Class / Patent application number | Description | Number of patent applications / Date published |
713154000 | Including filtering based on content or address | 38 |
20090013175 | METHOD AND APPARATUS FOR CONTROLLING THE FLOW OF DATA ACROSS A NETWORK INTERFACE - The present invention performs “flow control” based on the remaining encryption capacity of an encrypted outbound network interface link of a network routing device, such as a router or switch. As the encrypted link begins to run low on encryption key material, this invention begins to discard datagrams queued for transit across that link, in order to signal distant host computers that they should slow down the rate at which they are sending datagrams. The invention, which is particularly useful in cryptographically protected networks that run the TCP/IP protocol stack, allows fine-grained flow control of individual traffic classes because it can determine, for example, how various classes of data traffic (e.g., voice, video, TCP) should be ordered and transmitted through a network. Thus, the invention can be used to implement sophisticated flow control rules so as to give preferential treatment to certain people, departments or computers. | 01-08-2009 |
20090125714 | Offline analysis of packets - A network interface and storage medium that, in an embodiment, filter packets received from a network based on rules. The filtering discards a subset of the packets based on the rules and keeps a remaining subset of the packets. The remaining subset is copied to a destination. The rules are created offline in a lower priority process from the filtering and copying by detecting whether symptoms exist in a sample of the remaining subset. In an embodiment, the order that the symptoms are detected is changed based on the frequency of the existence of the symptoms in the sample. In various embodiments, the symptoms may include receiving a threshold number of ping packets within a time period, receiving a threshold number of broadcast packets within a time period, receiving a packet with an invalid source address, and receiving a packet with an invalid header flag. | 05-14-2009 |
20090217032 | METHOD FOR GENERATING SAK, METHOD FOR REALIZING MAC SECURITY, AND NETWORK DEVICE - A method for generating a secure association key (SAK), a method for realizing medium access control security (MACsec) and a network device are provided. The method for generating an SAK includes the following steps. A sending key selection protocol (KSP) instance sends a key selection protocol data unit (KSPDU) to the other KSP instances in the same secure connectivity association (CA). The KSPDU includes a secure connectivity association key identifier (CKI) of the instance and information about a MACsec level that the sending KSP instance belongs to. If the receiving KSP instance and the sending KSP instance belong to the CA with the same MACsec level, an SAK is generated based on the KSPDU. The MACsec of multiple levels in a communication network and the secure MACsec network communication with multiple levels are realized, thus ensuring the confidentiality of the network communication. | 08-27-2009 |
20100023754 | SYSTEM AND METHOD FOR MONITORING UNAUTHORIZED TRANSPORT OF DIGITAL CONTENT - A system for network content monitoring and control, comprising: a transport data monitor, connectable to a point in a network, for monitoring data being transported past said point, a signature extractor, associated with said transport data monitor, for extracting a derivation of said data, said derivation being indicative of content of said payload, a database of preobtained signatures of content whose movements it is desired to monitor, and a comparator for comparing said derivation with said preobtained signatures, thereby to determine whether said payload comprises any of said content whose movements it is desired to monitor. The monitoring result may be used in bandwidth control on the network to restrict transport of the content it is desired to control. | 01-28-2010 |
20100064133 | SECURE NETWORK ARCHITECTURE - The present invention provides a star-connected network (C | 03-11-2010 |
20100146260 | TANDEM ENCRYPTION CONNECTIONS TO PROVIDE NETWORK TRAFFIC SECURITY METHOD AND APPARATUS - Security measures are applied to encrypted data exchanges by enabling content decryption, rule application, and content re-encryption at a network location. A certificate, self-signed or authenticated by an official Certificate Authority is obtained for and installed within the secure proxy apparatus. A link to a secure page is replaced with a link to a page having a fully qualified domain name of the proxy apparatus as the suffix. An encrypted session between the client is established between the client and the proxy apparatus without deceit in the later case. A first encryption-enabled connection is established from the first node to a content filter, while a second encryption-enabled connection is established from the content filter to the second node. Following decryption, a determination is made as to whether the content includes Undesired Data. Restricted material is blocked, while unrestricted material is re-encrypted and delivered to the destination node. For a self-signed certificate, the destination node comprises a private security system-signed root certificate installed in the destination node's Trusted Root Certification Authorities certificate store. In another aspect of the invention, at least one of encrypted Instant Messages, e-mail messages and web pages are decrypted and recorded at a location between sources and destinations of the transmissions. The look and feel is maintained of a single encrypted link between the requestor and the external source by the inventive use of a wildcard certificate within the network local to the requestor. | 06-10-2010 |
20100318785 | VIRTUAL AIR GAP - VAG SYSTEM - This invention consists of a virtual air gap—VAG system developed in order to provide Internet and computer security. The virtual air gap system developed in this invention is characterized by the principal elements of: “Virtual air gap ( | 12-16-2010 |
20110113236 | METHODS, SYSTEMS, AND COMPUTER READABLE MEDIA FOR OFFLOADING INTERNET PROTOCOL SECURITY (IPSEC) PROCESSING USING AN IPSEC PROXY MECHANISM - Methods, systems, and computer readable media for offloading IPsec processing from application hosts using an IPsec proxy mechanism are disclosed. According to one method, at least one of unencrypted, IPsec, and Internet key exchange (IKE) packets transmitted between a first application host and a second application host are intercepted by a network gateway. The network gateway performs all IKE and IPsec-related processing for the at least one unencrypted, IPsec, and IKE packets on behalf of the first application host such that the second application host is unaware that IPsec processing is being performed by the network gateway. | 05-12-2011 |
20110145564 | SYSTEMS AND METHODS FOR SECURE SHORT MESSAGING SERVICE AND MULTIMEDIA MESSAGING SERVICE - Systems and methods for managing (for example, creating, transmitting, delivering, encrypting, storing, and the like) secure SMS (short message service) and secure MMS (multimedia messaging service) communications are disclosed. | 06-16-2011 |
20110154022 | Method and Apparatus for Machine-to-Machine Communication - According to a first aspect of the present invention there is provided a method of at least partly delegating processing of data in a machine-to-machine system to reduce computational load on a broker entity | 06-23-2011 |
20120221849 | Scalable Distributed Web-Based Authentication - Web-based authentication includes receiving a packet in a network switch having at least one associative store configured to forward packet traffic to a first one or more processors of the switch that are dedicated to cryptographic processing if a destination port of the packet indicates a secure transport protocol, and to a second one or more processors of the switch that are not dedicated to cryptographic processing if the destination port does not indicate a secure transport protocol. If a source of the packet is an authenticated user, the packet is forwarded via an output port of the switch, based on the associative store. If the source is an unauthenticated user, the packet is forwarded to the first one or more processors if the destination port indicates a secure transport protocol, and to the second one or more processors if the destination port does not indicate a secure transport protocol. | 08-30-2012 |
20130013915 | INTERNET PROTOCOL SECURITY (IPSEC) PACKET PROCESSING FOR MULTIPLE CLIENTS SHARING A SINGLE NETWORK ADDRESS - Embodiments of the present invention address deficiencies of the art in respect to secure communications for multiple hosts in an address translation environment and provide a method, system and computer program product for IPsec SA management for multiple clients sharing a single network address. In one embodiment, a computer implemented method for IPsec SA management for multiple hosts sharing a single network address can include receiving a packet for IPsec processing for a specified client among the multiple clients sharing the single network address. A dynamic SA can be located among multiple dynamic SAs for the specified client using client identifying information exclusive of a 5-tuple produced for the dynamic SA. Finally, IPsec processing can be performed for the packet. | 01-10-2013 |
20130080767 | PROFILING USERS IN A PRIVATE ONLINE SYSTEM - Multiple private advertising systems independently profile users while protecting user privacy and enabling content publishers to limit advertiser access to their content and user information. A client computer supports private profiling modules, each of which is associated with a different advertising network and is adapted to create a user profile based on the content accessed by the user. Content publishers specify profiling restrictions to limit access by private profiling modules to profiling information associated with their content. The profiling restrictions and profiling information may be included in the content or communicated separately to the client computer. Profiling restrictions and profiling information may be expressed in a markup language. Each private profiling module selects information items of interest to the user based on the user profile that it creates. Communications between private profiling modules and associated advertising networks are encrypted and communicated via proxy to protect the privacy of the user. | 03-28-2013 |
20130117556 | AUTHENTICATED SENSOR INTERFACE DEVICE - A system and method for the secure storage and transmission of data is provided. A data aggregate device can be configured to receive secure data from a data source, such as a sensor, and encrypt the secure data using a suitable encryption technique, such as a shared private key technique, a public key encryption technique, a Diffie-Hellman key exchange technique, or other suitable encryption technique. The encrypted secure data can be provided from the data aggregate device to different remote devices over a plurality of segregated or isolated data paths. Each of the isolated data paths can include an optoisolator that is configured to provide one-way transmission of the encrypted secure data from the data aggregate device over the isolated data path. External data can be received through a secure data filter which, by validating the external data, allows for key exchange and other various adjustments from an external source. | 05-09-2013 |
20130238892 | METHOD FOR OBSCURING A CONTROL DEVICE'S NETWORK PRESENCE BY DYNAMICALLY CHANGING THE DEVICE'S NETWORK ADDRESSES USING A CRYPTOGRAPHY-BASED PATTERN - A network security system comprises a first component that generates an address for identifying a communicating device on a network. A second component receives the address generated by the first component and facilitates transitioning from an existent address to the generated address. Such transitioning is effectuated in order to protect the network against attack while providing seamless communications with respect to the communicating device. | 09-12-2013 |
20140047232 | Query Interface to Policy Server - A scalable access filter that is used together with others like it in a virtual private network to control access by users at clients in the network to information resources provided by servers in the network. Each access filter uses a local copy of an access control data base to determine whether an access request is made by a user. Each user belongs to one or more user groups and each information resource belongs to one or more information sets. Access is permitted or denied according to access policies which define access in terms of the user groups and information sets. The first access filter in the path performs the access check, encrypts and authenticates the request; the other access filters in the path do not repeat the access check. The interface used by applications to determine whether a user has access to an entity is now an SQL entity. The policy server assembles the information needed for the response to the query from various information sources, including source external to the policy server. | 02-13-2014 |
20140189345 | METHOD FOR DEFINING A FILTERING MODULE, ASSOCIATED FILTERING MODULE - A method is provided for defining a filtering module between a first module processing information with a first sensitivity level, and a second module processing information with a second sensitivity level connected, in parallel with the filtering module, by a cryptographic module. The method includes defining a set of filtering rules in a language that can be compiled, defining the properties of messages whereof transmission is allowed between the first and second modules; validation processing the predefined set of rules, validating that a transmission authorization or refusal has in fact been provided by applying the set of rules to any information that may be provided at the input of the filtering module; compiling the predefined set of rules; and integrating the compiled set of rules into a rules database of the filtering module. | 07-03-2014 |
20140195798 | Transparent Encryption/Decryption Gateway for Cloud Storage Services - A mechanism is provided for secure data storage in a distributed computing system by a client of the distributed computing system. A gateway device intercepts a data file from at least a portion of stream data during transmission. If the destination of the data file is the storage, the gateway device selects a set of analysis algorithms to determine whether the data file comprises sensitive data. | 07-10-2014 |
20140304502 | Method and System for Obtaining Peripheral Information, and Location Proxy Server - A method for obtaining peripheral information method is disclosed herein and includes steps of: receiving a request for obtaining peripheral information, and the request for obtaining peripheral information includes a connection request for access to a third-party website; obtaining the current location information of a mobile terminal according to the connection request; obtaining a link of the third-party website; obtaining the current location information of a mobile terminal according to the connection request; obtaining a link of the third-party website according to domain name information of the third-party website and the current location information of the mobile terminal; making the mobile terminal jump to a page of the third-party website, so as to obtain peripheral information based on the current location of the mobile terminal and the information is provided by the third-party website. | 10-09-2014 |
20140359277 | NETWORK SECURITY USING ENCRYPTED SUBFIELDS - In one embodiment, a method includes receiving from a secure device, an encrypted rule at a first network device, receiving at the first network device, a packet containing at least one encrypted subfield from a second network device, the subfield encrypted based on a key received at the second network device from the secure device, and determining if the encrypted subfield matches the encrypted rule. An apparatus and logic are also disclosed herein. | 12-04-2014 |
20140380039 | SYSTEM AND METHOD EMPLOYING AN AGILE NETWORK PROTOCOL FOR SECURE COMMUNICATIONS USING SECURE DOMAIN NAMES - A system for connecting a first network device and a second network device includes one or more servers. The servers are configured to: (a) receive, from the first network device, a request to look up a network address of the second network device based on an identifier associated with the second network device; (b) determine, in response to the request, whether the second network device is available for a secure communications service; and (c) initiate a virtual private network communication link between the first network device and the second network device based on a determination that the second network device is available for the secure communications service, wherein the secure communications service uses the virtual private network communication link. | 12-25-2014 |
20150019861 | System and Method for Monitoring Secure Data on a Network - A system and method for monitoring secure digital data on a network are provided. An exemplary network monitoring system may include a network device in communication with a user and a network. Further, a server may be in communication with the network. A browser and monitoring program may be stored on the network device, and the network device may receive secure digital data from the network. The browser may convert the secure digital data or a portion thereof into source data, and the monitoring program may transfer the source data or a portion thereof to the server. In an exemplary embodiment, the monitoring program may include a service component and an interface program. | 01-15-2015 |
20150074388 | METHOD AND SYSTEM FOR CONTENT DISTRIBUTION - A centralized distribution server comprises converter means for embedding content data into a digital delivery stream and transmitting means for transmitting said digital delivery stream to at least one of said subscriber terminals via a forward network channel. The at least one subscriber terminal comprises receiving means for receiving said digital delivery stream from said centralized server and interface means for enabling access to said digital delivery stream and/or the content data embedded therein by a subscriber. According to the invention, the at least one subscriber terminal comprises first means for generating a first acknowledgement (type 1) upon receipt of said digital delivery stream by said receiving means and second means for generating a second acknowledgement (type 2) upon access of the digital delivery stream and/or the content data embedded therein by the user via the interface means, said first and second acknowledgements to be transmitted to the centralized distribution server via a return network channel and said centralized distribution server comprises a feedback management module for receiving said first and second acknowledgements transmitted from said at least one subscriber terminal to the centralized distribution server. Each acknowledgment (type 1 or type 2) sent by each subscriber terminal and received by the centralized distribution server generates a message that proves that the status of the digital delivery stream and/or the content data embedded therein on the subscriber terminal is known by the centralized distribution server and thus confirmed. | 03-12-2015 |
20150082023 | Aggregator Node, Method for Aggregating Data, and Computer Program Product - According to an aspect of the invention, an aggregator node is conceived for use in a network, wherein said aggregator node is arranged to aggregate encrypted data, and wherein said aggregator node comprises a secure element which is arranged to perform the aggregation of the encrypted data in a secure manner. | 03-19-2015 |
20150095637 | ENCRYPTED CACHED CONTENT SYSTEM - An encrypted cached content system includes a user IHS, a content provider IHS, and a caching IHS. The caching IHS includes a caching engine that is configured to receive a content request from the user IHS. The caching engine generates a user-side key using content identifying information in the content request, and forwards the content request to the content provider IHS over a network as a content partial information request. In response to receiving a content partial information response from the content provider IHS over a network, the caching engine generates a content-provider-side key using header information in the content partial information response. The caching engine performs a hashing operation on the content request using a combination of the user-side key and the content-provider-side key to produce a hashed content request, and uses the hashed content request to retrieve content from the cache. | 04-02-2015 |
20160021077 | SYSTEM AND METHOD EMPLOYING AN AGILE NETWORK PROTOCOL FOR SECURE COMMUNICATIONS USING SECURE DOMAIN NAMES - A system for connecting a first network device and a second network device includes one or more servers. The servers are configured to: (a) receive, from the first network device, a request to look up a network address of the second network device based on an identifier associated with the second network device; (b) determine, in response to the request, whether the second network device is available for a secure communications service; and (c) initiate a virtual private network communication link between the first network device and the second network device based on a determination that the second network device is available for the secure communications service, wherein the secure communications service uses the virtual private network communication link. | 01-21-2016 |
20160028690 | COMMUNICATION DEVICE, COMMUNICATION SYSTEM, AND COMMUNICATION DEVICE CONTROL METHOD - A communication device includes a communication section and an encrypting section. When the communication section receives from a communication control device alternative address information indicating an address of an alternative device registered as a transfer destination after a communication request for communication with a specified device is transmitted to the communication control device, the communication section determines the alternative device as the communication partner and transmits to-be-transmitted data that is encrypted by the encrypting section to the alternative device. The transfer destination indicates a transfer destination of the data to be transmitted to the specified device. | 01-28-2016 |
20160094526 | SECURITY CONTROL OF ON-BOARD ENCRYPTION PROCESSOR - A communication and security device for a portable computer having an interface for connecting the security device to a host device to enable the security device to control encryption and decryption of data communication between a processor of the host device and a data storage of the host device. Examples include a security device with data storage for storing an encryption key for the encryption and decryption of the data communication, a security processor coupled to the interface and to the data storage for controlling the data communication by use of the encryption key, and a wide area communication interface configured for secure communication with a remote device. The security processor may be configured to control the data communication between the processor of the host device and the data storage of the host device based on the secure communication. | 03-31-2016 |
20160094553 | Hash-Based Forwarding In Content Centric Networks - A method implemented by a network element (NE), comprising obtaining a first mapping between a first content name identifying a content data in a content centric network (CCN) and a first hash value of at least a portion of the first content name, wherein the first content name comprises a character string in a hierarchical namespace, receiving, via a receiver of the NE, an initial packet comprising an initial hash value from the CCN, determining, via a processor the NE, that the initial hash value in the received initial packet matches the first hash value in the obtained first mapping, replacing, via the processor, the initial hash value in the received initial packet with the first content name in the matched first mapping to produce a translated initial packet, and forwarding, via a transmitter of the NE, the translated initial packet comprising the first content name to a connected end host. | 03-31-2016 |
20160094567 | METHODS AND APPARATUS TO IDENTIFY MEDIA DISTRIBUTED VIA A NETWORK - Methods, apparatus, systems and articles of manufacture to monitor media presentations are disclosed. An example method includes extracting first network packet parameters from a first network packet received at a media device when retrieving a first encrypted web page, storing, at the media device, the first network packet parameters in association with a uniform resource locator for the first encrypted web page, the uniform resource locator received from an extension in a web browser at the media device, extracting second network packet parameters from a second network packet received at the media device from an unknown encrypted web page, when the extension is inoperative, comparing the second network packet parameters to the first network packet parameters, and identifying the unknown encrypted web page as the first encrypted web page when the comparison of the second network packet to the first network packet parameters has a similarity above a threshold. | 03-31-2016 |
20160119342 | SYSTEMS AND METHODS FOR SECURE RESOURCE ACCESS AND NETWORK COMMUNICATION - Systems and methods for secure resource access and network communication are provided. A plurality of policies are received on a client device, each policy comprising a respective resource and a respective permission for a respective action that can be performed by a user of the client device in regards to the resource. A first application, which is configured to store data in an encrypted repository on the client device, receives a request to open a resource. The first application determines that one of the policies prohibits access by the resource to the encrypted repository and, based thereon, selects a different second application to open the resource that does not have access to the encrypted repository. The second application then opens the resource. | 04-28-2016 |
20160150017 | DATA STORAGE AND RETRIEVAL - A method for data forwarding storage and retrieval in a network of interconnected computer system nodes may include directing data to a computer memory, continuously forwarding the data, from one computer memory to anther computer memory in the network of interconnected computer system nodes without storing on any physical storage device in the network, and retrieving the data in response to an activity. | 05-26-2016 |
20160173528 | SAFE INPUT BROWSER, OPERATION METHOD THEREOF, AND COMPUTER SYSTEM HAVING THE SAFE INPUT BROWSER | 06-16-2016 |
20160182466 | TransDRM for Streaming Media | 06-23-2016 |
20160191474 | METHODS AND SYSTEMS FOR PROVIDING A CUSTOMIZED NETWORK - A computer implemented method and apparatus is disclosed that includes programming to generate, spawn, or invoke a mother script in a virtual computing environment residing on a physical server. The methods and systems dynamically generate, spawn, or invoke at least one virtual machine embedded with one or more daughter scripts or virtual scripts containing adaptive instruction sets based on a first request, in the form of one or more virtual atoms, where each virtual atom has at least one assigned task and is allowed to connect to other virtual atoms to create one or more virtual computing systems or networks, in the form of one or more virtual molecules. | 06-30-2016 |
20170237720 | SYSTEM AND METHOD OF ENCRYPTED MEDIA ENCAPSULATION | 08-17-2017 |
20180026791 | METHOD AND SYSTEM FOR VERIFYING INFORMATION OF A DATA ITEM IN A PLURALITY OF DIFFERENT DATA ITEMS | 01-25-2018 |
20190149544 | METHOD FOR ESTABLISHING CONNECTION BETWEEN DEVICES | 05-16-2019 |