Entries |
Document | Title | Date |
20080216168 | METHOD FOR ESTABLISHING SECURE COMMUNICATION LINK BETWEEN COMPUTERS OF VIRTUAL PRIVATE NETWORK - A technique is disclosed for establishing a secure communication link between a first computer and a second computer over a computer network. Initially, a secure communication mode of communication is enabled at a first computer without a user entering any cryptographic information for establishing the secure communication mode of communication. Then, a secure communication link is established between the first computer and a second computer over a computer network based on the enabled secure communication mode of communication. The secure communication link is a virtual private network communication link over the computer network in which one or more data values that vary according to a pseudo-random sequence are inserted into each data packet. | 09-04-2008 |
20080229405 | Communication System, Communication System Management Apparatus, Terminal Connection Control Method, and Program - A communication system including many communication terminals and a management apparatus interconnected via a network. The apparatus includes: a section which processes user authentication in response to an operation by a user using any one of the communication terminals, a first information management section for managing authenticated user information in association with terminal information about the communication terminal used by the user, a second information management section for managing communication information including the user information about many users with intent to communicate with one another, and a connection control section. If the second information management section manages the communication information including the authenticated user information and if the first information management section manages the another user information as part of the communication information, the connection control section sends the terminal information about another communication terminal corresponding to the other user information, to the communication terminal identified by the terminal information in association with the authenticated user information. | 09-18-2008 |
20080250492 | STRUCTURE AND IMPLEMENTATION OF UNIVERSAL VIRTUAL PRIVATE NETWORKS - A Universal Virtual Private Network (VPN) apparatus, and method and system for using universal VPNs. The Universal VPNs include a first Internet Protocol (IP) switch connected to a second IP switch by a public telecommunications medium. Each IP switch has an interswitch port and access ports to which hosts are directly connected. A virtual private line services (VPLS) packet received by the first IP switch from a source host directly connected to an access port of the first IP switch is routed by the first IP switch to destination hosts of a universal VPN attached to access ports of the first and second IP switches via respective transmission paths that use a VPLS transmission protocol throughout each respective transmission path. The VPLS packet includes a header appended to an IP frame including a packet payload including a first message, the header including a VPN label identifying the universal VPN. | 10-09-2008 |
20080263654 | Dynamic security shielding through a network resource - Architecture for facilitating access of remote system software functionality by a host machine for the redirection of incoming and/or outgoing host traffic through the remote system for protection services to the host machine. The host machine can gain the benefits of effective protection software such as firewall, intrusion protection software, and anti-malware services, of the remote machine. The host machine can choose to exercise traffic redirection when there is a risk of being compromised, and then revert back to direct communications when the risk has been averted. The host machine takes advantage of the resources available on the remote machine in substantially realtime with minimal disruption to the host and/or the remote machine operations. This facilitates widespread and temporary protection of network systems for a more secure working environment and improved customer experience. | 10-23-2008 |
20080271137 | INSTANT COMMUNICATION WITH TLS VPN TUNNEL MANAGEMENT - Techniques are provided for securing instant communications, such as text, audio, and video. A tunnel management module is included in an instant communication suite that comprises one or more instant communication applications. Any communication between a user of the instant communicate suite and a contact passes through the tunnel management module, which may use TLS (or IPSec) technologies to ensure security of the instant communications. Each contact of a user may be associated with a different set of security mappings, which may be specified by the user. A tunnel configuration file is generated from a security mapping and is used to create a tunnel through which secure instant communications may pass. | 10-30-2008 |
20080282341 | METHODS AND APPARATUS FOR RANDOM NUMBER GENERATION IN A MULTIPROCESSOR SYSTEM - Methods and apparatus include: providing each of a plurality of processors of a multiprocessing system with an integrally disposed random number generator (RNG); and permitting one or more of the processors to enter into a secure mode using one or more random numbers generated by one or more of the RNGs. | 11-13-2008 |
20080289030 | USER-FRIENDLY MULTIFACTOR MOBILE AUTHENTICATION - A system and method for performing multifactor mobile authentication are described whereby a mobile communications device includes a contactless reader for receiving and validating a unique identifier stored in an external authenticating module prior to granting access to locally stored electronic authenticating material required to access an external resource. In one embodiment, the mobile communications device is a mobile telephone having an RFID reader for receiving the unique identifier from an RFID tag incorporated into the external authenticating module. Preferably, the external authenticating module is associated with a user, such as by being part of the user's jewelry or clothing. The mobile authentication device includes an RFID authenticator module that detects external resource access requests and checks whether the requested resource is on a list of resources that require additional user authentication prior to granting access to locally stored authenticating material. | 11-20-2008 |
20080301800 | System and method for creating a virtual private network using multi-layered permissions-based access control - A system and method for creating a virtual private network (VPN) over a computer network using multi-layered permissions-based access control comprises a first individual seeking to send a live message from a transmitting node to a second individual at a receiving node over a computer network; means for identifying persons authorized access to said computer network; a Network Guardian Server for authenticating the identity of said transmitting and receiving nodes; and, a System Guardian Server for authenticating the identity of said first and second individuals as persons authorized access to the computer network. | 12-04-2008 |
20080301801 | Policy based virtual private network (VPN) communications - Techniques for policy based virtual private network (VPN) communications are provided. A principal uses a client device to establish a VPN session with a remote processing environment. At the remote processing environment, policies are evaluated and are used for modifying permissible VPN routes that the client uses on behalf of the principal during the VPN session. The modified VPN routes are dynamically pushed to the client at the start of the VPN session and dynamically enforced by the client with communications, which are initiated by the principal during the VPN session. | 12-04-2008 |
20080307519 | PEER-TO-PEER NETWORK OVER A VIRTUAL PRIVATE NETWORK - The present invention provides a new network topology. More specifically, a peer-to-peer network is defined on a virtual private network. The peer-to-peer network comprises a set of specified users within a virtual private network that are allowed to communicate according to predetermined rules enforced by the peer-to-peer network itself. This affords secure communication between the specified users of the peer-to-peer network independent of the virtual private network. | 12-11-2008 |
20080320586 | SECURITY SYSTEM FOR A COMPUTER NETWORK HAVING A SECURITY SUBSYSTEM AND A MASTER SYSTEM WHICH MONITORS THE INTEGRITY OF A SECURITY SUBSYSTEM - A security system for a computer network that has a plurality of devices connected thereto comprises a security subsystem, a master system and a secure link. The security subsystem is connected to at least some of the devices in the network. The security subsystem is configured to monitor activities of the at least some devices on the network and detect attacks on the at least some devices. The master system monitors the integrity of the security subsystem and registers information pertaining to attacks detected by the security subsystem. The secure link is connected between the security subsystem and the master system. The master system monitors the integrity of the security subsystem and receives the information pertaining to the attacks through the secure link. | 12-25-2008 |
20090007255 | System and Method for a Web Based Teleservice for Updating Machine Software - A system and method for maintaining a machine control program includes a machine controller including a machine program stored on computer media and configured to control a machine. A router is coupled to the machine controller. A server is coupled to the router to establish communications between the machine controller and an entity that provides source file updates or changes to the machine program such that the server hosts application software needed to compile the source file updates or changes wherein compiled source files are accessible by the machine controller over a secure link to the server. | 01-01-2009 |
20090025080 | SYSTEM AND METHOD FOR AUTHENTICATING A CLIENT TO A SERVER VIA AN IPSEC VPN AND FACILITATING A SECURE MIGRATION TO SSL VPN REMOTE ACCESS - Authenticating a client to a server accessible through an Internet Protocol Security (IPSec) Virtual Private Network (VPN) appliance. The IPSec VPN appliance and an SSL VPN appliance are configured to receive an initialization command from the client. The SSL VPN appliance is in communication with an authentication appliance for authenticating the client to the server. In response to the initialization command, the authentication appliance generates a client key pair including a client private key and a client public key. The authentication appliance generates a client certificate and a client IPSec profile. The authentication appliance transmits the client key pair, the client certificate and the client IPSec profile to the client. A secure communication session between the client and the server is established. The secure communication session is established through the IPSec VPN appliance. Upon receipt of the IPSec profile, the communication session between the client and the server is encrypted. | 01-22-2009 |
20090031414 | System and Method for Secure Information Handling System Memory - Enhanced network security is provided through an intermediate network device, such as a switch or router, which stores in local memory a session key created based on session parameters. Subsequent attempts to communicate information through the session require authorization at the intermediate device by verification of the session key. For example, selected parameters from a protocol data unit are extracted to form a key, such as an IP address, MAC address, VLAN ID, socket number and application fields. Network accessible memory physically located in an infrastructure device provides an alternative repository for session-based information to enhance network communication security. | 01-29-2009 |
20090031415 | Dynamic Network Tunnel Endpoint Selection - Dynamically selecting an endpoint for a tunnel into an enterprise computing infrastructure. A client dynamically selects a gateway (which may alternatively be referred to as a boundary device or server) as a tunnel endpoint for connecting over a public network (or, more generally, an untrusted network) into an enterprise computing infrastructure. The selection is made, in preferred embodiments, according to least-cost routing metrics pertaining to paths through the enterprise network from the selected gateway to a destination host. The least-cost routing metrics may be computed using factors such as the proximity of selectable tunnel endpoints to the destination host; stability or redundancy of network resources for this gateway; monetary costs of transmitting data over a path between the selectable tunnel endpoints and destination host; congestion on that path; hop count for that path; and/or latency or transmit time for data on that path. | 01-29-2009 |
20090077651 | METHOD AND APPARATUS FOR RESOLVING A WEB SITE ADDRESS WHEN CONNECTED WITH A VIRTUAL PRIVATE NETWORK (VPN) - The present invention is directed at a method and apparatus of resolving an address location for a web site when connected with a virtual private network (VPN). Once the public host is connected to, or logged on to, the VPN, a software module within the public host monitors domain name requests and routes them to a domain name server (DNS) associated with the VPN. The VPN DNS then resolves the address Location request and returns the address location to the software module in the form of a domain name response. The software module then forwards the address location to the requesting public host. | 03-19-2009 |
20090089874 | TECHNIQUES FOR VIRTUAL PRIVATE NETWORK (VPN) ACCESS - Techniques for virtual private network (VPN) access are provided. A dynamic determination, in response to privileges, is made as to whether a principal and a device of a principal are to receive a thin client virtual private network (VPN) installation for a thin client VPN session between the principal and a remote site or whether a clientless VPN session is appropriate. Dynamic switching between the clientless VPN session and thin client VPN session is permissible when the principal supplies the appropriate credentials for such a switch. | 04-02-2009 |
20090100514 | METHOD FOR MOBILE NODE'S CONNECTION TO VIRTUAL PRIVATE NETWORK USING MOBILE IP - A method for a mobile node's connection to a virtual private network using a mobile IP under a mobile environment is provided. According to this method, the mobile node firstly makes a mobile IP registration request message including VPN user authentication information and transmits the message to VPN gateway. Then, the VPN gateway reads the VPN user authentication information from the message and inquires a database in which VPN user authentication information is already stored, to verify a VPN access authority of the mobile node. If the access authority is verified, private IP is recorded in a response message to the mobile IP registration request message, and the response message is transmitted to the mobile node to assign the private IP. Accordingly, a VPN having low construction cost, simple topology, less network traffic and low working loads on the mobile node and the network under a mobile environment can be constructed. | 04-16-2009 |
20090106831 | IPsec GRE TUNNEL IN SPLIT ASN-CSN SCENARIO - An Internet Protocol Security (IPsec) protected Generic Routing Encapsulation (GRE) tunnel is established between the Access Service Network (ASN) and Connectivity Service Network (CSN) of a Simple IP network. A GRE layer is inserted between the user plane and the IP transport plane, and a GRE key is used to differentiate each user session. The IPsec protected GRE tunnel may be used to provide full Dynamic Host Configuration Protocol (DHCP) configuration support. It may also used to provide broadcast/multicast support, as well as non-IP traffic support. The GRE key may consist of a first half key and a second half key; the first half key may be allocated by a first node, and the second half key may be allocated by a second node. | 04-23-2009 |
20090113542 | Virtual Local Area Network Switching Device And Associated Computer System And Method - A virtual local area network switching device and an associated computer system and method are provided to permit operation in accordance with a plurality of different security classifications. The computer system includes a computer, a virtual local area network switching device and a plurality of peripheral units having different security classifications. The virtual local area network switching device may include a computing device that includes the plurality of ports and that is configured to control communications with the peripheral units in accordance with the respective security classifications. The virtual local area network switching device may also include a memory device configured to store information associating the plurality of the ports with the security classification of the respective peripheral unit. The memory device may also store information associating each port with both a logical address and a physical address of the respective peripheral units. | 04-30-2009 |
20090133115 | VPN Management - A client attempts to transmit a presence state to a presence server that is behind a firewall of a secure network. If the client is inside the firewall, the presence server instructs resources within the secure network to directly communicate with the client. However, if the client is outside the firewall, then the client must tunnel into the secure network via a Virtual Private Network (VPN) before accessing the resources in the secure network. | 05-21-2009 |
20090138961 | Portable ice proxy and method thereof - This invention is to provide a method applied to a network system comprising Internet and at least two private networks each having at least one NAT router and at least one network terminal device. Each network terminal device can link to Internet through an ICE proxy and the NAT router in the corresponding private network. The method allows an ICE proxy in a private network to hijack connection signals sent from a network terminal device, to write a plurality of candidate access points provided by an ICE protocol standard into a SDP packet containing the connection signals, and to transmit the SDP packet to a remote ICE proxy in another private network via Internet. As a result, the ICE proxies of two private networks can selectively use the candidate access points provided by the ICE protocol standard in order to pass through the respective NAT routers and firewalls thereof. | 05-28-2009 |
20090138962 | Methods And Apparatus For Use In Establishing Communications For Virtual Private Networking - In one illustrative example, a mobile communication device includes a wireless transceiver, one or more processors coupled to the wireless transceiver, and memory for storing a communications application. The communications application may be a VoIP telephony application which involves communication in accordance with a session initiation protocol (SIP). The processor operates to establish the communications for the communications application by performing the following acts upon invocation of the communications application when the mobile communication device is connected in a communication network outside of a private network. Initially, the processor causes a request for a virtual private network (VPN) connection with the private network to be communicated, and awaits the establishment of the VPN connection. If the VPN connection is established within a predetermined period of time, the processor operates to receive a private IP address of the private network which is assigned to the mobile communication device and cause a request for registration using the private IP address to be communicated to a registration server for the private network. If the VPN connection is not established within the predetermined period of time, however, the processor cause a request for registration using a public IP address assigned to the mobile communication device to be communicated to a registration server for the communication network. After registration with the registration server, cause the communications to be established. | 05-28-2009 |
20090158420 | SELECTIVE DESKTOP CONTROL OF VIRTUAL PRIVATE NETWORKS (VPN'S) IN A MULTIUSER ENVIRONMENT - Techniques for selective desktop control of virtual private networks (VPN's) in a multiuser environment are provided. A multiuser desktop/workstation includes a first user that establishes a VPN session on the desktop for accessing protected resources. Other users are permitted to simultaneously access non-protected resources of the desktop during the VPN session. Other users are also permitted to log into the desktop during the VPN session. However, if the other users attempt to access the protected resources, the access attempts are denied. | 06-18-2009 |
20090172805 | Wireless Network Security Mechanism Including Reverse Network Address Translation - Methods, apparatuses and systems directed to preventing unauthorized access to internal network addresses transmitted across wireless networks. According to the invention, mobile stations are assigned virtual client network addresses that are used as the outer network addresses in a Virtual Private Network (VPN) infrastructure, as well as unique internal network addresses used as the inner network addresses. In one implementation, the virtual client network addresses have little to no relation to the internal network addressing scheme implemented on the network domain. In one implementation, all clients or mobile stations are assigned the same virtual client network address. A translation layer, in one implementation, intermediates the VPN session between the mobile stations and a VPN server to translate the virtual client network addresses to the internal network addresses based on the medium access control (MAC) address corresponding to the mobile stations. In this manner, the encryption inherent in the VPN infrastructure prevents access to the internal network addresses assigned to the mobile stations. | 07-02-2009 |
20090187984 | DATASPACE PROTECTION UTILIZING VIRTUAL PRIVATE NETWORKS ON A MULTI-NODE COMPUTER SYSTEM - A method and apparatus provide data security on a parallel computer system using virtual private networks. An access setup mechanism sets up access control data in the nodes that describes which virtual networks are protected and what applications have access to the protected private networks. When an application accesses data on a protected virtual network, a network access mechanism determines the data is protected and intercepts the data access. The network access mechanism in the kernel may also execute a rule depending on the kind of access that was attempted to the virtual network. Authorized access to the private networks can be made via a system call to the access control mechanism in the kernel. The access control mechanism enforces policy decisions on which data can be distributed through the system via an access control list or other security policies. | 07-23-2009 |
20090193513 | POLICY DRIVEN FINE GRAIN URL ENCODING MECHANISM FOR SSL VPN CLIENTLESS ACCESS - The present disclosure presents methods, systems and intermediaries which determine an encoding scheme of a uniform resource location (URL) from a plurality of encoding schemes for a clientless secure socket layer virtual private network (SSL VPN) via a proxy. An intermediary may receive a response from a server comprising a URL. The response from the server may be directed to a client via a SSL VPN session and via the intermediary. The intermediary may determine, responsive to an encoding policy, one of a transparent, opaque or encrypted encoding scheme for encoding the URL. The intermediary may rewrite the URL for transmission to the client in accordance with the determined encoding scheme. | 07-30-2009 |
20090222906 | COMPUTER COMMUNICATION SYSTEM FOR COMMUNICATION VIA PUBLIC NETWORKS - A computer communication system, comprising a client computer ( | 09-03-2009 |
20090241181 | Method for optimizing nsis signaling in mobike-based mobile applications - A method reduces signaling overhead of a mobile node that maintains at least one active Next Steps in Signaling session. The mobile node has a MOBIKE connection to a virtual private network gateway, and changes its link to the Internet. At least the IP address of the VPN gateway and/or an address space corresponding to the subnetwork of the VPN gateway is/are inserted into the message routing information object contained in the NSIS message. A value is defined for a security parameter index. The SPI value is inserted into the MRI object. The S flag is set in the MRI object. An address space that refers to the IP address of the mobile node is inserted into the MRI object. | 09-24-2009 |
20090249473 | AUTHORIZING COMMUNICATIONS BETWEEN COMPUTING NODES - Techniques are described for managing communications between multiple computing nodes, such as computing nodes that are separated by one or more physical networks. In some situations, the techniques may be used to provide a virtual network between multiple computing nodes that are separated by one or more intermediate physical networks, such as from the edge of the one or more intermediate physical networks by modifying communications that enter and/or leave the intermediate physical networks. In some situations, the computing nodes may include virtual machine nodes hosted on one or more physical computing machines or systems, such as by or on behalf of one or more users (e.g., users of a program execution service). The managing of the communications may include determining whether communications sent to managed computing nodes are authorized, and providing the communications to the computing nodes only if they are determined to be authorized. | 10-01-2009 |
20090260074 | SYSTEM AND METHOD FOR APPLICATION LEVEL ACCESS TO VIRTUAL SERVER ENVIRONMENTS - An application level virtual private network (VPN) that provides access for individual applications running on a client computer to physical or virtual servers running in a datacenter is provided. The access connection is secure, automatically setup and does not require changing the network configuration of the client computer. The application running of a client computer, such as a keyboard-video-mouse (KVM), is automatically launched with a single click from the user. | 10-15-2009 |
20090282472 | SECURE COMMUNICATION MODES IN A VIRTUAL UNIVERSE - The present invention is directed to a system, method and program product for providing secure communications in a virtual universe. A system is disclosed that includes a system for allowing a first avatar to request a secure communication mode and for allowing a second avatar to accept the secure communication mode. Once accepted, a secure session is initiated within the virtual universe between the first avatar and the second avatar and at least one feature of the virtual universe is altered to effectuate the secure communication mode. | 11-12-2009 |
20090300752 | UTILIZING VIRTUAL PRIVATE NETWORKS TO PROVIDE OBJECT LEVEL SECURITY ON A MULTI-NODE COMPUTER SYSTEM - The disclosure herein provides data security on a parallel computer system using virtual private networks connecting the nodes of the system. A mechanism sets up access control data in the nodes that describes a number of security classes. Each security class is associated with a virtual network. Each user on the system is associated with one of the security classes. Each database object to be protected is given an attribute of a security class. Database objects are loaded into the system nodes that match the security class of the database object. When a query executes on the system, the query is sent to a particular class or set of classes such that the query is only seen by those nodes that are authorized by the equivalent security class. In this way, the network is used to isolate data from users that do not have proper authorization to access the data. | 12-03-2009 |
20090313691 | IDENTITY VERIFICATION SYSTEM APPLICABLE TO VIRTUAL PRIVATE NETWORK ARCHITECTURE AND METHOD OF THE SAME - An identity verification system applicable to a virtual private network architecture and method of the same are provided. The system is provided and connected to a virtual private network gateway. The virtual private network gateway is connected to a verification server via a network access server. The method comprises receiving an access request from a network via the virtual private network gateway, performing a process of identify verification and dynamic password verification on the access request by the verification server and via the network access server, rejecting the access request if the access request does not pass the identity verification, and authorizing the access request to access a corresponding virtual private network if the access request passes the identity verification, thereby enhancing security in accessing the virtual private network. | 12-17-2009 |
20090313692 | KEY EXCHANGE FOR A NETWORK ARCHITECTURE - Provided is a method of providing secure communication between an initiator and a responder in a communication network. The method includes presenting a registration request with one or more proposals for dynamically establishing a security association between the initiator and the responder, and receiving a registration response indicating whether any of the one or more proposals have been accepted for the security association. | 12-17-2009 |
20090320122 | CONGESTION MANAGEMENT OF SESSION NEGOTIATIONS IN NETWORK DEVICES - A network device implements congestion management of sessions of a network protocol. In one implementation, an incoming request component receives session requests for a negotiation session between the network device and a second network device. A capacity pool stores a value relating to capacity of the network device to continue to efficiently process the session requests. New sessions are initiated when the value stored in the capacity pool is less than an estimate of the capacity of the network device at which the network device maximizes processor usage while minimizing session timeouts. | 12-24-2009 |
20090328192 | Policy based VPN configuration for firewall/VPN security gateway appliance - A method for managing a network based Virtual Private Network (VPN) configuration is disclosed. The method includes configuring a VPN policy using a Graphical User Interface (GUI) of a centralized management server for at least two network devices. A VPN tunnel is established through the GUI of the centralized management server between the two network devices by applying the configured VPN policy. | 12-31-2009 |
20090328193 | System and Method for Implementing a Virtualized Security Platform - A virtual security platform residing in a virtualization layer on a host data processing machine is provided. The virtual security platform comprises at least one virtual security appliance, each of which is configured for receiving, via a network interface, data communications from at least one data communication source. Each virtual security appliance is also configured for initiating a security function responsive to one of said data communications meeting predetermined criteria. | 12-31-2009 |
20090328194 | APPARATUS AND METHOD FOR VPN COMMUNICATION IN SOCKET-LEVEL - Provided is an apparatus and method for virtual private network (VPN) communication in a socket level that can be applied in an Internet Protocol version 4 (IPv4)/IPv6 complex network, and can process data in a socket level to make a VPN communication apparatus available in many applications requiring more security, as well as a web application. The apparatus includes: a VPN database for storing connection information of an internal device and an external device and security-related information associated with the connection information; a packet analyzing module for analyzing a packet received from the internal device or the external device, obtaining connection information of the device, and storing the obtained connection information in the VPN database; a key exchange engine for performing a key sharing process with the device, generating the security-related information associated with the connection information, and storing the generated security-related information in the VPN database; and a socket data processing engine for encoding or decoding data in the socket level based on the security-related information stored in the VPN database, wherein the data is transmitted to and received from the internal device or the external device. | 12-31-2009 |
20100011435 | Method and System for Providing Guaranteed File Transfer in Corporate Environment Behind Firewall - A method, system, and computer program for transferring a file or a a text message from a user to one or more recipients in a network. The method includes routing the data packet from the sending user to one or more recipients behind a firewall. The method includes segmenting a file into a series of file blocks. The method includes compressing and encrypting the file blocks. The method includes verifying the integrity of each file block. The method includes a self recovery process that comprises means for maintaining the current state of the transfer, means for resuming interrupted transfer automatically, and means for checkpoint restart. The method includes store and forward technique where the file is kept in the intermediate server and it is sent at a later time to the recipient. | 01-14-2010 |
20100011436 | Methods and Systems For Secure Communication Over A Public Network - A method and system are presented for providing communication between users over a communication network. A database is provided which comprises verified data relating to identity of a plurality of individuals. The database is accessible through the network. The verified data allows for authenticating the identity of the individuals. One or more levels of permitted communications between individuals in said database and the user are defined on the basis of said verification. | 01-14-2010 |
20100031341 | SYSTEMS AND METHODS FOR SECURE COMMUNICATION OVER A WIRELESS NETWORK - A method of secure communication between a wireless device and a target network is presented, comprising receiving a communication addressed to a target network, the communication comprising a data payload and originating from a wireless device on a trusted wireless network, establishing a secure channel with the target network and sending the communication to the target network over the secure channel. The method can further comprise negotiating secure channel parameters with the target network, encrypting the data payload, adding data integrity protection to the communication, encapsulating the communication according to a VPN protocol, authenticating the wireless device as an authorized user of the private network and granting access to a target network resource. | 02-04-2010 |
20100037311 | SECURE NETWORK ARCHITECTURE - The present invention provides a star-connected network (C | 02-11-2010 |
20100043068 | ROUTING DEVICE HAVING INTEGRATED MPLS-AWARE FIREWALL - An MPLS-aware firewall allows firewall security policies to be applied to MPLS traffic. The firewall, which may be integrated within a routing device, can be configured into multiple virtual security systems. The routing device provides a user interface by which a user specifies one or more zones to be recognized by the integrated firewall when applying stateful firewall services to the packets. The user interface allows the user to define different zones and policies for different ones of the virtual security systems. In addition, the user interface supports a syntax that allows the user to define the zones for the firewall by specifying the customer VPNs as interfaces associated with the zones. The routing device generates mapping information for the integrated firewall to map the customer VPNs to specific MPLS labels for the MPLS tunnels carrying the customer's traffic. | 02-18-2010 |
20100050249 | PAYMENT CARD INDUSTRY (PCI) COMPLIANT ARCHITECTURE AND ASSOCIATED METHODOLOGY OF MANAGING A SERVICE INFRASTRUCTURE - A system to ensure compliance with data security standards for merchants that store, process, and transmit secure data, includes a security appliance having a global unit to monitor the functions of the security appliance, a logging unit to log data from network devices at the merchant's site and from other security appliance units, an integrity unit to construct maps of file systems of the network devices and to compare the constructed maps with previously constructed maps to detect differences between them, and a scanning unit to periodically scan the network to detect unrecognized devices on the network. The system further includes a display unit to provide compliance information on a secure basis, a back-end unit to automate and manage compliance-related tasks and data security events, and a control unit to monitor compliance performance in real-time and to implement required procedures to ensure compliance with data security standards. | 02-25-2010 |
20100064362 | SYSTEMS AND METHODS FOR VOIP NETWORK SECURITY - According to an aspect of the present invention there is provided a VoIP asset discovery system for discovering and identifying VoIP assets on a VoIP network, the asset discovery system comprising an IP address module for determining at least one IP address to discover, a port scanner for scanning VoIP specific ports of the received IP addresses, a service detection module for detecting a VoIP service at the received IP addresses. The asset discovery system further comprises a fingerprinting module for fingerprinting VoIP applications based on responses received to specific queries and a correlation module for correlating the information from the port scanner module, the service detection module, and the fingerprinting module to identify the instances of the discovered assets. | 03-11-2010 |
20100088757 | VIRTUALIZED SECURE NETWORKING - The invention provides a data processing system for the support of secure networking on a single, virtualized hardware platform. The data processing system comprises a Network Interface Controller NIC to control access to a physical network; a first operating system comprising an NIC driver to manage the NIC, and a first Virtual Network Interface Controller VNIC driver. The system further comprises at least one second operating system comprising at least one second VNIC driver associated with a networking stack; and a Virtual Machine Monitor VMM to enable concurrent operation of the first and second operating systems, and to emulate a virtual network, the VMM comprising first and second VNICs to provide access to the virtual network by the first and second operating systems through the first and second VNIC drivers, respectively. The first operating system further comprises a bridge driver in between the NIC driver and the first VNIC driver to manage the connection between the physical network and the virtual network. | 04-08-2010 |
20100107240 | NETWORK LOCATION DETERMINATION FOR DIRECT ACCESS NETWORKS - A client computer that supports different behaviors when connected to a private network behind a network firewall than when outside the network firewall and connected indirectly through an access device. The client computer is configured to attempt communication with a device on the network. Based on the response, the client computer can determine that it is behind the network firewall, and therefore can operate with less restrictive security or settings for other parameters appropriate for when the client is directly connected to the network. Alternatively, the client computer may determine that it is indirectly connected to the network through the Internet or other outside network, and therefore, because it is outside the private network firewall, should operate with more restrictive security or settings of other parameters more appropriate for use in that network location. The described approach operates even if the remote client computer has a direct connection to the network that enables it to authenticate with a domain controller. | 04-29-2010 |
20100115604 | METHODS AND APPARATUS TO DYNAMICALLY CONTROL ACCESS FROM VIRTUAL PRIVATE NETWORKS TO NETWORK-BASED SHARED RESOURCES - Methods and apparatus to dynamically control access from VPNs to shared resources are disclosed. A disclosed example route reflector comprises a memory to implement a database, a user interface module to receive a request to permit access for a VPN to a shared resource, a BGP engine to process BGP advertisements, a network interface to receive a first BGP advertisement from a PE router associated with the VPN that includes a first RT associated with the VPN, and a shared resource access controller to update the database based on the request, to query the database to determine whether the VPN has access to the shared resource in response to the first BGP advertisement, and to direct the BGP engine to form a second BGP advertisement based on the first BGP advertisement that includes a second RT associated with the shared resource when the VPN has access to the shared resource. | 05-06-2010 |
20100115605 | METHODS AND APPARATUS TO DELIVER MEDIA CONTENT ACROSS FOREIGN NETWORKS - Example methods and apparatus to deliver media content across foreign networks are disclosed. A disclosed example method includes receiving a request from a subscriber of a media provider, the media provider associated with a native network and identifying a foreign network associated with a current location of the subscriber. The example method also includes identifying at least one quality of service (QoS) parameter associated with the foreign network, comparing the at least one foreign network QoS parameter with a first threshold value, and at least one of prohibiting a service delivered by the media provider when the at least one foreign network QoS parameter fails to meet the first threshold value, or enabling the service when the at least one foreign network QoS parameter meets the first threshold value. | 05-06-2010 |
20100115606 | System and methods for enabling customer network control in third-party computing environments - The present invention relates to a system and methods for enabling a user control in third-party computing environments or cloud computing via a virtual private network created by a control module, which contains parameters defined by the user. The system and methods are used to create a fault tolerant virtual private network that allows user control over addressing, security encryption, routing, and the enablement of multicast protocols, regardless of the prohibition set by the third-party computing environment. | 05-06-2010 |
20100125902 | SEAMLESS DATA NETWORKING - A roaming client in communication with an enterprise site through a virtual private network (VPN) gateway maintains an address for a virtual network interface upon becoming a resident client at the enterprise site. A physical interface for the resident includes two valid addresses. Seamless data networking is achieved while promoting routing efficiency by reducing the amount of local traffic addressed to and from the virtual address that is unnecessarily routed through VPN gateways. | 05-20-2010 |
20100125903 | TRAFFIC REDIRECTION IN CLOUD BASED SECURITY SERVICES - Systems, methods and apparatus for tunneling in a cloud based security system. Management of tunnels, such as data tunnels, between enterprises and processing nodes for a security service is facilitate by the use of virtual gateway nodes and migration failover to minimize traffic impacts when a tunnel is migrated from one processing node to another processing node. | 05-20-2010 |
20100132032 | FACILITATING ACCESS TO DATA FROM VIRTUAL PRIVATE NETWORKS - Arrangements and methods for facilitating access to VPN-derived data regardless of computing platform power state. | 05-27-2010 |
20100132033 | SERVICE SYSTEM - A remote service system capable of providing service also in environment of a dynamic IP address is realized. A service demanding apparatus has a demand-side router connected to the Internet by using a dynamic IP address via a broadband line. The demand-side router has authentication obtaining means for obtaining authentication from a service providing apparatus and communication means for performing communication with the service providing apparatus. The service providing apparatus has an authentication server for authenticating the service demanding apparatus and a providing-side router connected to the Internet by using a static IP address. The providing-side router has communication starting means for accessing the demand-side router by using a telephone number on a broadband line to make the demand-side router start performing communication, and communication means for performing communication with the service demanding apparatus. | 05-27-2010 |
20100138911 | INTERNET-BASED AUTOMATIC SECURITY SYSTEM AND METHOD - The preset invention provides an Intrnet-based automatic security system and method. The security system includes a network server with a database, a network detection module and an automatic transmitting module, and a security device with a microcontroller, a virtual IP network module and wireless transmission module. The network detection module receives the information of security device and detects the networking state. The automatic transmitting module automatically transmits the alarm information from the network detection module to the client and security operator. The microcontroller links security components. The virtual IP network module employs a virtual IP address and links to a virtual IP router through a transmission interface. The security device also contains a polling module automatically linked to the network server for reading data. | 06-03-2010 |
20100154050 | IDENTITY DRIVEN PEER-TO-PEER (P2P) VIRTUAL PRIVATE NETWORK (VPN) - Techniques for identity-based Peer-to-Peer (P2P) Virtual Private Networks (VPN's) are provided. First and second principals authenticate to a trusted third party. The first principal subsequently requests a P2P VPN with the second principal. The second principal is contacted on behalf of the first principal and permission is acquired. The first and second principals are then sent commands to directly establish a P2P VPN communication session with one another. | 06-17-2010 |
20100154051 | APPARATUS FOR CONTROLLING A MACHINE - An apparatus for controlling a machine includes a machine-sided control computer. The machine-sided control computer includes computer readable media on which a virtual computer is stored, and the virtual computer includes one or more computer programs selected from the group consisting of a machine operating computer program, a communication network connection computer program, and a communication network encryption computer program. | 06-17-2010 |
20100175125 | SYSTEM, METHOD AND APPARATUS THAT ISOLATE VIRTUAL PRIVATE NETWORKS (VPN) AND BEST EFFORT TO RESIST DENIAL OF SERVICE ATTACKS - A network architecture in accordance with the present invention includes a communication network that supports one or more network-based Virtual Private Networks (VPNs). The communication network includes a plurality of boundary routers that are connected by access links to CPE edge routers belonging to the one or more VPNs. To prevent traffic from outside a customer's VPN (e.g., traffic from other VPNs or the Internet at large) from degrading the QoS provided to traffic from within the customer's VPN, the present invention gives precedence to intra-VPN traffic over extra-VPN traffic on each customer's access link through access link prioritization or access link capacity allocation, such that extra-VPN traffic cannot interfere with inter-VPN traffic. Granting precedence to intra-VPN traffic over extra-VPN traffic in this manner entails special configuration of network elements and protocols, including partitioning between intra-VPN and extra-VPN traffic on the physical access link using layer 2 multiplexing and the configuration of routing protocols to achieve logical traffic separation between intra-VPN traffic and extra-VPN traffic at the VPN boundary routers and CPE edge routers. By configuring the access networks, the VPN boundary routers and CPE edge routers, and the routing protocols of the edge and boundary routers in this manner, the high-level service of DoS attack prevention is achieved. | 07-08-2010 |
20100235903 | SYSTEM AND METHOD FOR TRANSPARENT CLOUD ACCESS - System and method for transparent cloud access are described. In one embodiment, the system comprises an enterprise computing environment maintained by an enterprise and a cloud computing environment maintained by a cloud provider; and a secure bridge mechanism for interconnecting the enterprise computing environment and the cloud computing environment. The secure bridge mechanism comprises a first secure bridge portion associated with the enterprise and a second secure bridge portion associated with the cloud computing environment. The first and second secure bridge portions interoperate to provide transparent and secure access by resources of one of the computing environments to those of the other computing environment. | 09-16-2010 |
20100242106 | SYSTEMS AND METHODS FOR USING END POINT AUDITING IN CONNECTION WITH TRAFFIC MANAGEMENT - The present invention provides a system and method of managing traffic traversing an intermediary based on a result of end point auditing. An authentication virtual server of an intermediary may determine a result of an end point analysis scan of a client. Responsive to the determination, the traffic management virtual server can obtain the result from the authentication virtual server. Further, the traffic management virtual server may apply the result in one or more traffic management policies to manage network traffic of a connection of the client traversing the intermediary. In some embodiments, the authentication virtual server may receive one or more expressions evaluated by the client. The one or more expressions identifies one or more attributes of the client. The traffic management virtual server can also determine a type of compression or encryption for the connection based on applying the one or more traffic management policies using the result. | 09-23-2010 |
20100263042 | Method and System for Implementing the Inter-Access of Stack Members - The present invention discloses a method and system for implementing the inter-access of stack members. Wherein, the method includes: a stack control module assigning stack device numbers and fixed IP addresses for stack members; after a user logs on a stack member, performing a session command for accessing a destination stack member, and initiating an access request to the destination stack member based on the stack device number of the destination stack member; the stack member on which the user logs obtaining the IP address of the destination stack member based on the stack device number in the session command, and forwarding the access request to the destination stack member in the TELNET manner based on the IP address of the destination stack member; after receiving the access request, the destination stack member, as a TELNET server end, assigning a terminal number for the stack member on which the user logs, and informing an operation and maintenance management module of the destination stack member; the operation and maintenance management module sending operation echo information of the destination stack member back to the stack member on which the user logs. | 10-14-2010 |
20100281534 | Network-Based Digital Media Server - A media server is hosted in a service provider's network so that media content can be stored from or rendered to a private network such as a Digital Living Network Alliance (DLNA) network. Media content may be stored directly by accessing the media server or by downloading the media content to the media server. The media server may support discovery of media content in a local DLNA network, media content fulfillment from a service provider network, and content delivery for a device on the DLNA network. The media server may further route regional traffic to the DLNA network from a media source such as a video on demand (VOD) server or an Internet media server. | 11-04-2010 |
20100293610 | ENFORCING SECURE INTERNET CONNECTIONS FOR A MOBILE ENDPOINT COMPUTING DEVICE - Methods and apparatus enforce a secure internet connection from a mobiles endpoint computing device. A security policy for the endpoint is defined based on its location. From that location, an internet connection is established and detected. This event triggers the launching of a full VPN tunnel connection including an NDIS firewall forcing packet traffic through a port of the endpoint computing device assigned by the security policy and/or MAC/IP addresses of a VPN concentrator. Thereafter, the packet traffic is monitored for compliance with the security policy. This includes determining whether packet traffic over the assigned port is observed within a given time or packet traffic is attempted over other ports. Monitoring occurs whether or not the protocol of the VPN tunnel connection is known. Other features contemplate quarantining for improper operation of the VPN tunnel, undertaking remediation, and computer program products, to name a few. | 11-18-2010 |
20100325719 | System and Method for Redundancy in a Communication Network - A network fail-over system provides redundant first and second secure proxy servers, first and second authentication servers each communicatively coupled to the proxy servers, first and second service monitors configured to monitor, respectively, operating status of the first and second authentication servers, the second service monitor configured to set an operating status of the second authentication server and to accept communication traffic from the first proxy server based on the operating status of the first authentication server, wherein the first service monitor is configured to set an operating status of the first authentication server and to accept communication traffic from the second proxy server based on the operating status of the second authentication server, and wherein the authentication servers are each configured to determine an access privilege of a client device by authenticating a client identifier received from the client device, the client identifier derived from a user-configurable parameter and a non-user-configurable parameter resident in the client device. | 12-23-2010 |
20110078783 | ENSURING QUALITY OF SERVICE OVER VPN IPSEC TUNNELS - Packet sequence number checking through a VPN tunnel may be performed by assigning sequence numbers on a per-priority class basis to packets traversing the VPN tunnel. In one implementation, a network device may receive a packet that is to be transmitted over a VPN tunnel, the packet including control information that includes at least a QoS priority class of the packet. The network device may extract the priority class of the packet from the control information and generate a sequence value that describes an arrival sequence of the packet relative to other received packets of the same priority class as the packet. The network device may additionally generate an IPsec header for the packet, the IPsec header including the sequence value and the priority class of the packet; attach the IPsec header to the packet; and transmit the packet through the VPN tunnel. | 03-31-2011 |
20110078784 | VPN SYSTEM AND METHOD OF CONTROLLING OPERATION OF SAME - A VPN management server transmits a seed to a client computer and VPN server. The client computer generates a VPN password from the seed using a prescribed algorithm and transmits the generated VPN password to the VPN server. The VPN server generates a password from the seed using an algorithm identical with the prescribed algorithm in the client computer. If the VPN password transmitted from the client computer and the VPN password generated in the VPN server match, the VPN server allows utilization of the VPN by reason of the fact that the client computer has been authenticated. Even if leakage of the seed occurs, the VPN password will not be generated unless the algorithm is analyzed. The result is enhanced security. | 03-31-2011 |
20110099624 | Selection of Authentication Servers Based on Authentication Mechanisms in Supplicant Attempts to Access Network Resources - A computer-implemented method is provided for processing access requests in an AAA network. The method includes receiving an access request from a network device, identifying, based upon the access request, an authentication mechanism for facilitating AAA services for the network device and selecting, based on the identified authentication mechanism, a particular server from a plurality of servers that is compatible with the identified authentication mechanism. | 04-28-2011 |
20110107414 | System and Method for Location Assisted Virtual Private Networks - A system and method for location assisted virtual private networks (VPNs). Users can create location uncertainty by logging into a VPN server that geographically remote from the present location. Geographic information provided by a VPN client along with or in combination with identification information can be used to resolve such location uncertainty. An accurate indication of the location of a VPN client can be used for operations, administration, maintenance, and provisioning purposes. | 05-05-2011 |
20110113483 | VIRTUAL HOST SECURITY PROFILES - Architecture that creates and applies a virtual firewall profile for each network to which a multi-homed device is connected. In one implementation, the virtual profiles can be based on address ranges of the networks. This ensures seamless concurrent connectivity of the multi-homed device to multiple networks. | 05-12-2011 |
20110126278 | METHOD AND APPARATUS FOR LOCAL AREA NETWORKS - A mechanism for segregating traffic amongst STAs that are associated with a bridge, referred to herein as the personal virtual bridged local area network (personal VLAN), is based upon the use of a VLAN to segregate traffic. The IEEE 802.1Q-1998 (virtual bridged LANs) protocol provides a mechanism that is extended by the invention to partition a LAN segment logically into multiple VLANs. In the preferred embodiment, a VLAN bridge forwards unicast and group frames only to those ports that serve the VLAN to which the frames belong. One embodiment of the invention extends the standard VLAN bridge model to provide a mechanism that is suitable for use within an AP. In a preferred embodiment, the Personal VLAN bridge extends the standard VLAN bridge in at least any of the following ways: VLAN discovery in which a personal VLAN bridge provides a protocol for VLAN discovery; VLAN extension in which a Personal VLAN allows a station to create a new port that serves a new VLAN, or to join an existing VLAN via an authentication protocol; Logical ports in which a Personal VLAN bridge can maintain more than one logical port per physical port, and bridges between ports of any kind; and cryptographic VLAN separation. | 05-26-2011 |
20110131647 | Virtual Endpoint Solution - A virtual endpoint solution to provides secure connectivity between a service provider network and the client network over the public Internet. This virtual private network (VPN) connection is fully routable from the service provider network to the client network and masqueraded on the client network to prevent any IP conflicts or routing issues. The virtualized endpoint allows for the VPN connection to be created without dedicated hardware or systems and able to run in almost any environment. | 06-02-2011 |
20110131648 | Method and System for Digital Communication Security Using Computer Systems - Methods and systems are provided for network security. In one embodiment, the method may involve receiving a data packet (e.g. from a firewall). The method may involve running an inspection of the received data packet within a virtual network, the virtual network duplicating at least a portion (e.g., servers(s) and/or application(s)) of a protected network. The method may involve sending the inspected data packet, or portion and/or modified version thereof, to the protected network, in response to the data packet passing the inspection within the virtual network. The method may also involve blocking passage of the data packet to the protected network, in response to the data packet failing the inspection. | 06-02-2011 |
20110138458 | Establishing Internet Protocol Security Sessions Using the Extensible Messaging and Presence Protocol - Techniques are provided for sending from a client in a first network device a session initiate message over a first secure network connection that is configured to initiate a communications session with a client in a second network device. The session initiate message is configured to supply connection information for the second network device to establish a second secure network connection with the first network device. A session accept message is received from the client in the second network device over the first secure network connection that is configured to accept the communications session with the client in the first network device. The session accept message is configured to supply connection information for the first network device to establish the second secure network connection with the second network device. The second secure network connection is established between the first network device and the second network device using the connection information. | 06-09-2011 |
20110154477 | DYNAMIC CONTENT-BASED ROUTING - Systems and methods for redirecting network traffic include a policy server configured to be in communication with a policy database and a client disposed on a remote device. The policy server is configured to receive an inquiry from the client regarding a universal resource locator (URL) request and, based on a policy obtained from the policy database, cause the client to control the remote device such that network traffic associated with the URL request is routed (tunneled) via a particular interface, e.g., a virtual private network (VPN) connection, when so required by the policy, and network traffic associated with the URL request is routed over a different VPN connection or a non-VPN connection when so required by the policy. | 06-23-2011 |
20110162062 | SYSTEMS AND METHODS FOR A VPN ICA PROXY ON A MULTI-CORE SYSTEM - The present invention is directed towards systems and methods for sharing licenses across resources via a multi-core intermediary device. A device intermediary to a plurality of clients and a server may grant a license for a virtual private network (VPN) session established by a first core of a plurality of cores of the device with a client. A second core of the plurality of cores may receive a first request from the client to establish an application connection between an application and a server via the VPN session. The second core may send a second request to the first core to share the license of the VPN session responsive to determining that the first core owns the VPN session. The second core may establish the application connection responsive to receiving from the first core a response accepting the second request to share the license of the VPN session. | 06-30-2011 |
20110214176 | TECHNIQUES FOR SECURE ACCESS MANAGEMENT IN VIRTUAL ENVIRONMENTS - Techniques for secure access management to virtual environments are provided. A user authenticates to a portal for purposes of establishing a virtual machine (VM). The portal interacts with a cloud server and an identity server to authenticate the user, to acquire an Internet Protocol (IP) address and port number for the VM, and to obtain a secure token. The user then interacts with a secure socket layer virtual private network (SSL VPN) server to establish a SSL VPN session with the VM. The SSL VPN server also authenticates the token through the identity server and acquires dynamic policies to enforce during the SSL VPN session between the user and the VM (the VM managed by the cloud server). | 09-01-2011 |
20110265174 | SESSION MIGRATION OVER CONTENT-CENTRIC NETWORKS - One embodiment of the present invention provides a system for facilitating session migration. During operation, the system receives a communication packet from a client destined to a remote server. The system determines whether the communication packet belongs to a pre-existing communication session, and whether session state information associated with the session is available locally. In response to the communication packet belonging to a pre-existing communication session and the session state information being unavailable locally, the system constructs an interest requesting the session state information, disseminates the interest over a network, and receives the session state information. | 10-27-2011 |
20110277029 | Control of Security Application in a LAN from Outside the LAN - A method and a system are disclosed that enable an address at the edge router to be used to establish a multi-pipe virtual private network (MVPN) connecting controllers to multiple web enabled end user devices (EUDs) inside a security protected local area network (LAN). The EUDs connect to a central server (CS) outside the LAN during configuration establishing registration and identity (ID) for each EUD. Once the EUDs establish connection from inside the LAN, the CS is enabled to communicate with the EUDs using the address and ID provided during registration. The CS then acts as a facilitator establishing secure VPN connection between controllers in the cloud and the EUDs inside the LAN. CS further acts as a pass through for those LANs that do not allow direct connections to controllers outside the LAN. The CS continues to monitor the health of the overall system once connectivity is established. | 11-10-2011 |
20120005745 | VPN NETWORK CLIENT FOR MOBILE DEVICE HAVING DYNAMICALLY TRANSLATED USER HOME PAGE - A virtual private network (VPN) client for cellular mobile devices is described. The VPN network client processes network packets for securely tunneling the network packets between the cellular mobile device and the remote VPN security device. Upon establishing the VPN connection, the VPN network client receives a web-based home page from the secure VPN device via a secure response, dynamically parses bookmark links from the secure response and renders a bookmark window using input controls native to the cellular mobile device without invoking a web browser on the cellular mobile device. Each of the input controls corresponds to a different one of the bookmarks parsed from the secure response. Upon selection of one of the input controls, the VPN network client formulates and outputs an appropriate request to the secure VPN device as if a corresponding one of the bookmark links were selected by the user. | 01-05-2012 |
20120005746 | DUAL-MODE MULTI-SERVICE VPN NETWORK CLIENT FOR MOBILE DEVICE - An integrated, multi-service network client for cellular mobile devices is described. The multi-service client includes a VPN handler having an interface programmed to exchange the network packets with the security manager for application of the security service, wherein the VPN handler is configurable to operate in one of an enterprise mode and in a non-enterprise mode, wherein in the enterprise mode the VPN handler establishes a VPN connection with a remote VPN security device and provides encryption services to securely tunnel the network packets between the cellular mobile device and the remote VPN security device, and wherein in the non-enterprise mode the VPN handler directs the network packets to the security manager without application of the encryption services and communicates the network packets to a packet-based network without tunneling the packets. | 01-05-2012 |
20120030751 | VPN SECURE SESSIONS WITH DYNAMIC IP ADDRESSES - To help maintain secure and convenient connectivity for users when IP addresses change, devices connected between sites by using multiple virtual private network security associations update one another when the security association IP addresses change. The device whose WAN interface IP address changed transmits an address change notification message to the other device over a WAN interface whose IP address did not change. The message indicates which IP address(es) changed and new value(s) to use. The devices can then continue the same secure virtual private network session (from a user point of view above the security association level) by using the new value(s) for the changed IP address(es). Use of the new value for the changed IP address is transparent to (unseen by) VPN applications that are running in the LANs. IPSec sessions and load balancing may be provided. | 02-02-2012 |
20120066759 | SYSTEM AND METHOD FOR PROVIDING ENDPOINT MANAGEMENT FOR SECURITY THREATS IN A NETWORK ENVIRONMENT - An example method is provided and includes monitoring activity within an endpoint, and identifying a source associated with a particular data segment received by the endpoint. The method also includes monitoring an antivirus mechanism within the endpoint. The antivirus mechanism is configured to identify the particular data segment as being associated with malware. The source associated with the particular data segment can be communicated to any suitable next destination. | 03-15-2012 |
20120096540 | PROCESS FOR ESTABLISHING A VPN CONNECTION BETWEEN TWO NETWORKS - A VPN connection is established between two networks ( | 04-19-2012 |
20120096541 | SYSTEM AND METHOD EMPLOYING AN AGILE NETWORK PROTOCOL FOR SECURE COMMUNICATIONS USING SECURE DOMAIN NAMES - A system for connecting a first network device and a second network device includes one or more servers. The servers are configured to: (a) receive, from the first network device, a request to look up a network address of the second network device based on an identifier associated with the second network device; (b) determine, in response to the request, whether the second network device is available for a secure communications service; and (c) initiate a virtual private network communication link between the first network device and the second network device based on a determination that the second network device is available for the secure communications service, wherein the secure communications service uses the virtual private network communication link. | 04-19-2012 |
20120110658 | AUTHENTICATION SERVER AND METHOD FOR CONTROLLING MOBILE COMMUNICATION TERMINAL ACCESS TO VIRTUAL PRIVATE NETWORK - The present invention discloses an authentication server and a method for controlling a mobile communication terminal access to a virtual private network (VPN). The authentication server comprises a first store module configured to store a first characteristic information of the mobile communication terminal allowed to access; a receiving module configured to receive a VPN access requesting message from the terminal to access; a judgment module configured to judge the type of the terminal to access and obtain a judgment result; a information acquisition module configured to obtain a second characteristic information of the terminal to access when the judgment result indicates that the terminal to access is a mobile communication terminal; a first comparison module configured to compare the second characteristic information with the first characteristic information and obtain a first comparison result; a first execution module configured to allow the terminal to access to continuatively perform the access process when the first comparison result indicates that the second characteristic information is identical with one piece of characteristic information in the first characteristic information, otherwise refuse the terminal to access to continuatively perform the access process. The present invention can effectively ensure the security of the mobile VPN. | 05-03-2012 |
20120131665 | THIRD PARTY VPN CERTIFICATION - A virtual private netvvork (VPN) over a telecommunications network is created by sending a request from a first VPN device to a second VPN device for establishing a VPN between the first and second VPN devices. The request includes a first signed certificate having a verified VPN parameter for the first VPN device. A reply is received at the first VPN device from the second VPN device that includes a second signed certificate having a verified VPN parameter for the second VPN device. The VPN is established between the first and second VPN devices based on each verified VPN parameter for each of the first and second VPN devices. | 05-24-2012 |
20120137358 | POINT-TO-MULTI-POINT/NON-BROADCASTING MULTI-ACCESS VPN TUNNELS - A system establishes a virtual private network (VPN) tunnel to a destination and determines a next hop for the VPN tunnel. The system inserts the next hop, and an address associated with the destination, into an entry of a first table. The system inserts the next hop, and a tunnel identifier corresponding to the established VPN tunnel, into an entry of a second table. The system associates one or more security parameters, used to encrypt traffic sent via the VPN tunnel, with the tunnel identifier. | 05-31-2012 |
20120151573 | UTILIZING VIRTUAL PRIVATE NETWORKS TO PROVIDE OBJECT LEVEL SECURITY ON A MULTI-NODE COMPUTER SYSTEM - The disclosure herein provides data security on a parallel computer system using virtual private networks connecting the nodes of the system. A mechanism sets up access control data in the nodes that describes a number of security classes. Each security class is associated with a virtual network. Each user on the system is associated with one of the security classes. Each database object to be protected is given an attribute of a security class. Database objects are loaded into the system nodes that match the security class of the database object. When a query executes on the system, the query is sent to a particular class or set of classes such that the query is only seen by those nodes that are authorized by the equivalent security class. In this way, the network is used to isolate data from users that do not have proper authorization to access the data. | 06-14-2012 |
20120159607 | MULTI-SERVICE VPN NETWORK CLIENT FOR MOBILE DEVICE - An integrated, multi-service network client for cellular mobile devices is described. The multi-service network client can be deployed as a single software package on cellular mobile network devices to provide integrated services including secure enterprise virtual private network (VPN) connectivity, acceleration, security management including monitored and enforced endpoint compliance, and collaboration services. Once installed on the cellular mobile device, the multi-service client integrates with an operating system of the device to provide a single entry point for user authentication for secure enterprise connectivity, endpoint security services including endpoint compliance with respect to anti-virus and spyware software, and comprehensive integrity checks. That is, the multi-service client provides a common user interface to the integrated services, and provides a VPN handler that interfaces with the operating system to provide an entry point for network traffic to which the integrated services can be seamlessly applied. | 06-21-2012 |
20120167196 | Automatic Virtual Private Network - An embodiment of the invention provides a method for secure access to data a VPN. Parameters for connecting to the VPN are established by a VPN manager connected to a local network and a user connected to a remote network, wherein an automatic VPN identification number is generated based on the parameters. A remote IP address is installed on an automatic VPN device of the user. The automatic VPN identification number is tied to an access list; and, the access list is attached to the automatic VPN device of the user. A request to access the VPN is received from the user. Access to the VPN is provided through a secure encryption tunnel if the request includes the automatic VPN identification number. The secure encryption tunnel provides automatic access to multiple sites within the VPN without the user having to re-enter the automatic VPN identification number. | 06-28-2012 |
20120180121 | PROVISIONING/CONFIGURATION SYSTEMS FOR VPN TO VPN BRIDGING FOR IP VIDEO CONFERENCING - Internet Protocol (IP) video conferencing bridging provisioning/configuration systems receive a service order associated with a customer, where the service order requests enrollment of the customer in a Virtual Private Network (VPN) to VPN bridging network service for IP video conferencing. The provisioning/configuration systems orchestrate, based on the service order, configuration of multiple network nodes in a network that provides the VPN to VPN bridging network service for IP video conferencing to the customer to enable IP video conferencing calls to be made from the customer via the network to another customer on a different VPN. | 07-12-2012 |
20120180122 | IMPLEMENTATION METHOD AND SYSTEM OF VIRTUAL PRIVATE NETWORK - An implementation method and system of a virtual private network (VPN) are provided in the invention, wherein, the VPN dedicated mapping table of the VPN is stored in the mapping plane in the identity and location separation network, and it is determined whether to achieve the communication between the VPN end host users in the VPN or not according to the VPN dedicated mapping table, thereby the VPN is efficiently achieved in the identity and location separation network, meeting the user requirements for the VPN, eliminating the influence of the identity and location separation technical solution on the traditional VPN service, and reducing the changes on the existing devices and software tools due to the implementation of VPN. | 07-12-2012 |
20120227102 | Dynamic Tunneling over Virtual Private Network Connections based on Network Conditions - Techniques are provided for transmitting data securely across virtual private network (VPN) connections. A first VPN connection is initiated between a first device and a second device. The second device selects a first communication protocol to be used for the first VPN connection with the first device. The first device generates session identification data associated with the first VPN connection and sends the session identification data to the second device over the first VPN. The second device receives the session identification data and stores it. The second device determines when the first VPN connection has been disrupted. The second device then selects a second communication protocol and initiates a second VPN connection using the second communication protocol with the first device. The second device transmits the session identification data to the first device, and the first device associates the second VPN connection with the first VPN connection using session identification data. | 09-06-2012 |
20120272310 | SYSTEMS AND METHODS FOR SECURE COMMUNICATION OVER A WIRELESS NETWORK - A method of secure communication between a wireless device and a target network is presented, comprising receiving a communication addressed to a target network, the communication comprising a data payload and originating from a wireless device on a trusted wireless network, establishing a virtual private network (VPN) session with the target network and sending the communication to the target network over the secure channel. The method can further comprise negotiating secure channel parameters with the target network, encrypting the data payload, adding data integrity protection to the communication, encapsulating the communication according to a VPN protocol, authenticating the wireless device as an authorized user of the private network and granting access to a target network resource. | 10-25-2012 |
20120278878 | SYSTEMS AND METHODS FOR ESTABLISHING SECURE VIRTUAL PRIVATE NETWORK COMMUNICATIONS USING NON-PRIVILEGED VPN CLIENT - Systems and methods are provided for establishing secure VPN communications using processes executing in unprivileged user space. For example, systems and methods for establishing secure VPN communications implement user mode VPN clients and user mode network protocol stacks (e.g., TCP/IP stacks) that operate in user space without root access to an operating system of a computing device. | 11-01-2012 |
20120291117 | COMPUTERIZED SYSTEM AND METHOD FOR HANDLING NETWORK TRAFFIC - Methods and systems for processing network content associated with multiple virtual domains are provided. According to one embodiment, content processing of network traffic associated with multiple virtual domains is performed by a service daemon process initiated within a firewall. The service daemon process handles content processing of network traffic for the virtual domains by aggregating communication channels associated with the virtual domains and by applying to the network traffic an appropriate content processing policy corresponding to a virtual domain with which the network traffic is associated. | 11-15-2012 |
20120311694 | SECURITY SYSTEM FOR A COMPUTER NETWORK HAVING A SECURITY SUBSYSTEM AND A MASTER SYSTEM WHICH MONITORS THE INTEGRITY OF A SECURITY SUBSYSTEM - A security system for a computer network that has a plurality of devices connected thereto comprises a security subsystem, a master system and a secure link. The security subsystem is implemented on a first computer and is connected to at least some of the devices in the network. The security subsystem is configured to monitor activities of the at least some devices on the network and detect attacks on the at least some devices. The master system is implemented on a second computer which is different from the first computer. The master system monitors the integrity of the security subsystem and registers information pertaining to attacks detected by the security subsystem. The secure link is connected between the security subsystem and the master system. The master system monitors the integrity of the security subsystem and receives the information pertaining to the attacks through the secure link. | 12-06-2012 |
20120331545 | METHODS AND APPARATUS TO CONFIGURE VIRTUAL PRIVATE MOBILE NETWORKS FOR SECURITY - Methods and apparatus to configure virtual private mobile networks for security are disclosed. A disclosed example method includes identifying, in a wireless network, a communication from a user equipment that matches a security event profile, transmitting, from the wireless network, an instruction to enable the user equipment to be communicatively coupled to a virtual private mobile network, the virtual private mobile network being provisioned for security within the wireless network, and enabling the user equipment to transmit a second communication through the virtual private mobile network securely isolated from other portions of the wireless network. | 12-27-2012 |
20130014246 | THIRD PARTY VPN CERTIFICATION - A virtual private network (VPN) over a telecommunications network is created by sending a request from a first VPN device to a second VPN device for establishing a VPN between the first and second VPN devices. The request includes a first signed certificate having a verified VPN parameter for the first VPN device. A reply is received at the first VPN device from the second VPN device that includes a second signed certificate having a verified VPN parameter for the second VPN device. The VPN is established between the first and second VPN devices based on each verified VPN parameter for each of the first and second VPN devices. | 01-10-2013 |
20130074176 | CONFIDENTIAL COMMUNICATION METHOD USING VPN, SYSTEM THEREOF, PROGRAM THEREOF, AND RECORDING MEDIUM FOR THE PROGRAM - In a confidential-communication system that uses a first-communication network that is Internet capable of confidential communication using VPN, and a second communication network that is an audio-circuit network, a method is implemented wherein a send/receive-processing portion | 03-21-2013 |
20130074177 | ROUTING DEVICE HAVING INTEGRATED MPLS-AWARE FIREWALL - An MPLS-aware firewall allows firewall security policies to be applied to MPLS traffic. The firewall, which may be integrated within a routing device, can be configured into multiple virtual security systems. The routing device provides a user interface by which a user specifies one or more zones to be recognized by the integrated firewall when applying stateful firewall services to the packets. The user interface allows the user to define different zones and policies for different ones of the virtual security systems. In addition, the user interface supports a syntax that allows the user to define the zones for the firewall by specifying the customer VPNs as interfaces associated with the zones. The routing device generates mapping information for the integrated firewall to map the customer VPNs to specific MPLS labels for the MPLS tunnels carrying the customer's traffic. | 03-21-2013 |
20130081132 | APPARATUS AND METHOD FOR PROVIDING VIRTUAL PRIVATE NETWORK SERVICE BASED ON MUTUAL AUTHENTICATION - An apparatus and method for providing a virtual private network (VPN) service based on mutual authentication are provided, the apparatus including a storage unit configured to store a first public key and a second public key; an authentication unit configured to authenticate a VPN server with the first public key and to authenticate a user device with the second public key; and a tunnel management unit configured to generate a first VPN tunnel and a second VPN tunnel to relay data between the user device and the VPN server based on the authentication of the VPN server and the user device by the authentication unit. | 03-28-2013 |
20130133061 | METHOD AND SYSTEM FOR VPN ISOLATION USING NETWORK NAMESPACES - One embodiment of the present invention provide a system for providing exclusive access to a virtual private network (VPN) connection to an authorized application. During operation, the system creates a unique network namespace that is different from a default network namespace of a host system. The system then places a pseudo network interface associated with the VPN connection into the unique network namespace. Furthermore, the system places at least one socket for an authorized application into the unique network namespace. The system also precludes unauthorized applications on the host from accessing the unique network namespace, thereby facilitating exclusive access to the VPN connection by the authorized application. | 05-23-2013 |
20130145452 | SYSTEMS AND METHODS FOR MANAGING ADVANCED METERING INFRASTRUCTURE - A system for maintaining and hosting an AMI command and control application is disclosed. The system includes an AMI command and control application module in a network compartment for measuring energy usage from customer meters, managing an AMI network, and executing connect/disconnect orders; and a plurality of firewalls to provide a security perimeter to the AMI command and control application module when the module is accessed by a vendor network or a utility network. The AMI command and control application module includes a VPN concentrator and a 6 in 4 router to provide a security perimeter between the AMI command and control application module and the AMI network. | 06-06-2013 |
20130191906 | APPARATUS AND METHOD FOR SUPPORTING PORTABLE MOBILE VIRTUAL PRIVATE NETWORK SERVICE - An apparatus and method for supporting a portable mobile VPN service are provided. The method accesses a public network to generate a security tunnel, maps the generated security tunnel and a VPN address, stands by for authentication of a mobile terminal which desires to access a VPN, authenticates a mobile terminal which desires to access the VPN, and assigns an internal address which is used in the VPN according to the authentication result. | 07-25-2013 |
20130191907 | Method and System for Secure Data Transmission with a VPN Box - A VPN box is connected upstream of a field device. The VPN box uses a secret cryptographic key of the field device for authentication when setting up a VPN tunnel and/or when setting up a cryptographically protected communication link. | 07-25-2013 |
20130219486 | VPN DEEP PACKET INSPECTION - Policy enforcement previously available for web proxy access methods is extended and applied to layer 3 packets flowing through VPN channels. With these extensions, a common security policy is possible that is enforceable between VPN proxied access and VPN tunneled access. Equivalent security policy to tunnel based VPN access without comprising the inherent performance, scalability and application compatibility advantages tunne based VPNs have over their proxy based VPN counterparts. | 08-22-2013 |
20130227673 | APPARATUS AND METHOD FOR CLOUD NETWORKING - When a communication node receives a packet from a user terminal, the communication node inquires into a dynamic path mapping table and requests user authentication of the user terminal from a cloud networking control apparatus, if a VSI corresponding to information of the packet does not exist. If a user is an authenticated user, the cloud networking control apparatus performs provisioning of the VSI and transmits information of a VSI in which provisioning is performed to the communication node. After the VSI is set, the communication node connects the VSI to a virtual private network and transfers the packet to the VSI that is connected to the virtual private network. | 08-29-2013 |
20130227674 | SYSTEMS INVOLVING FIREWALL OF VIRTUAL MACHINE TRAFFIC AND METHODS OF PROCESSING INFORMATION ASSOCIATED WITH SAME - Systems and methods are disclosed involving compute nodes configured to define and/or otherwise processing information associated with one or more virtual machines. In one exemplary implementation, a compute node may be configured to enable a firewall between the virtual machine and at least a portion of a network. Moreover, the firewall may be configured to detect undesired traffic based on a list of rules or an Ethernet bridge table associated with communication between the virtual machine and the network. Various features may also relate to the compute node being configured to lock the virtual machine in response to the firewall detecting undesired traffic associated with the virtual machine. | 08-29-2013 |
20130232566 | COLLABORATIVE FIREWALL FOR A DISTRIBUTED VIRTUAL ENVIRONMENT - A virtual environment firewall receives a message having a request from a virtual environment entity intended for a virtual environment controller. The virtual environment firewall determines whether the request complies with one or more governance rules of the virtual environment controller. If the request does not comply with the one or more governance rules, the virtual environment firewall processes the message to prevent the request from being processed by the virtual environment controller. | 09-05-2013 |
20130276094 | DEVICE, SYSTEM AND METHOD OF MAINTAINING CONNECTIVITY OVER A VIRTUAL PRIVATE NETWORK (VPN) - Some demonstrative embodiments include devices, systems and/or methods of maintaining connectivity over a Virtual-Private-Network (VPN). For example, a system may include a server to communicate with at least one computing device via a VPN tunnel, to receive from the computing device a mode indication indicating that the computing device is in a standby mode, to receive from at least one application server one or more packets intended for the computing device when the computing device is in the standby mode, based on at least one filtering criterion, to detect at least one targeted packet to be provided to the computing device, and to transfer the targeted packet to the computing device via the VPN tunnel. | 10-17-2013 |
20130318594 | INTERNET ISOLATION FOR AVOIDING INTERNET SECURITY THREATS - A host computer supports a virtual guest system running thereon. The host system has a firewall that prevents it from communicating directly with the Internet, except with predetermined trusted sites. The virtual guest runs on a hypervisor, and the virtual guest comprises primarily a browser program that is allowed to contact the Internet freely via an Internet access connection that is completely separate from the host computer connection, such as a dedicated network termination point with its specific Internet IP address, or by tunneling through the host machine architecture to reach the Internet without exposing the host system. The virtual guest system is separated and completely isolated by an internal firewall from the host, and the guest cannot access any of the resources of the host computer, except that the guest can initiate cut, copy and paste operations that reach the host, and the guest can also request print of documents. The host can transfer files to and from a virtual data storage area accessible by the guest by manual operator action. No other transfer of data except these user initiated actions is permitted. | 11-28-2013 |
20130340067 | Multi-Wrapped Virtual Private Network - The invention includes a system for transmitting multi-wrapped VPN enabled-data across a communication network from a device to another destination device within a remote protected network. The device comprises a software stack, hardware layer, application-layer VPN software, link-layer VPN software, and user-based application software. Next, the device is coupled to a communication network. Next, the system includes a link-layer VPN aggregator and an application-layer VPN aggregator. Finally, the system includes a protected network that includes the destination device. The invention includes embodiments for configuring a device to transmit multi-wrapped VPN enabled-data and processes for transmitting multi-wrapped VPN enabled-data across a communication network from a device to another destination device within a remote protected network. Finally, the invention includes inverse processes so the destination device can transmit data back through the communication network and to the device. | 12-19-2013 |
20140007220 | USE OF TELEPHONY FEATURES AND PHONES TO ENABLE AND DISABLE SECURE REMOTE ACCESS | 01-02-2014 |
20140041014 | METHODS AND SYSTEMS FOR ROUTING PACKETS IN A VPN-CLIENT-TO-VPN-CLIENT CONNECTION VIA AN SSL/VPN NETWORK APPLIANCE - In a method and system for routing packets between clients, a packet is received from a first client connected to a secure sockets layer virtual private network (an SSL/VPN) network appliance. An identification is made, responsive to an inspection of the received packet, of i) a type of connection required for transmission of the received packet to a destination address identified by the received packet and ii) a second client connected via an SSL/VPN connection to the SSL/VPN network appliance and associated with the identified destination address. A request is made for establishment by the second client of a connection of the identified type within the SSL/VPN connection. The received packet is transmitted to the second client via the established connection of the identified type. | 02-06-2014 |
20140047535 | MULTIPLE APPLICATION CONTAINERIZATION IN A SINGLE CONTAINER - Described in an example embodiment herein is a Multiple Application Container. Various embodiments of the Multiple Application Container may include, but are not limited to: (1) managed intranet access via a dedicated Virtual Private Network (VPN) tunnel shared amongst applications within the container, (2) managed file/data encryption, (3) native look and feel applications for the base Operating System (OS), (4) isolation from any non-OS based services on the device, and/or (5) Mobile Device Management (MDM) based capabilities, such as policy enforcement. | 02-13-2014 |
20140068750 | ESTABLISHING AN IPSEC (INTERNET PROTOCOL SECURITY) VPN (VIRTUAL PRIVATE NETWORK) TUNNEL - Systems, methods and apparatuses of establishing an IPsec (Internet Protocol Security) VPN (Virtual Private Network) tunnel are disclosed. One method includes receiving, by a wireless mesh network access point, a user configuration, wherein the user configuration includes a type of traffic, determining an internal interface of the wireless mesh network access node based on the type of traffic, dynamically determining a local endpoint address for the IPsec VPN tunnel based on the selected internal interface, and establishing the IPsec VPN tunnel through the selected internal interface of the wireless mesh network access node. | 03-06-2014 |
20140075542 | SNIPPET MATCHING IN FILE SHARING NETWORKS - Techniques for matching information representing private files against files obtained from a public network. | 03-13-2014 |
20140082719 | METHOD AND DEVICE FOR NETWORK COMMUNICATION MANAGEMENT - Method and device for managing one or more secure gateway virtual private network, VPN, devices ( | 03-20-2014 |
20140090048 | Mobile IP Over VPN Communication Protocol - The present invention supports a communication protocol for transmission of information packets between a mobile node and a virtual private network. Information packets are encapsulated and decapsulated along the route as the information packet is forwarded among the various networks on its path to the destination address; either the mobile node on a foreign network or a correspondence node on a virtual private network. A home agent on the virtual private network supports transmitting the information packets, and the information packets are transmitted from the virtual private network from the home agent or a virtual private network gateway. | 03-27-2014 |
20140096229 | VIRTUAL HONEYPOT - A virtual honeypot is configured within a security appliance by configuring one or more network addresses associated with the virtual honeypot. The security appliance receives network traffic destined for the virtual honeypot sent to the one or more network addresses associated with the virtual honeypot, and forwards the traffic to a remote honeypot such that the remote honeypot appears to be connected to a network local to the security appliance. | 04-03-2014 |
20140096230 | METHOD AND SYSTEM FOR SHARING VPN CONNECTIONS BETWEEN APPLICATIONS - A method for sharing a virtual private network (VPN) connection among applications is described herein. In an environment in which multiple applications exchange data through the use of the virtual file system, a VPN for a first application can be established, and it can be determined that the first application is deactivated. Upon the determination that the first application is deactivated, a state of the VPN can be saved in a shared memory through the virtual file system. It may also be determined that a second application is activated. A VPN connection can be established for the second application by resuming the saved VPN state through the virtual file system. | 04-03-2014 |
20140109214 | SECURITY DEVICE BANK AND A SYSTEM INCLUDING THE AND SD SECURITY DEVICE BANK - In some embodiments, a system includes a trusted network, an untrusted network, on-board equipment on-board a moving object, one or more first security devices on-board the moving object and communicatively connecting the on-board equipment and the untrusted network, and a security device bank communicatively connecting the trusted network and the untrusted network. The security device bank includes a common bus or the local network and one or more second security devices connected to the common bus or the local network. | 04-17-2014 |
20140123268 | SECURE CONNECTION FOR A REMOTE DEVICE THROUGH A MOBILE APPLICATION - Virtual machines in a network may be isolated by encrypting transmissions between the virtual machines with keys possessed only by an intended recipient. Within a network, the virtual machines may be logically organized into a number of community-of-interest (COI) groups. Each COI may use an encryption key to secure communications within the COI, such that only other virtual machines in the COI may decrypt the message. Remote devices may gain access to virtual machines in a network through a virtual device relay. The virtual device relay receives data from the remote device, such as a tablet or cellular phone, and forwards the data to one of the virtual machines, when the virtual device relay shares a COI with the destination virtual machine. | 05-01-2014 |
20140123269 | FILTERING OF APPLICATIONS FOR ACCESS TO AN ENTERPRISE NETWORK - A computer-readable storage medium has embedded thereon non-transient computer-readable code for controlling access to a protected computer network, by intercepting packets that are being exchanged between a computer system and the protected network, and then, for each intercepted packet, identifying the associated application that is running on the computer system, determining whether the application is trusted, for example according to a white list or according to a black list, and disposing of the packet accordingly. | 05-01-2014 |
20140123270 | METHOD FOR VIRTUAL PRIVATE CLOUD TO ACCESS NETWORK, NETWORK SIDE DEVICE AND DATA CENTER DEVICE - The present invention provides a method for a virtual private cloud to access a network, a network side device and a data center device. When receiving a VPC configuration resource provided by a user, the network side device and the data center device exchange information, create a VPC, determine a PE interface address, a VCE uplink port address, an access tunnel and a VCE downlink port address for the VPC, and perform a corresponding configuration operation, thereby enabling the VPC to access a VPN in a basic bearer network without the need of uniform management of a control system, so as to solve a problem that the VPC cannot access the network when the basic bearer network and a data center belong to different operators, and meanwhile, save a device resource. | 05-01-2014 |
20140150083 | VIRTUAL PRIVATE NETWORK SOCKET - A system and method for a virtual private network (VPN) wherein some embodiments includes creating complementary stack layers on both a client and a server device. An application operating through the VPN establishes a socket level protocol for operation of the VPN such that an application communicates with a client socket VPN layer which, in turn, is coupled to a server VPN layer. Data is encapsulated in a private tunnel. Certain embodiments may provide for VPN sockets for each application allowing concurrent VPNs to operate on a single device. | 05-29-2014 |
20140157398 | Systems and Methods for Providing a Multiple Secure Link Architecture - Some embodiments disclosed herein include a MSL twin network address translator (NAT) that includes logic that, when executed by a processor, causes the MSL twin NAT to receive inbound datagram from MSL VPN and record a new VPN owner private IP address from a source IP address in the inbound datagram. In some embodiments the logic causes the MSL twin NAT to assign a new UPIP for the inbound datagram and client workstation and facilitate sending the inbound datagram to the client workstation. | 06-05-2014 |
20140189847 | REMOTE VPN PROVISIONING OF AN ENDPOINT - A method for remote deployment of at least one terminal device in a virtual private network (VPN), the method comprising the steps of instructing the terminal device to use a VPN connection for connectivity and media communication; at the call manager server, generating a certificate for the VPN connection; providing the terminal device with the certificate and instructing the terminal device to restart; and negotiating the VPN connection with the call manager server to establish the VPN connection. | 07-03-2014 |
20140223541 | METHOD FOR PROVIDING SERVICE OF MOBILE VPN - Disclosed is a method for providing mobile virtual private network (VPN) services. An operation method of a group and tunnel manager (GTM) for providing mobile VPN services includes receiving a first message for registering information of a VPN group from a gateway, generating tunnel information between the GTM and the gateway based on the first message, and transmitting a packet based on the tunnel information. Accordingly, a private address may be used even in a mobile VPN, and therefore a VPN site may be configured even in an environment where a public address is difficult to use, or a flexible VPN site may be configured. | 08-07-2014 |
20140237585 | Use of Virtual Network Interfaces and a Websocket Based Transport Mechanism to Realize Secure Node-to-Site and Site-to-Site Virtual Private Network Solutions - Techniques are provided herein for enabling a virtual private network (VPN) using a bidirectional, full duplex transport channel configured to send and receive application layer data packets. At a source network device that hosts a VPN client, the VPN client is configured with a bidirectional, full duplex transport channel that is configured to send and receive Open Systems Interconnection application layer data packets. The VPN client is also configured with a virtual network interface that operates to virtually link the VPN client with the transport channel. | 08-21-2014 |
20140245426 | METHOD AND APPARATUS FOR PROVIDING SECURITY IN AN INTRANET NETWORK - A method and an apparatus for providing security in an intranet network are disclosed. For example, the method receives a packet at a customer edge router, and applies an inbound access control list by the customer edge router to the packet if the packet is destined to a server in a protected server group, wherein said protected server group identifies one or more servers within the intranet network to be protected. The method applies an outbound access control list by the customer edge router to the packet if the packet is from a server in the protected server group. | 08-28-2014 |
20140298446 | METHOD AND EQUIPMENT FOR ESTABLISHING A CONNECTION THROUGH A VIRTUAL PRIVATE NETWORK - Embodiments of the present invention refer to a method for establishing a connection through a virtual private network “VPN” ( | 10-02-2014 |
20140304804 | ON-PREMISE CLOUD APPLIANCE - A standalone onsite appliance designed to connect a local network and telephony infrastructure to a hosted cloud environment. The appliance acts as an extension of the cloud by creating a bridge into the local network and providing each local user a portion of the cloud infrastructure. The appliance integrates local and wide-area networking, security services, Voice over IP (VoIP) services, and a virtualized server environment. In addition, the appliance provides offline access to otherwise cloud hosted infrastructure, data, and serves as a failover solution in the event of a loss of Internet connectivity. | 10-09-2014 |
20140325637 | Supporting IP Address Overlapping Among Different Virtual Networks - System and method embodiments are disclosed here to resolve Internet Protocol (IP) address overlap of Virtual eXtensible Local Area Network (VXLAN) endpoints in packets forwarded between the VXLAN and an external or public network. An embodiment method includes assigning different port number ranges to different virtual private networks of the VXLAN, mapping private IP addresses for endpoints at the virtual private networks to corresponding public IP addresses known to a public network, and mapping local ports of the endpoints to corresponding port numbers from the port number ranges assigned to the virtual private networks, wherein each of the endpoints at the virtual private networks is assigned to a unique combination of public IP address and port number. The mapping can be done at a VXLAN gateway or at the endpoints on physical servers of the virtual private networks. | 10-30-2014 |
20140337965 | Method and System for Access to Development Environment of Another with Access to Intranet Data - A method for secure external access to a collaborative design system is provided that includes establishing a virtual private network (VPN) tunnel between an engagement virtual machine and an external computer system, wherein the external user provides a user id and password for authorization to establish the VPN tunnel, receiving the user id and password in a web interface of the collaborative design system and identifying the engagement virtual machine the external user is allowed to access based on the user id and password, prompting the external user to log into the engagement virtual machine, wherein the user id and password are again received from the external user, issuing a security ticket to the external user when the user logs into the engagement virtual machine, and using the security ticket to authenticate accesses initiated by the external user to engagement files stored in a file system in an intranet. | 11-13-2014 |
20140337966 | PUBLIC ACCESS POINT - The invention instantiates a Personal VLAN bridge, using IEEE Std. 802.11 elements. The result is a bridge, referred to as a public access point, that is better suited for implementing public wireless data networks than the IEEE Std. 802.11 architecture. The invention also provides a location-update protocol for updating the forwarding tables of bridges that connect public access points together. The invention further provides a method for more controlled bridging, which is referred to as fine bridging. | 11-13-2014 |
20140337967 | Data Transmission Method, System, and Apparatus - A data transmission method is applied in a virtual private network (VPN) and includes: querying, by an initiating client, a VPN server for external network Internet Protocol (IP) addresses of the initiating client and a responding client; performing, by the initiating client, key negotiation with the responding client through the VPN server; after the key negotiation is completed, writing, by the initiating client, the external network IP address of the initiating client into a source address field of a to-be-sent User Datagram Protocol (UDP) packet, writing the external network IP address of the responding client into a destination address field of the to-be-sent UDP packet, and encrypting the to-be-sent UDP packet according to a key obtained through the negotiation; and sending, by the initiating client, an encrypted UDP packet to the responding client, and performing packet interaction with the responding client directly. | 11-13-2014 |
20140344917 | APPLICATION SERVICES BASED ON DYNAMIC SPLIT TUNNELING - In an example embodiment, a method of dynamically tunneling specific, or per application, services on demand without having to build complex split tunneling policies on Virtual Private Network (VPN) terminators. In particular embodiments, the method can allow for tunneling to multiple data centers on devices with limited, e.g., single, concentrator capabilities. | 11-20-2014 |
20140351924 | METHOD AND SYSTEM FOR PROVIDING LIMITED SECURE ACCESS TO SENSITIVE DATA - An approach is provided for enabling limited secure access to sensitive data by an authorized requestor. A request is received for access to data maintained at a primary data center of a secure private network from an authorized requestor. A subset of the data is then determined to be transmitted to a secure data store associated with the requestor through a private firewall of the primary data center based on the request type and the authorization of the requestor. Transmission of a subset of the data is then initiated from the secure data store to the requestor in encrypted form. | 11-27-2014 |
20140351925 | SECURITY FOR REMOTE ACCESS VPN - Techniques are disclosed for improving security in virtual private network. In one embodiment, key information is generated for a virtual private network (VPN) connection between a first device and a second device. A plurality of shares is then generated based on the key information. A first set of one or more shares is stored on a dongle that is paired to the first device. A second set of one or more shares is stored on the first device. In response to a request to resume the VPN connection, the first set of shares is retrieved from the dongle. The key information is reconstructed based on the first set of shares and the second set of shares. The reconstructed key information may then be used to resume the VPN connection. | 11-27-2014 |
20140366120 | Systems and Methods for Application-Specific Access to Virtual Private Networks - Described herein are systems and methods utilizing application-specific access to a virtual private network (“VPN”). A method may comprise receiving, from an application executing on a device, a request for a network data flow to a private network, comparing identification information associated with the application against a set of rules stored on a memory of the device, wherein the set of rules identifies conditions for the application to be authorized to access the private network, and establishing a connection for the network data flow upon the identification information satisfying the conditions for the application to access the private network. | 12-11-2014 |
20140366121 | Virtual Private Storage Array Service for Cloud Servers - A method for providing virtual private storage array (VPSA) service for cloud users over a computer network includes receiving parameters for the VPSA over the network and creating the VPSA from resources of server computers. Creating the VPSA includes allocating and exposing drives that meets or exceeds specified drive characteristics, drive quantity, and array redundancy criteria to virtual controllers (VCs) in the VPSA, and dedicating parts of processor/memory complexes that each meets or exceeds a specified virtual controller hardware model to the VCs. The VCs run on virtual machines on the dedicated parts of processor/memory complexes on independent server computers. The VCs discover the exposed drives, create a virtual pool from the exposed virtual drives, implement data protection on the virtual pool, create volumes from the virtual pool, expose the volumes over the network to a customer computer, and handle access requests to the volumes from the customer computer. | 12-11-2014 |
20140366122 | Secure Remote Access Public Communication Environment - A method and system provide a user device with secure access to an enterprise application in an enterprise network through VPN. The enterprise application is accessed from a user device such that it sends and receives data packets through the VPN client. For this, a request to send packets, originating from the user application, is intercepted by a VPN agent associated with the user application. In turn, the VPN agent associates an address of a loop-back interface with the user application. Thereafter, packets sent by the user application, are re-directed to the VPN client through the loop-back interface. Similarly, packets received by the VPN client from the enterprise network are routed through the loop-back interface to the user application. | 12-11-2014 |
20140380461 | ESTABLISHING SECURE REMOTE ACCESS TO PRIVATE COMPUTER NETWORKS - Techniques are described for providing users with access to computer networks, such as to enable users to interact with a remote configurable network service to create and configure computer networks that are provided by the configurable network service for use by the users. Secure private access between a computer network provided for a user by the configurable network service and one or more other remote computing systems of the user (e.g., a remote private network) may be enabled in various ways. For example, a user may programmatically invoke an API provided by the configurable network service to obtain assistance in establishing remote access from a remote location to a provided computer network of the configurable network service, such as to establish a VPN connection from the remote location to the provided computer network using hardware and/or software supplied to the remote location in response to the API invocation. | 12-25-2014 |
20150033324 | METHOD AND SYSTEM FOR VPN ISOLATION USING NETWORK NAMESPACES - One embodiment of the present invention provides a system for providing exclusive access to a virtual private network (VPN) connection to an authorized application. During operation, the system creates a unique network namespace that is different from a default network namespace of a host system. The system then places a pseudo network interface associated with the VPN connection into the unique network namespace. Furthermore, the system places at least one socket for an authorized application into the unique network namespace. The system also precludes unauthorized applications on the host from accessing the unique network namespace, thereby facilitating exclusive access to the VPN connection by the authorized application. | 01-29-2015 |
20150033325 | ESTABLISHING AN IPSEC (INTERNET PROTOCOL SECURITY) VPN (VIRTUAL PRIVATE NETWORK) TUNNEL AND ENCAPSULATING NON-IP PACKETS - Systems, methods and apparatuses of establishing an IPsec (Internet Protocol Security) VPN (Virtual Private Network) tunnel are disclosed. One method includes receiving, by a wireless mesh network access point, a user configuration, wherein the user configuration includes a type of traffic, determining an internal interface of the wireless mesh network access node based on the type of traffic, dynamically determining a local endpoint address for the IPsec VPN tunnel based on the selected internal interface, establishing the IPsec VPN tunnel through the selected internal interface of the wireless mesh network access node, and encapsulating non-IP packets of non-IP traffic within IP packets. | 01-29-2015 |
20150058969 | On Premises, Remotely Managed, Host Computers for Virtual Desktops - Virtual desktops are hosted on one or more remote desktop hosts at one or more private locations of an enterprise, remote from a service provider location, and behind a firewall on a private computer network. The desktops are remotely managed through resources at a service provider data center, optionally along with other virtual desktops hosted on desktop hosts at the service provider data center. The remote desktop hosts can be pre-configured with known storage, compute and connectivity resources. The remote desktop hosts can be remotely managed through a resource management appliance, i.e., a management system running resource management software, which can be located at either the service provider data center or the tenant data center. | 02-26-2015 |
20150074793 | PLACING A VIRTUAL EDGE GATEWAY APPLIANCE ON A HOST COMPUTING SYSTEM - Techniques for placing a virtual edge gateway appliance on at least one host computing system are described. In one embodiment, a virtual switch assigned to a tenant for creating virtual networks is identified. Further, at least one host computing system having access to the virtual switch is identified. Furthermore, placing a virtual edge gateway appliance on the at least one identified host computing system is recommended to allow connectivity to networks created using the virtual switch assigned to the tenant. | 03-12-2015 |
20150074794 | SYSTEM FOR ACCESSING DATA OF CLOUD DATABASE USING TRANSPARENT TECHNOLOGY - Disclosed is a system for accessing data of a cloud database via transparent technology, and the system includes at least one channel server and at least one cloud database end. When a connection notice is outputted from an application end, the user channel unit detects a first server address and a first database address in a HTTP data format, and connects to a corresponding channel server via the HTTP tunnel to send a database request, so that the channel server can convert the first database address in the HTTP data format into a TCP/IP data format and then connect to a corresponding database end. Therefore, the application end can access data from the database behind the firewall via the Internet without modifying any program code. | 03-12-2015 |
20150082418 | Method and system for realizing virtual network - A virtual network (VN) realization method and system are provided. The method includes setting a VN-AP in a data center network and/or a broadband network. A service deployment and management function entity receives a VN service request from a user to generate feature information of the VN; a PC/VM automatically discovers the VN-AP, the automatically discovered VN-AP generates the VN forwarding table entry of the PC/VM after the PC/VM passes the identity authentication of the VN, and performs tunnel encapsulation according to the VN forwarding table entry to forward a packet from the PC/VM. By discovering a VN-AP for processing a VN automatically, the disclosure realizes the automatic and rapid deployment of the VN. | 03-19-2015 |
20150082419 | FORCING ALL MOBILE NETWORK TRAFFIC OVER A SECURE TUNNEL CONNECTION - A process is disclosed in which all network traffic between a mobile device and an untrusted network arriving before the establishment of a VPN tunnel are dropped in response to rules imposed by the mobile device's operating system. Once a VPN tunnel is established all communication from the mobile device is secured, without an intervention on the part of the user of the device. A device supporting such a process is also disclosed. | 03-19-2015 |
20150089629 | NETWORK LABEL ALLOCATION METHOD, DEVICE, AND SYSTEM - Embodiments of the present invention provide a network label allocation method, a device, and a system, which enable a local PE to distinguish packets from different remote PEs. The method includes: generating, by a local provider edge PE, a VPN label route for each remote PE, where VPN labels in VPN label routes of different remote PEs are different, and the remote PE and the local PE at least belong to a same VPN; and sending the VPN label route to the remote PE, so that the remote PE separately matches an IP address of the remote PE with a target device IP address in the VPN label route, and matches an import route target RT of each VRF of the remote PE with a route target RT in the VPN label route, a packet related to a successfully matched VRF. | 03-26-2015 |
20150096011 | MIGRATION OF COMPLEX APPLICATIONS WITHIN A HYBRID CLOUD ENVIRONMENT - A system and methods for the migration of complex computer applications and the workloads comprising them between physical, virtual, and cloud servers that span a hybrid cloud environment comprising private local and remote customer data centers and public cloud data centers, without modification to the applications, their operational environments, or user access procedures. A virtual network manager securely extends the subnets and VLANS within the customer's various data center across the distributed, hybrid environment using overlay networks implemented with virtual network appliances at nodes of the overlay network. A server migrater migrates individual workloads of servers used by the complex application from one pool of server resources to another. A migration manager application provides a control interface, and also maps and manages the resources of the complex application, the hybrid environment, and the virtual network spanning the hybrid cloud environment. | 04-02-2015 |
20150106914 | REMOTE CONTROL SYSTEM, AND METHOD THEREOF - A remote control method includes: assigning network address for a terminal device when the terminal device connects to a terminal connection device; obtaining an identifier code of the terminal connection device or a client connection device when the terminal connection device or the client connection device connects to a remote control server; obtaining terminal device information including network addresses and names of the terminal devices connected to the terminal connection device; storing the terminal information into the remote control server associated with the identifier code of the terminal connection device; determining a client connection device with the same identifier code as the terminal connection device and producing a terminal device list when the user produces a control request via a control device; and controlling the control device to connect to a selected terminal device in response to an operation to select the terminal device on the terminal device list. | 04-16-2015 |
20150135303 | TECHNIQUES TO RATE-ADJUST DATA USAGE WITH A VIRTUAL PRIVATE NETWORK - Techniques to rate-adjust data usage on mobile devices using a virtual private network are described. In one embodiment, an apparatus may include a processor circuit, and an application component operative on the processor circuit to present a link to third party data, receive a control directive to follow the link, and to request to access the third party data. The apparatus may also include a client virtual private network (VPN) component operative on the processor circuit to communicate with a server having a server VPN component, receive the request to access the third party data from the application component, determine whether the accessing is rate-adjusted, and connect to a source of the third party data via the server VPN component. Other embodiments are described and claimed. | 05-14-2015 |
20150135304 | ELECTRONIC APPARATUS AND CONTROL METHOD THEREOF - According to one embodiment, an electronic apparatus is capable of switching a plurality of applications corresponding to a plurality of users in accordance with a selected user. The apparatus includes a communication controller which communicates with an apparatus connected to a network, a first determination controller which determines whether the selected user is a first user, a second determination controller which determines whether a connection is made to a first virtual private network server via the communication controller, and a first controller which controls use of the network by a first application corresponding to the first user and controls use of the network by a second application corresponding to a user in accordance with a determination results of the first and second determination controllers. | 05-14-2015 |
20150143505 | METHOD AND SYSTEM FOR COMMUNICATING OVER A SEGMENTED VIRTUAL PRIVATE NETWORK (VPN) - An approach for providing secure communication services is disclosed. A secure data tunnel from a source node to a destination node is established via a plurality of secure segments across a data communications network. A data path is established via the secure data tunnel, where the data path supports a performance enhancing mechanism that improves performance of data communications over the data path. The performance enhancing mechanism multiplexes data packet flows from the source node for transmission over the data path, and performs one or more of connection startup latency reduction, acknowledgment message spoofing, window sizing adjustment, compression and selective retransmission. | 05-21-2015 |
20150295883 | STORAGE AND RETRIEVAL OF INFORMATION USING INTERNET PROTOCOL ADDRESSES - A method for storing information in a memory using an IP address having numerical fields, where penultimate and ultimate memory banks for the IP address are allocated from the memory. A penultimate pointer is stored in a location of the penultimate memory bank indexed by the value of a penultimate numerical field in the IP address. The penultimate pointer points to the ultimate memory bank. The information is stored in a location of the ultimate memory bank indexed by the value of an ultimate numerical field in the IP address. | 10-15-2015 |
20150295892 | AUTOMATIC CERTIFICATE ENROLLMENT IN A SPECIAL-PURPOSE APPLIANCE - A digital certificate is created transparently on a mobile device. A VPN appliance receives user credentials from an app, the credentials familiar to the user and associated with an enterprise authentication service. The credentials are validated, comprising the first user authentication in a two-factor authentication method. The user is then presented with a display in the app asking for a PIN. The appliance generates a PIN and sends it to the user via the user enterprise email. The user enters the PIN in the app display. This is the second factor in the two-factor authentication. Once the user is authenticated, the appliance sends data for generating a Certificate Signing Request (CSR) to the app. The app generates a CSR and the appliance sends the CSR to an enterprise CA. A certificate is signed and enrolled. The signed digital certificate is then sent to the wrapped app. | 10-15-2015 |
20150295895 | ENGINEERING METHOD AND ESTABLISHING SYSTEM - An engineering method for establishing an engineering system includes establishing the engineering system in a virtual system by performing a communication and permitting an access to the virtual system via an internet, the communication being performed by using a service which is provided via the internet, the service being used by a first communication system which is connected to the internet, the virtual system being disposed in the first communication system, and the virtual system virtually implementing the engineering system, and inspecting the engineering system by performing an access to an inspection system via a virtual private network, the access is performed by a second communication system which is connected to the virtual private network, the inspection system being disposed in the second communication system, and the inspection system inspecting operations of the engineering system which is established in the virtual system. | 10-15-2015 |
20150326535 | NETWORK PLATFORM-AS-A-SERVICE FOR CREATING AND INSERTING VIRTUAL NETWORK FUNCTIONS INTO A SERVICE PROVIDER NETWORK - One or more devices may receive a service request. The service request may be associated with providing a network service to a service location and may be associated with a service provider network. The one or more devices may create a virtual network function (VNF), associated with providing the network service, based on the service request. The VNF may be created such that the VNF is hosted by the device, and may be configured to provide the network service. The one or more devices may insert the VNF into the service provider network. The VNF may be inserted to interact with a physical device of the service provider network to allow the network service to be provided to the service location. | 11-12-2015 |
20150334088 | ACCELERATING DATA COMMUNICATION USING TUNNELS - Methods and systems are provided for increasing application performance and accelerating data communications in a WAN environment. According to one embodiment, packets are received at a flow classification module operating at the Internet Protocol (IP) layer of a first wide area network (WAN) acceleration device via a private tunnel, which is operable to convey application layer data for connection-oriented applications between WAN acceleration devices. The packets are passed to a WAN socket operating at the transport layer. Based on the application protocol, the packets are passed to an application handler of multiple application handlers operating at the application layer each of which implements one or more application acceleration techniques for a particular application layer protocol known to behave poorly within a WAN environment. The existing connection-oriented flow is securely accelerated by performing one or more application acceleration techniques and applying one or more security functions. | 11-19-2015 |
20150341371 | SYSTEMS AND METHODS TO PROVIDE SECURE STORAGE - Systems and method to provide secure storage are disclosed. An example method includes establishing a secure tunnel between a storage device and an agent, provide a command from the agent to the storage device via the secure tunnel, access first data at the storage device in response to the command, and identify a modification to data stored on the storage device by comparing the first data to second data, wherein the comparison is done using the storage device. | 11-26-2015 |
20150365381 | APPARATUS, METHOD, AND SYSTEM FOR SECURING A PUBLIC WIRELESS NETWORK - An approach for automatically securing a public wireless network is disclosed. A VPN connection platform maintains a list of available trusted wireless access identifiers to connect to a public wireless network from a mobile device. The trusted wireless access identifiers are provided to an application associated with the mobile device that selectively initiates a virtual private connection when the mobile device cannot utilize anyone of the trusted wireless access identifiers. | 12-17-2015 |
20150372982 | INTELLIGENT, CLOUD-BASED GLOBAL VIRTUAL PRIVATE NETWORK SYSTEMS AND METHODS - A method includes connecting to a client at a Virtual Private Network (VPN) device in a cloud system; forwarding requests from the client for the Internet or public clouds accordingly; and, for requests for an enterprise associated with the client, contacting a topology controller to fetch a topology of the enterprise, causing a tunnel to be established from the enterprise to the VPN device, and forwarding the requests for the enterprise through the tunnel. A cloud system and VPN system are also described. Advantageously, connections between the cloud and on-premises proxy are dynamic, on-demand and orchestrated by the cloud. Security is provided at the edge—there is no need to punch any holes in the existing on-premises firewalls. | 12-24-2015 |
20150373029 | METHOD AND DEVICE FOR SECURE NETWORK ACCESS - In a hotspot Wi-Fi network, users can access the Internet from a variety of access points. The users' credentials are centrally authenticated within the network core to ensure they are allowed on the hotspot network. To improve security and provide selective access, a further authenticator function in the network manages access to private and/or restricted network resources. | 12-24-2015 |
20150381568 | SECURE INTEGRATION OF HYBRID CLOUDS WITH ENTERPRISE NETWORKS - A system and method of managing secure integration of a cloud-based computing resource with a private domain are disclosed. One system includes a hybrid cloud arrangement including a plurality of virtual machines, the plurality of virtual machines including at least a first virtual machine within the private domain and a second virtual machine within a public cloud. The system also includes a virtual data relay within the private domain and associated with the second virtual machine. The virtual data relay includes a private domain interface used to establish a secure communication link according to a first security protocol with each virtual machine within the private domain that is a member of a community of interest, the virtual data relay assigned a community of interest key used by the private domain interface and defining the community of interest of which the second virtual machine is a member. The virtual data relay also includes a public cloud interface used to establish a secure communication link with the second virtual machine, the public cloud interface using a second security protocol different from the first security protocol. | 12-31-2015 |
20150381569 | Local Internet with Quality of Service (QoS) Egress Queuing - Local internet functionality may allow host devices positioned in branch office locations to securely communicate outgoing internet traffic directly over the internet. Local internet functionality may also allow said host devices to securely receive incoming internet traffic through the creation and tracking of local internet sessions. Local internet functionality is achieved by forwarding egress internet traffic over a local internet virtual pathway extending to a WAN interface/port of a local host device. The WAN interface/port is configured to communicate traffic received over the local internet virtual pathway directly over the internet, while communicating all other egress traffic over secure tunnels of the virtual edge router. The WAN interface/port is further configured to monitor outgoing local internet traffic to create and track local internet sessions. | 12-31-2015 |
20160006820 | Encrypted VPN Connection - A method, apparatus, and system are described that provides fully automated network access to remote networked devices. The device and system permits the remote access of a local network without any pre-configuration or administrative burden at the local network. Embodiments as described herein provide a “plug and play” option to insert a device into the local network and provide access to select target devices on the network, even non-routable devices, without first requiring dedicated host software or other administrative privileges or configurations be set at the local network. | 01-07-2016 |
20160036780 | AUTOMATED CONFIGURATION OF ENDPOINT SECURITY MANAGEMENT - Systems and methods for managing configuration of a client security application based on a network environment in which the client device is operating are provided. According to one embodiment, a network connection state of a client device with respect to a private network is determined by a client security application running on the client device. The client security application, then selects a configuration based on the determined network connection state. Finally, the client security application launches one or more functions of the client security application that are designated by the selected configuration. | 02-04-2016 |
20160043997 | Device, system and method for supporting the setting up of a local area network - A device comprises a first integrated network card ( | 02-11-2016 |
20160043998 | METHODS AND APPARATUS TO IMPROVE SECURITY OF A VIRTUAL PRIVATE MOBILE NETWORK - Methods and apparatus are disclosed to prevent consecutive attacks on a virtual private mobile network. An example method includes for each of a plurality of network elements, generating virtualized slices based on a virtualized slice count value for subgroups associated with the virtual private mobile network, and assigning non-consecutive ones of the virtualized slices to the subgroups associated with the virtual private mobile network based on demand for the virtualized slices by the respective ones of the subgroups. The example method also includes, in response to a request from a mobile device to access the virtual private mobile network for a first time, assigning the mobile device to one of the virtual slices of the plurality of network elements based on (i) the subgroup associated with the mobile device, and (ii) availability of the virtual slices. | 02-11-2016 |
20160050182 | Diverting Traffic for Forensics - In one embodiment of a method, system and apparatus for diverting anomalous traffic from a host, the method, system and apparatus are described including detecting malicious traffic and communications by an endpoint agent included in a network host, the malicious traffic and communications directed from the network host to an IP address, the IP address being stored in a reputation database, sending a signal to a central server by a signaling mechanism included in the endpoint agent, the signal indicating detection of traffic directed from the network host to the IP address, the signal triggering creation of a split tunnel virtual private network (VPN) policy on a VPN server controlled by the central server, and receiving instructions at a receiver included in the endpoint agent from the VPN server to join a VPN group. | 02-18-2016 |
20160057108 | METHOD FOR LOAD-BALANCING IPSEC TRAFFIC - Systems, methods and apparatus for distributing IPsec traffic across multiple IPsec processing units (PUs) by controllably allocating a specific range of one or more IPSec parameters of the IPsec traffic to each PU. | 02-25-2016 |
20160065580 | SYSTEM FOR TRANSACTION AUTHENTICATION - Systems and methods for secure transaction authorization are provided. An emulator is instantiated on a host device and configured to emulate an integrated circuit having a different instruction set than an integrated circuit of the host device, and a guest operating system executing on the emulated integrated circuit is configured to communicate with a host operating system of the host device through an emulated network interface of the emulator. Under control of one or more guest operating system processes executing on the emulated integrated circuit, a request is received over a first secure communication channel from an application executing on the host operating system to authorize a transaction. Further, based on the received request, user input is obtained from an input device of the host device and transformed into verification data. A different second secure communication channel is established to a remote system through the emulated network interface, and a request is sent over the second channel to the remote system to authorize the transaction based on the verification data. An authorization result is received from the remote system over the second secure communication channel, and a response is sent to the application over the first secure communication channel indicating the authorization result. | 03-03-2016 |
20160072763 | DYNAMIC VPN ADDRESS ALLOCATION - Methods and related systems are presented that relate to automatically avoiding address conflicts when establishing a secure communications link over a public network between a local computer, associated with a local network, and a remote device, located outside the local network. Local network addresses on the local network reserved for use, and a block of local network addresses that do not conflict with the reserved local network addresses, are identified. At least one local network address is selected from the block and assigned as an address of the local device for use in communicating with the remote device securely over the public network. Communication is facilitated with the remote device using the network driver based on the assigned at least one local network address. | 03-10-2016 |
20160087940 | PRIVATE ALIAS ENDPOINTS FOR ISOLATED VIRTUAL NETWORKS - In accordance with a designation of a private alias endpoint as a routing target for traffic directed to a service from within an isolated virtual network of a provider network, a tunneling intermediary receives a baseline packet generated at a compute instance. The baseline packet indicates a public IP (Internet Protocol) address of the service as the destination, and a private IP address of the compute instance as the source. In accordance with a tunneling protocol, the tunneling intermediary generates an encapsulation packet comprising at least a portion of the baseline packet and a header indicating the isolated virtual network. The encapsulation packet is transmitted to a node of the service. | 03-24-2016 |
20160099915 | SECURITY CONTEXT MANAGEMENT IN MULTI-TENANT ENVIRONMENTS - Examples of the present disclosure describe security context enforcement in a multi-tenant environment. Security context data may be transmitted through an un-secure multi-tenant computational environment. The security context data is secured by protection layers that restrict untrusted resources from running tenant applications and restrict the ability of unauthorized tenants to access context information associated with a tenant. Data may be received and evaluated at a component of a multi-tenant environment. If the component is a trusted component and the security context data indicates that the tenant is authorized to execute an application using a specified context, the component may run a tenant application in a context associated with the security context data. | 04-07-2016 |
20160099918 | SYSTEM AND METHOD TO PROVIDE BUILT-IN AND MOBILE VPN CONNECTIVITY - A system and method for facilitating the establishment of a virtual private network between a network and a remote computer, the system having: a mobile device connectable to the remote computer and storing a user profile, virtual private network information, and password information; virtual private network software being located on one of the mobile device and the remote computer; an access point communicating with the network; and communication means for communications between the access point and one of the mobile device and the remote computer, wherein the user profile, virtual private network information, and password information is passed to the virtual private network software upon connection of the mobile device to the remote computer, the virtual private network software using the user profile, virtual private network information, and password information to establish a virtual private network through the communications means and the access point to the network. | 04-07-2016 |
20160112372 | DYNAMIC TUNNEL FOR REAL TIME DATA COMMUNICATION - A tunneled session management (“TSM”) server manages a dynamic datagram tunnel (“DDT”) for a real time communication (“RTC”) with a TSM client. The TSM server establishes a stream based tunnel with the TSM client and then establishes the RTC via the stream based tunnel, where the RTC includes communicating a first channel for signaling traffic and a second channel for media traffic. Then, it is determined whether to establish the DDT for communicating the media traffic, and if so, the DDT is established and the second channel is communicated via the DDT while the first channel is maintained on the stream based tunnel. | 04-21-2016 |
20160134590 | METHODS AND SYSTEMS FOR ESTABLISHING VPN CONNECTIONS AT A VPN MANAGEMENT SERVER - The present invention discloses methods for establishing Virtual Private Network (VPN) connections among a plurality of VPN gateways at a VPN management server. The VPN management server determines VPN gateways belonging to a first VPN gateway group and also determines the number of possible VPN connections for each VPN gateway of the first VPN gateway group. Configuration for each VPN gateway of the first VPN gateway group is determined based on, at least in part, a VPN connection topology and the number of VPN connection license(s). Each VPN gateway of the first VPN gateway group is configured according to the configuration and a plurality of VPN connections is established based on, at least in part, the configurations. | 05-12-2016 |
20160134591 | VPN Implementation Processing Method and Device for Edge Device - The present disclosure discloses a Virtual Private Network (VPN) implementation processing method and device for an edge device. The method includes that: a VPN application request is acquired, wherein the VPN application request carries attribute configuration information about a VPN; VPN routing information is received from each edge device in the VPN; and VPN routing control information is sent to the edge devices, wherein the VPN routing control information is routing information obtained by performing centralized calculation and processing on the attribute configuration information and the VPN routing information. Adopting the above solution provided in the present disclosure solves the technical problems in the prior art that there are more complex configuration and table item contents in an automatic control solution for the VPN, etc., thereby being able to automatically control simpler configuration issuing, more intensive table item management and table item issuing under a uniform control platform, so that the configuration and table item capacity of the existing device are reduced. | 05-12-2016 |
20160142374 | PRIVATE AND SECURE COMMUNICATION SYSTEMS AND METHODS - Private and secure communication systems and methods implemented by a server in a local network behind a local router/firewall include authenticating a client device based on a request from the client device, wherein the request is for a tunnel from the server to the client device through the local router/firewall for a communication session with another client device; configuring and establishing a Virtual Private Network (VPN) tunnel over the Internet with the client device; and establishing the communication session with the another client device utilizing Session Initiation Protocol (SIP) for both signaling and media, wherein the server operates both as a VPN server and a Private Branch Exchange (PBX) for communication sessions utilizing SIP, and wherein the communication session is logged at a local level of the server. | 05-19-2016 |
20160164838 | VPN SERVER ACCESS METHOD AND VPN CLIENT - Disclosed in the embodiments of the present invention is a VPN server access method, comprising: acquiring an IP address assigned to a SIM card by a server at the network side, when dialing to the server at the network side is carried out successfully with the dial-up information built-in the SIM card; connecting to the proprietary VPN server automatically, if the acquired IP address of the SIM card belongs to the address segments of the proprietary VPN server. A VPN client is also disclosed in the embodiments of the present invention. With the present invention, the user experience can be improved. | 06-09-2016 |
20160164839 | SECURITY-FOCUSED MONITORING SYSTEM - In some implementations, data from security monitoring devices of a facility is collected and analyzed within the facility and the results of the analysis is transmitted to another computer that is outside of the facility via a non-VPN communication path. | 06-09-2016 |
20160182455 | METHOD AND APPARATUS FOR THREAT ISOLATION AND REMOTE RESOLUTION FOR COMPUTER SYSTEMS | 06-23-2016 |
20160380973 | VIRTUAL ROUTING AND FORWARDING (VRF) FOR ASYMMETRICAL VIRTUAL SERVICE PROVIDER (VSP) TUNNELS - In one embodiment, a device in a network maintains first and second routing tables associated with a virtual private network (VPN) tunnel. The first and second routing tables comprise routing information used to route packets external to a particular routing domain. The device routes a first packet in the network via the VPN tunnel and a second tunnel that encapsulates the VPN tunnel, using the routing information in the first routing table. The device receives a second packet via the VPN tunnel that was routed to the device using the routing information in the second routing table and bypasses the second tunnel. | 12-29-2016 |
20190147189 | INTERNET-BASED SEARCH MECHANISM | 05-16-2019 |
20220141191 | SECURE DISTRIBUTION OF CONFIGURATION TO FACILITATE A PRIVACY-PRESERVING VIRTUAL PRIVATE NETWORK SYSTEM - A VPN client discovers an available VPN server and requests a private IP address for use as the source IP address of the VPN client. A configuration delivery system delivers a private IP address from a pool of addresses assigned to the VPN server. The private IP address may be accompanied with cryptographic material for establishing a VPN tunnel with the VPN server. The cryptographic material may be random integer generated by an entropy generator. | 05-05-2022 |
20220141192 | System and Methods for Path-Aware and Path-Assured Secure Virtual Private Lines and Secure Network Slices using Enhanced Digital Certificates in Multi-Vendor Multi-Domain Networks - Methods of configuring path-aware point to point secure network private lines over multi-domain, multi-operator virtual and physical networks through network elements that are compliant with PKI Digital Certificates (eDC) with metadata enhancements are disclosed. Secure Network Slices (SNS) may then be constructed by interconnecting SVPLs through a network aggregation device such as switch/bridge/router which allows different network policies on different segments of the network. A Digital Trust Broker is disclosed that bridges between multiple Authentication/Authorization frameworks of an enterprise and the security frameworks of multiple operators and service providers that provide Secure Virtual Private lines and Secure Network Slices. Additionally, the methods that identify that any traffic exchange with internet or between differing levels of SNS or SVPLs go through enhanced security bridge that enforces policies of high security enterprise are also disclosed. | 05-05-2022 |