Patent application number | Description | Published |
20090172301 | INTELLIGENT NETWORK INTERFACE CARD (NIC) OPTIMIZATIONS - Intelligent NIC optimizations includes system and methods for Token Table Posting, use of a Master Completion Queue, Notification Request Area (NRA) associated with completion queues, preferably in the Network Interface Card (NIC) for providing notification of request completions, and what we call Lazy Memory Deregistration which allows non-critical memory deregistration processing to occur during non-busy times. These intelligent NIC optimizations which can be applied outside the scope of VIA (e.g. iWARP and the like), but also support VIA. | 07-02-2009 |
20100306530 | WORKGROUP KEY WRAPPING FOR COMMUNITY OF INTEREST MEMBERSHIP AUTHENTICATION - Methods and systems for managing a community of interest are disclosed. One method includes creating a workgroup key associated with a community of interest, and protecting one or more resources associated with the community of interest using the workgroup key. The method also includes encrypting the workgroup key using a public key associated with an administrator of the community of interest, the public key included with a private key in a public/private key pair associated with the administrator. The method further includes storing the encrypted workgroup key and associating the workgroup key with a user, thereby adding the user to the community of interest. | 12-02-2010 |
20110131645 | LOAD BALANCING AND FAILOVER OF GATEWAY DEVICES - Methods and systems for load balancing and failover among gateway devices are disclosed. One method provides for assigning communication transaction handling to a gateway. The method includes receiving a request for a license from a computing device at a control gateway within a group of gateway devices including a plurality of gateway devices configured to support communication of cryptographically split data. The method also includes assigning communications from the computing device to one of the plurality of gateway devices based on a load balancing algorithm, and routing the communication request to the assigned gateway device. | 06-02-2011 |
20120084566 | METHODS AND SYSTEMS FOR PROVIDING AND CONTROLLING CRYPTOGRAPHIC SECURE COMMUNICATIONS ACROSS UNSECURED NETWORKS - Methods and systems for providing secure access to network resources are disclosed. A method includes defining in a provisioning utility one or more communities of interest, each community of interest including one or more users and associated with a key. The method includes providing a service key to a client computing device that is useable to establish a secure connection to a service enclave including an authorization server. The method also includes transmitting from the authorization server, for each community of interest including an identified user of the client computing device, an identity of a customer enclave and a key associated with a community of interest including the user of the client computing device, the community of interest including computing resources included in the customer enclave. | 04-05-2012 |
20120084838 | METHODS AND SYSTEMS FOR MANAGING CONCURRENT UNSECURED AND CRYPTOGRAPHICALLY SECURE COMMUNICATIONS ACROSS UNSECURED NETWORKS - An endpoint, method, and authorization server are disclosed which can be used to allow concurrent secure and clear text communication. An endpoint includes a computing system including a programmable circuit operatively connected to a memory and a communication interface, the communication interface configured to send and receive data packets via a data communications network. The endpoint also includes a filter defined in the memory of the computing system, the filter configured to define one or more access lists, each access list defining a group of access permissions for a community of interest. The community of interest includes one or more users, and an access list from among the one or more access lists defines a set of clear text access permissions associated with a community of interest. The endpoint also includes a driver executable by the programmable circuit, the driver configured to cooperate with the communication interface to send and receive data packets via the data communications network. The driver is also configured to selectively split and encrypt data into a plurality of data packets to be transmitted via the data communications network based at least in part upon the contents of the one or more access lists. | 04-05-2012 |
20120226792 | IPSEC Connection to Private Networks - A server hosting system and method of connecting to managed servers using IPsec are disclosed. The server hosting system includes a plurality of managed servers, and first and second secure communication appliances. The first secure communication appliance is configured to connect to a tenant appliance at a first tenant using an IPsec tunnel, and further configured to route data between a first managed server of the plurality of managed servers and the tenant appliance at the first tenant. The second secure communication appliance is configured to connect to a tenant appliance at a second tenant using an IPsec tunnel, and further configured to route data between a second managed server of the plurality of managed servers and the tenant appliance at the second tenant. | 09-06-2012 |
20130219172 | SYSTEM AND METHOD FOR PROVIDING A SECURE BOOK DEVICE USING CRYPTOGRAPHICALLY SECURE COMMUNICATIONS ACROSS SECURE NETWORKS - A gateway device is used to control the flow of data to and from a network. To ensure that a message is not transmitted beyond the edge of an intranet without authorization such as outside of a private network, or to a device within the private network without authorization, a gateway will only establish a communication session with a computing device within the private network that possess a requisite community-of-interest key. If either the gateway device or computing device does not possess a matching community-of-interest key then a communication session cannot be established between the computing device and gateway device. Other aspects include transmitting a message destined for another network by converting it into a format in which it can be received outside the private network without knowledge of the type of security measures used within the private network. | 08-22-2013 |
20140019745 | CRYPTOGRAPHIC ISOLATION OF VIRTUAL MACHINES - Virtual machines in a network may be isolated by encrypting transmissions between the virtual machines with keys possessed only by an intended recipient. Within a network, the virtual machines may be logically organized into a number of community-of-interest (COI) groups. Each COI may use an encryption key to secure communications within the COI, such that only other virtual machines in the COI may decrypt the message. Security may be further enhanced by establishing a session key for use during communications between a first and a second virtual machine. The session key may be encrypted with the COI key. | 01-16-2014 |
20140019750 | VIRTUAL GATEWAYS FOR ISOLATING VIRTUAL MACHINES - Virtual machines in a network may be isolated by encrypting transmissions between the virtual machines with keys possessed only by an intended recipient. Within a network, the virtual machines may be logically organized into a number of community-of-interest (COI) groups. Each COI may use an encryption key to secure communications within the COI, such that only other virtual machines in the COI may decrypt the message. Virtual machines may further be isolated through a virtual gateway assigned to handle all communications between a virtual machine and a device outside of the virtual machine's COI. The virtual gateway may be a separate virtual machine for handling decrypting and encrypting messages for transmission between virtual machines and other devices. | 01-16-2014 |
20140019959 | AUTOMATED PROVISIONING OF VIRTUAL MACHINES - Virtual machines in a network may be isolated by encrypting transmissions between the virtual machines with keys possessed only by an intended recipient. Within a network, the virtual machines may be logically organized into a number of community-of-interest (COI) groups. Each COI may use an encryption key to secure communications within the COI, such that only other virtual machines in the COI may decrypt the message. Virtual machines may be automatically provisioned with configuration information, such as the encryption keys, when the virtual machine is started. The provisioning information may be created based on a template stored on a configuration server. | 01-16-2014 |
20140122876 | SYSTEM AND METHOD FOR PROVIDING A SECURE BOOK DEVICE USING CRYPTOGRAPHICALLY SECURE COMMUNICATIONS ACROSS SECURE NETWORKS - Portions of split data belonging to a set of data are sent over different data paths to their destinations. The data set is cryptographically spat into portions of the data set, and each portion is transported over a choice of multiple data paths to its destination. For example, a message is physically separated into portions of a message which are encrypted and sent over more than one network path to reach a destination. As a result, a snooper in a network may only be able view a partial set of random, disjoint, and incoherent portions of the message which are also encrypted. The portions of the message are split up in such a way that even if the snooper captured some of the portions of data, it would be difficult to reconstruct the message without also capturing most other partial portions of the message spread throughout the entire infrastructure of the network. | 05-01-2014 |
20140123221 | SECURE CONNECTION FOR A REMOTE DEVICE THROUGH A VIRTUAL RELAY DEVICE - Virtual machines in a network may be isolated by encrypting transmissions between the virtual machines with keys possessed only by an intended recipient. Within a network, the virtual machines may be logically organized into a number of community-of-interest (COI) groups. Each COI may use an encryption key to secure communications within the COI, such that only other virtual machines in the COI may decrypt the message. Remote devices may gain access to virtual machines in a network through a virtual device relay. The virtual device relay receives data from the remote device, such as a tablet or cellular phone, and forwards the data to one of the virtual machines, when the virtual device relay shares a COI with the destination virtual machine. | 05-01-2014 |
20140123230 | VIRTUAL RELAY DEVICE FOR PROVIDING A SECURE CONNECTION TO A REMOTE DEVICE - Virtual machines in a network may be isolated by encrypting transmissions between the virtual machines with keys possessed only by an intended recipient. Within a network, the virtual machines may be logically organized into a number of community-of-interest (COI) groups. Each COI may use an encryption key to secure communications within the COI, such that only other virtual machines in the COI may decrypt the message. Remote devices may gain access to virtual machines in a network through a virtual device relay. The virtual device relay receives data from the remote device, such as a tablet or cellular phone, and forwards the data to one of the virtual machines, when the virtual device relay shares a COI with the destination virtual machine. | 05-01-2014 |
20140123268 | SECURE CONNECTION FOR A REMOTE DEVICE THROUGH A MOBILE APPLICATION - Virtual machines in a network may be isolated by encrypting transmissions between the virtual machines with keys possessed only by an intended recipient. Within a network, the virtual machines may be logically organized into a number of community-of-interest (COI) groups. Each COI may use an encryption key to secure communications within the COI, such that only other virtual machines in the COI may decrypt the message. Remote devices may gain access to virtual machines in a network through a virtual device relay. The virtual device relay receives data from the remote device, such as a tablet or cellular phone, and forwards the data to one of the virtual machines, when the virtual device relay shares a COI with the destination virtual machine. | 05-01-2014 |
20140157042 | LOAD BALANCING AND FAILOVER OF GATEWAY DEVICES - Methods and systems for load balancing and failover among gateway devices are disclosed. One method provides for assigning communication transaction handling to a gateway. The method includes receiving a request for a license from a computing device at a control gateway within a group of gateway devices including a plurality of gateway devices configured to support communication of cryptographically split data. The method also includes assigning communications from the computing device to one of the plurality of gateway devices based on a load balancing algorithm, and routing the communication request to the assigned gateway device. | 06-05-2014 |
20140282892 | SYSTEM AND METHOD FOR PROVIDING A SECURE BOOK DEVICE USING CRYPTOGRAPHICALLY SECURE COMMUNICATIONS ACROSS SECURE NETWORKS - A system for integrating access to separate and physically partitioned networks from a single client device is described. The system is interposed between the client device and the networks to allow communication between the client device and the networks, such that data remains partitioned between networks. The system includes a scrambler configured to mix portions of data of variable bit lengths. Typically, the scrambler receives the portions of data from each of the plurality of networks, intermixes the portions of data from the networks, then selects different paths for transporting the intermixed portions of data to the client device. Each of the different paths for transporting the intermixed portions of data are physically and/or logically partitioned from each other. Only when the data arrives on the client device is it able to be reassembled, and then only in particular partitioned locations on the client device corresponding to the particular network from which the data originated. | 09-18-2014 |
20150381597 | ENTERPRISE MANAGEMENT FOR SECURE NETWORK COMMUNICATIONS OVER IPSEC - Methods and systems for managing a secure enterprise are disclosed. One method includes initiating a management service at a server within the secure enterprise, the management service including a web interface providing administrative access to configuration settings associated with the secure enterprise, the management service initializing a secure communications protocol and managing access to a credential store, the credential store including a plurality of credentials defining communities of interest within the secure enterprise, each of the communities of interest defining a collection of authenticated endpoints having common access and usage rights. The method includes initiating an object management service at the server defining an interface to a configuration database, and accessing the configuration database to obtain data defining a configuration of the enterprise according to a configuration profile. The method includes applying configuration settings to the secure enterprise based on the data defining the configuration of the secure enterprise. | 12-31-2015 |
Patent application number | Description | Published |
20140317405 | SECURED COMMUNICATIONS ARRANGEMENT APPLYING INTERNET PROTOCOL SECURITY - A secure communications arrangement including an endpoint is disclosed. The endpoint includes a computing system. The computing system includes a user level services component and a kernel level callout driver interfaced to the user level services component and configured to establish an IPsec tunnel with a remote endpoint. The computing system also includes a filter engine storing one or more filters defining endpoints authorized to communicate with the endpoint via the IPsec tunnel. The computing system also includes a second kernel level driver configured to establish a secure tunnel using a second security protocol different from IPsec. | 10-23-2014 |
20140317720 | NEGOTIATION OF SECURITY PROTOCOLS AND PROTOCOL ATTRIBUTES IN SECURE COMMUNICATIONS ENVIRONMENT - Methods of communicatively connecting first and second endpoints are disclosed. One method includes transmitting from a first endpoint to a second endpoint a connection request, the connection request including an IP address of the second endpoint. The method further includes, based at least in part on the IP address of the second endpoint, selecting IPsec from among a plurality of available security protocols to first attempt to use in forming a tunnel between the first and second endpoints, and forming the tunnel between the first and second endpoints based on the connection request. | 10-23-2014 |
20150095649 | COMMUNITY OF INTEREST-BASED SECURED COMMUNICATIONS OVER IPSEC - A method and system for establishing secure communications between endpoints includes transmitting a first message including a token having one or more entries each corresponding to a community of interest associated with a user of the first endpoint and including an encryption key and a validation key associated with the first endpoint. The method includes receiving a second message including a second authorization token including one or more entries, each entry corresponding to a community of interest associated with a second user and including an encryption key and a validation key associated with the second endpoint. The method includes, for each community of interest associated with both users, decrypting an associated entry in the second authorization token to obtain the encryption key and validation key associated with the second endpoint. The method also includes generating a shared secret based on the key pair, transmitting a third message including the created key pair to the second endpoint, and initializing tunnel using the shared secret to derive encryption keys used for IPsec-secured communications between the endpoints. | 04-02-2015 |
20150381567 | CLEARTEXT GATEWAY FOR SECURE ENTERPRISE COMMUNICATIONS - A gateway computing system includes a memory storing cleartext gateway software and a programmable circuit communicatively connected to the memory. The programmable circuit is configured to execute computer-executable instructions including the cleartext gateway software. Execution of the cleartext gateway software by the programmable circuit causes the gateway computing system to instantiate at the gateway computing system a virtual device router including a cleartext interface configured to send and receive data packets from a cleartext endpoint and a secured interface configured to exchange data packets with one or more secured endpoints within a secured enterprise network, and load the virtual device router with community of interest material from an authentication server, the community of interest material associated with one or more communities of interest configured to allow access to the cleartext endpoint. | 12-31-2015 |
20150381568 | SECURE INTEGRATION OF HYBRID CLOUDS WITH ENTERPRISE NETWORKS - A system and method of managing secure integration of a cloud-based computing resource with a private domain are disclosed. One system includes a hybrid cloud arrangement including a plurality of virtual machines, the plurality of virtual machines including at least a first virtual machine within the private domain and a second virtual machine within a public cloud. The system also includes a virtual data relay within the private domain and associated with the second virtual machine. The virtual data relay includes a private domain interface used to establish a secure communication link according to a first security protocol with each virtual machine within the private domain that is a member of a community of interest, the virtual data relay assigned a community of interest key used by the private domain interface and defining the community of interest of which the second virtual machine is a member. The virtual data relay also includes a public cloud interface used to establish a secure communication link with the second virtual machine, the public cloud interface using a second security protocol different from the first security protocol. | 12-31-2015 |
20150381596 | REMOTE CREDENTIAL MANAGEMENT FOR HYBRID CLOUDS WITH ENTERPRISE NETWORKS - A system and method of initializing a virtual machine within a secure hybrid cloud is disclosed. One method includes transmitting service mode credentials to a cloud broker from a cloud-based virtual machine, receiving a service mode community of interest key from a credentialing service based on the service mode credentials, and establishing a secure service mode connection based on the service mode community of interest key. The method also includes receiving role VPN credentials at the cloud-based virtual machine and establishing a secure role connection to the cloud broker using the role VPN credentials, thereby providing, in response to the role VPN credentials, a role VPN community of interest key to a virtual data relay dedicated to the cloud-based virtual machine. The method further includes receiving role cloud credentials at the cloud-based virtual machine and establishing secure communications at the cloud-based virtual machine based on the role cloud credentials, including receiving a role cloud community of interest key at the cloud-based virtual machine used for secure communication among the cloud-based virtual machine and other cloud-based virtual machines within a common community of interest with the cloud-based virtual machine. | 12-31-2015 |
20150382193 | SECURE NETWORK COMMUNICATIONS IN A MOBILE DEVICE OVER IPSEC - Methods and systems of communicating with secure endpoints included within a secured network from a mobile device external to the secured network is disclosed. The method includes initiating a VPN-based secure connection to a VPN appliance, and initializing a stealth-based service on the mobile device. The method further includes transmitting user credential information from the mobile device to a VDR broker via the VPN appliance, and receiving status information from the VDR broker identifying a VDR associated with the mobile device and providing a connected status. The method also includes communicating with one or more secure endpoints within the secured network via a VPN connection to the VDR via the VPN appliance and through the VDR to the one or more secure endpoints within a community of interest based on the user credential information transmitted to the VDR broker. | 12-31-2015 |