| Patent application number | Description | Published |
|---|
| 20080301779 | Configuring Security Mechanisms Utilizing A Trust System - Implementations of configuring security mechanisms utilizing a trust system are described. In one implementation, a request to communicate is received at a protected device. Before permission to communicate can be granted, a list of trusted devices is accessed. If information, such as an identity or a secret, associated with the device sending the request to communicate correlates to information found on the list of trusted devices, then communication can be allowed. Otherwise, communication between the device and the protected device can be denied. | 12-04-2008 |
| 20090006575 | Detection and Removal of Undesirable Items in a Data Processing Environment - Functionality is described for addressing a threat to the security of a user device that utilizes a network-accessible service. The functionality operates by assessing the likelihood that the user device is infected by the undesirable item. When the user device makes a request to access the network-accessible service, the functionality can interact with the user device in a manner that is governed by the assessed likelihood that the user device is infected by the undesirable item. | 01-01-2009 |
| 20090178141 | BOOTING A DEVICE FROM A TRUSTED ENVIRONMENT RESPONSIVE TO DEVICE HIBERNATION - Techniques described are capable of receiving an indication that an operating system of a computing device has entered a hibernated state and, in response, booting the computing device from a trusted environment that is unalterable by the hibernated operating system. A component stored on or accessible by the trusted environment may then perform an operation on the computing device. This operation may include scanning the device, performing a memory test on the device, or updating firmware on the device. In some instances, the computing device enters the hibernated state due to a predetermined length of user inactivity on the computing device. As such, the described techniques may perform an operation on the computing device without user interaction causing the operation. | 07-09-2009 |
| 20090248840 | NETWORK TOPOLOGY DETECTION USING A SERVER - Various technologies and techniques are disclosed for automatically detecting whether a local network that a computer is connected to is a public or private network by utilizing a trusted online service and/or heuristics. Techniques are also described for detecting whether or not two computers are connected to the same local area network. | 10-01-2009 |
| 20090292888 | Backing up Data from Backup Target to Backup Facility - Aspects of the subject matter described herein relate to backup up data. In aspects, a backup target determines a degree to which a data set included on the backup target is not backed up on a backup facility. The degree can represent more than just that the data set is completely backed up or is not backed up at all. If the degree satisfies a condition, the backup target utilizes information derived from a backup history of one or more attempted or successfully completed backup sessions between the backup target and the backup facility to determine whether to provide a notification regarding backup state. The backup target also may send the degree and other backup information to a backup facility which may use this information in determining a backup scheme to employ with the backup target. | 11-26-2009 |
| 20100077450 | PROVIDING SIMPLIFIED INTERNET ACCESS - Aspects of the subject matter described herein relate to providing simplified network access. In aspects, a network access device that controls access to a network is configured to allow communications with a set of specified hosts regardless of whether the requesting user has paid for or authorized payment for the network usage. The user may communicate with such hosts without further configuration, providing payment or other information to the network access device, or the like. If the user attempts to access other hosts, the network access device ensures that the user is authorized (e.g., has paid for, belongs to a partner organization, etc.) before granting the access. | 03-25-2010 |
| 20100266132 | SERVICE-BASED KEY ESCROW AND SECURITY FOR DEVICE DATA - Data protection services for portable, handheld, or mobile device are provided in part by one or more cooperating network or data service(s), such as a cloud service, that provide volatile encryption/decryption key information to the device(s). Decryption key(s) are retrieved on demand by a device or application of the device from a network service or other data service based on an analysis of device and user credential(s). Retrieval of keys can be triggered automatically by meeting a set of pre-conditions by the device or application, or explicitly or implicitly requested by input to the device or application. Thus, decryption keys are provided to the mobile device in real time, on-demand, explicitly or implicitly defining a volatile lifetime prior to expiration of the decryption keys. | 10-21-2010 |
| 20110110268 | MODEL-BASED VIRTUAL NETWORKING - Architecture that facilitates the virtual specification of a connection between physical endpoints. A network can be defined as an abstract connectivity model expressed in terms of the connectivity intent, rather than any specific technology. The connectivity model is translated into configuration settings, policies, firewall rules, etc., to implement the connectivity intent based on available physical networks and devices capabilities. The connectivity model defines the connectivity semantics of the network and controls the communication between the physical nodes in the physical network. The resultant virtual network may be a virtual overlay that is independent of the physical layer. Alternatively, the virtual overlay can also include elements and abstracts of the physical network(s). Moreover, automatic network security rules (e.g., Internet Protocol security-IPSec) can be derived from the connectivity model of the network. | 05-12-2011 |
| 20110113247 | AUTOMATICALLY RECONNECTING A CLIENT ACROSS RELIABLE AND PERSISTENT COMMUNICATION SESSIONS - The invention relates to methods and systems for reconnecting a client and providing user authentication across a reliable and persistent communication session. The method includes providing a first connection between a client and first protocol service and a second connection between the first protocol service and a host service. The first protocol service detects a disruption in the first connection. The client re-establishes the first connection between the client and the first protocol service while maintaining the second connection between the first protocol service and the host service. The first protocol service receives a ticket associated with the client and validates the ticket. The first protocol service links the re-established first connection to the maintained second connection after the ticket is validated. | 05-12-2011 |
| 20110113481 | IP SECURITY CERTIFICATE EXCHANGE BASED ON CERTIFICATE ATTRIBUTES - Architecture that provides Internet Protocol security (IPsec) certificate exchange based on certificate attributes. An IPsec endpoint can validate the security context of another IPsec endpoint certificate by referencing certificate attributes. By facilitating IPsec certificate exchange using certificate attributes rather than solely certificate roots, it is now possible to build multiple isolated network zones using a single certificate authority rather than requiring one certificate authority per zone. Moreover, the ability to use certificate attributes during the IPsec certificate exchange can be leveraged for more focused communications such as QoS (quality of service). Certificate attributes can be utilized to identify the security context of the endpoint. The IPsec certificate use can be locked down to a single IP or group of IPs. | 05-12-2011 |
