Patent application number | Description | Published |
20090044273 | CIRCUITS AND METHODS FOR EFFICIENT DATA TRANSFER IN A VIRUS CO-PROCESSING SYSTEM - Various embodiments of the present invention circuits and methods for improved virus processing. As one example, such methods may include providing a system memory, a general purpose processor and a virus co processor. The methods further include receiving a data segment at the general purpose processor, and storing the data segment to the system memory using virtual addresses. The date segment is accessed from the system memory by the virus co processor using the virtual addresses. The virus co processor then scans the date segment for viruses and returns results. | 02-12-2009 |
20090168651 | MANAGING NETWORK TRAFFIC FLOW - A method for managing network traffic flow is provided. The method includes receiving network traffic content, storing at least a portion of the network traffic content to a memory, sending a copy of the network traffic content to a processor, which determines whether the network traffic content contains content desired to be detected. Another method for managing network traffic flow includes receiving network traffic content, flagging the network traffic content, sending the flagged network traffic content to a module, which is configured to pass unflagged data to a user and prevent flagged data from being sent to the user, and sending a copy of the network traffic content to a processor, which determines whether the network traffic content contains content desired to be detected. | 07-02-2009 |
20090303994 | INTEGRATED SECURITY SWITCH - An integrated security switch and related method for managing connectivity and security among networks. The integrated security switch includes a security function connectable with a first network and at least one switching function connectable with a second network. A common management interface driven by both command line interface and graphic user interface protocols manages the switching function via a management path dedicated between the security function and the switching function. The common management interface enables secure switching of traffic to flow via a traffic path dedicated between the switching function and the security function. Typically, the traffic is a flow of data between the Internet and a group of networked users such as a wide area network. | 12-10-2009 |
20100146627 | ELECTRONIC MESSAGE AND DATA TRACKING SYSTEM - Systems and methods for tracking electronic messages and data are provided. In one embodiment, the invention consists of a method of tracking email messages. In various embodiments, steps may include a) identifying an email message for tracking and b) inserting a linking object, into a tracked email message. Responsive to activation by a receiver of the email message, the linking object enables the receiver to submit information to a commercial anti-spam service or a commercial anti-virus service. The method can be used to identify and track email messages defined as spam or defined as containing viruses. The receiver's privacy may be preserved with respect to content of the email message by limiting the information submitted to signatures of the electronic message and other information associated with the electronic message that are reasonably required for spam or virus analysis. | 06-10-2010 |
20100154064 | SYSTEMS AND METHODS FOR UPDATING CONTENT DETECTION DEVICES AND SYSTEMS - A method of updating a content detection module includes obtaining content detection data, and transmitting the content detection data to a content detection module, wherein the transmitting is performed not in response to a request from the content detection module. A method of sending content detection data includes obtaining content detection data, selecting an update station from a plurality of update stations, and sending the, content detection data to the selected update station. A method of building a content detection system includes establishing a first communication link between a central station and an update station, the central station configured to transmit content detection data to the update station, and establishing a second communication link between the update station and a content detection module. | 06-17-2010 |
20100269172 | FIREWALL INTERFACE CONFIGURATION TO ENABLE BI-DIRECTIONAL VOIP TRAVERSAL COMMUNICATIONS - Methods and systems for an intelligent network protection gateway (NPG) and network architecture are provided. According to one embodiment, a firewall provides network-layer protection to internal hosts against unauthorized access by hosts of an external network by performing network address translation (NAT) processing of Internet Protocol (IP) addresses. The firewall changes data in headers of VoIP packets and corresponding data contents of the VoIP packets, to enable bi-directional VoIP communications. An external VoIP interface of the firewall receives incoming VoIP packets having a user alias (e.g., an email address) and an indication regarding a VoIP port of external interface. The packets are directed to an appropriate internal host by the firewall performing port address forwarding based on the port indication to a Session Initiation Protocol (SIP) server within the internal network that maintains a mapping of user aliases to private addresses of the internal hosts. | 10-21-2010 |
20110125869 | NETWORK ADVERTISING SYSTEM - Systems and methods for transmitting content to a client via a communication network are provided. According to one embodiment, a system includes a content server, an insertion server and a policy server. The content server stores and selects substitute or supplemental content. The insertion server monitors client traffic, detects client TCP/IP requests or destination TCP/IP responses and sends the selected substitute or supplemental content retrieved from the content server to the client in lieu of or in addition to content requested by the client TCP/IP requests or provided by the destination TCP/IP responses. The policy server provides instructions to the insertion server with respect to timing of detecting the client TCP/IP requests or destination TCP/IP responses and a delay associated with completing the client TCP/IP requests or destination TCP/IP responses. The system operates independently of respective destinations of the client TCP/IP requests and respective sources of the destination TCP/IP responses. | 05-26-2011 |
20110219086 | ELECTRONIC MESSAGE AND DATA TRACKING SYSTEM - Systems and methods for tracking electronic messages and data are provided. According to one embodiment, a linking object insertion routine identifies an electronic mail (email) message as a candidate for user feedback based on the email message having been previously classified as spam by a real-time email spam scanning routine associated with a commercial anti-spam service. The linking object insertion routine facilitates user submission of the user feedback regarding the email message to the commercial anti-spam service by embedding a linking object within the email message. The linking object is configured to automate communication of one or more digital signatures of the email message generated by the real-time email spam scanning routine to the commercial anti-spam service by performing out-of-band signaling with the commercial anti-spam service. | 09-08-2011 |
20110231402 | SYSTEMS AND METHODS FOR CATEGORIZING NETWORK TRAFFIC CONTENT - A method for categorizing network traffic content includes determining a first characterization of the network traffic content determining a first probability of accuracy associated with the first characterization, and categorizing the network traffic content based at least in part on the first characterization and the first probability of accuracy. A method for use in a process to categorize network traffic content includes obtaining a plurality of data, each of the plurality of data representing a probability of accuracy of a characterization of network traffic content, and associating each of the plurality of data with a technique for characterizing network traffic content. A method for categorizing network traffic content includes determining a characterization of the network traffic content, determining a weight value associated with the characterization, and categorizing network traffic content based at least in part on the characterization of the network traffic content and the weight value. | 09-22-2011 |
20120005741 | FIREWALL INTERFACE CONFIGURATION TO ENABLE BI-DIRECTIONAL VOIP TRAVERSAL COMMUNICATIONS - Methods and systems for an intelligent network protection gateway (NPG) are provided. According to one embodiment, a firewall prevents unauthorized network-lawyer access to internal hosts by hosts of an external network by performing network address translation (NAT) processing of Internet Protocol (IP) addresses. The firewall changes data in headers of VoIP packets and corresponding data contents of the VoIP packets, to enable bi-directional VoIP communications. An external VoIP interface of the firewall facilitates concurrent management of multiple incoming VoIP calls by providing multiple VoIP ports and advertising multiple IP address/VoIP port pairs corresponding to internal hosts. When incoming VoIP packets are received, the packets are directed to an appropriate internal host by the firewall performing port forwarding based on a port indication contained within the packets to a server or gatekeeper within the internal network that maintains a mapping of user aliases to private addresses of the internal hosts. | 01-05-2012 |
20120017277 | SYSTEMS AND METHODS FOR UPDATING CONTENT DETECTION DEVICES AND SYSTEMS - A method of updating a content detection module includes obtaining content detection data, and transmitting the content detection data to a content detection module, wherein the transmitting is performed not in response to a request from the content detection module. A method of sending content detection data includes obtaining content detection data, selecting an update station from a plurality of update stations, and sending the, content detection data to the selected update station. A method of building a content detection system includes establishing a first communication link between a central station and an update station, the central station configured to transmit content detection data to the update station, and establishing a second communication link between the update station and a content detection module. | 01-19-2012 |
20120023228 | METHOD, APPARATUS, SIGNALS, AND MEDIUM FOR MANAGING TRANSFER OF DATA IN A DATA NETWORK - A method and apparatus for managing a transfer of data in a data network identifies data associated with a communication session between a first node and a second node in the data network. Further processing of the communication session occurs when a portion of the communication session meets a criterion and the communication session is permitted to continue when the portion of the communication session does not meet the criterion. | 01-26-2012 |
20120023557 | METHOD, APPARATUS, SIGNALS, AND MEDIUM FOR MANAGING TRANSFER OF DATA IN A DATA NETWORK - A method and apparatus for managing a transfer of data in a data network identifies data associated with a communication session between a first node and a second node in the data network. Further processing of the communication session occurs when a portion of the communication session meets a criterion and the communication session is permitted to continue when the portion of the communication session does not meet the criterion. | 01-26-2012 |
20120102196 | CONTENT PATTERN RECOGNITION LANGUAGE PROCESSOR AND METHODS OF USING THE SAME - A device for detecting network traffic content is provided. The device includes a processor configured to receive a signature associated with content desired to be detected, and execute one or more functions based on the signature to determine whether network traffic content matches the content desired to be detected. The signature is defined by one or more predicates. A computer readable medium for use to detect network traffic content is also provided. The computer readable medium includes a memory storing one or more signatures, each of the one or more signatures associated with content desired to be detected. Each of the one or more signatures is defined by one or more predicates, and each of the one or more predicates can be compiled into a byte code stream that controls a logic of a network traffic screening device. | 04-26-2012 |
20120246712 | FIREWALL INTERFACE CONFIGURATION TO ENABLE BI-DIRECTIONAL VOIP TRAVERSAL COMMUNICATIONS - Methods and systems for an intelligent network protection gateway (NPG) and network architecture are provided. According to one embodiment, a firewall provides network-layer protection to internal hosts against unauthorized access by hosts of an external network by performing network address translation (NAT) processing of Internet Protocol (IP) addresses. The firewall changes data in headers of VoIP packets and corresponding data contents of the VoIP packets, to enable bi-directional VoIP communications. An external VoIP interface of the firewall receives incoming VoIP packets having a user alias (e.g., an email address) and an indication regarding a VoIP port of external interface. The packets are directed to an appropriate internal host by the firewall performing port address forwarding based on the port indication to a Media Gateway Control Protocol (MGCP) media gateway within the internal network that maintains a mapping of user aliases to private addresses of the internal hosts. | 09-27-2012 |
20120278896 | SYSTEMS AND METHODS FOR UPDATING CONTENT DETECTION DEVICES AND SYSTEMS - A method of updating a content detection module includes obtaining content detection data, and transmitting the content detection data to a content detection module, wherein the transmitting is performed not in response to a request from the content detection module. A method of sending content detection data includes obtaining content detection data, selecting an update station from a plurality of update stations, and sending the, content detection data to the selected update station. A method of building a content detection system includes establishing a first communication link between a central station and an update station, the central station configured to transmit content detection data to the update station, and establishing a second communication link between the update station and a content detection module. | 11-01-2012 |
20120317646 | VIRUS CO-PROCESSOR INSTRUCTIONS AND METHODS FOR USING SUCH - Circuits and methods for detecting, identifying and/or removing undesired content are provided. According to one embodiment, a method for virus processing is provided. A general purpose processor receives and stores a data segment to a first memory at a virtual address. The first memory contains paging data structures for translating virtual addresses to physical addresses. The general purpose processor directs a virus processing hardware accelerator to scan the data segment based on virus signatures compiled for the virus processing hardware accelerator and stored in a second memory. The first memory includes a first virus signature compiled for the general purpose processor. The virus processing hardware accelerator retrieves the data segment by accessing the first memory based on the virtual address and cached information, stored within one or more translation lookaside buffers local to the virus processing hardware accelerator, relating to most recently used entries of the paging data structures. | 12-13-2012 |
20130152203 | OPERATION OF A DUAL INSTRUCTION PIPE VIRUS CO-PROCESSOR - Circuits and methods are provided for detecting, identifying and/or removing undesired content. According to one embodiment, a method for virus processing content objects is provided. A content object is stored within a system memory by a general purpose processor using a virtual address. Most recently used entries of a page directory and a page table of the system memory are cached within a translation lookaside buffer (TLB) of a virus co-processor. Instructions are read from a virus signature memory of the co-processor. Those of a first type are assigned to a first of multiple instruction pipes of the co-processor. The first instruction pipe executes an instruction including accessing a portion of the content object by performing direct virtual memory addressing of the system memory using a physical address derived based on the virtual address and the TLB and comparing it to a string associated with the instruction. | 06-13-2013 |
20130254382 | HARDWARE BASED DETECTION DEVICES FOR DETECTING NETWORK TRAFFIC CONTENT AND METHODS OF USING THE SAME - A device for detecting network traffic content is provided. The device includes a first input port configured to receive one or more signatures, each of the one or more signatures associated with content desired to be detected, a second input port configured to receive data associated with network traffic content. The device also includes a processor configured to process the one or more signatures and the data to determine whether the network traffic content matches the content desired to be detected, and an output port configured to couple the device to a computer system of an intended recipient of the network traffic content. The output port passes the network traffic content to the computer system when it is determined that the network traffic content does not match the content desired to be detected. | 09-26-2013 |
20130262667 | SYSTEMS AND METHODS FOR CATEGORIZING NETWORK TRAFFIC CONTENT - A method for categorizing network traffic content includes determining a first characterization of the network traffic content determining a first probability of accuracy associated with the first characterization, and categorizing the network traffic content based at least in part on the first characterization and the first probability of accuracy. A method for use in a process to categorize network traffic content includes obtaining a plurality of data, each of the plurality of data representing a probability of accuracy of a characterization of network traffic content, and associating each of the plurality of data with a technique for characterizing network traffic content. A method for categorizing network traffic content includes determining a characterization of the network traffic content, determining a weight value associated with the characterization, and categorizing network traffic content based at least in part on the characterization of the network traffic content and the weight value. | 10-03-2013 |
20130263246 | SYSTEMS AND METHODS FOR UPDATING CONTENT DETECTION DEVICES AND SYSTEMS - A method of updating a content detection module includes obtaining content detection data, and transmitting the content detection data to a content detection module, wherein the transmitting is performed not in response to a request from the content detection module. A method of sending content detection data includes obtaining content detection data, selecting an update station from a plurality of update stations, and sending the, content detection data to the selected update station. A method of building a content detection system includes establishing a first communication link between a central station and an update station, the central station configured to transmit content detection data to the update station, and establishing a second communication link between the update station and a content detection module. | 10-03-2013 |
20130263271 | DETECTING NETWORK TRAFFIC CONTENT - A device for detecting network traffic content is provided. The device includes a memory configured for storing one or more signatures, each of the one or more signatures associated with content desired to be detected, and 5 defined by one or more predicates. The device a/so includes a processor configured to receive data associated with network traffic content, execute one or more instructions based on the one or more signatures and the data, and determine whether the network traffic content matches the content desired to be detected. | 10-03-2013 |
20130276093 | FIREWALL INTERFACE CONFIGURATION TO ENABLE BI-DIRECTIONAL VOIP TRAVERSAL COMMUNICATIONS - Methods and systems for an intelligent network protection gateway (NPG) and network architecture are provided. According to one embodiment, a firewall provides network-layer protection to internal hosts against unauthorized access by hosts of an external network by performing network address translation (NAT) processing of Internet Protocol (IP) addresses. The firewall changes data in headers of VoIP packets and corresponding data contents of the VoIP packets, to enable bi-directional VoIP communications. An external VoIP interface of the firewall receives incoming VoIP packets having a user alias (e.g., an email address) and an indication regarding a VoIP port of external interface. The packets are directed to an appropriate internal host by the firewall performing port address forwarding based on the port indication to a media gateway within the internal network that maintains a mapping of user aliases to private addresses of the internal hosts. | 10-17-2013 |
20140007246 | DATA LEAK PROTECTION | 01-02-2014 |
20140096254 | EFFICIENT DATA TRANSFER IN A VIRUS CO-PROCESSING SYSTEM - Circuits and methods are provided for detecting, identifying and/or removing undesired content. According to one embodiment, a method for virus co-processing is provided. A general purpose processor stores a data segment to its system memory using a virtual address. The system memory has stored therein a page directory and a page table containing information for translating virtual addresses to physical addresses within a physical address space of the system memory. A virus processing hardware accelerator translates the virtual address of the data segment to a physical address of the data segment based on the page directory and the page table. The hardware accelerator accesses the data segment based on the physical address. The hardware accelerator scans the data segment for viruses by executing multiple pattern comparisons against the data segment. The hardware accelerator returns a result of the scanning to the general purpose processor via the system memory. | 04-03-2014 |
20140101720 | CONFIGURING INITIAL SETTINGS OF A NETWORK SECURITY DEVICE VIA A HAND-HELD COMPUTING DEVICE - Process, equipment, and computer program product code for configuring a network security device using a hand-held computing device are provided. Default initial settings for a network security device are received by a mobile application running on a hand-held computing device. The default initial settings represent settings that allow the network security device to be remotely managed via a network to which the network security device is coupled. The default initial settings are presented to a network administrator via a touch-screen display of the hand-held computing device. Revisions to or acceptance of the default initial settings are received by the mobile application. The mobile application causes the network security device to be configured with the revised or accepted default initial settings by delivering the settings to the network security device via a management interface to which the hand-held computing device is coupled via a connecting cable. | 04-10-2014 |
20140143876 | VIRUS CO-PROCESSOR INSTRUCTIONS AND METHODS FOR USING SUCH - Circuits and methods for detecting, identifying and/or removing undesired content are provided. According to one embodiment, a method for virus processing is provided. A data segment is received by a general purpose processor coupled to a virus co-processor and a memory via an interconnect bus. The memory includes a first signature and a second signature. The first includes a primitive instruction and a Content Pattern Recognition (CPR) instruction stored at contiguous locations in the memory and compiled for hardware execution on the co-processor. The second is compiled for software execution. The data segment is scanned by the general purpose processor by applying the second signature against the data segment. The co-processor is directed by the general purpose processor to scan the data segment by applying the first signature against the data segment by storing the data segment to the memory and indicating a request for a scan to the co-processor. | 05-22-2014 |
20140223540 | FIREWALL INTERFACE CONFIGURATION TO ENABLE BI-DIRECTIONAL VOIP TRAVERSAL COMMUNICATIONS - Methods and systems for an intelligent network protection gateway (NPG) and network architecture are provided. According to one embodiment, a firewall provides network-layer protection to internal hosts against unauthorized access by hosts of an external network by performing network address translation (NAT) processing of Internet Protocol (IP) addresses. The firewall changes data in headers of VoIP packets and corresponding data contents of the VoIP packets, to enable bi-directional VoIP communications. An external VoIP interface of the firewall receives incoming VoIP packets having a user alias (e.g., an email address) and an indication regarding a VoIP port of external interface. The packets are directed to an appropriate internal host by the firewall performing port address forwarding based on the port indication to an appropriate media gateway within the internal network that maintains a mapping of user aliases to private addresses of the internal hosts. | 08-07-2014 |
20140237601 | OPERATION OF A DUAL INSTRUCTION PIPE VIRUS CO-PROCESSOR - Circuits and methods are provided for detecting, identifying and/or removing undesired content. According to one embodiment, a content object is stored by a general purpose processor to a system memory. The memory has stored therein a page directory containing information for translating virtual addresses to physical addresses. Multiple most recently used entries of the page directory are cached, by a virus co-processor, within translation lookaside buffers (TLBs) implemented within an on-chip cache of the co-processor. Instructions are read by the co-processor, from a virus signature memory of the co-processor. The instructions contain op-codes of a first and second instruction type. Instructions of the first type are assigned to a first instruction pipe of the co-processor. An instruction assigned to the first instruction pipe is executed including accessing the content object by performing direct virtual memory addressing of the system memory and comparing the content object against a string. | 08-21-2014 |
20140258771 | HIGH-AVAILABILITY CLUSTER ARCHITECTURE AND PROTOCOL - Methods and systems are provided for an improved cluster-based network architecture. According to one embodiment, an active connection is established between a first interface of a network device and an enabled interface of a first cluster unit of a high availability (HA) cluster. The HA cluster is configured to provide connectivity between network devices of an internal and external network. A backup connection is established between a second interface of the network device and a disabled interface of a second cluster unit. While the first cluster unit is operational and has connectivity, it receives and processes all traffic originated by the network device that is destined for the external network. Upon determining the first cluster unit has failed or has lost connectivity, then all subsequent traffic originated by the network device that is destined for the external network is directed to the second cluster unit. | 09-11-2014 |
20140282816 | NOTIFYING USERS WITHIN A PROTECTED NETWORK REGARDING EVENTS AND INFORMATION - Systems and methods are provided for notifying users within protected network about various events and information. According to one embodiment, a method includes receiving, by a filtering device, a request originated by an application running on a client device. The method further includes making a determination, by the filtering device, whether the request is to be blocked or allowed, based on the one or more policies. If the request is to be blocked, a notification is provided to a user of the client device regarding the determination by causing the application to display a predefined message. | 09-18-2014 |
20140304827 | DATA LEAK PROTECTION - Methods and systems for Data Leak Prevention (DLP) in an enterprise network are provided. According to one embodiment a data leak protection method is provided. Information regarding a watermark filtering rule is received by a network device. The information includes a sensitivity level and an action to be applied to files observed by the network device that match the watermark filtering rule. A file attempted to be passed through the network device is received by the network device. A watermark embedded within the received file is detected by the network device. A sensitivity level associated with the watermark is compared by the network device to the sensitivity level of the watermark filtering rule after the watermark is detected. If the comparison results in a match, then the action specified by the watermark filtering rule is performed by the network device. | 10-09-2014 |
20140351937 | VIRUS CO-PROCESSOR INSTRUCTIONS AND METHODS FOR USING SUCH - Circuits and methods for detecting, identifying and/or removing undesired content are provided. According to one embodiment, a method for virus processing is provided. A virus signature file that includes multiple virus signatures capable of detecting and identifying a variety of known viruses is downloaded by a general purpose processor. It is determined by the general purpose processor whether a virus co-processor is coupled to the general purpose processor. When the virus co-processor is determined to be coupled to the general purpose processor, then it is further determined by the general purpose processor which virus signatures are supported by the virus co-processor (“CP-supported virus signatures”). The CP-supported virus signatures are transferred to a memory associated with the virus co-processor. The virus co-processor is directed by the general purpose processor to perform a virus scan based on the supported virus signatures. | 11-27-2014 |
20140380483 | OPERATION OF A DUAL INSTRUCTION PIPE VIRUS CO-PROCESSOR - Circuits and methods are provided for detecting, identifying and/or removing undesired content. According to one embodiment, a content object that is to be virus processed is stored by a general purpose processor to a system memory. Virus scan parameters for the content object are set up by the general purpose processor. Instructions from a virus signature memory of a virus co-processor are read by the virus co-processor based on the virus scan parameters. The instructions contain op-codes of a first instruction type and op-codes of a second instruction type. Those of the instructions containing op-codes of the first instruction type are assigned to a first instruction pipe of multiple instruction pipes of the virus co-processor for execution. An instruction of the assigned instructions containing op-codes of the first instruction type is executed by the first instruction pipe including accessing a portion of the content object from the system memory. | 12-25-2014 |
20150055481 | CONTEXT-AWARE PATTERN MATCHING ACCELERATOR - Methods and systems for improving accuracy, speed, and efficiency of context-aware pattern matching are provided. According to one embodiment, a packet stream is received and pre-matched by an acceleration device with one or more conditions to identify packets meeting the one or more conditions. The acceleration device then correlates at least one identified packet based on the one or more conditions to generate matching tokens of the packet that meet the one or more conditions and sends, to one or more processors of the acceleration device, the matching tokens along with identifiers of the one or more conditions so that the processors can process the matching tokens and the identifiers of the one or more conditions based on one or more of context aware string matching, regular expression matching, and packet field value matching to extract packets that match context of the one or more conditions. | 02-26-2015 |