Patent application number | Description | Published |
20130064363 | INCORPORATING DATA INTO AN ECDSA SIGNATURE COMPONENT - During generation of a signature on a message to create a signed message, a signer determines one of the signature components such that particular information can be extracted from the signature component. The particular information may be related to one or more of the signer and the message to be signed. After receiving a signed message purported to be signed by the signer, a verifier can extract the particular information from the signature component. | 03-14-2013 |
20130067218 | INCORPORATING DATA INTO CRYPTOGRAPHIC COMPONENTS OF AN ECQV CERTIFICATE - During generation of an implicit certificate for a requestor, a certificate authority incorporates information in the public-key reconstruction data, where the public-key reconstruction data is to be used to compute the public key of the requestor. The information may be related to one or more of the requestor, the certificate authority, and the implicit certificate. The certificate authority reversibly encodes the public-key reconstruction data in the implicit certificate and sends it to the requestor. After receiving the implicit certificate from the certificate authority, the requestor can extract the incorporated information from the public-key reconstruction data. The implicit certificate can be made available to a recipient, and the recipient can also extract the incorporated information. | 03-14-2013 |
20130078946 | Managing Mobile Device Applications in a Wireless Network - Methods, systems, and computer programs for managing mobile device applications are described. In some aspects, a mobile device application is prevented from accessing resources of a wireless network. For example, a wireless network operator system can determine that one or more mobile device applications are disapproved for use in the wireless network. In some implementations, the wireless network operator denies the disapproved mobile device applications access to the wireless network resources. In some implementations, mobile devices disable access to the wireless network by the disapproved mobile device applications. | 03-28-2013 |
20130078948 | Managing Mobile Device Applications on a Mobile Device - Methods, systems, and computer programs for managing mobile device applications are described. In some aspects, a mobile device application is prevented from accessing resources of a wireless network. For example, a wireless network operator system can determine that one or more mobile device applications are disapproved for use in the wireless network. In some implementations, the wireless network operator denies the disapproved mobile device applications access to the wireless network resources. In some implementations, mobile devices disable access to the wireless network by the disapproved mobile device applications. | 03-28-2013 |
20130078949 | Managing Mobile Device Applications - Methods, systems, and computer programs for managing mobile device applications are described. In some aspects, a mobile device application is prevented from accessing resources of a wireless network. For example, a wireless network operator system can determine that one or more mobile device applications are disapproved for use in the wireless network. In some implementations, the wireless network operator denies the disapproved mobile device applications access to the wireless network resources. In some implementations, mobile devices disable access to the wireless network by the disapproved mobile device applications. | 03-28-2013 |
Patent application number | Description | Published |
20110087883 | SELF-SIGNED IMPLICIT CERTIFICATES - There are disclosed systems and methods for creating a self-signed implicit certificate. In one embodiment, the self-signed implicit certificate is generated and operated upon using transformations of a nature similar to the transformations used in the ECQV protocol. In such a system, a root CA or other computing device avoids having to generate an explicit self-signed certificate by instead generating a self-signed implicit certificate. | 04-14-2011 |
20110145585 | SYSTEM AND METHOD FOR PROVIDING CREDENTIALS - A method and system is operable to provide credentials by generating a first credential that conforms to a first specified format. A second credential conforming to a second specified format is included in the first credential so that the second credential may be distributed through the cryptosystem using the first specified format. The credential may be a digital certificate. | 06-16-2011 |
20120087493 | METHOD FOR SECURING CREDENTIALS IN A REMOTE REPOSITORY - A method of securing user credentials in a remote repository is provided. In accordance with one embodiment, there is provided a method comprising generating a first private key and a first public key pair from a registered password; generating a second private key and a second public key pair; generating a storage key from the second private key and the first public key; encrypting a set of credentials using the storage key; creating a encrypted credential signature from the encrypted set of credentials and the first private key; and storing the encrypted set of credentials, the encrypted credential signature, and the second public key in the remote repository. | 04-12-2012 |
20120089847 | METHOD OF OBTAINING AUTHORIZATION FOR ACCESSING A SERVICE - Methods and devices for obtaining authorization for a requestor to access a service are provided. In accordance with one embodiment, there is provided a method comprising receiving a requestor request for access to a service; sending an authorization request to one or more mobile devices associated with one or more authorizers on a first approval list; receiving an authorization response from the one or more mobile devices associated with the one or more authorizers on the first approval list; determining whether a predetermined level of authorization is received; and when the predetermined level of authorization is received, authorizing access to the service. | 04-12-2012 |
20120096273 | AUTHENTICATED ENCRYPTION FOR DIGITAL SIGNATURES WITH MESSAGE RECOVERY - A framework is proposed for authenticated encryption for digital signatures with message recovery whereby authentication is achieved without a redundancy requirement. The Elliptic Curve Pintsov-Vanstone Signature scheme is modified through the use of authenticated encryption, thereby enabling authentication using a message authentication code. The authenticated encryption may be performed within a single function or as two separate functions. The authenticated encryption may also be applied to associated data in the message to be signed. | 04-19-2012 |
20120096274 | AUTHENTICATED ENCRYPTION FOR DIGITAL SIGNATURES WITH MESSAGE RECOVERY - A framework is proposed for authenticated encryption for digital signatures with message recovery whereby authentication is achieved without a redundancy requirement. The Elliptic Curve Pintsov-Vanstone Signature scheme is modified through the use of authenticated encryption, thereby enabling authentication using a message authentication code. The authenticated encryption may be performed within a single function or as two separate functions. The authenticated encryption may also be applied to associated data in the message to be signed. | 04-19-2012 |
20120239777 | SECURE FINANCIAL TRANSACTIONS - A method of securely communicating a message for a financial transaction from a first correspondent to one or more recipients. The method comprises dividing the message into at least two portions. Each portion is intended for a recipient. Each portion intended for receipt by one of the recipients is encrypted with that recipient's public key. The message is signed and transmitted to one of the recipients to enable the recipient to verify the message and further transmit the message to a further recipient. | 09-20-2012 |
20120243680 | INCORPORATING DATA INTO AN ECDSA SIGNATURE COMPONENT - During generation of a signature on a message to create a signed message, a signer determines one of the signature components such that particular information can be extracted from the signature component. The particular information may be related to one or more of the signer and the message to be signed. After receiving a signed message purported to be signed by the signer, a verifier can extract the particular information from the signature component. | 09-27-2012 |
20120246465 | INCORPORATING DATA INTO CRYPTOGRAPHIC COMPONENTS OF AN ECQV CERTIFICATE - During generation of an implicit certificate for a requestor, a certificate authority incorporates information in the public-key reconstruction data, where the public-key reconstruction data is to be used to compute the public key of the requestor. The information may be related to one or more of the requestor, the certificate authority, and the implicit certificate. The certificate authority reversibly encodes the public-key reconstruction data in the implicit certificate and sends it to the requestor. After receiving the implicit certificate from the certificate authority, the requestor can extract the incorporated information from the public-key reconstruction data. The implicit certificate can be made available to a recipient, and the recipient can also extract the incorporated information. | 09-27-2012 |
20130046972 | Using A Single Certificate Request to Generate Credentials with Multiple ECQV Certificates - A method and apparatus are disclosed for using a single credential request (e.g., registered public key or ECQV certificate) to obtain a plurality of credentials in a secure digital communication system having a plurality of trusted certificate authority CA entities and one or more subscriber entities A. In this way, entity A can be provisioned onto multiple PKI networks by leveraging a single registered public key or implicit certificate as a credential request to one or more CA entities to obtain additional credentials, where each additional credential can be used to derive additional public key-private key pairs for the entity A. | 02-21-2013 |
20130078947 | Authentication Procedures for Managing Mobile Device Applications - Methods, systems, and computer programs for managing mobile device applications are described. In some aspects, a mobile device application is prevented from accessing resources of a wireless network. For example, a wireless network operator system can determine that one or more mobile device applications are disapproved for use in the wireless network. In some implementations, the wireless network operator denies the disapproved mobile device applications access to the wireless network resources. In some implementations, mobile devices disable access to the wireless network by the disapproved mobile device applications. | 03-28-2013 |
20130182840 | System and Method of Lawful Access to Secure Communications - The present disclosure relates to systems and methods for secure communications. In some aspects, a method of signalling an interception time period is described. At least one keying information used by a KMF to regenerate a key is stored. A start_interception message is signaled from an ADMF to a CSCF. A halt_message is signaled from the ADMF to the CSCF. | 07-18-2013 |
20130182841 | System and Method of Lawful Access to Secure Communications - The present disclosure relates to systems and methods for secure communications. In some aspects, an initiator KMS receives, from an initiator UE, one or more values used in generation of an encryption key, which includes obtaining at least one value associated with a RANDRi. The initiator KMS sends the at least one value associated with the RANDRi to a responder KMS. The responder KMS generates the encryption key using the one or more values. | 07-18-2013 |
20130182843 | System and Method of Lawful Access to Secure Communications - The present disclosure relates to systems and methods for secure communications. In some aspects, one or more values used to generate an encryption key used to encrypt a packet are stored in a header of the packet. The packet is transmitted with the encrypted data portion in a communication. In some aspects, one or more values used to generate an encryption key are received. The encryption key is regenerated using the one or more values. | 07-18-2013 |
20130227277 | SELF-SIGNED IMPLICIT CERTIFICATES - There are disclosed systems and methods for creating a self-signed implicit certificate. In one embodiment, the self-signed implicit certificate is generated and operated upon using transformations of a nature similar to the transformations used in the ECQV protocol. In such a system, a root CA or other computing device avoids having to generate an explicit self-signed certificate by instead generating a self-signed implicit certificate. | 08-29-2013 |
20130232554 | System and Method for Connecting Client Devices to a Network - A system and method are provided for enabling a client device to connect to a network. The method comprises: obtaining an authorization code via a communication channel different from the network, the authorization code corresponding to the client device; and after detecting initiation of a security negotiation protocol by the client device, using the authorization code in at least one security negotiation operation. | 09-05-2013 |
20130236019 | INTERCEPTING KEY SESSIONS - In some implementations, a method for providing a session key to a third party includes identifying a private key associated with a public key certificate in response to an event. A session key for a communication session is based, at least in part, on the private key, an associated seed for a random number generator, and public keys assigned to user equipment participating in the communication session. The private key associated with the public key certificate is automatically transmitted to an interception authority. The interception authorities are configured to grant a third party access to the private key and the associated seed to in response to a request from a third party authorized to access the communication session. | 09-12-2013 |
20130246785 | METHOD FOR SECURING MESSAGES - There is provided a method for secure communications. The method comprises obtaining a broadcast message, computing a signature for said broadcast message using a private key, and sending a transmission to a communication device. The private key is associated with a certificate and the transmission comprises the signature. | 09-19-2013 |
20130246798 | METHOD FOR SECURING MESSAGES - There is provided a method for secure communications. The method comprises receiving a transmission comprising a signature of a broadcast message at a communication device, and verifying the signature using a certificate. | 09-19-2013 |
20130343542 | METHODS AND DEVICES FOR ESTABLISHING TRUST ON FIRST USE FOR CLOSE PROXIMITY COMMUNICATIONS - Methods and devices for establishing trust on first use for close proximity communications are disclosed. An example method includes receiving a public key from a device via a close proximity communications connection, obtaining, via a user interface, an indication that the device is trusted, and storing at least one of the public key or an identifier for the device. | 12-26-2013 |
20140003604 | AUTHENTICATION OF A MOBILE DEVICE BY A NETWORK AND KEY GENERATION | 01-02-2014 |
20140004824 | KEY AGREEMENT FOR WIRELESS COMMUNICATION | 01-02-2014 |
20140006786 | KEY AGREEMENT USING A KEY DERIVATION KEY | 01-02-2014 |
20140059346 | METHOD OF LAWFUL INTERCEPTION FOR UMTS - A method of providing, to a user equipment, first information for generating a cipher key used for encryption, and for providing, to an authorized intercept device, second information for generating the cipher key, the method including determining a generator function that, based on an input state value, outputs a next cipher key and a next state value, determining an initial state value for the generator function, providing, to the authorized intercept device, the generator function and the initial state value as the second information, generating the cipher key and a state value based on the function generator and the input state value, generating a pseudo-random value based on the cipher key, and transmitting, to the user equipment, the pseudo-random value as the first information, wherein the user equipment generates the cipher key based on the pseudo-random value. | 02-27-2014 |
20140108825 | System and Method for Hardware Based Security - An asset management system is provided, which includes a hardware module operating as an asset control core. The asset control core generally includes a small hardware core embedded in a target system on chip that establishes a hardware-based point of trust on the silicon die. The asset control core can be used as a root of trust on a consumer device by having features that make it difficult to tamper with. The asset control core is able to generate a unique identifier for one device and participate in the tracking and provisioning of the device through a secure communication channel with an appliance. The appliance generally includes a secure module that caches and distributes provisioning data to one of many agents that connect to the asset control core, e.g. on a manufacturing line or in an after-market programming session. | 04-17-2014 |
20140137197 | DATA INTEGRITY FOR PROXIMITY-BASED COMMUNICATION - Methods, systems, and computer programs for trusted communication among mobile devices are described. In some aspects, an authentication value is generated at a first mobile device based on a message and a shared secret value stored on the first mobile device. In response to detecting proximity of a second mobile device, the message and the authentication value are wirelessly transmitted from the first mobile device to the second mobile device. In some implementations, the message and the authentication value can be wirelessly transmitted by a proximity-activated wireless interface, such as, for example, a Near Field Communication (NFC) interface. | 05-15-2014 |
20140141750 | DATA INTEGRITY FOR PROXIMITY-BASED COMMUNICATION - Methods, systems, and computer programs for trusted communication among mobile devices are described. In some aspects, information is wirelessly transmitted from a first mobile device to a second mobile device. The information permits the second mobile device to detect proximity of the first mobile device. In some implementations, the information can be wirelessly transmitted by a proximity-activated wireless interface, such as, for example, a Near Field Communication (NFC) interface. In response to the information, the first mobile device receives a message and a first authentication value wirelessly transmitted from the second mobile device to the first mobile device. A second authentication value is generated at the first mobile device based on the message and the shared secret value. Integrity of the message is verified based on comparing the first authentication value and the second authentication value. | 05-22-2014 |
20140201535 | INCORPORATING DATA INTO AN ECDSA SIGNATURE COMPONENT - During generation of a signature on a message to create a signed message, a signer determines one of the signature components such that particular information can be extracted from the signature component. The particular information may be related to one or more of the signer and the message to be signed. After receiving a signed message purported to be signed by the signer, a verifier can extract the particular information from the signature component. | 07-17-2014 |
20140211938 | MODIFIED ELLIPTIC CURVE SIGNATURE ALGORITHM FOR MESSAGE RECOVERY - A modified Chinese State Encryption Management Bureau's SM2 Elliptic Curve Signature Algorithm that offers partial message recovery and lowers the signature size for a given cryptographic strength. The modified SM2 Elliptic Curve Signature Algorithm includes a signature and verification algorithm that modifies a signature generation primitive to compute a key derived from the ephemeral signing key, and a multiple of the signer's public key. | 07-31-2014 |
20140215206 | SYSTEM AND METHOD FOR PROVIDING A TRUST FRAMEWORK USING A SECONDARY NETWORK - A system for providing security services to a mobile device where the mobile device is in communication with a public network through a first network path that is subject to interference by a third party. The system includes a security server and a private network. The security server is operative to communicate with the mobile device through the private network. The security server is also operative to communicate with the public network through a second network path that is less susceptible to the interference by the third party than is the first network path. The security server communicates with the public network through the second network path to provide security services to the mobile device that are delivered over the private network. | 07-31-2014 |
20140304517 | METHOD FOR SECURING CREDENTIALS IN A REMOTE REPOSITORY - A method of securing user credentials in a remote repository is provided. In accordance with one embodiment, there is provided a method comprising generating a first private key and a first public key pair from a registered password; generating a second private key and a second public key pair; generating a storage key from the second private key and the first public key; encrypting a set of credentials using the storage key; creating a encrypted credential signature from the encrypted set of credentials and the first private key; and storing the encrypted set of credentials, the encrypted credential signature, and the second public key in the remote repository. | 10-09-2014 |
20150139424 | KEY AGREEMENT FOR WIRELESS COMMUNICATION - Methods, systems, and computer programs for performing key agreement operations in a communication system are described. In some aspects, a wireless network operator receives a mobile device identifier and accesses a secret key associated with the mobile device. A message authentication code function is evaluated based on the secret key to produce an output value. A session key and a challenge value are obtained based on the output value. In some aspects, a mobile device accesses a secret key in response to receiving the challenge value from the wireless network operator. A message authentication code function is evaluated based on the secret key to produce an output value. A response value and a session key are obtained based on the output value. The response value is transmitted to the wireless network operator. | 05-21-2015 |
20150319164 | SYSTEM AND METHOD FOR CONNECTING CLIENT DEVICES TO A NETWORK - A system and method are provided for enabling a client device to connect to a network. The method comprises: obtaining an authorization code via a communication channel different from the network, the authorization code corresponding to the client device; and after detecting initiation of a security negotiation protocol by the client device, using the authorization code in at least one security negotiation operation. | 11-05-2015 |
Patent application number | Description | Published |
20120175450 | System for Storing Multiple Cable Retractors - A system for storing multiple cord retractors comprises at least one cord retractor. Each retractor includes a first and second pair of pulleys mounted at opposite ends of a frame. An intermediate section of a cable is stored in the frame and has one end of the stored section fixed to the frame, with the other end extending from the frame. The stored cable section is at least partially wound over the pair of pulleys, and one pair of pulleys is slidably mounted for motion toward the other pair of pulleys. A damper is coupled to one of the second pair of pulleys, which engages the pulley to rotate about an axis to damp the rotary motion of one of the second pair of pulleys in such a manner that the intermediate storage section is in tension during retraction and withdrawal. The system further includes a bracket and a pin. | 07-12-2012 |
20120175452 | Cable Cord Retractor - A mechanism for storing a length of cord that includes a first and second pair of pulleys mounted at opposite ends of a frame. An intermediate section of a cord is stored in the frame and has one end of the stored section fixed to the frame, with the other end extending from the frame. The stored cord section is at least partially wound over the pair of pulleys, and one pair of pulleys is slidably mounted for motion toward the other pair of pulleys. A damper is coupled to one of the second pair of pulleys, which engages the pulley to rotate about an axis to damp the rotary motion of one of the second pair of pulleys in such a manner that the intermediate storage section is in tension during retraction and withdrawal. The mechanism further includes a solenoid that is activated locally or remotely by a switch. | 07-12-2012 |
20130068870 | Cable Cord Retractor - A retractor for storing a length of cord that includes a first and second pair of pulleys mounted at opposite ends of a frame. An intermediate section of a cord is stored in the frame. The stored cord section is at least partially wound over the pair of pulleys, and one pair of pulleys is slidably mounted for motion toward the other pair of pulleys. A damper is coupled to one of the second pair of pulleys, which engages the pulley to rotate about an axis to damp the rotary motion of one of the second pair of pulleys in such a manner that the intermediate storage section is in tension during retraction and withdrawal. The retractor further includes a cable system that is coupled to a slot formed on the second frame end and configured to provide a substantially consistent retraction speed of the cord. | 03-21-2013 |
20130264409 | Cable Cord Retractor - A retractor for storing a length of cord that includes a first and second pair of pulleys mounted at opposite ends of a frame. An intermediate section of a cord is stored in the frame. The stored cord section is at least partially wound over the pair of pulleys, and one pair of pulleys is slidably mounted for motion toward the other pair of pulleys. A damper is coupled to one of the second pair of pulleys, which engages the pulley to rotate about an axis to damp the rotary motion of one of the second pair of pulleys in such a manner that the intermediate storage section is in tension during retraction and withdrawal. | 10-10-2013 |
20140346268 | Cable Cord Retractor - A mechanism for storing a length of cord that includes a first and second pair of pulleys mounted at opposite ends of a frame. An intermediate section of a cord is stored in the frame and has one end of the stored section fixed to the frame, with the other end extending from the frame. The stored cord section is at least partially wound over the pair of pulleys, and one pair of pulleys is slidably mounted for motion toward the other pair of pulleys. A damper is coupled to one of the second pair of pulleys, which engages the pulley to rotate about an axis to damp the rotary motion of one of the second pair of pulleys in such a manner that the intermediate storage section is in tension during retraction and withdrawal. The mechanism further includes a solenoid that is activated locally or remotely by a switch. | 11-27-2014 |
20150041077 | SPRING-LOADED ROLLER SHADE GUDGEON - Presented is a gudgeon assembly that includes a gudgeon body, a first ball bearing, a second ball bearing, a gudgeon pin, a first spring plate, a second spring plate, and two springs. The gudgeon pin extends through the gudgeon body and is coaxial with the first and second ball bearings. The first spring plate is coupled to a distal portion of the gudgeon pin. The second spring plate defines an opening and is coupled to the second ball bearing. The opening is coaxial with the second ball bearing and the gudgeon pin. The two springs are coupled to the first spring plate and the second spring plate. Longitudinal axes of the two springs are coplanar and non-coaxial with the longitudinal axis of the gudgeon pin. The gudgeon pin, the first spring plate, and the second spring plate rotate together as a single unit and rotate independently of the gudgeon body. | 02-12-2015 |
20150083351 | SHADE MOTOR WITH LATCH ASSEMBLY AND BRACKET - Presented is a roller shade motor system that includes a motor with an end portion, a latch assembly disposed on the end portion, and a bracket. The latch assembly includes an alignment member and at least one moveable clip. The bracket includes a clip contact surface and defines an alignment member opening dimensioned and arranged for receiving the alignment member. The moveable clip is retracted into the alignment member during insertion of the alignment member into the alignment member opening and is extended out of the alignment member and contacts the clip contact surface after insertion and couples the motor to the bracket. | 03-26-2015 |
Patent application number | Description | Published |
20120002813 | MULTI-SERVICE VPN NETWORK CLIENT FOR MOBILE DEVICE - An integrated, multi-service network client for cellular mobile devices is described. The multi-service network client can be deployed as a single software package on cellular mobile network devices to provide integrated services including secure enterprise virtual private network (VPN) connectivity, acceleration, security management including monitored and enforced endpoint compliance, and collaboration services. Once installed on the cellular mobile device, the multi-service client integrates with an operating system of the device to provide a single entry point for user authentication for secure enterprise connectivity, endpoint security services including endpoint compliance with respect to anti-virus and spyware software, and comprehensive integrity checks. That is, the multi-service client provides a common user interface to the integrated services, and provides a VPN handler that interfaces with the operating system to provide an entry point for network traffic to which the integrated services can be seamlessly applied. | 01-05-2012 |
20120002814 | VPN NETWORK CLIENT FOR MOBILE DEVICE HAVING DYNAMICALLY CONSTRUCTED DISPLAY FOR NATIVE ACCESS TO WEB MAIL - An integrated, multi-service network client for cellular mobile devices is described. The multi-service network client can be deployed as a single software package on cellular mobile network devices to provide integrated services including secure enterprise virtual private network (VPN) connectivity, acceleration, security management including monitored and enforced endpoint compliance, and collaboration services. The VPN network client is programmed to receive a web-based home page from an enterprise VPN appliance, process the web-based home page to identify a bookmark embedded within the response that corresponds to an enterprise webmail for the user and dynamically construct a user interface to have an input control native to the cellular mobile device for launching a native email client of the cellular mobile device to access the email without launching a web browser. | 01-05-2012 |
20120002815 | VPN NETWORK CLIENT FOR MOBILE DEVICE HAVING FAST RECONNECT - A virtual private network client for cellular mobile devices is described. The VPN network client establishes a secure VPN connection with a remote VPN security device. The VPN network client establishes a secure control channel with the secure VPN gateway and, upon a successful authentication, receives a session cookie with a unique identifier. In the event communication with the secure VPN gateway is subsequently temporarily lost, the VPN network client performs a fast reconnect without requiring re-authentication of the cellular mobile device by communicating the session cookie to the secure VPN gateway. Prior to performing the fast reconnect, the VPN network client identifies a set of transport mechanisms currently available to the cellular mobile device and, when only a cellular network is available and not a wireless packet-based connection, the VPN network client defers the fast reconnect until application-layer data is received from a user application and is ready to be sent to the remote VPN security device via the VPN connection | 01-05-2012 |
20120005476 | MULTI-SERVICE VPN NETWORK CLIENT FOR MOBILE DEVICE HAVING INTEGRATED ACCELERATION - An integrated, multi-service virtual private network (VPN) network client for cellular mobile devices is described. The multi-service network client can be deployed as a single software package on cellular mobile network devices to provide integrated services including secure enterprise VPN connectivity, acceleration, security management including monitored and enforced endpoint compliance, and collaboration services. The multi-service client integrates with an operating system of the device to provide a VPN handler to establish a VPN connection with a remote VPN security device. The VPN network client includes to data acceleration module exchange network packets with the VPN handler and apply at least one acceleration service to the network packets, and a VPN control application that provides a unified user interface that allows a user to configure both the VPN handler and the data acceleration module. | 01-05-2012 |
20120005477 | MULTI-SERVICE VPN NETWORK CLIENT FOR MOBILE DEVICE HAVING DYNAMIC FAILOVER - An integrated, multi-service network client for cellular mobile devices is described. The multi-service network client can be deployed as a single software package on cellular mobile network devices to provide integrated services including secure enterprise virtual private network (VPN) connectivity, acceleration, security management including monitored and enforced endpoint compliance, and collaboration services. Once installed on the cellular mobile device, the multi-service client establishes the VPN connection to concurrently include both a layer three (L3) tunnel that uses a first type of transport layer protocol of the operating system and a layer four (L4) tunnel that uses a second type of transport layer protocol of the operating system. The VPN handler determines whether network ports associated with the L3 tunnel are unblocked by an operating system and, when the network ports are unblocked, automatically transitions from the L4 tunnel to the L3 tunnel without terminating the VPN connection. | 01-05-2012 |
20120005745 | VPN NETWORK CLIENT FOR MOBILE DEVICE HAVING DYNAMICALLY TRANSLATED USER HOME PAGE - A virtual private network (VPN) client for cellular mobile devices is described. The VPN network client processes network packets for securely tunneling the network packets between the cellular mobile device and the remote VPN security device. Upon establishing the VPN connection, the VPN network client receives a web-based home page from the secure VPN device via a secure response, dynamically parses bookmark links from the secure response and renders a bookmark window using input controls native to the cellular mobile device without invoking a web browser on the cellular mobile device. Each of the input controls corresponds to a different one of the bookmarks parsed from the secure response. Upon selection of one of the input controls, the VPN network client formulates and outputs an appropriate request to the secure VPN device as if a corresponding one of the bookmark links were selected by the user. | 01-05-2012 |
20120005746 | DUAL-MODE MULTI-SERVICE VPN NETWORK CLIENT FOR MOBILE DEVICE - An integrated, multi-service network client for cellular mobile devices is described. The multi-service client includes a VPN handler having an interface programmed to exchange the network packets with the security manager for application of the security service, wherein the VPN handler is configurable to operate in one of an enterprise mode and in a non-enterprise mode, wherein in the enterprise mode the VPN handler establishes a VPN connection with a remote VPN security device and provides encryption services to securely tunnel the network packets between the cellular mobile device and the remote VPN security device, and wherein in the non-enterprise mode the VPN handler directs the network packets to the security manager without application of the encryption services and communicates the network packets to a packet-based network without tunneling the packets. | 01-05-2012 |
20120159607 | MULTI-SERVICE VPN NETWORK CLIENT FOR MOBILE DEVICE - An integrated, multi-service network client for cellular mobile devices is described. The multi-service network client can be deployed as a single software package on cellular mobile network devices to provide integrated services including secure enterprise virtual private network (VPN) connectivity, acceleration, security management including monitored and enforced endpoint compliance, and collaboration services. Once installed on the cellular mobile device, the multi-service client integrates with an operating system of the device to provide a single entry point for user authentication for secure enterprise connectivity, endpoint security services including endpoint compliance with respect to anti-virus and spyware software, and comprehensive integrity checks. That is, the multi-service client provides a common user interface to the integrated services, and provides a VPN handler that interfaces with the operating system to provide an entry point for network traffic to which the integrated services can be seamlessly applied. | 06-21-2012 |
20140029750 | MULTI-SERVICE VPN NETWORK CLIENT FOR MOBILE DEVICE HAVING INTEGRATED ACCELERATION - An integrated, multi-service virtual private network (VPN) network client for cellular mobile devices is described. The multi-service network client can be deployed as a single software package on cellular mobile network devices to provide integrated services including secure enterprise VPN connectivity, acceleration, security management including monitored and enforced endpoint compliance, and collaboration services. The multi-service client integrates with an operating system of the device to provide a VPN handler to establish a VPN connection with a remote VPN security device. The VPN network client includes to data acceleration module exchange network packets with the VPN handler and apply at least one acceleration service to the network packets, and a VPN control application that provides a unified user interface that allows a user to configure both the VPN handler and the data acceleration module. | 01-30-2014 |