: Synectic Design, LLC
    Inventor: Michael J. Horgan
  • Patent number: 8850555
    Abstract: A system for, and method of, generating a plurality of proxy identities to a given originator identity as a means of providing controlled access to the originator identity in electronic communications media such as e-mail and instant messaging.
    Type: Grant
    Filed: July 3, 2012
    Date of Patent: September 30, 2014
    Assignee: Reflexion Networks, Inc.
    Inventors: Joseph E. McIsaac, Marcus Dahllof, Bruce L. Tatarsky, Richard K. Vallett
  • Patent number: 8850554
    Abstract: An approach is provided for providing separation of authentication protocols and/or authentication contexts for client-server and server-server communication in network communication. A proxy server receives a request to initiate a service session. The request includes a first authentication context. The proxy server request verification of the first authentication context from an authentication server and validates the first authentication context based, at least in part, on the verification. The proxy server implements a second authentication context based, at least in part, on the verification of the first authentication context to initiate the service session.
    Type: Grant
    Filed: February 17, 2010
    Date of Patent: September 30, 2014
    Assignee: Nokia Corporation
    Inventors: Jari Otranen, Lauri Tarkkala, Deepali Khushraj
  • Patent number: 8847729
    Abstract: A host organization system for a host organization of a physical site, receives a request, by a visitor with an identifier of a visitor organization for a visitor access medium, for access to the physical site controlled by a physical access control system requiring presentation of the visitor access medium for access to the physical site, wherein there is an electronic trust relationship between the host organization system and a visitor organization system for the visitor organization via a network, wherein the visitor organization system maintains an electronic identity profile for the visitor. Responsive to the host organization system receiving an authenticated identifier for the visitor from the visitor organization system and validating the authenticated identifier from the visitor organization system, issuing a visitor access medium to the visitor for controlling access to the physical site.
    Type: Grant
    Filed: August 29, 2011
    Date of Patent: September 30, 2014
    Assignee: International Business Machines Corporation
    Inventors: David P. Moore, Craig Pearson
  • Patent number: 8850078
    Abstract: In a computing system, a method and system for a thin client and blade architecture are provided. A blade may generate video, audio, and peripheral control information that may be transmitted to a thin client (TC) by utilizing a video encoder, an audio bridge, and a peripheral bridge. Communication between the blade and the TC may occur based on a communication protocol that may operate independently of an operating system and/or applications running on the blade. The video encoder may dynamically compress the video information according to network capacity and/or video content and may dynamically select from various compression algorithms. The blade may configure and manage operations that interface with the TC. The TC may comprise a video decoder, a transceiver, a processor, a video display bridge, an audio bridge, and a peripheral bridge and may be adapted to communicate with peripheral devices.
    Type: Grant
    Filed: April 5, 2012
    Date of Patent: September 30, 2014
    Assignee: Broadcom Corporation
    Inventors: Alexander MacInnis, Uri El Zur
  • Publication number: 20140289830
    Abstract: In one exemplary embodiment, a computer-implemented method of a secure-access gateway to a destination device in a protected computer network include the step of receiving a request from a remote user to access the destination device in the protected computer network. A session for the remote user is registered. The session includes an access to the destination device by the remote user according to a set of specified parameters controlled by the secure access gateway. The session is created. When the remote user connects and authenticates, the secure access gateway establishes the connection to the destination device on behalf of the remote user. The session is monitored according to the set of specified parameters. The session is monitored to determine if at least one specified parameters is achieved. The session between the remote user and the destination device is when terminated when the at least one specified parameters is achieved.
    Type: Application
    Filed: March 22, 2013
    Publication date: September 25, 2014
    Inventors: Robert K. LEMASTER, Duleep G. PILLAI
  • Patent number: 8844019
    Abstract: A security gateway of a computer network receives incoming packets at one or more network interfaces. One or more security functions are applied to the packets. Reports of security function violations are recorded. The reports include the source addresses of the packets, the times that the packets were received, and descriptions of the violations. The descriptions include weights, and if the sum of the weights, for packets of a common source address that are received within a first time interval, exceeds a threshold, subsequent packets from that source address are dropped. Alternatively, in a “monitor only” mode, the common source address is logged but packets are not dropped. Optionally, encrypted packets and/or packets received at some network interfaces but not at other network interfaces are not dropped.
    Type: Grant
    Filed: November 21, 2012
    Date of Patent: September 23, 2014
    Assignee: Check Point Software Technologies Ltd.
    Inventors: Ofer Barkai, Dorit Dor, Tamir Zegman
  • Patent number: 8844018
    Abstract: Example methods and apparatus to enhance security in residential networks and residential gateways are disclosed. A disclosed example apparatus includes a transceiver to receive an Internet protocol (IP) packet, a first packet processing module associated with a protected IP address, the first packet processing module to be communicatively coupled to a first network device, a second packet processing module associated with a public IP address, the second packet processing module to be communicatively coupled to a second network device, and a packet diverter to route the received IP packet to the first packet processing module when the IP packet contains the protected IP address and to route the IP packet to the second packet processing module when the IP packet does not contain the protected IP address.
    Type: Grant
    Filed: December 18, 2008
    Date of Patent: September 23, 2014
    Assignee: AT&T Intellectual Property I, L.P.
    Inventors: Thusitha Jayawardena, Gustavo De Los Reyes, Gang Xu
  • Patent number: 8844016
    Abstract: A system for network content monitoring and control, comprising: a transport data monitor, connectable to a point in a network, for monitoring data being transported past said point, a signature extractor, associated with said transport data monitor, for extracting a derivation of said data, said derivation being indicative of content of said payload, a database of preobtained signatures of content whose movements it is desired to monitor, and a comparator for comparing said derivation with said preobtained signatures, thereby to determine whether said payload comprises any of said content whose movements it is desired to monitor. The monitoring result may be used in bandwidth control on the network to restrict transport of the content it is desired to control.
    Type: Grant
    Filed: August 21, 2012
    Date of Patent: September 23, 2014
    Assignee: PortAuthority Technologies, Inc.
    Inventors: Ariel Peled, Ofir Carny, Lidror Troyansky, Oren Tirosh, Guy Roglit, Galit Gutman
  • Publication number: 20140283000
    Abstract: The packets of a communication session between a first device and a second device are monitored at proxy device. A determination is made that full proxy services should be applied to the communication session at the proxy device. After the determination, a packet of a first exchange, the first exchange being initiated prior to the determination, is passed through the proxy device. After the determination, full proxy services are applied to a packet of a second exchange, the second exchange being initiated after the determination.
    Type: Application
    Filed: March 14, 2013
    Publication date: September 18, 2014
    Applicant: CISCO TECHNOLOGY, INC.
    Inventor: Manju Radhakrishnan
  • Publication number: 20140283002
    Abstract: An improvement invention for a method and system for web users to circumvent web censorship and do so anonymously is presented. The web user is routed through a proxy network that automatically removes code and commands that could be employed to identify the web user, or the Internet address (IP) of the web user. The content of the traffic is also examined for potential advertisement revenue. The improvement is a step that automatically removes code or text that could, upon execution, be employed to identify the web user.
    Type: Application
    Filed: March 15, 2013
    Publication date: September 18, 2014
    Inventor: Stephen Frechette
  • Publication number: 20140282999
    Abstract: A user having remote device wants to access an application executing on an application server computer that is behind a firewall. During a set-up phase, another firewall and a gateway computer are configured in front of the original firewall, creating a demilitarized zone (DMZ) having the gateway computer. During a registration phase, users' remote devices are configured with security data. The security data includes user authentication cryptographic credentials, for establishing secure channels, and may include user application cryptographic credentials as needed by individual applications executing on the application server. After set-up and registration, i.e., during operation, the user provides a password to an application program executing on his/her remote device. The password enables use of the security information on the remote device. The user uses the security information to establish a secure channel to the application, and then conducts a data session with the application.
    Type: Application
    Filed: March 13, 2013
    Publication date: September 18, 2014
    Applicant: Route1 Inc
    Inventors: Jerry S. Iwanski, Yamian Quintero Cantero
  • Publication number: 20140283001
    Abstract: A computer can be configured to provide seamless access to a proxy server by, upon connection to a computer network, determining whether a proxy server using authentication is connected to the computer network, and then prompting a user of the computer to enter authentication information for that proxy server. This authentication information for the proxy server then can be stored in a manner accessible by applications on the computer to use the authentication information to connection with requests by the applications to access the second computer network. For example, the operating system can store the authentication information. It also can include a module that processes all requests from applications that access the proxy server, and then includes in such requests the stored authentication information.
    Type: Application
    Filed: March 15, 2013
    Publication date: September 18, 2014
    Applicant: MICROSOFT CORPORATION
    Inventors: Eric Loewenthal, Ivan Pashov, Jonathan Silvera, Matthew Cox, Paul Trunley, Ziyan Zhou
  • Publication number: 20140283003
    Abstract: Technologies for providing electronic security to a first network are disclosed. The system may include a user equipment, a gateway device configured to mediate communication between a first network and a second network for the user equipment, and an electronic security device communicatively coupled to the gateway device. The electronic security device may include a gateway interface module configured to assume an identity associated with the gateway device, a network interface module configured to present the identity to the second network, and a traffic inspection module configured to monitor traffic without substantially affecting a topology of the first network, wherein the electronic security device is configured to identify undesirable traffic; and implement a security policy.
    Type: Application
    Filed: June 28, 2013
    Publication date: September 18, 2014
    Inventors: Jayakrishnan K. Nair, Simon Hunt, Prasanna Venkateswaran, Venkata Ramanan
  • Patent number: 8839373
    Abstract: Methods and apparatuses are provided for deploying relay nodes in a communication network. A relay node can initially be wirelessly authenticated to a network entity using initial security credentials. In response to a successful authentication, the relay node is authorized to wirelessly communicate with the communication network for a limited purpose of configuring the relay node for relay device operations. The relay node can receive new security credentials from the communication network, and is subsequently re-authenticated to the network entity using the new security credentials. In response to a successful re-authentication, the relay node is authorized by the network to operate as a relay device for conveying traffic between one or more access terminals and the communication network.
    Type: Grant
    Filed: June 16, 2011
    Date of Patent: September 16, 2014
    Assignee: QUALCOMM Incorporated
    Inventors: Anand Palanigounder, Adrian Edward Escott
  • Patent number: 8839406
    Abstract: An attack blocking control method uses an access control list (ACL). The method includes investigating the ACL if a packet is input, and checking whether or not the packet is registered in the ACL, comparing a current time count value with a blocking time of the packet if the packet is determined to be registered in the ACL. Further, the method includes increasing the number of blocking times of the packet by 1 if the current time count value is smaller than or equal to the blocking time. Further, the method includes automatically renewing the blocking time, and removing registration information for the packet from the ACL if the current time count value is greater than the blocking time.
    Type: Grant
    Filed: November 12, 2012
    Date of Patent: September 16, 2014
    Assignee: Electronics and Telecommunications Research Institute
    Inventor: Dae Won Kim
  • Patent number: 8839404
    Abstract: A security gateway appliance is configured to evaluate network traffic according to security rules that classify traffic flows according to specifically identified application programs responsible for producing and/or consuming the network traffic and to enforce policies in accordance with network traffic classifications. The appliance includes an on-box anti-virus/anti-malware engine, on-box data loss prevention engine and on-box authentication engine. One or more of these engines is informed by an on-box dynamic real tie rating system that allows for determined levels of scrutiny to be paid to the network traffic. Security gateways of this type can be clustered together to provide a set of resources for one or more networks, and in some instances as the backbone of a cloud-based service.
    Type: Grant
    Filed: May 26, 2011
    Date of Patent: September 16, 2014
    Assignee: Blue Coat Systems, Inc.
    Inventors: Qing Li, Ronald Andrew Frederick, Thomas A. Clare
  • Patent number: 8839403
    Abstract: A local proxy system includes a storage device having a local proxy and a physical port connection. The local proxy is part of a split proxy configuration having a local proxy and a remote proxy. The physical port connection is operative to receive commands from a host via an internet application protocol; and to transmit commands to the host via a modem control protocol, to thereby function as a gateway for conveying these commands to a remote proxy, via the host. Also provided is a method of optimizing communication over a network; and a local proxy system that includes a storage device having a local proxy. The storage device is in connection with a host via a physical port connection complying with a standard storage device interface.
    Type: Grant
    Filed: December 31, 2007
    Date of Patent: September 16, 2014
    Assignee: SanDisk IL Ltd.
    Inventors: Amir Mosek, Alain Nochimowski, Micha Rave
  • Publication number: 20140259144
    Abstract: Systems and methods for providing one or more services via a remote device are disclosed. One method can comprise identifying one or more services available at a location, transmitting identification data to a remote device disposed remotely from the location, the identification data relating to the one or more services identified, receiving a selection of the one or more services available, and providing the selected one or more services available to the remote device.
    Type: Application
    Filed: March 5, 2013
    Publication date: September 11, 2014
    Applicant: Comcast Cable Communications, LLC
    Inventor: Yiu L. Lee
  • Patent number: 8832818
    Abstract: A multi-tenant data center environment includes a dedicated domain having at least one dedicated server associated with a client and a cloud domain having at least one cloud server associated with the client. The cloud server may have a public interface to a public network and a private interface to a private network. In turn, a network device is coupled between the dedicated domain and the public network, and is further coupled to the cloud server via the private network. A controller of the data center may be used to determine presence of the cloud server, and configure the network device to allow certain traffic to pass directly to the dedicated domain, while preventing other traffic from this direct path, based on access controls of the network device.
    Type: Grant
    Filed: February 28, 2011
    Date of Patent: September 9, 2014
    Assignee: Rackspace US, Inc.
    Inventor: Christopher Kuehl
  • Patent number: 8832819
    Abstract: Methods and systems for load balancing and failover among gateway devices are disclosed. One method provides for assigning communication transaction handling to a gateway. The method includes receiving a request for a license from a computing device at a control gateway within a group of gateway devices including a plurality of gateway devices configured to support communication of cryptographically split data. The method also includes assigning communications from the computing device to one of the plurality of gateway devices based on a load balancing algorithm, and routing the communication request to the assigned gateway device.
    Type: Grant
    Filed: November 30, 2012
    Date of Patent: September 9, 2014
    Assignee: Unisys Corporation
    Inventors: Robert A. Johnson, Kathleen Wild, Gerald Quammen
  • Patent number: 8832842
    Abstract: An external security device is provided in the communication path between devices of different security levels. A higher security device needs only to trust the security of the external device, rather than relying on operating system and file system software that cannot be assured. The external security device blocks access requests that may be using covert channels, but returns status information that indicates that the request is successful. The external security device may then audit access requests to provide a higher level of accountability. The external security device also handles data duplication to prevent or significantly reduce the threat of traffic analysis.
    Type: Grant
    Filed: October 7, 2003
    Date of Patent: September 9, 2014
    Assignee: Oracle America, Inc.
    Inventor: James P. Hughes
  • Patent number: 8826385
    Abstract: One embodiment disclosed relates to a method for a switch to respond to a new client. A new client is detected at a port of the switch. The switch temporarily assigns the port to be an untagged member of a virtual local area network (VLAN) which is configured for unauthorized clients. Initialization services are provided to the new client via the unauthorized-client VLAN. The new client may be authenticated by way of an authentication session using the unauthorized-client VLAN. If the new client is authenticated, then the untagged membership of the port in the unauthorized-client VLAN is dropped, and the port is assigned to be an untagged member of a specified VLAN.
    Type: Grant
    Filed: April 15, 2008
    Date of Patent: September 2, 2014
    Assignee: Hewlett-Packard Development Company, L.P.
    Inventor: Paul T. Congdon
  • Patent number: 8826411
    Abstract: A Web browser is configured to participate with a proxy server in enforcing traffic policies within a computer network. This may include modifying the Web browser to report contextual information regarding requests for Web documents to the proxy server and/or causing the Web browser to report information concerning Web documents requested through the proxy server to the proxy server.
    Type: Grant
    Filed: March 15, 2006
    Date of Patent: September 2, 2014
    Assignee: Blue Coat Systems, Inc.
    Inventors: Doug Moen, Alex Campbell
  • Patent number: 8826451
    Abstract: In accordance with embodiments, there are provided methods and systems for providing communication authentication between cloud applications and on-premise applications. A method of embodiments includes receiving, from a cloud application at a cloud computing device, a first message at an application server of a server computing system, and parsing, at the application server, the first message to determine first identification information contained within the first message. The method further includes authenticating, at the application server, the first message by verifying the first identification information, and forwarding the first authenticated message to an on-premise application at a remote computing device.
    Type: Grant
    Filed: December 20, 2010
    Date of Patent: September 2, 2014
    Assignee: salesforce.com, inc.
    Inventor: Michael David Blubaugh
  • Patent number: 8825735
    Abstract: A system for managing the use of BOTs by computer network users, the system including a gateway-to-BOT communications manager configured to relay communications to a BOT on behalf of a computer user in a manner that prevents the BOT from associating the communications with the computer user, and a gateway-to-user communications manager configured to relay the communications from the computer user to the gateway-to-BOT communications manager, and relay to the computer user communications received from the gateway-to-BOT communications manager that originate from the BOT.
    Type: Grant
    Filed: July 13, 2012
    Date of Patent: September 2, 2014
    Assignee: International Business Machines Corporation
    Inventors: Vladimir Gamaley, Hagit Hamdani, Dvir Landerer, Gabi Miro, Gili Nachum, Gil Perzy, Reuven Svechin
  • Patent number: 8826412
    Abstract: An access discovery method and system discovers and stores the proper access protocol for each device on a network. The discovery process includes progressively sequencing through state transitions until a successful access protocol sequence is determined, and an access script corresponding to this sequence is stored for subsequent access to the device. Preferably, the protocol-discovery algorithm is modeled as a state table that includes a start state and two possible terminal states: success and failure. A state machine executes the state table until a terminal state is reached; if the terminal state is a failure, the system backtracks to attempt an alternative sequence. The process continues until the success state is reached or until all possible sequences are executed without success. An exemplary state model is provided that has been shown to be effective for modeling network devices from a variety of vendor devices.
    Type: Grant
    Filed: July 23, 2012
    Date of Patent: September 2, 2014
    Assignee: Riverbed Technology, Inc.
    Inventor: Krishnan Sivaramakrishna Iyer
  • Patent number: 8826014
    Abstract: A method, system and apparatus for authenticating a communication request sent from a client computing device. The communication request is initially blocked by a firewall preventing delivery to a server. A first logging event corresponding to the communication request is created. The communication request and the logging event are stored in a firewall. The server is notified of the first logging event. The communication request corresponding to the first logging event is authenticated. A port in the firewall is enabled if the communication request is authenticated.
    Type: Grant
    Filed: January 21, 2005
    Date of Patent: September 2, 2014
    Assignee: International Business Machines Corporation
    Inventors: Jeffery Bart Jennings, Kofi Kekessie
  • Publication number: 20140245424
    Abstract: Disclosed are systems and methods to perform coordinated blocking of source addresses, such as an Internet Protocol (IP) addresses, across a plurality of network appliances (e.g., gateways). In one disclosed embodiment the method and system temporarily alter a configuration of one or more network appliances (based on user defined configuration parameters) to allow communication from a “blocked” IP address for a period of time. A network appliance can then “receive” an email and perform analysis and provide results of the analysis to a reputation service. Thereby, the temporarily allowed communication can be used to learn information about a threat which would not have been available if all communication from that IP address had actually been blocked at the network appliance.
    Type: Application
    Filed: May 13, 2014
    Publication date: August 28, 2014
    Inventors: Nicholas Liebmann, Raoul Tiddy, Michael Bishop
  • Publication number: 20140245423
    Abstract: User input including an application profile is received. The profile specifies a first server group, a second server group, and computing flows between the first and second server groups. User input identifying at least the first server group to include in a cloud chamber is received. Internet Protocol (IP) addresses assigned to virtual machines provisioned into the first and second server groups are obtained. Based on the computing flows specified in the application profile and the IP addresses assigned to the virtual machines, a set of firewall rules are generated for each virtual machine in the cloud chamber.
    Type: Application
    Filed: February 25, 2014
    Publication date: August 28, 2014
    Applicant: Zentera Systems, Inc.
    Inventor: Jaushin Lee
  • Patent number: 8819821
    Abstract: A low rate DoS attack detection algorithm is used, which relies on a characteristic of the low rate DoS attack in introducing high rate traffic for short periods, and then uses a proactive test based differentiation technique to filter the attack packets. The proactive test defends against DDoS attacks and low rate DoS attacks which tend to ignore the normal operation of network protocols, but it also differentiates legitimate traffic from low rate DoS attack traffic instigated by botnets. It leverages on the conformity of legitimate flows, which obey the network protocols. It also differentiates legitimate connections by checking their responses to the proactive tests which include puzzles for distinguishing botnets from human users.
    Type: Grant
    Filed: December 28, 2012
    Date of Patent: August 26, 2014
    Assignee: New Jersey Institute of Technology
    Inventors: Nirwan Ansari, Amey Bhaskar Shevtekar
  • Patent number: 8819424
    Abstract: An intermediary system that facilitates a connection request from a client to a server. The intermediary system may participate in either or both of a token creation phase and a server connection phase. If participating in the token creation phase, the intermediary system generates a token that may later be used by the client during a server connection phase. The token includes a session identifier and is returned to the client. If participating in the server connection phase, the intermediary receives the token, extracts the session identifier from the token, and compares against the session identifier for the session in which the token was created. If the session identifiers match, then the intermediary connects to the server to complete the connection request.
    Type: Grant
    Filed: September 30, 2010
    Date of Patent: August 26, 2014
    Assignee: Microsoft Corporation
    Inventor: Dimitrios Soulios
  • Patent number: 8819819
    Abstract: JavaScript on webpages linked to by URLs in messages is identified and the JavaScript is extracted. The JavaScript is then subjected to a JavaScript execution and analysis process whereby the JavaScript is executed in the context of a simulated web browser. The behavior of the JavaScript is then analyzed to identify one or more of: any URLs to be redirected to; any further executable JavaScript; and any content dynamically written to the webpage. The results are then either recursed into or are recorded and used to aid in the identification of spam messages.
    Type: Grant
    Filed: April 24, 2012
    Date of Patent: August 26, 2014
    Assignee: Symantec Corporation
    Inventors: Nicholas Johnston, Graham Coomer
  • Patent number: 8819788
    Abstract: There is provided a system and method of selectively directing collected security data that may be displayed concurrently at a first security station and at a supervisor station, and providing a communication link between such first security station and such supervisor station so that a supervisor may assist a security operator in the evaluation of the collected security data and in making a decision about such collected data. There is further provided a system and method of determining the height of a part of a body by capturing an image of such part with a camera at a known height and known distance from such body, computing an angle of a horizontal line from a lens of such camera and a line from such camera to such part of such body, and calculating the distance between the height of such camera and the height of such part of such body.
    Type: Grant
    Filed: October 21, 2003
    Date of Patent: August 26, 2014
    Assignee: Clearone Communications Hong Kong, Limited
    Inventors: Yair Shachar, Isac Winter, Andi Forsthofer
  • Patent number: 8819806
    Abstract: An application portal selectively provides a user selective access to data. A data access layer is included in the portal and includes a map associating the user with a permission and further associating a combination of the user and the permission with a data entity, whereby it may be determined whether the user is permitted to access data identified with the data entity. A data stage included in the portal selectively undergoes a synchronization with a remote data store, the synchronization providing data access information that is used to update the map.
    Type: Grant
    Filed: October 20, 2006
    Date of Patent: August 26, 2014
    Assignee: Verizon Patent and Licensing Inc.
    Inventors: Chi-Hwei Julie Lin, Tsehsin Jason Liu, Wei Miao, Yunyan Wang
  • Patent number: 8813215
    Abstract: Methods and systems are provided for processing application-level content of network service protocols. According to one embodiment, one or more content processing configuration schemes are defined within a firewall device. Each of the one or more content processing configuration schemes including multiple content processing configuration settings for one or more network service protocols. The one or more content processing configuration schemes are stored by the firewall device. One or more of the stored content processing configuration schemes are associated with a firewall policy by the firewall device.
    Type: Grant
    Filed: November 29, 2013
    Date of Patent: August 19, 2014
    Assignee: Fortinet, Inc.
    Inventor: William J. Crawford
  • Patent number: 8813214
    Abstract: A method and system for providing secure peer-to-peer file transfers whereby request/negotiation message mechanisms used to negotiate file transfers between peers is used to identify/intercept, and block, direct file transfers. The request/negotiation messages are then replaced with messages sent to both peers that include upload and download URL links through which the file can be uploaded, scanned analyzed, and then transferred, via a secure file transfer server. Using the method and system for providing secure peer-to-peer file transfers disclosed herein, peer-to-peer file transfer transactions are provided protection from malware, and provided additional data security, so that peer-to-peer users can utilize this important capability without taking unacceptable risks.
    Type: Grant
    Filed: August 12, 2011
    Date of Patent: August 19, 2014
    Assignee: Symantec Corporation
    Inventors: David Trent McNair, Russill Justin Wells, Brian Catz
  • Patent number: 8813216
    Abstract: A method and system for providing security to a Network Job Entry (NJE) network. A first NJE node and a third NJE node are connected by a second NJE node. The second NJE node conducts a security check of NJE packets traveling between the first and third NJE nodes. The security check performed by the second NJE node includes checking the userid of the person or job that sent the NJE packet, as well as the NJE data type. The NJE data type may be classified by the type of operation being performed, such as a batch job, sysout, command, message, as well as what application is being used. In one preferred embodiment, the security check includes checking the security level of the source of the data being transferred, such as a sensitive application. The security check can be based on the size of the data packet, such that excessively large data packets from a particular user are not permitted to be transmitted outside a secure NJE network.
    Type: Grant
    Filed: December 16, 2004
    Date of Patent: August 19, 2014
    Assignee: International Business Machines Corporation
    Inventors: William Joseph Bloemeke, Reid Anthony Cashion
  • Patent number: 8813174
    Abstract: A policy manager generates a uniform cloud service and information security policy based on a plurality of access contexts. The policy manager distributes the uniform cloud service and information security policy to a plurality of security blades, the security blades located within a plurality of cloud services and configured to control access for a user device to the cloud services and the information contained therein based on the uniform cloud service and information security policy.
    Type: Grant
    Filed: December 30, 2011
    Date of Patent: August 19, 2014
    Assignee: Symantec Corporation
    Inventors: Robert Koeten, Nicolas Popp
  • Publication number: 20140230042
    Abstract: A system and method for providing secure access to an organization's internal directory service from external hosted services. The system includes a remote directory service configured to accept directory service queries from an application running on hosted services. The remote directory service passes the queries to a directory service proxy server inside a firewall of the organization via a secure rendezvous service. The directory service proxy server passes the queries to the internal directory service inside said firewall. Request responses from the internal directory service pass through the directory service proxy server to the remote directory service through said firewall via the secure rendezvous service. The remote directory servicer returns the response to the requesting application.
    Type: Application
    Filed: February 12, 2013
    Publication date: August 14, 2014
    Applicant: CENTRIFY CORPORATION
    Inventor: Paul Moore
  • Publication number: 20140230043
    Abstract: Techniques for using a proxy server are described herein. In response to a request received from a client for accessing a Web page provided from a remote Web server over a network, a proxy server retrieves the Web page from the remote Web server and presents the Web page to the client. The proxy server presents an input interface to the client to allow a user of the client to log into the proxy server without having to type at the client. The proxy server causes one or more keys in an input field of the Web page to be entered without a user having to type at the client. Thereafter, the proxy server intercepts traffic between the client and the remote Web server over the network.
    Type: Application
    Filed: April 17, 2014
    Publication date: August 14, 2014
    Applicant: Red Hat, Inc.
    Inventor: James P. Schneider
  • Patent number: 8806605
    Abstract: A method may include determining one or more rules and communicating the one or more rules to a firewall, where the firewall receives a data unit and determines, based on the one or more rules, whether to forward the data unit to a destination address; receiving a redirection of a device from the firewall when the firewall determines not to forward the data unit to the destination address; receiving an indication that the firewall did not forward the data unit to the destination address; and determining a new rule to allow the firewall to forward the data unit to the destination address and communicating the new rule to the firewall; and redirecting the device to the destination address.
    Type: Grant
    Filed: January 11, 2008
    Date of Patent: August 12, 2014
    Assignee: Juniper Networks, Inc.
    Inventor: Roger A. Chickering
  • Patent number: 8806606
    Abstract: A cloud center infrastructure system may include a service aggregator connected directly to a provider network. The service aggregator may be configured to receive, via the provider network, a data unit from a customer device, associated with a customer; identify a first device, associated with a first traffic processing service, based on a sequence of traffic processing services associated with the customer; and send the data unit to the first device, wherein the first device is located in a cloud services center, and wherein the first device is connected to the service aggregator over a Layer 2 connection.
    Type: Grant
    Filed: February 28, 2012
    Date of Patent: August 12, 2014
    Assignee: Verizon Patent and Licensing Inc.
    Inventors: Syed A. Ahmad, Juzer T. Kopti
  • Patent number: 8806001
    Abstract: The present invention provides a method for detecting proxy at the gateway, comprising decomposing the access request from the IP need to be proxy-monitored into an access request to original address and an access request to gateway-specified address to access the original address and the gateway-specified separately; determining whether a specific cookie information is included in said access request to gateway-specified address or not to obtain a second determining result; responding to the access request to said gateway-specified address and embedding the cookie information with the time stamp into the client PC by the gateway when said second determining result is no, and reading said cookie information when said second determining result is yes; determining whether said IP is using proxy or not on the basis of said cookie information. Accordingly, the present invention also provides a device and gateway server for detecting proxy at the gateway.
    Type: Grant
    Filed: January 12, 2011
    Date of Patent: August 12, 2014
    Assignee: Sangfor Technologies Company Limited
    Inventor: Cheng Ma