Patent application number | Description | Published |
20090172301 | INTELLIGENT NETWORK INTERFACE CARD (NIC) OPTIMIZATIONS - Intelligent NIC optimizations includes system and methods for Token Table Posting, use of a Master Completion Queue, Notification Request Area (NRA) associated with completion queues, preferably in the Network Interface Card (NIC) for providing notification of request completions, and what we call Lazy Memory Deregistration which allows non-critical memory deregistration processing to occur during non-busy times. These intelligent NIC optimizations which can be applied outside the scope of VIA (e.g. iWARP and the like), but also support VIA. | 07-02-2009 |
20100306530 | WORKGROUP KEY WRAPPING FOR COMMUNITY OF INTEREST MEMBERSHIP AUTHENTICATION - Methods and systems for managing a community of interest are disclosed. One method includes creating a workgroup key associated with a community of interest, and protecting one or more resources associated with the community of interest using the workgroup key. The method also includes encrypting the workgroup key using a public key associated with an administrator of the community of interest, the public key included with a private key in a public/private key pair associated with the administrator. The method further includes storing the encrypted workgroup key and associating the workgroup key with a user, thereby adding the user to the community of interest. | 12-02-2010 |
20110131645 | LOAD BALANCING AND FAILOVER OF GATEWAY DEVICES - Methods and systems for load balancing and failover among gateway devices are disclosed. One method provides for assigning communication transaction handling to a gateway. The method includes receiving a request for a license from a computing device at a control gateway within a group of gateway devices including a plurality of gateway devices configured to support communication of cryptographically split data. The method also includes assigning communications from the computing device to one of the plurality of gateway devices based on a load balancing algorithm, and routing the communication request to the assigned gateway device. | 06-02-2011 |
20120084566 | METHODS AND SYSTEMS FOR PROVIDING AND CONTROLLING CRYPTOGRAPHIC SECURE COMMUNICATIONS ACROSS UNSECURED NETWORKS - Methods and systems for providing secure access to network resources are disclosed. A method includes defining in a provisioning utility one or more communities of interest, each community of interest including one or more users and associated with a key. The method includes providing a service key to a client computing device that is useable to establish a secure connection to a service enclave including an authorization server. The method also includes transmitting from the authorization server, for each community of interest including an identified user of the client computing device, an identity of a customer enclave and a key associated with a community of interest including the user of the client computing device, the community of interest including computing resources included in the customer enclave. | 04-05-2012 |
20120084838 | METHODS AND SYSTEMS FOR MANAGING CONCURRENT UNSECURED AND CRYPTOGRAPHICALLY SECURE COMMUNICATIONS ACROSS UNSECURED NETWORKS - An endpoint, method, and authorization server are disclosed which can be used to allow concurrent secure and clear text communication. An endpoint includes a computing system including a programmable circuit operatively connected to a memory and a communication interface, the communication interface configured to send and receive data packets via a data communications network. The endpoint also includes a filter defined in the memory of the computing system, the filter configured to define one or more access lists, each access list defining a group of access permissions for a community of interest. The community of interest includes one or more users, and an access list from among the one or more access lists defines a set of clear text access permissions associated with a community of interest. The endpoint also includes a driver executable by the programmable circuit, the driver configured to cooperate with the communication interface to send and receive data packets via the data communications network. The driver is also configured to selectively split and encrypt data into a plurality of data packets to be transmitted via the data communications network based at least in part upon the contents of the one or more access lists. | 04-05-2012 |
20120226792 | IPSEC Connection to Private Networks - A server hosting system and method of connecting to managed servers using IPsec are disclosed. The server hosting system includes a plurality of managed servers, and first and second secure communication appliances. The first secure communication appliance is configured to connect to a tenant appliance at a first tenant using an IPsec tunnel, and further configured to route data between a first managed server of the plurality of managed servers and the tenant appliance at the first tenant. The second secure communication appliance is configured to connect to a tenant appliance at a second tenant using an IPsec tunnel, and further configured to route data between a second managed server of the plurality of managed servers and the tenant appliance at the second tenant. | 09-06-2012 |
20130219172 | SYSTEM AND METHOD FOR PROVIDING A SECURE BOOK DEVICE USING CRYPTOGRAPHICALLY SECURE COMMUNICATIONS ACROSS SECURE NETWORKS - A gateway device is used to control the flow of data to and from a network. To ensure that a message is not transmitted beyond the edge of an intranet without authorization such as outside of a private network, or to a device within the private network without authorization, a gateway will only establish a communication session with a computing device within the private network that possess a requisite community-of-interest key. If either the gateway device or computing device does not possess a matching community-of-interest key then a communication session cannot be established between the computing device and gateway device. Other aspects include transmitting a message destined for another network by converting it into a format in which it can be received outside the private network without knowledge of the type of security measures used within the private network. | 08-22-2013 |
20140019745 | CRYPTOGRAPHIC ISOLATION OF VIRTUAL MACHINES - Virtual machines in a network may be isolated by encrypting transmissions between the virtual machines with keys possessed only by an intended recipient. Within a network, the virtual machines may be logically organized into a number of community-of-interest (COI) groups. Each COI may use an encryption key to secure communications within the COI, such that only other virtual machines in the COI may decrypt the message. Security may be further enhanced by establishing a session key for use during communications between a first and a second virtual machine. The session key may be encrypted with the COI key. | 01-16-2014 |
20140019750 | VIRTUAL GATEWAYS FOR ISOLATING VIRTUAL MACHINES - Virtual machines in a network may be isolated by encrypting transmissions between the virtual machines with keys possessed only by an intended recipient. Within a network, the virtual machines may be logically organized into a number of community-of-interest (COI) groups. Each COI may use an encryption key to secure communications within the COI, such that only other virtual machines in the COI may decrypt the message. Virtual machines may further be isolated through a virtual gateway assigned to handle all communications between a virtual machine and a device outside of the virtual machine's COI. The virtual gateway may be a separate virtual machine for handling decrypting and encrypting messages for transmission between virtual machines and other devices. | 01-16-2014 |
20140019959 | AUTOMATED PROVISIONING OF VIRTUAL MACHINES - Virtual machines in a network may be isolated by encrypting transmissions between the virtual machines with keys possessed only by an intended recipient. Within a network, the virtual machines may be logically organized into a number of community-of-interest (COI) groups. Each COI may use an encryption key to secure communications within the COI, such that only other virtual machines in the COI may decrypt the message. Virtual machines may be automatically provisioned with configuration information, such as the encryption keys, when the virtual machine is started. The provisioning information may be created based on a template stored on a configuration server. | 01-16-2014 |
20140122876 | SYSTEM AND METHOD FOR PROVIDING A SECURE BOOK DEVICE USING CRYPTOGRAPHICALLY SECURE COMMUNICATIONS ACROSS SECURE NETWORKS - Portions of split data belonging to a set of data are sent over different data paths to their destinations. The data set is cryptographically spat into portions of the data set, and each portion is transported over a choice of multiple data paths to its destination. For example, a message is physically separated into portions of a message which are encrypted and sent over more than one network path to reach a destination. As a result, a snooper in a network may only be able view a partial set of random, disjoint, and incoherent portions of the message which are also encrypted. The portions of the message are split up in such a way that even if the snooper captured some of the portions of data, it would be difficult to reconstruct the message without also capturing most other partial portions of the message spread throughout the entire infrastructure of the network. | 05-01-2014 |
20140123221 | SECURE CONNECTION FOR A REMOTE DEVICE THROUGH A VIRTUAL RELAY DEVICE - Virtual machines in a network may be isolated by encrypting transmissions between the virtual machines with keys possessed only by an intended recipient. Within a network, the virtual machines may be logically organized into a number of community-of-interest (COI) groups. Each COI may use an encryption key to secure communications within the COI, such that only other virtual machines in the COI may decrypt the message. Remote devices may gain access to virtual machines in a network through a virtual device relay. The virtual device relay receives data from the remote device, such as a tablet or cellular phone, and forwards the data to one of the virtual machines, when the virtual device relay shares a COI with the destination virtual machine. | 05-01-2014 |
20140123230 | VIRTUAL RELAY DEVICE FOR PROVIDING A SECURE CONNECTION TO A REMOTE DEVICE - Virtual machines in a network may be isolated by encrypting transmissions between the virtual machines with keys possessed only by an intended recipient. Within a network, the virtual machines may be logically organized into a number of community-of-interest (COI) groups. Each COI may use an encryption key to secure communications within the COI, such that only other virtual machines in the COI may decrypt the message. Remote devices may gain access to virtual machines in a network through a virtual device relay. The virtual device relay receives data from the remote device, such as a tablet or cellular phone, and forwards the data to one of the virtual machines, when the virtual device relay shares a COI with the destination virtual machine. | 05-01-2014 |
20140123268 | SECURE CONNECTION FOR A REMOTE DEVICE THROUGH A MOBILE APPLICATION - Virtual machines in a network may be isolated by encrypting transmissions between the virtual machines with keys possessed only by an intended recipient. Within a network, the virtual machines may be logically organized into a number of community-of-interest (COI) groups. Each COI may use an encryption key to secure communications within the COI, such that only other virtual machines in the COI may decrypt the message. Remote devices may gain access to virtual machines in a network through a virtual device relay. The virtual device relay receives data from the remote device, such as a tablet or cellular phone, and forwards the data to one of the virtual machines, when the virtual device relay shares a COI with the destination virtual machine. | 05-01-2014 |
20140157042 | LOAD BALANCING AND FAILOVER OF GATEWAY DEVICES - Methods and systems for load balancing and failover among gateway devices are disclosed. One method provides for assigning communication transaction handling to a gateway. The method includes receiving a request for a license from a computing device at a control gateway within a group of gateway devices including a plurality of gateway devices configured to support communication of cryptographically split data. The method also includes assigning communications from the computing device to one of the plurality of gateway devices based on a load balancing algorithm, and routing the communication request to the assigned gateway device. | 06-05-2014 |
20140282892 | SYSTEM AND METHOD FOR PROVIDING A SECURE BOOK DEVICE USING CRYPTOGRAPHICALLY SECURE COMMUNICATIONS ACROSS SECURE NETWORKS - A system for integrating access to separate and physically partitioned networks from a single client device is described. The system is interposed between the client device and the networks to allow communication between the client device and the networks, such that data remains partitioned between networks. The system includes a scrambler configured to mix portions of data of variable bit lengths. Typically, the scrambler receives the portions of data from each of the plurality of networks, intermixes the portions of data from the networks, then selects different paths for transporting the intermixed portions of data to the client device. Each of the different paths for transporting the intermixed portions of data are physically and/or logically partitioned from each other. Only when the data arrives on the client device is it able to be reassembled, and then only in particular partitioned locations on the client device corresponding to the particular network from which the data originated. | 09-18-2014 |