Patent application number | Description | Published |
20100100738 | METHOD FOR ESTABLISHING A SECURE AD HOC WIRELESS LAN - Secure communications on a network. An unauthenticated client on an network sends start packets to locate other clients. The unauthenticated client receives responses to the start packets from other clients on the network. The responses may be advertise packets that are from advertising clients that may be authenticated clients or other unauthenticated clients in authenticated mode. The unauthenticated client prioritizes the received packets so that authentication can be performed with the most desirable advertising client. Authentication packets are sent and received between the unauthenticated client and the advertising client in an attempt to authenticate. | 04-22-2010 |
20100153696 | Pre-boot securing of operating system (OS) for endpoint evaluation - Methods and apparatus involve evaluating endpoint computing assets. The endpoint has both a traditional operating system for applications, and the like, and another operating system during a pre-boot phase of operation. During use, the traditional operating system identifies a last evaluation status of the computing device at a time just prior to shutting down. Upon a next booting, the pre-boot operating system loads and examines [reads] the last evaluation status. If the last evaluation status requires any completion action in order to comply with a predetermined computing policy, either or both the operating systems attend to its effectuation, including communication/handoff by way of one or more security agents. In a variety of ways, effectuation occurs by: determining a present location of the computing device, quarantining the computing device from certain network traffic; VPN enforcement; patching applications; firewall involvement; etc. Computer program products are also disclosed. | 06-17-2010 |
20100235514 | Securing a network connection by way of an endpoint computing device - Methods and apparatus involve securing a network connection by way of mobile, endpoint computing assets. The endpoints have one or more pre-defined security policies governing the connection that are balanced against competing interests of actually maintaining connections between devices, especially in WiMAX, MANET, MESH, or other ad hoc computing environments where poor security, signal strength, fragile connections or mobility issues are of traditional concern. In this manner, connections will not be lost over security enforcement in an otherwise hostile environment. The security policies are enforced in a variety of ways, but may be altered to lesser policies or not-so-strictly enforced so as to maintain satisfactory connections between devices. Other embodiments contemplate analyzing connectivity components before connection and selecting only those components that enable full or best compliance with the policies. Still other embodiments contemplate altering connections in order to maintain full enforcement of policies. Computer program products are also disclosed. | 09-16-2010 |
20100293610 | ENFORCING SECURE INTERNET CONNECTIONS FOR A MOBILE ENDPOINT COMPUTING DEVICE - Methods and apparatus enforce a secure internet connection from a mobiles endpoint computing device. A security policy for the endpoint is defined based on its location. From that location, an internet connection is established and detected. This event triggers the launching of a full VPN tunnel connection including an NDIS firewall forcing packet traffic through a port of the endpoint computing device assigned by the security policy and/or MAC/IP addresses of a VPN concentrator. Thereafter, the packet traffic is monitored for compliance with the security policy. This includes determining whether packet traffic over the assigned port is observed within a given time or packet traffic is attempted over other ports. Monitoring occurs whether or not the protocol of the VPN tunnel connection is known. Other features contemplate quarantining for improper operation of the VPN tunnel, undertaking remediation, and computer program products, to name a few. | 11-18-2010 |
20100303240 | KEY MANAGEMENT TO PROTECT ENCRYPTED DATA OF AN ENDPOINT COMPUTING DEVICE - Methods and apparatus involve protecting encrypted data of endpoint computing assets by managing decryption keys. The endpoint has both a traditional operating system for applications, and the like, and another operating system during a pre-boot phase of operation. During use, the pre-boot operating system prevents users of the endpoint from accessing the encrypted data and the key. Upon determining the encrypted data has been compromised, the key is disassociated from the encrypted data. Disassociation can occur in a variety of ways including deleting or scrambling the key and/or data or re-encrypting the encrypted data with a new key. Key escrowing and updating through the pre-boot is further contemplated. The pre-boot phase also contemplates a limited computing connection between the endpoint and a specified authentication server and approved networking ports, USB devices and biometric equipment. Security policies and enforcement modules are also disclosed as are computer program products, computing arrangements, etc. | 12-02-2010 |
20110078797 | Endpoint security threat mitigation with virtual machine imaging - Methods and apparatus involve the mitigation of security threats at a computing endpoint, such as a server, including dynamic virtual machine imaging. During use, a threat assessment is undertaken to determine whether a server is compromised by a security threat. If so, a countermeasure to counteract the security threat is developed and installed on a virtual representation of the server. In this manner, the compromised server can be replaced with its virtual representation, but while always maintaining the availability of the endpoint in the computing environment. Other features contemplate configuration of the virtual representation from a cloned image of the compromised server at least as of a time just before the compromise and configuration on separate or same hardware platforms. Testing of the countermeasure to determine success is another feature as is monitoring data flows to identifying compromises, including types or severity. Computer program products and systems are also taught. | 03-31-2011 |
20120151200 | REMOTE MANAGEMENT OF ENDPOINT COMPUTING DEVICE WITH FULL DISK ENCRYPTION - Methods and apparatus involve protecting data encrypted by a first key on an endpoint computing asset including a drive with full disk encryption. The endpoint has both a main operating system for applications, and the like, and another operating system during a pre-boot phase of operation. During use, the pre-boot operating system prevents a user of the endpoint from accessing the encrypted data and the key. In one embodiment, an information exchange partition on the endpoint is accessible from a remote location and includes data encrypted using a second key accessible to both the pre-boot operating system and the main operating system. Another embodiment allows for the provision of a network connection to the endpoint during the pre-boot phase of operation in accordance with a security policy. | 06-14-2012 |
Patent application number | Description | Published |
20110119150 | OUTSOURCED GENERATION OF BEHAVIOR-BASED CONTENT - A service is disclosed for enabling web sites and other entities to provide item recommendations and other behavior-based content to end users. The service can be implemented as a web service that is remotely accessible over the Internet. Web sites use the web service's interface to report events descriptive of item-related actions performed by end users (e.g., item views, item purchases, searches for items, etc.). The web service analyzes the reported event data on an aggregated basis to detect various types of associations between particular items, and stores resulting datasets that map items to associated items. The web service's interface also provides various API calls for enabling the web sites to request item recommendations and other behavior-based content, including but not limited to personalized recommendations that are based on the event history of the target user. | 05-19-2011 |
20130013749 | SERVICES FOR PROVIDING ITEM ASSOCIATION DATA - A service is disclosed for enabling web sites and other entities to provide item recommendations and other behavior-based content to end users. The service can be implemented as a web service that is remotely accessible over the Internet. Web sites use the web service's interface to report events descriptive of item-related actions performed by end users (e.g., item views, item purchases, searches for items, etc.). The web service analyzes the reported event data on an aggregated basis to detect various types of associations between particular items, and stores resulting datasets that map items to associated items. The web service's interface also provides various API calls for enabling the web sites to request item recommendations and other behavior-based content, including but not limited to personalized recommendations that are based on the event history of the target user. Advantageously, the web sites need not host the infrastructure for providing such content. | 01-10-2013 |