Patent application number | Description | Published |
20080301779 | Configuring Security Mechanisms Utilizing A Trust System - Implementations of configuring security mechanisms utilizing a trust system are described. In one implementation, a request to communicate is received at a protected device. Before permission to communicate can be granted, a list of trusted devices is accessed. If information, such as an identity or a secret, associated with the device sending the request to communicate correlates to information found on the list of trusted devices, then communication can be allowed. Otherwise, communication between the device and the protected device can be denied. | 12-04-2008 |
20090006575 | Detection and Removal of Undesirable Items in a Data Processing Environment - Functionality is described for addressing a threat to the security of a user device that utilizes a network-accessible service. The functionality operates by assessing the likelihood that the user device is infected by the undesirable item. When the user device makes a request to access the network-accessible service, the functionality can interact with the user device in a manner that is governed by the assessed likelihood that the user device is infected by the undesirable item. | 01-01-2009 |
20090178141 | BOOTING A DEVICE FROM A TRUSTED ENVIRONMENT RESPONSIVE TO DEVICE HIBERNATION - Techniques described are capable of receiving an indication that an operating system of a computing device has entered a hibernated state and, in response, booting the computing device from a trusted environment that is unalterable by the hibernated operating system. A component stored on or accessible by the trusted environment may then perform an operation on the computing device. This operation may include scanning the device, performing a memory test on the device, or updating firmware on the device. In some instances, the computing device enters the hibernated state due to a predetermined length of user inactivity on the computing device. As such, the described techniques may perform an operation on the computing device without user interaction causing the operation. | 07-09-2009 |
20090248840 | NETWORK TOPOLOGY DETECTION USING A SERVER - Various technologies and techniques are disclosed for automatically detecting whether a local network that a computer is connected to is a public or private network by utilizing a trusted online service and/or heuristics. Techniques are also described for detecting whether or not two computers are connected to the same local area network. | 10-01-2009 |
20090292888 | Backing up Data from Backup Target to Backup Facility - Aspects of the subject matter described herein relate to backup up data. In aspects, a backup target determines a degree to which a data set included on the backup target is not backed up on a backup facility. The degree can represent more than just that the data set is completely backed up or is not backed up at all. If the degree satisfies a condition, the backup target utilizes information derived from a backup history of one or more attempted or successfully completed backup sessions between the backup target and the backup facility to determine whether to provide a notification regarding backup state. The backup target also may send the degree and other backup information to a backup facility which may use this information in determining a backup scheme to employ with the backup target. | 11-26-2009 |
20100077450 | PROVIDING SIMPLIFIED INTERNET ACCESS - Aspects of the subject matter described herein relate to providing simplified network access. In aspects, a network access device that controls access to a network is configured to allow communications with a set of specified hosts regardless of whether the requesting user has paid for or authorized payment for the network usage. The user may communicate with such hosts without further configuration, providing payment or other information to the network access device, or the like. If the user attempts to access other hosts, the network access device ensures that the user is authorized (e.g., has paid for, belongs to a partner organization, etc.) before granting the access. | 03-25-2010 |
20100266132 | SERVICE-BASED KEY ESCROW AND SECURITY FOR DEVICE DATA - Data protection services for portable, handheld, or mobile device are provided in part by one or more cooperating network or data service(s), such as a cloud service, that provide volatile encryption/decryption key information to the device(s). Decryption key(s) are retrieved on demand by a device or application of the device from a network service or other data service based on an analysis of device and user credential(s). Retrieval of keys can be triggered automatically by meeting a set of pre-conditions by the device or application, or explicitly or implicitly requested by input to the device or application. Thus, decryption keys are provided to the mobile device in real time, on-demand, explicitly or implicitly defining a volatile lifetime prior to expiration of the decryption keys. | 10-21-2010 |
20110110268 | MODEL-BASED VIRTUAL NETWORKING - Architecture that facilitates the virtual specification of a connection between physical endpoints. A network can be defined as an abstract connectivity model expressed in terms of the connectivity intent, rather than any specific technology. The connectivity model is translated into configuration settings, policies, firewall rules, etc., to implement the connectivity intent based on available physical networks and devices capabilities. The connectivity model defines the connectivity semantics of the network and controls the communication between the physical nodes in the physical network. The resultant virtual network may be a virtual overlay that is independent of the physical layer. Alternatively, the virtual overlay can also include elements and abstracts of the physical network(s). Moreover, automatic network security rules (e.g., Internet Protocol security-IPSec) can be derived from the connectivity model of the network. | 05-12-2011 |
20110113247 | AUTOMATICALLY RECONNECTING A CLIENT ACROSS RELIABLE AND PERSISTENT COMMUNICATION SESSIONS - The invention relates to methods and systems for reconnecting a client and providing user authentication across a reliable and persistent communication session. The method includes providing a first connection between a client and first protocol service and a second connection between the first protocol service and a host service. The first protocol service detects a disruption in the first connection. The client re-establishes the first connection between the client and the first protocol service while maintaining the second connection between the first protocol service and the host service. The first protocol service receives a ticket associated with the client and validates the ticket. The first protocol service links the re-established first connection to the maintained second connection after the ticket is validated. | 05-12-2011 |
20110113481 | IP SECURITY CERTIFICATE EXCHANGE BASED ON CERTIFICATE ATTRIBUTES - Architecture that provides Internet Protocol security (IPsec) certificate exchange based on certificate attributes. An IPsec endpoint can validate the security context of another IPsec endpoint certificate by referencing certificate attributes. By facilitating IPsec certificate exchange using certificate attributes rather than solely certificate roots, it is now possible to build multiple isolated network zones using a single certificate authority rather than requiring one certificate authority per zone. Moreover, the ability to use certificate attributes during the IPsec certificate exchange can be leveraged for more focused communications such as QoS (quality of service). Certificate attributes can be utilized to identify the security context of the endpoint. The IPsec certificate use can be locked down to a single IP or group of IPs. | 05-12-2011 |
20110219081 | ZONE CLASSIFICATION OF ELECTRONIC MAIL MESSAGES - Embodiments of the invention relate to techniques for classifying received e-mails and e-mails to be sent. In some embodiments, a set of e-mail zones may be defined and e-mails may be classified into one of the plurality of zones. An indication of the zone into which an e-mail has been classified may be displayed in a visual display of the e-mail. | 09-08-2011 |
20110219424 | INFORMATION PROTECTION USING ZONES - Some embodiments are directed to an information protection scheme in which devices, users, and domains in an information space may be grouped into zones. When information is transferred across a zone boundary, information protection rules may be applied to determine whether the transfer should be permitted or blocked, and/or whether any other policy actions should be taken (e.g., requiring encryption, prompting the user for confirmation of the intended transfer, or some other action). | 09-08-2011 |
20110320821 | FEDERATION AMONG SERVICES FOR SUPPORTING VIRTUAL-NETWORK OVERLAYS - Computerized methods, systems, and computer-readable media for promoting cooperation between a first and second virtual network overlay (“overlay”) are provided. The first overlay is governed by a first authority domain and includes members assigned virtual IP addresses from a first address range. The second overlay is governed by a second authority domain, which is associated with a second federation mechanism, for negotiating on behalf of the second overlay. The second federation mechanism is capable of negotiating with, or soliciting delegation of authority from, a first federation mechanism that is associated with the first authority domain. When negotiations are successful or authority is delegated, the second federation mechanism establishes a communication link between the second overlay and the first overlay or joins a member of the second overlay to the first overlay. Joining involves allocating a guest IP address from the first address range to the member. | 12-29-2011 |
20120047253 | NETWORK TOPOLOGY DETECTION USING A SERVER - Various technologies and techniques are disclosed for automatically detecting whether a local network that a computer is connected to is a public or private network by utilizing a trusted online service and/or heuristics. Techniques are also described for detecting whether or not two computers are connected to the same local area network. | 02-23-2012 |
20120060204 | Methods and Apparatus for Scalable Secure Remote Desktop Access - The invention provides scalable, secure, and easily administerable methods and systems for providing remote access to networked resources by combing aspects of physical access limitation measures with traditional computer access limitation measures. The methods and systems utilize an enrollment administration system for specifying enrollment rules, an enrollment system configured to communicate with the enrollment administration system to permit enrolling a first networked resource if permitted by specified enrollment rules, and a remote access system for granting a user remote access to the first networked resource if the user successfully enrolled the first networked resource. | 03-08-2012 |
20130166691 | METHODS AND APPARATUS FOR GENERATING GRAPHICAL AND MEDIA DISPLAYS AT A CLIENT - The invention generally relates to generating a display having graphical and/or media components at a client. In one aspect, a method for generating a graphical display at a client includes transmitting output from an application program executing on a server to the client, identifying a non-textual element within the application output, retrieving a compressed data format associated with the non-textual element, and transmitting to the client the compressed data format in place of the non-textual element. In another aspect, a method for generating a media presentation at a client includes transmitting output from an application program executing on a server to the client, identifying a media stream within the application output, intercepting an original compressed data set representing at least a portion of the media stream before processing by the application program, and transmitting the original compressed data set to the client. | 06-27-2013 |
20140173699 | ASSIGNING PERMISSIONS BASED ON ORGANIZATIONAL STRUCTURE - Permission to access an organization's resources may be automatically assigned based on one or more structures within that organization. In one example, structural maps of an organization are received, where the structural maps indicate the reporting hierarchy of the organization, geographic subdivisions, substantive subdivisions, etc. Templates are received describing how permissions are to be assigned to particular substructures within the organization. The templates are then fitted to the organization, and permissions to access particular resources are assigned to members of the organization based on the templates. An administrator may modify the assigned permissions. Work requests may be routed to people based on which people have permission to access the resources involved in the work request. | 06-19-2014 |
20140196121 | FEDERATION AMONG SERVICES FOR SUPPORTING VIRTUAL-NETWORK OVERLAYS - Computerized methods, systems, and computer-readable media for promoting cooperation between a first and second virtual network overlay (“overlay”) are provided. The first overlay is governed by a first authority domain and includes members assigned virtual IP addresses from a first address range. The second overlay is governed by a second authority domain, which is associated with a second federation mechanism, for negotiating on behalf of the second overlay. The second federation mechanism is capable of negotiating with, or soliciting delegation of authority from, a first federation mechanism that is associated with the first authority domain. When negotiations are successful or authority is delegated, the second federation mechanism establishes a communication link between the second overlay and the first overlay or joins a member of the second overlay to the first overlay. Joining involves allocating a guest IP address from the first address range to the member. | 07-10-2014 |