| Class / Patent application number | Description | Number of patent applications / Date published |
|---|
| 713152000 | Application layer security | 44 |
| 20130031357 | METHOD FOR SECURE TRANSFER OF AN APPLICATION FROM A SERVER INTO A READING DEVICE UNIT - A method and a system for secure transfer of an application from a server (S) into a reading device unit ( | 01-31-2013 |
| 20110202756 | SECURE ENCRYPTED EMAIL SERVER - A computing system utilizing a local or remote secure email server that intercepts secure message that include an identifying domain extension provides secure data transmissions between internet or intranet users. The secure email messages can only be accessed from the secure email server by an intended recipient. | 08-18-2011 |
| 20130046970 | PERIPHERAL APPARATUS, INFORMATION PROCESSING APPARATUS, COMMUNICATION CONTROL METHOD, AND STORAGE MEDIUM - A peripheral apparatus is communicably connected to a management apparatus. The management apparatus manages information of jobs in services provided from a providing apparatus via a network to execute processing of the jobs. The peripheral apparatus includes a communication unit. The communication unit transmits, in a series of processes in the services, checking information used to determine whether there is any job in the management apparatus to the management apparatus by a communication method that does not execute encryption. The communication unit transmits, in the series of processes in the services, other information different from the checking information to the management apparatus by a communication method that executes encryption. | 02-21-2013 |
| 20090271614 | MOBILITY ARCHITECTURE USING PRE-AUTHENTICATION, PRE-CONFIGURATION AND/OR VIRTUAL SOFT-HANDOFF - In some illustrative embodiments, a novel system and method is provided that can, for example, extend concepts of pre-authentication (such as, e.g., IEEE 802.11i pre-authentication) so as to operate across networks or subnetworks (such as, e.g., IP subnets). In preferred embodiments, a novel architecture includes one or both of two new mechanisms that substantially improve, e.g., higher-layer handoff performance. A first mechanism is referred to as “pre-configuration,” which allows a mobile to pre-configure higher-layer information effective in candidate IP subnets to handoff. A second mechanism is referred to as “virtual soft-handoff,” which allows a mobile to send or receive packets through the candidate IP subnets even before it is actually perform a handoff to any of the candidate IP subnets. | 10-29-2009 |
| 20130103939 | Securing Communications of a Wireless Access Point and a Mobile Device - In one or more embodiments, a network provider can receive a request to access a public network via a wireless network implemented via one or more wireless access points. The network provider can receive, via an unsecured wireless communication from a mobile device utilizing the wireless network and via a hypertext transfer protocol secure (HTTPS), an encryption key usable to secure wireless communications from the mobile device utilizing the wireless network. The encryption key can be encrypted via a public encryption key, received from the network provider or previously stored by the mobile device, associated with the network provider. The network provider can decrypt the encryption key and can provide the encryption key to a wireless access point implementing the wireless network and communicating with the mobile device. The wireless access point and the mobile device can communicate in a secure fashion based on the encryption key. | 04-25-2013 |
| 20090006841 | SYSTEM AND METHOD FOR TESTING NETWORK FIREWALL FOR DENIAL-OF-SERVICE (DOS) DETECTION AND PREVENTION IN SIGNALING CHANNEL - A device may measure a first performance, associated with legitimate traffic without attack traffic, of a Session Initiation Protocol (SIP)-based protection device implementing authentication; measure a second performance, associated with legitimate traffic and attack traffic, of the SIP-based protection device implementing authentication; and measure a third performance, associated with legitimate traffic and attack traffic, of the SIP-based protection device implementing authentication and return routability filtering. The device may also measure a first performance associated with legitimate traffic of a Session Initiation Protocol (SIP)-based protection device implementing rate-limiting filtering; measure a second performance associated with legitimate traffic and attack traffic of the SIP-based protection device implementing scheme filtering; and measure a third performance associated with legitimate traffic of the SIP-based protection device not implementing rate-limiting filtering without attack traffic. | 01-01-2009 |
| 20130124852 | FILE-BASED APPLICATION PROGRAMMING INTERFACE PROVIDING SSH-SECURED COMMUNICATION - A data communication security system is disclosed that includes a network interface configured for transport layer protocol communications at a communication port. The network interface includes a security module configured to provide secure shell (SSH) data security on a transport layer data path, and which is communicatively connected to the transport layer data path. The data communication security system also includes a file-based application programming interface defining a plurality of attributes of the network interface and including at least one attribute configured for selection of the security module and accessible for use in logical I/O operations. | 05-16-2013 |
| 20130132715 | STORAGE DEVICE WITH A COMMUNICATIONS FUNCTION - The present invention relates to a storage device with a communications function which comprises an integrated circuit module and an application program. The integrated circuit module comprises at least a USB connector, at least a substrate, at least a controller and at least a memory in which there is at least an authentication code; the application program comprises a communications module and a transmission module wherein the communications module is used to receive digital information of at least a data input device in a computer for both the authentication code and the digital information, which has been received by the communications module, transmitted to at least a server or at least a peer by the transmission module. | 05-23-2013 |
| 20090300346 | Device and Method for Identifying Certificates - A device and method identifies a certificate. The method comprises determining, by a transmitter of data, an identity of a recipient of the data. The method comprises identifying a certificate associated with the identity. The identifying includes a local search and a remote search. The method comprises encrypting the data according to the certificate prior to transmission. | 12-03-2009 |
| 20120011357 | SYSTEM AND METHOD FOR PROVIDING SECURITY VIA A TOP LEVEL DOMAIN - A system and method is disclosed for providing end-to-end security for communications between registered clients of a top level domain without the need for further encryption/decryption protocols than those provided by said at least one of said plurality of secure communication links and said at least one secure message server. Clients registered with the top level domain are assigned at least one email and IM account and to ensure message security, are required to communicate with other registered others strictly via the assigned email and IM accounts. In this manner, non-registered users are denied secure access to the top level domain. In one embodiment, registered clients of the top-level domain may communicate with non-registered users via a gateway server in a secure or non-secure manner, as is the option of the registered client (sender). | 01-12-2012 |
| 20090132807 | Renegotiating SSL/TLS connections with client certificates on post requests - A method and apparatus for providing securing a connection with a (Secure Sockets Layer) SSL/TLS-enabled server. In one embodiment, a web client establishes a new connection by initiating a communication with the SSL/TLS-enabled server. The communication includes a non-POST request. After the client negotiates the secured connection with the server in response to the non-POST request, the client submits a POST request to the SSL/TLS-enabled server via the secured connection. | 05-21-2009 |
| 20110296167 | Selecting a Security Format Conversion for Wired and Wireless Devices - A selection system and method to receive an indication of a security format from a network and to select one of a plurality of security format conversions based on the received indication is described. The indication may be an indication of a wireless security format such as WTLS used by a wireless access device or a wired security format such as SSL used by a wired access device and the security format conversion selected based on the indication may be to another secured format or a plain data format. The indication may include an indication of a port and an indication of a security feature that is supported by the access device. | 12-01-2011 |
| 20110296168 | DIGITAL IDENTITY DEVICE - A digital identity device for uniquely identifying legal entities. The digital identity device is used for secure electronic communications. | 12-01-2011 |
| 20100268934 | METHOD AND SYSTEM FOR SECURE DOCUMENT EXCHANGE - A document management (DM), data leak prevention (DLP) or similar application in a data processing system is instrumented with a document protection service provider interface (SPI). The service provider interface is used to call an external function, such as an encryption utility, that is used to facilitate secure document exchange between a sending entity and a receiving entity. The encryption utility may be configured for local download to and installation in the machine on which the SPI is invoked, but a preferred approach is to use the SPI to invoke an external encryption utility as a “service.” In such case, the external encryption utility is implemented by a service provider. When the calling program invokes the SPI, preferably the user is provided with a display panel. Using that panel, the end user provides a password that is used for encryption key generation, together with an indication of the desired encryption strength. The service provider uses the password to generate the encryption key. In one embodiment, the service provider provides the key to the service provider interface, which then uses the key to encrypt the document and to complete the file transfer operation. In the alternative, the service provider itself performs the document or file encryption. The service provider interface also preferably generates and sends an email or other message to the receiving entity that includes the key or a link to enable the receiving entity to retrieve the key. This approach obviates the sending and receiving entity having to install and manage matched or other special-purpose encryption utilities. | 10-21-2010 |
| 20100281251 | Mobile Virtual Private Networks - An apparatus for establishing a virtual private network with an internet protocol multimedia subsystem (IMS) device that includes a key derivation module, a tunneling protocol module, a tunnel management module, and a security policies module. The apparatus includes a non-volatile memory configured to store a first routing table that maps host addresses and IMS addresses of security devices allowing access to those hosts, such that when an application running in the IMS device requests communication to a host address, the apparatus initiates a session with the IMS address to which the host address is mapped. The session is initiated by a message that includes a body that contains, for each tunneling protocol supported by the tunneling protocol module, data about the local tunnel endpoint (e.g., an address and a port), an identifier corresponding to the tunneling protocol, and identifiers corresponding to the cryptographic suite(s) supported by the cryptographic module that may be applied together with the tunneling protocol, as determined by a query from the apparatus to the security policies module. | 11-04-2010 |
| 20100299518 | PORTABLE SECURE COMPUTING NETWORK - As provided herein, when using an untrusted network connection, a secure online environment can be created for a remote machine by connecting to a trusted computer with a trusted network connection. A proxy server is installed on a first computing device and shared encryption keys are generated for the first device and a portable storage device. A connection is initiated between a second computing device (e.g., remote device), connected to an untrusted network, and the first computing device, comprising initiating a proxy server protocol from the portable storage device (e.g., attached to the second device), using the second computing device. A secure connection between the first and second devices is created using the encryption keys. | 11-25-2010 |
| 20100146259 | MULTI FACTOR AUTHORISATIONS UTILISING A CLOSED LOOP INFORMATION MANAGEMENT SYSTEM - Methods and Apparatus are disclosed for a multi-factor authentication service which permits customers and account holders to provide secure instructions to entities via their Internet enabled mobile telephone handsets. In preferred embodiments, requests to authorise account holder not present transactions are received from a merchant's terminal ( | 06-10-2010 |
| 20110231651 | STRONG SSL PROXY AUTHENTICATION WITH FORCED SSL RENEGOTIATION AGAINST A TARGET SERVER - Embodiments are directed towards establishing an encrypted session between a client device and a target server device when the client device initiates network connections through a proxy device. In one embodiment, the client device initiates an encrypted session with the proxy device. Once the encrypted session is established, the client device communicates the address of the target server device to the proxy device. Then, the proxy device sends an encrypted session renegotiation message to the client device. The client device responds to the encrypted session renegotiation message by transmitting an encrypted session handshake message to the proxy device. The proxy device forwards the encrypted session handshake message to the target server device, and continues to forward handshake messages between the client device and the target server device, enabling the client device and the target server device to establish an encrypted session | 09-22-2011 |
| 20100161961 | Systems and Methods for Securely Providing Email - Systems and methods for securely providing email messages are provided. A workstation computer is provided that includes a memory for storing computer executable instructions and a processor for accessing the memory and for executing the computer executable instructions. The computer executable instructions includes an email client configured to process email messages, at least one email message having an executable decryption attachment that includes encrypted embedded content that can only be decrypted with a unique cryptography key. The executable decryption attachment, when executed, is configured to establish a secure connection with an encryption server, receive the unique cryptography key from the encryption server and decrypt the embedded content. | 06-24-2010 |
| 20100191957 | AUTHENTICATION/AUTHORIZATION PROTOCOL FOR MEDIA PROCESSING COMPONENTS - A computer-implemented authentication protocol is used to subvert man-in-the-middle-type attacks on communications between software components that are permitted to interoperate within a processing environment, such as a media processing environment, pursuant to one or more licenses. In one exemplary scenario, a particular application transmits to a particular media processing component (“MPC”), among other things, a cryptographically protected message including a reference to a process in which the application is running and/or a GUID that the application used to invoke the MPC. If the received process and/or GUID are verified, it is possible for in-the-clear communication to occur between the application and the MPC without man-in-the-middle subversion. | 07-29-2010 |
| 20090077371 | SYSTEMS AND METHODS FOR A TEMPLATE-BASED ENCRYPTION MANAGEMENT SYSTEM - An encryption management system provides a solution for embedded system device authentication, secure server-to-device communications, and encryption key management. It reduces implementation times and costs associated with using cryptography for authentication and data privacy with embedded systems applications by freeing application developers from having to develop, manage, or update security-based features in their server-based applications. The template-based approach of the system provides highly customable and accessible security functionalities. To utilize services provided by the encryption management system in some embodiments, calling applications provide input parameters and function calls in the form of a template at runtime, and the output in the form of encrypted and secured messages are either sent to the client devices automatically or returned to the calling applications. As such, security functionalities and objects, though segregated in the encryption management system to provide enhanced protection, can still be easily accessed and can be updated without recompiling the calling applications. | 03-19-2009 |
| 20110131407 | USING A PKCS MODULE FOR OPENING MULTIPLE DATABASES - A security initialization system obtains load data that identifies a first database storing security data to be opened. The initialization system determines that a PKCS-based module for opening the first database is already initialized, where the PKCS-based module is already initialized from previously opening a second database. The initialization system causes the PKCS-based module to create a slot to open the first database, without shutting down the PKCS-based module, in response to determining that the PKCS-based module is already initialized. | 06-02-2011 |
| 20100241847 | ENCRYPTED EMAIL BASED UPON TRUSTED OVERLAYS - Sending and receiving encrypted emails. At a web browser, user input is received requesting a compose email page user interface for a web-based email system. The compose email page user interface is requested from a server for the web-based mail system. Web page code is received from the server for the compose email page user interface. The web page code for the compose email page user interface is parsed to determine screen locations of one or more user input interface elements. The compose email page user interface is rendered in the browser. One or more browser-based interface elements implemented integral to the browser are overlaid onto the compose email page user interface. User input is received in the browser user interface elements. The user input received is encrypted. The encrypted user input is transferred into one or more elements of the compose email page user interface. | 09-23-2010 |
| 20100250920 | TECHNIQUES FOR PACKET PROCESSING WITH REMOVAL OF IP LAYER ROUTING DEPENDENCIES - Techniques for packet processing with removal of Internet Protocol (IP) layer routing dependencies are presented. Encrypted packets associated with network communications occurring via a VPN and IP tunnel are grabbed off the network stack before being processed by an IP layer of the network stack. Next, an IP header is generated for the encrypted packets and the encrypted packets are sent to a socket application. The socket application provides the encrypted packets back to the network stack at the data link layer for delivery to the VPN over the IP tunnel. | 09-30-2010 |
| 20120144187 | Application Layer Security Proxy for Automation and Control System Networks - Embodiments provide an application layer security proxy that protects substation automation systems. The application layer security proxy inspects a received, inbound data packet at the application layer, and either drops the data packet, forwards the data packet, or processes the data packet rather than dropping it in order to maintain the communications network connection, the later two according to a predefined role-based access control policy. The application layer security proxy calculates a round trip time for each reply to a received, inbound data packet and observes the bandwidth usage from the amount of bytes transmitted. Round trip time and bandwidth usage are used to detect abnormal communication traffic. | 06-07-2012 |
| 20100223457 | GENERATION AND/OR RECEPTION, AT LEAST IN PART, OF PACKET INCLUDING ENCRYPTED PAYLOAD - An embodiment may include circuitry to generate, at least in part, and/or receive, at least in part, a packet. The packet may include at least one field and an encrypted payload. The at least one field may include, at least in part, a first key and/or at least one value. The first key and at least one value, as included in the at least one field, may be encrypted by a second key. The encrypted payload may be capable of being decrypted, at least in part, based, at least in part, upon the first key and/or the at least one value to yield an unencrypted payload. The unencrypted payload may include at least a portion of application layer data that is to be communicated in a secure session. | 09-02-2010 |
| 20110238978 | COMMUNICATING CONFIDENTIAL INFORMATION BETWEEN AN APPLICATION AND A DATABASE - Disclosed is a system and method for communicating confidential information in a resource friendly manner between an application and a database using an application programming interface, API. The method establishes first and second socket connections between the application and the database in an API connection between the application and the database. The first socket connection is arranged to be secure and the second socket connection is arranged to be non-secure. Information is then communicated through the first or second socket connection based on whether the information is identified as being confidential information or not. The evaluation of confidentiality may be undertaken at the client side of a JDBC or ODBC layer without putting any extra pressure on the database server side. | 09-29-2011 |
| 20100223456 | SECURITY IMPLEMENTATION WITHIN A BROWSER - Techniques for implementing security within a browser of a data processing system are described herein. According to one embodiment, first data representing a user interaction with a Web page presented by a browser application is encrypted at an application level by a cipher module communicatively coupled to the browser application running at a local client. A JavaScript module embedded within the browser application is configured to transmit the encrypted first data over a network to a remote server for updating the Web page. In response to second data received from the remote server, the cipher module is configured to decrypt the second data at the application level and the decrypted second data is then rendered by the browser application to update the Web page without having to reload the entire Web page. Other methods and apparatuses are also described. | 09-02-2010 |
| 20110113235 | PC Security Lock Device Using Permanent ID and Hidden Keys - The invention is a method, system, and apparatus providing user control and security of a PC system. Using the hardware and associated installation software, the system is capable of uniquely securing a PC system without the need for name and password entry. The secure USB device contains a unique asymmetrical key pair, unique device ID, secure storage area, and the firmware to control all of this. In providing the security and control, one embodiment of the invention does not require biomechanical devices or name and password entry systems. There are no passwords and login names to be found, and the encryption/decryption keys are protected from exposure. This provides a more secure environment, as the keys are protected from exposure. The user is in control of the PC system and the data which is desired to be kept secure. | 05-12-2011 |
| 20100161960 | Secure Remote Access Public Communication Environment - A method and system provide a user device with secure access to an enterprise application in an enterprise network through VPN. The enterprise application is accessed from a user device such that it sends and receives data packets through the VPN client. For this, a request to send packets, originating from the user application, is intercepted by a VPN agent associated with the user application. In turn, the VPN agent associates an address of a loop-back interface with the user application. Thereafter, packets sent by the user application, are re-directed to the VPN client through the loop-back interface. Similarly, packets received by the VPN client from the enterprise network are routed through the loop-back interface to the user application. | 06-24-2010 |
| 20110035581 | SYSTEM FOR MANAGEMENT AND PROCESSING OF ELECTRONIC VENDOR MAIL - A computer-implemented system processes secure electronic documents from one or more content providers in accordance with subscriber instructions has a processor and modules operative within the processor. A monitoring module obtains a provider GUID, a subscriber GUID, and a transaction ID from public metadata associated with a transaction received from a particular content provider. A determination module determines any designees of the subscriber and contact information one or more of the subscriber and any designees. A transaction module distributes a transaction addressed to at least one of the subscriber and any designees. Each distributed transaction includes data that is used for management, tracking, and alerting. Also described is a station for constructing transactions for distribution to subscribers through such a system. An end-to-end system and method are described. | 02-10-2011 |
| 20110035582 | NETWORK AUTHENTICATION SERVICE SYSTEM AND METHOD - A network authentication service system and method are provided. The network authentication service system is applied to a network application layer and includes: a Web service security device, adapted to intercept a message exchanged in the network application layer; and an authentication server, adapted to perform authentication processing for the message intercepted by the Web service security device. The network authentication service method includes: intercepting a request message of a network application layer; performing encryption processing for the request message to obtain an encrypted message; performing authentication processing for the encrypted message; and decrypting the encrypted message that passes the authentication. Thus security processing can be performed for the transmitted message, and various security authentication manners can be available. | 02-10-2011 |
| 20110213956 | TECHNIQUES FOR MANAGING A SECURE COMMUNICATION SESSION - Techniques for managing a secure communication session are provided. A non-browser application utilizes a browser to establish a secure communication session with a server. The session cookie set in the browser is mapped by the server to a secret token that is supplied via the browser to the non-browser application. The browser is then closed and the secure communication session between the server and the non-browser application continues unabated via the secret token. | 09-01-2011 |
| 20100131752 | METHOD AND SYSTEM FOR INVALIDATION OF CRYPTOGRAPHIC SHARES IN COMPUTER SYSTEMS - A system and method to encrypt events using a secret to serve as a key according to a secret sharing algorithm is described. In one embodiment, the key is split into shares that are distributed to an event recipient. In one embodiment, one or more shares of the key are invalidated to protect data in the encrypted event. | 05-27-2010 |
| 20100058051 | METHOD AND APPARATUS FOR SETTING A SECURE COMMUNICATION PATH BETWEEN VIRTUAL MACHINES - A secure communication path is set between virtual machines each arranged within one of a set of servers in a network. There is provided business software operated by executing one or more task programs each provided for a virtual machine, and each server is provided with, as a virtual machine, a guest operating system controlled by a host operating system. The one or more task programs are classified into task classes according to a type of a function to be realized, and there is provided task connection information indicating whether a communication path is needed or not between each pair of task classes. Then, a secure communication path between a pair of guest operating systems is set by setting virtual network connection information to a pair of host operating systems corresponding to the pair of guest operating systems, on the basis of the task connection information. | 03-04-2010 |
| 20100064131 | METHOD AND APPARATUS FOR AUTOMATICALLY CONSTRUCTING APPLICATION SIGNATURES - The present invention relates to a method and system for the automated construction of application signatures. In one example, an approach for automatically constructing accurate signatures for individual applications, with minimal human involvement or application domain knowledge, is provided. Given a training data set containing the application traffic, the Automated Construction of Application Signatures (ACAS) system uses a combination of statistical, information theoretic and combinatorial optimization techniques, to derive application-layer signatures from the payload of packets, e.g., IP packets. Evaluations with a range of applications demonstrate that the derived signatures are very accurate and scale to identifying a large number of flows in real time on high-speed links. | 03-11-2010 |
| 20080209204 | SECURITY ENHANCEMENT FOR SNMPv2c PROTOCOL - A method of enhancing security in network management for SNMPv2c packet traffic over internet between a (sending) manager location and an (receiving) agent location uses a pluggable security application function. The manager location has a manager side security application (MSA) and may include one or more managers. The agent location has an agent side security application (ASA) and may include one or more agents. Upon a SNMP request from a manager to the MSA, the request is encrypted, appended with authentication digest and sent to a registered agent in ASA. The MSA receives a secured response packet back from the ASA, which after authentication decrypts and forwards it to the intended manager. Thus, an existing protocol implementation is maintained, while reducing additional network overhead. The method obviates the use of IPSec tunnels and migration to SNMPv3. | 08-28-2008 |
| 20120110322 | SYSTEM AND METHOD OF DELIVERING CONFIDENTIAL ELECTRONIC FILES - A private document delivery system and method includes a sending computer configured to transmit an electronic document over a computer network, a dynamically established encrypted line to traverse the computer network from a receiving computer to the sending computer where the delivery address of the receiving computer is resolved a at the time of transmission of the private message such that no third parties to the message receive a permanent copy of the message. The system and method also includes a signaling mechanism configured to notify the receiving computer that the electronic document is waiting for delivery. The system and method includes a verification agent configured to verify the receiving computer's identity with a protocol specified by the sending computer and to provide access instructions to the receiving computer with which the receiving computer locates the sending computer via the dynamically established encrypted line and receives the transmitted electronic document. | 05-03-2012 |
| 20090132808 | SYSTEM AND METHOD OF PERFORMING ELECTRONIC TRANSACTIONS - A system and method of performing electronic transactions between a server computer and a client computer. The method implements a communication protocol with encrypted data transmission and mutual authentication between a server and a hardware device via a network, performs a decryption of encrypted server responses, forwards the decrypted server responses from the hardware device to the client computer, displays the decrypted server responses on a client display, receives requests to be sent from the client computer to the server, parses the client requests for predefined transaction information by the hardware device, encrypts and forwards client requests, displays the predefined transaction information upon detection, forwards and encrypts the client request containing the predefined transaction information to the server if a user confirmation is received, and cancels the transaction if no user confirmation is received. | 05-21-2009 |
| 20100070754 | PAYMENT ENCRYPTION ACCELERATOR - Embodiments of the invention provide a system for encrypting web session data which may include a session management module adapted to receive data from a web application module and provide a token that represents the data in encrypted form to the web application, wherein the web application is adapted to use the token to represent the data. The system may also include a tokenizer module communicably coupled to the session management module, wherein the tokenizer module is adapted to receive the data and generate the token. Further, the system may include a database communicably coupled to the session management module, wherein the database is adapted to receive the token and the data, associate the token with the data, and store the token and the data. | 03-18-2010 |
| 20100011206 | EMBEDDED APPARATUS, REMOTE-PROCESSING METHOD, AND COMPUTER PROGRAM PRODUCT - A processing unit performs a predetermined process by a remote operation from a client device. A monitoring unit monitors a first port for an unencrypted communication with the processing unit and a second port for an encrypted communication with the processing unit, denies a connection request via the first port, and accepts a connection request via the second port. When a connection request encrypted with either one of the first port and the second port specified as a forwarding destination port is received, an encrypted communication unit decrypts the connection request and transfers decrypted connection request to the monitoring unit via the forwarding destination port. | 01-14-2010 |
| 20110004752 | PERFORMING SECURE AND NON-SECURE COMMUNICATION OVER THE SAME SOCKET - A packet processing type determiner includes a non-secure packet processing module configured to process packets received over a single socket using a non-secure protocol. The packet processing type determiner also includes a data indicator checking module configured to check the packets for a first indicator denoting a beginning of a secure data record. The packet processing type determiner further includes a secure packet processing module configured to use a secure protocol to process the packets when a packet with the first indicator is detected until a packet with a second indicator denoting an end of the secure data record is detected. | 01-06-2011 |
| 20080320297 | METHOD AND SYSTEM FOR MONITORING ENCRYPTED DATA TRANSMISSIONS - A method for efficiently decrypting asymmetric SSL pre-master keys is divided into a key agent component that runs in user mode, and an SSL driver running in kernel mode. The key agent can take advantage of multiple threads for decoding keys in a multi-processor environment, while the SSL driver handles the task of symmetric decryption of the SSL encrypted data stream. The method is of advantage in applications such as firewalls with deep packet inspection in which all encrypted data traffic passing through the firewall must be decrypted for inspection. | 12-25-2008 |
| 20130019091 | AGILE NETWORK PROTOCOL FOR SECURE COMMUNICATIONS WITH ASSURED SYSTEM AVAILABILITY - A plurality of computer nodes communicate using seemingly random Internet Protocol source and destination addresses. Data packets matching criteria defined by a moving window of valid addresses are accepted for further processing, while those that do not meet the criteria are quickly rejected. Improvements to the basic design include (1) a load balancer that distributes packets across different transmission paths according to transmission path quality; (2) a DNS proxy server that transparently creates a virtual private network in response to a domain name inquiry; (3) a large-to-small link bandwidth management feature that prevents denial-of-service attacks at system chokepoints; (4) a traffic limiter that regulates incoming packets by limiting the rate at which a transmitter can be synchronized with a receiver; and (5) a signaling synchronizer that allows a large number of nodes to communicate with a central node by partitioning the communication function between two separate entities. | 01-17-2013 |
