BARRACUDA NETWORKS INC. Patent applications |
Patent application number | Title | Published |
20150180831 | Bigoted IPv6 Filtering Apparatus - An apparatus accesses many locations of a store for information about a specific Internet Protocol address. A filter concentrates and condenses a diffuse population widely dispersed in a ginormous address range into a smaller storage space with controllable error rate. A cloud service acquires, aggregates, and distributes IP address data structure records from and to globally distributed network access devices. A system of filter elements operating in parallel determines a plurality of storage addresses in memory to represent Internet Protocol addresses categorized for security. A method determines a plurality of storage addresses from each Internet Protocol address so characteristics of the IP address can be accessed at the storage addresses. | 06-25-2015 |
20150106880 | Authorized Document Distribution and Transmission Control By Groups of Categorized Clauses Apparatus and Method - A document is categorized according to clauses and groups of clauses. A distribution and transmission control system determines from a user login credential if the document may be stored to removable, transportable media or transmitted to an external server through network connections. A scoring system determines the level of sensitivity of the document according to its component clauses and resulting document category. Even if headers and footers are removed from a sensitive document, its component clauses flag the category and sensitivity. | 04-16-2015 |
20150106385 | Transformation of Documents To Display Clauses In Variance From Best Practices and Custom Rules Score Apparatus and Method. - Documents are scored and displayed with annotations for best practices, and variances from normal ranges of clauses and clause groups. Custom rules developed for an industry or for an enterprise further distinguish which documents need further review or approval by senior staff because of higher risks or commitments than standard terms and conditions. A display provides the document transformed with annotations about the scores or rules triggered by each group of clauses and accepts comments and approval or objections to acceptance of the document. The absence of best practices clauses for the category is noted for reference. | 04-16-2015 |
20150106378 | Document Categorization By Rules and Clause Group Scores Associated with Type Profiles Apparatus and Method - Legacy documents of an enterprise are scanned and analyzed to determine best practices and rules for each category. Clauses and groups of clauses are assigned scores for relative value. Each category of documents has a profile of the clauses and groups of clauses which establish a norm against which proposed new documents may be scored. A document is analyzed for clauses and groups of clauses. A score is determined for each document to measure its fit with a document category. An absence of an expected clause within group of clauses results in a lower score. An absence of a group of expected clauses results in an even lower score. A high score reflects that a document is substantially standard with its category. | 04-16-2015 |
20150106276 | Identification of Clauses in Conflict Across a Set of Documents Apparatus and Method - Documents are analyzed for best practices and compliance with rules normalized for an industry or an enterprise by identifying, grouping, and scoring clauses. Key clauses in each stored document are identified which distinguish a relationship with restrictions on the principal party. A document set containing potentially conflicting restrictions is scanned for clauses, which mutually conflict. Documents with circular dependencies, obligations on the same resources, commitments to exclusivity, or compel action or inaction are surfaced for renegotiation, risk remediation, or conflict resolution. | 04-16-2015 |
20150067860 | Virus Detector Controlled Backup Apparatus and File Restoration - A store for virus and malware fingerprints is coupled to a backup server apparatus which receives hashes and file shards from backup clients through a network. A circuit compares hashes received from backup clients to determine matches with file shards previously stored and matches with file shards with virus or malware infections. File shards not previously stored are received for backup and inspection by a virus filter. When a received file shard is determined to match a virus or malware fingerprint, a process is initiated to restore the file on the backup client to a clean version and notify the user and the network security administrator. The hashes of file shards determined to match a virus or malware fingerprint are stored for future reference. The data of a file shard which has been determined to be infected is also stored in case of a false-positive determination. | 03-05-2015 |
20140380471 | Binary Document Content Leak Prevention Apparatus, System, and Method of Operation - An apparatus, system, and method for measuring the similarity of communication packet binary objects to classified object binary objects is disclosed. The method determines at least one pattern signature in an Nth binary object, accessing a location in a similarity store which has object identifiers for each of the previous N−1 binary objects which contain the corresponding pattern, and writing the object identifier of the Nth binary object at that same location in the similarity store. Reporting the number of locations in similarity store which contain the object identifiers of a communication packet and a classified object is a measure of similarity to each other. Outgoing packets are blocked if they correlate highly with confidential documents or objects. | 12-25-2014 |
20140372383 | Log Access Method Storage Control Apparatus, Archive System, and Method of Operation - A file shard store includes high performance encoding and compaction circuits. An apparatus and its method of operation avoids duplicate storage of file fragments. A plurality of tables control write operations into a plurality of log segments. Shard keys are transferred to uniquely identify fragments of files which may have been previously stored and associated with one or more of client subscribers. An apparatus comprises a plurality of location/subscription tables, a shard transfer circuit, a storage control circuit, an append-to-log circuit coupled to a large storage array, and a log segment compactor circuit. | 12-18-2014 |
20140282585 | Organizing File Events by Their Hierarchical Paths for Multi-Threaded Synch and Parallel Access System, Apparatus, and Method of Operation - A cloud file event server transmits file events necessary to synchronize a file system of a file share client. A tree queue director circuit receives file events and stores each one into a tree data structure which represents the hierarchical paths of files within the file share client. An event normalization circuit sorts the file events stored at each node into sequential order and moots file events which do not have to be performed because a later file event makes them inconsequential. A thread scheduling circuit assigns a resource to perform file events at a first node in a hierarchical path before assigning one or more resources to a second node which is a child of the first node until interrupted by the tree queue director circuit or until all file events in the tree data structure have been performed. | 09-18-2014 |
20140258720 | SYSTEMS AND METHODS FOR TRANSPARENT PER-FILE ENCRYPTION AND DECRYPTION VIA METADATA IDENTIFICATION - A new approach is proposed that contemplates systems and methods to support encryption and decryption of files including data and source code associated with a software application running in a virtual environment on a per-file basis outside of a kernel of an operating system. The proposed approach utilizes metadata of the files associated with the software application to determine the files to be encrypted and decrypted and to monitor various properties of the files including the sizes of the unencrypted files for accurate reporting of information about the files. Under such an approach, the source code of the applications are encrypted and decrypted transparently at the file level without modifying or altering any of the source code of the application, the kernel and libraries of the operating system, and/or any components which are proprietary to the virtual environment. | 09-11-2014 |
20140256366 | Network Traffic Control via SMS Text Messaging - A wireless device is communicatively coupled via SMS text protocol to a network control device by a data modem. Authentication of the operator enables a limited number of fixed operations such as status reports, initializing a new network connection, and modifications to a routing table to be carried out. | 09-11-2014 |
20140250086 | WAN Gateway Optimization by Indicia Matching to Pre-cached Data Stream Apparatus, System, and Method of Operation - A network gateway coupled to a backup server on a wide area network which receives and de-duplicates binary objects. The backup server provides selected data segments of binary objects to the gateway to store into a prescient cache (p-cache) store. The network gateway optimizes network traffic by fulfilling a local client request from its local p-cache store instead of requiring further network traffic when it matches indicia of stored data segments stored in its p-cache store with indicia of a first segment of a binary object requested from and received from a remote server. | 09-04-2014 |
20140248912 | SYSTEMS AND METHODS FOR SHARING OF GEO-TAGGED FILE SEGMENTS BASED ON LOCATION OF A MOBILE DEVICE - A new approach is proposed that contemplates systems and methods to support providing a mobile device associated with a user a plurality of file segments retrieved based on the location of the mobile device. Under the approach, when the user arrives at a location, a remote file/copy server receives a location indicia of the mobile device independent of and separated from a request for an electronic document by the mobile device. The remote server determines a geo-fenced area based on the location indicia of the mobile device, searches for and retrieves from a database one or more geo-tagged file segments that match the location of the mobile device. The remote copy server then assembles a specific edition of the electronic document, which includes at least one geo-tagged file segment pertinent to the location of the mobile device and transmits the assembled electronic document to this and/or another computing/communication device associated with the user and/or another entity at the current/last known location of the user. | 09-04-2014 |
20140237471 | Boot and Browse Apparatus Coupled to Backup Archive and Method of Operation - A system enables booting a virtual machine and browsing files from a de-duplicated backup server by initializing a virtual machine process, and setting up NFS services connecting the NFS service to a fake disk. The fake disk is actualized by a backup server and an overlay store. Writing into the fake disk is supported by an overlay store. Reading from the fake disk is supported by file reads from the backup server or from the overlay store. | 08-21-2014 |
20140236892 | SYSTEMS AND METHODS FOR VIRTUAL MACHINE BACKUP PROCESS BY EXAMINING FILE SYSTEM JOURNAL RECORDS - A new approach is proposed that contemplates systems and methods to support backing up only portions of data associated with a virtual machine that have been changed since the last backup of the data was performed. During a backup process, the proposed approach looks for a journal record of a file system located within one of the partitions on a virtual disk of the virtual machine, wherein the journal record reflects disk operations that have been performed to a storage device associated with a host device/machine running the virtual machine. Once portions of the storage device which data have been modified since the last data backup are identified based on the journal of the file system, only the modified portions of the storage device are submitted to the backup process to be backed up to a backup storage device. | 08-21-2014 |
20140181895 | Off campus wireless mobile browser and web filtering system - A mobile wireless safe browser receives a destination link, host, uniform resource identifier, or Internet Protocol address. Prior to requesting a resource from the destination, the safe browser transmits a query over the air to a reputation service and receives a messages enabling or disabling conventional browser request for IP address or resources at the destination host. The user is identified to a reputation service which maintains categories of websites and a policy file for each user which enables or disables access to each category . | 06-26-2014 |
20140104420 | Point of recordation terminal apparatus and method of operation - A system for providing video intelligence as a service to a plurality of small and medium sized enterprises to distributed video recordation equipment, comprising an apparatus and computer-implemented method. An apparatus comprises a point of recordation terminal apparatus coupled to a public network. A method for operating a system for video intelligence in a public network in a secure manner. | 04-17-2014 |
20140101442 | SYSTEM AND WEB SECURITY AGENT METHOD FOR CERTIFICATE AUTHORITY REPUTATION ENFORCEMENT - Network security administrators are enabled to revoke certificates with their customizable certificate authority reputation policy store which is informed by an independent certificate authority reputation server when a CA is deprecated or has fraudulent certificate generation. The custom policy store overrides trusted root certificate stores accessible to an operating system web networking layer or to a third party browser. Importing revocation lists or updating browsers or operating system is made redundant. The apparatus protects an endpoint from a man-in-the-middle attack when a certificate authority has lost control over certificates used in TLS. | 04-10-2014 |
20130329749 | TRANSMISSION APPARATUS OPERATION FOR VPN OPTIMIZATION BY DEFRAGMENTATION AND DEDUPLICATION METHOD - A transmission apparatus operation method for optimizing a virtual private network operates by defragmenting and de-duplicating transfer of variable sized blocks. A large data object is converted to a plurality of data paragraphs by a fingerprinting method. Each data paragraph is cached and hashed. The hashes are transmitted to at least one satellite apparatus. Only data paragraphs which were not previously cached at each satellite are transferred. | 12-12-2013 |
20130328886 | SYSTEMS AND METHODS FOR CREATING AN ELECTRONIC SIGNATURE - Systems and methods for creating an electronic signature that looks like a handwritten signature. | 12-12-2013 |
20130104189 | Controlling Transmission of Unauthorized Unobservable Content in Email Using Policy - A system, method, and apparatus is disclosed to control mail server in handling encrypted messages according to a policy. | 04-25-2013 |
20130103955 | Controlling Transmission of Unauthorized Unobservable Content in Email Using Policy - A system, method, and apparatus is disclosed to control mail server in handling encrypted messages according to a policy. | 04-25-2013 |
20130103918 | Adaptive Concentrating Data Transmission Heap Buffer and Method - An apparatus includes a data container unloading circuit which frees a container either by discarding the contents or transmitting the contents to its destination. A data container loading circuit receives a plurality of submittals of various sizes and selects an appropriately sized free container. If no free container has sufficient capacity the loading circuit blocks all loading until a container of sufficient size becomes available. A container tailor circuit checks for available free space in the buffer and transfers capacity among free containers to resize one to fit an incoming submittal. The mix of container sizes can be adapted over time to reflect the changing sizes of the traffic. | 04-25-2013 |
20130097195 | Method For Measuring Similarity Of Diverse Binary Objects Comprising Bit Patterns - An apparatus, system, and method for measuring the similarity of binary objects is disclosed. The method determines at least one pattern signature in an Nth binary object, accessing a location in a similarity store which has object identifiers for each of the previous N−1 binary objects which contain the corresponding pattern, and writing the object identifier of the Nth binary object at that same location in the similarity store. Reporting the number of locations in similarity store which contain the object identifiers of two apparently diverse binary objects is a measure of similarity to each other. | 04-18-2013 |
20130080407 | Client -Server Transactional Pre-Archival Apparatus - An apparatus which receives client-server transactions such as HTTP REQUESTS and transforms them into a synopsis format for archival storage. HTTP transactions are logged and parsed for key words called HTTP METHODS. For each HTTP METHOD, data is extracted from the message or the resources provided by the transaction. The data is efficiently stored into a transaction store. The data is also indexed and the index is stored into the transaction store. A record is kept for all concurrent sessions by usernames associated with a directory entry. | 03-28-2013 |
20130061281 | System and Web Security Agent Method for Certificate Authority Reputation Enforcement - Network security administrators are enabled with their customizable certificate authority reputation policy store which is informed by an independent certificate authority reputation server. The custom policy store overrides trusted root certificate stores accessible to an operating system web networking layer or to a third party browser. Importing revocation lists or updating browsers or operating system is made redundant. Proactive remediation is enabled to delete or disable root certificates in trusted operating system root certificate stores or in trusted browser root certificate stores by a web security agent installed at distributed endpoints. This removes the need for additional hardware or synchronous remote access over the protected endpoints. | 03-07-2013 |
20130061038 | Proxy Apparatus for Certificate Authority Reputation Enforcement in the Middle - Network security administrators are enabled with their customizable certificate authority reputation policy store which is informed by an independent certificate authority reputation server. The custom policy store overrides trusted root certificate stores accessible to an operating system web networking layer or to a third party browser. Importing revocation lists or updating browsers or operating system is made redundant. The apparatus redirects or rewrites traffic to protect a plurality of endpoints from a man-in-the-middle attack when a certificate authority has lost control over certificates used in TLS. | 03-07-2013 |
20130060836 | Configuring a plurality of diverse devices/services from an adaptive configuration control hyper-server apparatus - When each new device or service is installed into a network, a hyper-server reads a configuration description provided by the new device or service and adapts to provide a user interface for configuring its capabilities. A first server gathers descriptions of available commands and parameters from many diverse devices and services. A second server presents an administrator or operator with a control panel for one or many client devices. The panel presentation changes with respect to the devices or services selected. The hyper-server registers the capabilities of each device or service and transfers the commands and parameter settings to the appropriate device or service under configuration control. | 03-07-2013 |
20120317642 | Parallel Tracing Apparatus For Malicious Websites - An apparatus and system for scoring and grading websites and method of operation. An apparatus receives one or more Uniform Resource Identifiers (URI), requests and receives a resource such as a webpage, and observes the behaviors of a commercial browser operating within a commercial operating system over a multi-core processor having hardware containing virtualization extensions. The apparatus records and stores objects and packets captured while the browser is controlled by software received from a server accessed via the URI. | 12-13-2012 |
20120158867 | CLOUD MESSAGE TRANSFER APPARATUS TO REDUCE NON-DELIVERY REPORTS - Duplicate deliveries of email messages are prevented when a transient failure prevents delivery to some of a plurality of intended recipients but delivery to an other one or more of the intended recipients is successful. After receiving a list of recipients, an email body, and an “end of data” sequence, but prior to responding to the “end of data” sequence, an email server determines a transient failure reply code when any one of the address mailboxes of intended recipients is not available. A message-memorandum, such as the globally unique message-id and the address of one or more successful recipients is stored into a memorandum store. A subsequent transmission of the corresponding message will only be delivered to recipients who have not previously received it. Using this invention, the receiving/relay system would persistently track which recipients were allowed or refused by some unique characteristic of the message, such as internet message ID or a checksum of the distinct portions of the message/envelope that are unlikely to change (e.g. sender, recipients, body). Once a message has been identified as one that has been previously partially deferred, the recipients that were previously allowed would be ignored and delivery would be attempted only to the recipients that had not previously been allowed. | 06-21-2012 |
20120023112 | Method for measuring similarity of diverse binary objects comprising bit patterns - An apparatus, system, and method for measuring the similarity of diverse binary objects, such as files, is disclosed. The method comprises determining a plurality of digital signatures in each of a plurality of dissimilar objects, for each digital signature, accessing a location in a store which has object identifiers for each object which also exhibits at least one instance of the digital signature, writing into the store the object identifiers of all the objects which have the corresponding pattern and the number of times the pattern is found, and making a list of all the objects which share a pattern found in each object. Analyzing the list determines the degree of similarity of a particular object with each of a plurality of diverse binary objects. | 01-26-2012 |
20120017096 | More Elegant Exastore Apparatus and Method of Operation - An apparatus to scale for multiple petabyte backup in redundant locations. Workload is automatically shared among many servers by a characteristic derived from the content itself. Duplicate storage is eliminated by checking for the existence or absence of simple files and appending client identification to files shared among multiple subscribers. Replication depends on simple atomic file operations rather than use of tables or databases. An efficient storage method for much larger quantities of data than conventional services. | 01-19-2012 |
20110289582 | METHOD FOR DETECTING MALICIOUS JAVASCRIPT - An apparatus and system for scoring and grading websites and method of operation. An apparatus receives one or more Uniform Resource Identifiers (URI), requests and receives a resource such as a webpage, and observes the behaviors of an enhanced browser emulator as controlled by javascript provided by the webpage. The enhanced browser emulator tracks behaviors which when aggregated imply malicious intent. | 11-24-2011 |
20110289575 | DIRECTORY AUTHENTICATION METHOD FOR POLICY DRIVEN WEB FILTERING - Enabling web filtering by authenticated group membership, role, or user identity is provided by embedding a uniform resource identifier into an electronic document requested by a client. A client browser will provide directory credentials to a trusted web filter apparatus enabling a policy controlled access to resources external to the trusted network. An apparatus comprises circuits for transmitting a uniform resource identifier to a client, receiving a request comprising authentication credentials, querying a policy database and determining a customized policy for access to an externally sourced electronic document or application. A computer-implemented technique to simplify web filter administrator tasks by removing a need to set each browsers settings or install additional software on each user terminal. | 11-24-2011 |
20110289434 | Certified URL checking, caching, and categorization service - Disclosed is a method, a computer system and a computer readable media product that contains a set of computer executable software instructions for directing the computer system to execute a process for generating improved abbreviated uniform resource identifiers (URI) commonly called an URL. A system comprises an URL shortening server, coupled to a web filter, coupled to a proxy server, coupled to a domain name system server. A user may append host and domain as a suffix to a shortened URL to request at least one of web filtering, categorization, and preview before redirection to the site. A site receives a request for an abbreviated URL or a categorized abbreviated URL which is provided upon passing a webfilter. | 11-24-2011 |
20110258272 | FACILITATING TRANSMISSION OF AN EMAIL OF A WELL BEHAVED SENDER BY EXTRACTING EMAIL PARAMETERS AND QUERYING A DATABASE - Facilitating email transmission by extracting email parameters, requesting data in the form of a dns query, and receiving a sender reputation as an IP address. Querying a database by sending a plurality of arguments concatenated to a dns request and receiving an IP address in reply. Filtering email by querying a database with email parameters comprising an IP address and a domain of an email sender which may be extracted from an packet headers in the SMTP sequence up to and including the MAIL command and prior to the DATA command. The smtp session is continued, modified or interrupted according to the result of the query submitted to a database operating as a dns server. | 10-20-2011 |
20110249683 | TRANSMISSION APPARATUS FOR VPN OPTIMIZATION BY DEFRAGMENTATION AND DEDUPLICATION AND METHOD - A transmission apparatus for optimizing a virtual private network operates by defragmenting and deduplicating transfer of variable sized blocks. A large data object is converted to a plurality of data paragraphs by a fingerprinting method. Each data paragraph is cached and hashed. The hashes are transmitted to at least one satellite apparatus. Only data paragraphs which are not previously cached at each satellite are transferred. | 10-13-2011 |
20110249680 | RECEPTION APPARATUS FOR VPN OPTIMIZATION BY DEFRAGMENTATION AND DEDUPLICATION AND METHOD - A reception apparatus for optimizing a virtual private network operates by defragmenting and deduplicating transfer of variable sized blocks. A large data object is converted to a plurality of data paragraphs by a fingerprinting method. Each data paragraph is cached and hashed. The hashes are transmitted from a primary apparatus. Only data paragraphs which are not previously cached at satellite are received. The data object is integrated from stored and newly transmitted data paragraphs and transmitted to its destination IP address. | 10-13-2011 |
20110239291 | Detecting and Thwarting Browser-Based Network Intrusion Attacks For Intellectual Property Misappropriation System and Method - Detecting and thwarting browser-based network intrusion attacks for intellectual property misappropriation is provided by enabling a local machine to direct retrieval of resources using uniform resource identifiers to a browser operating within a virtual machine whose internet protocol address is within a range external to a trusted network sub-circuit. Such a virtual machine is constrained by not having access to the Active Director Server of the trusted network. Such a virtual machine is constrained by not having access to other resources of the trusted network. Such a virtual machine is constrained by a monitor application which terminates the virtual machine if characteristics of intrusion or network attack are observed within the virtual machine. | 09-29-2011 |
20110225244 | TRACING DOMAINS TO AUTHORITATIVE SERVERS ASSOCIATED WITH SPAM - The invention provides a method and system for filtering email which may contain links to a large number of rapidly synthesized domains serving spam content by referencing a database of categorized authoritative servers, querying a domain name system server for an authoritative server associated with domain names embedded in email, and accessing the database of categorized authoritative servers for a match. | 09-15-2011 |
20110035795 | PORT HOPPING AND SEEK YOU PEER TO PEER TRAFFIC CONTROL METHOD AND SYSTEM - A network apparatus, system, and method for operating a server to identify and subsequently control suspected peer-to-peer (P2P) sources transmitting traffic from a first network to a second network. Identifying a peer-to-peer source by a characteristic of destination port profile. Identifying a peer-to-peer source by a characteristic of destination host IP address profile. Determining when hopping ports usage comprise a data stream. Determining when destination IP address usage represent “Seek You” (CQ) like call behavior analogous to a radio invitation for any operators listening to respond. | 02-10-2011 |
20110030060 | METHOD FOR DETECTING MALICIOUS JAVASCRIPT - A method provides Dynamic Analysis to identify URL provisioning malicious javascripts comprising tracing frequently used javascript feature used to either inject malicious javascript in html response or redirecting user to the website that is serving malicious contents. An apparatus embodiment operates in the cloud in the middle where it identifies javascript in the response traffic and then requests the other corresponding javascript and can make a determination before delivering the original content to the user. | 02-03-2011 |
20110022670 | FACILITATING TRANSMISSION OF EMAIL BY CHECKING EMAIL PARAMETERS WITH A DATABASE OF WELL BEHAVED SENDERS - Facilitating email transmission by extracting email parameters, requesting data in the form of a dns query, and receiving a sender reputation as an IP address. Querying a database by sending a plurality of arguments concatenated to a dns request and receiving an IP address in reply. Operating a remote database as a dns server, receiving queries as domains and transmitting replies in the format of IPv4 or IPv6 addresses. Filtering email by querying a database with email parameters comprising an IP address and a domain of an email sender which may be extracted from an email header in the HELO, EHLO, MAIL FROM, or RETURN PATH. The smtp session is continued, modified or interrupted according to the result of the query submitted to a database operating as a dns server. | 01-27-2011 |
20110004750 | Hierarchical skipping method for optimizing data transfer through retrieval and identification of non-redundant components - A method for optimizing data transfer through retrieval and identification of non-redundant components. Efficiently packing each network transmission block using sequence search criteria. A hierarchical skipping method. Avoidance of sending undesired pieces. Segmentation of each file and object into a hierarchy of pieces in a plurality of types. | 01-06-2011 |
20110004601 | Multi-streamed method for optimizing data transfer through parallelized interlacing of data based upon sorted characteristics to minimize latencies inherent in the system - A method for optimizing data transfer through parallelized interlacing of data based upon sorted characteristics to minimize latencies inherent in the system. Operating a plurality of threads in parallel on disparate file sizes ordered by an additional thread. Efficient backup of heterogeneous non-volatile mass store to a network attached server. Scalable distribution of backup processes for computing hashes and eliminating duplication. Increased granularity of file pieces to match blocking of file I/O with network transmission. Efficiently packing each network transmission block using sequence search criteria. Avoidance of sending undesired pieces. Segmentation of each file and object into a hierarchy of pieces in a plurality of types. | 01-06-2011 |
20100325240 | QUERYING A DATABASE AS A DOMAIN NAME SYSTEM RESOLVER - Querying a database by sending a plurality of arguments concatenated to a Domain Name System request and receiving a reply in the form of text or encoded as an IPv4 or an IPv6 address. | 12-23-2010 |
20100318681 | PROTOCOL-INDEPENDENT, MOBILE, WEB FILTER SYSTEM PROVISIONING DNS TRIAGE, URI SCANNER, AND QUERY PROXY SERVICES - A system comprising three services: query string proxy, URI path scanner, and domain name system triage. A query string proxy sends a request on behalf of a client and analyzes the response from a remote server. A URI path scanner performs keyword matching on the entire path of a uniform resource identifier. A domain name system triage service receives a UDP request prior to establishing any protocol session between a client and a server and returns one IP address selected from the following: a block IP address, a trusted IP address, and a redirection to enhanced filter service IP address. | 12-16-2010 |
20100260187 | VPN OPTIMIZATION BY DEFRAGMENTATION AND DEDUPLICATION APPARATUS AND METHOD - An apparatus for optimizing a virtual private network operates by defragmenting and deduplicating transfer of variable sized blocks. A large data object is converted to a plurality of data paragraphs by a fingerprinting method. Each data paragraph is cached and hashed. The hashes are transmitted between a primary and a satellite apparatus. Only data paragraphs which are not cached at both the primary and satellite are transferred. The data object is integrated from data paragraphs stored in cache and transmitted to its destination IP address. | 10-14-2010 |
20100251372 | DEMAND SCHEDULED EMAIL VIRUS AFTERBURNER APPARATUS, METHOD, AND SYSTEM - Queuing and rescanning email for most recently detected virus signatures. An apparatus comprising a first virus scanning circuit operating on received email and a second virus scanning circuit operating on the outbound email queue and quarantine store. Rescanning for viruses while delivering email to downstream email server or viewing quarantine with virus signatures not previously known when the virus was first introduced to the wild. A circuit determines that an email server or an email client is active and ready to retrieve or read emails from quarantine or from the output queue of a an anti-virus, anti-spam appliance. Upon that condition, one or more virus signatures are read from a most recently discovered virus signature syndication server. Emails in the output queue, or quarantine or rescanned before transmission to the destination email server. | 09-30-2010 |
20100241619 | BACKUP APPARATUS WITH HIGHER SECURITY AND LOWER NETWORK BANDWIDTH CONSUMPTION - A system for more secure, more efficient, more widely applicable backup, retention, and retrieval of data. An apparatus comprising improved means for de-duplication of data and securely storing data remotely with efficient retention and recovery. A method comprising disassembling data objects, efficiently de-duplicating, securely storing and retrieving backups in shared servers on a public network, and controlling retention. | 09-23-2010 |
20100211639 | APPARATUS AND METHOD FOR SERVING ANNULAR MESSAGES TO LOCAL BROWSERS - A system to enable a local area network operator to optimize bandwidth by controlling annular display surrounding sourced content. An apparatus for storing content sponsor messages locally to a user's network. A method for selecting among locally served messages, images, and applications to support delivery of content provider's intellectual property. In short, optimizing and tuning the delivery of the message annulus surrounding the “news hole” of a webpage. | 08-19-2010 |
20100180027 | CONTROLLING TRANSMISSION OF UNAUTHORIZED UNOBSERVABLE CONTENT IN EMAIL USING POLICY - A system, method, and apparatus is disclosed to control mail server in handling encrypted messages. | 07-15-2010 |
20100174829 | APPARATUS FOR TO PROVIDE CONTENT TO AND QUERY A REVERSE DOMAIN NAME SYSTEM SERVER - An apparatus is disclosed for to provide content to and query a reverse domain name system (DNS) server without depending on the kindness of domain name system registrars, registrants. DNS replies are observed by firewalls or filters, analyzed, and transmitted to a reverse domain name system server. An embodiment of the present invention can be within a DNS server or SMTP server. | 07-08-2010 |
20100146260 | TANDEM ENCRYPTION CONNECTIONS TO PROVIDE NETWORK TRAFFIC SECURITY METHOD AND APPARATUS - Security measures are applied to encrypted data exchanges by enabling content decryption, rule application, and content re-encryption at a network location. A certificate, self-signed or authenticated by an official Certificate Authority is obtained for and installed within the secure proxy apparatus. A link to a secure page is replaced with a link to a page having a fully qualified domain name of the proxy apparatus as the suffix. An encrypted session between the client is established between the client and the proxy apparatus without deceit in the later case. A first encryption-enabled connection is established from the first node to a content filter, while a second encryption-enabled connection is established from the content filter to the second node. Following decryption, a determination is made as to whether the content includes Undesired Data. Restricted material is blocked, while unrestricted material is re-encrypted and delivered to the destination node. For a self-signed certificate, the destination node comprises a private security system-signed root certificate installed in the destination node's Trusted Root Certification Authorities certificate store. In another aspect of the invention, at least one of encrypted Instant Messages, e-mail messages and web pages are decrypted and recorded at a location between sources and destinations of the transmissions. The look and feel is maintained of a single encrypted link between the requestor and the external source by the inventive use of a wildcard certificate within the network local to the requestor. | 06-10-2010 |
20100131646 | POLICY-MANAGED DNS SERVER FOR TO CONTROL NETWORK TRAFFIC - Disclosed is a method, a computer system, and a computer-readable media product that contains a set of computer executable software instructions for directing the computer to execute a process for policy-based operation of a DNS server apparatus to manage traffic due to undesirable mail or requests for electronic documents. The policies operate according to owners, regions, or countries controlling source IP addresses and deterministically select from a plurality of non-equivalent replies to be sent to the source IP address. Accumulating previous activity records may assist in determining which traffic may be usefully deferred or suppressed. The process includes withholding certain information from certain DNS servers seeking IP addresses to improve overall security and integrity of the Internet. | 05-27-2010 |
20100121981 | AUTOMATED VERIFICATION OF DNS ACCURACY - Disclosed is a method, a computer system, and a computer readable media product that contains a set of computer executable software instructions for directing the computer to execute a process for independent confirmation of DNS replies to foil DNS cache poisoning attacks. The process comprises comparing a plurality of DNS replies for an exact or predefined “close enough” match as a condition for blocking or forwarding a DNS reply to a resolver. The tangible beneficial result is to prevent the success of a dns cache poisoning attack from diverting a user to a malicious site on the internet. | 05-13-2010 |
20100088742 | APPARATUS FOR DEFINING A SET OF RULES FOR A PACKET FORWARDING DEVICE - There are methods and apparatus, including computer program products, for defining a policy including a set of rules for a packet forwarding device by receiving information sufficient to enable a first rule related to one of security or traffic management to be defined, and based on the received information, enabling a corresponding second rule related to the other one of security or traffic management to be defined. | 04-08-2010 |
20100088741 | METHOD FOR DEFINING A SET OF RULES FOR A PACKET FORWARDING DEVICE - There are methods and apparatus, including computer program products, for defining a policy including a set of rules for a packet forwarding device by receiving information sufficient to enable a first rule related to one of security or traffic management to be defined, and based on the received information, enabling a corresponding second rule related to the other one of security or traffic management to be defined. | 04-08-2010 |
20100049985 | DISTRIBUTED FREQUENCY DATA COLLECTION VIA DNS NETWORKING - Domain Name Service (DNS) requests are used as the reporting vehicle for ensuring that security-related information can be transferred from a network. As one possibility, a central facility for a security provider may maintain a data collection capability that is based upon receiving the DNS requests containing the information being reported. In an email application, if a data block is embedded within or attached to an email message, an algorithm is applied to the data block to generate an indicator that is specifically related to the contents of the data block. As one possibility, the algorithm may generate a hash that provides a “digital fingerprint” having a reasonable likelihood that the hash is unique to the data block. By embedding the hash within a DNS request, the request becomes a report that the data block has been accessed. | 02-25-2010 |
20100049893 | LINK BALANCER APPARATUS WITH LOW PROFILE PLURAL PORT INPUT / OUTPUT CARD - A space-conscious system utilizes a low profile expansion card for providing a physical and electrical interface between a larger scale board, such as a motherboard, and a plurality of external components. The expansion card is mounted in a perpendicular orientation relative to the larger scale board, despite dimensional limitations with regard to such an orientation. The expansion card includes an input/output circuit board and a plurality of “signal-conduction extenders” for enabling coupling a plurality of ports to an external wall of the housing in which the expansion card and larger scale board are contained. In one possible embodiment, the housing is compatible with the 1U standard, the expansion card is an Ethernet card, and there is an adapter board at the front wall of the housing for routing connections from the expansion card to a plurality of exposed ports. The invention allows more than two of the expansion cards to be mounted in parallel within the same container. | 02-25-2010 |
20100049848 | DISTRIBUTED FREQUENCY DATA COLLECTION VIA INDICATOR EMBEDDED WITH DNS REQUEST - Domain Name Service (DNS) requests are used as the reporting vehicle for ensuring that security-related information can be transferred from a network. As one possibility, a central facility for a security provider may maintain a data collection capability that is based upon receiving the DNS requests containing the information being reported. In an email application, if a data block is embedded within or attached to an email message, an algorithm is applied to the data block to generate an indicator that is specifically related to the contents of the data block. As one possibility, the algorithm may generate a hash that provides a “digital fingerprint” having a reasonable likelihood that the hash is unique to the data block. By embedding the hash within a DNS request, the request becomes a report that the data block has been accessed. | 02-25-2010 |
20100031323 | Network Interface Device - There are methods and apparatus, including computer program products, for defining a policy including a set of rules for a packet forwarding device by receiving information sufficient to enable a first rule related to one of security or traffic management to be defined, and based on the received information, enabling a corresponding second rule related to the other one of security or traffic management to be defined. | 02-04-2010 |
20100011420 | OPERATING A SERVICE ON A NETWORK AS A DOMAIN NAME SYSTEM SERVER - Operating a service such as a remote database as a dns server, receiving inputs such as queries as domain names and transmitting replies in the format of IPv4 or IPv6 addresses. | 01-14-2010 |
20100005191 | REQUESTING A SERVICE OR TRANSMITTING CONTENT AS A DOMAIN NAME SYSTEM RESOLVER - Requesting a service such as querying a database or communicating content by sending a plurality of arguments concatenated to a dns request and receiving a reply in the form of text or an IPv4 or an IPv6 address. | 01-07-2010 |
20100005146 | FACILITATING TRANSMISSION OF EMAIL BY CHECKING EMAIL PARAMETERS WITH A DATABASE OF WELL BEHAVED SENDERS - Facilitating email transmission by extracting email parameters, requesting data in the form of a dns query, and receiving a sender reputation as an IP address. Querying a database by sending a plurality of arguments concatenated to a dns request and receiving an IP address in reply. Operating a remote database as a dns server, receiving queries as domains and transmitting replies in the format of IPv4 or IPv6 addresses. Filtering email by querying a database with email parameters comprising an IP address and a domain of an email sender which may be extracted from an email header in the HELO, EHLO, MAIL FROM, or RETURN PATH. The smtp session is continued, modified or interrupted according to the result of the query submitted to a database operating as a dns server. | 01-07-2010 |
20090285219 | DEFICIT AND GROUP ROUND ROBIN SCHEDULING FOR EFFICIENT NETWORK TRAFFIC MANAGEMENT - Data traffic is scheduled by, in a first scheduler, selecting a source of traffic from a plurality of sources of traffic, each source being associated with a second scheduler, in a second scheduler associated with the selected source of traffic, selecting a type of traffic from a plurality of types of traffic within the source selected by the first scheduler, and transmitting data of the selected type and source. Scheduling data traffic apparatus and method using deficit and group ratio round robin budgeting. | 11-19-2009 |
20090279550 | TUNNELING FOR EFFICIENT NETWORK TRAFFIC MANAGEMENT - Data traffic is scheduled by, in a first scheduler, selecting a source of traffic from a plurality of sources of traffic, each source being associated with a second scheduler, in a second scheduler associated with the selected source of traffic, selecting a type of traffic from a plurality of types of traffic within the source selected by the first scheduler, and transmitting data of the selected type and source. Identifying and creating tunnels between endpoints in a network for optimum data traffic method and apparatus. | 11-12-2009 |