Class / Patent application number | Description | Number of patent applications / Date published |
713152000 | Application layer security | 77 |
20080209204 | SECURITY ENHANCEMENT FOR SNMPv2c PROTOCOL - A method of enhancing security in network management for SNMPv2c packet traffic over internet between a (sending) manager location and an (receiving) agent location uses a pluggable security application function. The manager location has a manager side security application (MSA) and may include one or more managers. The agent location has an agent side security application (ASA) and may include one or more agents. Upon a SNMP request from a manager to the MSA, the request is encrypted, appended with authentication digest and sent to a registered agent in ASA. The MSA receives a secured response packet back from the ASA, which after authentication decrypts and forwards it to the intended manager. Thus, an existing protocol implementation is maintained, while reducing additional network overhead. The method obviates the use of IPSec tunnels and migration to SNMPv3. | 08-28-2008 |
20080320297 | METHOD AND SYSTEM FOR MONITORING ENCRYPTED DATA TRANSMISSIONS - A method for efficiently decrypting asymmetric SSL pre-master keys is divided into a key agent component that runs in user mode, and an SSL driver running in kernel mode. The key agent can take advantage of multiple threads for decoding keys in a multi-processor environment, while the SSL driver handles the task of symmetric decryption of the SSL encrypted data stream. The method is of advantage in applications such as firewalls with deep packet inspection in which all encrypted data traffic passing through the firewall must be decrypted for inspection. | 12-25-2008 |
20090006841 | SYSTEM AND METHOD FOR TESTING NETWORK FIREWALL FOR DENIAL-OF-SERVICE (DOS) DETECTION AND PREVENTION IN SIGNALING CHANNEL - A device may measure a first performance, associated with legitimate traffic without attack traffic, of a Session Initiation Protocol (SIP)-based protection device implementing authentication; measure a second performance, associated with legitimate traffic and attack traffic, of the SIP-based protection device implementing authentication; and measure a third performance, associated with legitimate traffic and attack traffic, of the SIP-based protection device implementing authentication and return routability filtering. The device may also measure a first performance associated with legitimate traffic of a Session Initiation Protocol (SIP)-based protection device implementing rate-limiting filtering; measure a second performance associated with legitimate traffic and attack traffic of the SIP-based protection device implementing scheme filtering; and measure a third performance associated with legitimate traffic of the SIP-based protection device not implementing rate-limiting filtering without attack traffic. | 01-01-2009 |
20090077371 | SYSTEMS AND METHODS FOR A TEMPLATE-BASED ENCRYPTION MANAGEMENT SYSTEM - An encryption management system provides a solution for embedded system device authentication, secure server-to-device communications, and encryption key management. It reduces implementation times and costs associated with using cryptography for authentication and data privacy with embedded systems applications by freeing application developers from having to develop, manage, or update security-based features in their server-based applications. The template-based approach of the system provides highly customable and accessible security functionalities. To utilize services provided by the encryption management system in some embodiments, calling applications provide input parameters and function calls in the form of a template at runtime, and the output in the form of encrypted and secured messages are either sent to the client devices automatically or returned to the calling applications. As such, security functionalities and objects, though segregated in the encryption management system to provide enhanced protection, can still be easily accessed and can be updated without recompiling the calling applications. | 03-19-2009 |
20090132807 | Renegotiating SSL/TLS connections with client certificates on post requests - A method and apparatus for providing securing a connection with a (Secure Sockets Layer) SSL/TLS-enabled server. In one embodiment, a web client establishes a new connection by initiating a communication with the SSL/TLS-enabled server. The communication includes a non-POST request. After the client negotiates the secured connection with the server in response to the non-POST request, the client submits a POST request to the SSL/TLS-enabled server via the secured connection. | 05-21-2009 |
20090132808 | SYSTEM AND METHOD OF PERFORMING ELECTRONIC TRANSACTIONS - A system and method of performing electronic transactions between a server computer and a client computer. The method implements a communication protocol with encrypted data transmission and mutual authentication between a server and a hardware device via a network, performs a decryption of encrypted server responses, forwards the decrypted server responses from the hardware device to the client computer, displays the decrypted server responses on a client display, receives requests to be sent from the client computer to the server, parses the client requests for predefined transaction information by the hardware device, encrypts and forwards client requests, displays the predefined transaction information upon detection, forwards and encrypts the client request containing the predefined transaction information to the server if a user confirmation is received, and cancels the transaction if no user confirmation is received. | 05-21-2009 |
20090271614 | MOBILITY ARCHITECTURE USING PRE-AUTHENTICATION, PRE-CONFIGURATION AND/OR VIRTUAL SOFT-HANDOFF - In some illustrative embodiments, a novel system and method is provided that can, for example, extend concepts of pre-authentication (such as, e.g., IEEE 802.11i pre-authentication) so as to operate across networks or subnetworks (such as, e.g., IP subnets). In preferred embodiments, a novel architecture includes one or both of two new mechanisms that substantially improve, e.g., higher-layer handoff performance. A first mechanism is referred to as “pre-configuration,” which allows a mobile to pre-configure higher-layer information effective in candidate IP subnets to handoff. A second mechanism is referred to as “virtual soft-handoff,” which allows a mobile to send or receive packets through the candidate IP subnets even before it is actually perform a handoff to any of the candidate IP subnets. | 10-29-2009 |
20090300346 | Device and Method for Identifying Certificates - A device and method identifies a certificate. The method comprises determining, by a transmitter of data, an identity of a recipient of the data. The method comprises identifying a certificate associated with the identity. The identifying includes a local search and a remote search. The method comprises encrypting the data according to the certificate prior to transmission. | 12-03-2009 |
20100011206 | EMBEDDED APPARATUS, REMOTE-PROCESSING METHOD, AND COMPUTER PROGRAM PRODUCT - A processing unit performs a predetermined process by a remote operation from a client device. A monitoring unit monitors a first port for an unencrypted communication with the processing unit and a second port for an encrypted communication with the processing unit, denies a connection request via the first port, and accepts a connection request via the second port. When a connection request encrypted with either one of the first port and the second port specified as a forwarding destination port is received, an encrypted communication unit decrypts the connection request and transfers decrypted connection request to the monitoring unit via the forwarding destination port. | 01-14-2010 |
20100058051 | METHOD AND APPARATUS FOR SETTING A SECURE COMMUNICATION PATH BETWEEN VIRTUAL MACHINES - A secure communication path is set between virtual machines each arranged within one of a set of servers in a network. There is provided business software operated by executing one or more task programs each provided for a virtual machine, and each server is provided with, as a virtual machine, a guest operating system controlled by a host operating system. The one or more task programs are classified into task classes according to a type of a function to be realized, and there is provided task connection information indicating whether a communication path is needed or not between each pair of task classes. Then, a secure communication path between a pair of guest operating systems is set by setting virtual network connection information to a pair of host operating systems corresponding to the pair of guest operating systems, on the basis of the task connection information. | 03-04-2010 |
20100064131 | METHOD AND APPARATUS FOR AUTOMATICALLY CONSTRUCTING APPLICATION SIGNATURES - The present invention relates to a method and system for the automated construction of application signatures. In one example, an approach for automatically constructing accurate signatures for individual applications, with minimal human involvement or application domain knowledge, is provided. Given a training data set containing the application traffic, the Automated Construction of Application Signatures (ACAS) system uses a combination of statistical, information theoretic and combinatorial optimization techniques, to derive application-layer signatures from the payload of packets, e.g., IP packets. Evaluations with a range of applications demonstrate that the derived signatures are very accurate and scale to identifying a large number of flows in real time on high-speed links. | 03-11-2010 |
20100070754 | PAYMENT ENCRYPTION ACCELERATOR - Embodiments of the invention provide a system for encrypting web session data which may include a session management module adapted to receive data from a web application module and provide a token that represents the data in encrypted form to the web application, wherein the web application is adapted to use the token to represent the data. The system may also include a tokenizer module communicably coupled to the session management module, wherein the tokenizer module is adapted to receive the data and generate the token. Further, the system may include a database communicably coupled to the session management module, wherein the database is adapted to receive the token and the data, associate the token with the data, and store the token and the data. | 03-18-2010 |
20100131752 | METHOD AND SYSTEM FOR INVALIDATION OF CRYPTOGRAPHIC SHARES IN COMPUTER SYSTEMS - A system and method to encrypt events using a secret to serve as a key according to a secret sharing algorithm is described. In one embodiment, the key is split into shares that are distributed to an event recipient. In one embodiment, one or more shares of the key are invalidated to protect data in the encrypted event. | 05-27-2010 |
20100146259 | MULTI FACTOR AUTHORISATIONS UTILISING A CLOSED LOOP INFORMATION MANAGEMENT SYSTEM - Methods and Apparatus are disclosed for a multi-factor authentication service which permits customers and account holders to provide secure instructions to entities via their Internet enabled mobile telephone handsets. In preferred embodiments, requests to authorise account holder not present transactions are received from a merchant's terminal ( | 06-10-2010 |
20100161960 | Secure Remote Access Public Communication Environment - A method and system provide a user device with secure access to an enterprise application in an enterprise network through VPN. The enterprise application is accessed from a user device such that it sends and receives data packets through the VPN client. For this, a request to send packets, originating from the user application, is intercepted by a VPN agent associated with the user application. In turn, the VPN agent associates an address of a loop-back interface with the user application. Thereafter, packets sent by the user application, are re-directed to the VPN client through the loop-back interface. Similarly, packets received by the VPN client from the enterprise network are routed through the loop-back interface to the user application. | 06-24-2010 |
20100161961 | Systems and Methods for Securely Providing Email - Systems and methods for securely providing email messages are provided. A workstation computer is provided that includes a memory for storing computer executable instructions and a processor for accessing the memory and for executing the computer executable instructions. The computer executable instructions includes an email client configured to process email messages, at least one email message having an executable decryption attachment that includes encrypted embedded content that can only be decrypted with a unique cryptography key. The executable decryption attachment, when executed, is configured to establish a secure connection with an encryption server, receive the unique cryptography key from the encryption server and decrypt the embedded content. | 06-24-2010 |
20100191957 | AUTHENTICATION/AUTHORIZATION PROTOCOL FOR MEDIA PROCESSING COMPONENTS - A computer-implemented authentication protocol is used to subvert man-in-the-middle-type attacks on communications between software components that are permitted to interoperate within a processing environment, such as a media processing environment, pursuant to one or more licenses. In one exemplary scenario, a particular application transmits to a particular media processing component (“MPC”), among other things, a cryptographically protected message including a reference to a process in which the application is running and/or a GUID that the application used to invoke the MPC. If the received process and/or GUID are verified, it is possible for in-the-clear communication to occur between the application and the MPC without man-in-the-middle subversion. | 07-29-2010 |
20100223456 | SECURITY IMPLEMENTATION WITHIN A BROWSER - Techniques for implementing security within a browser of a data processing system are described herein. According to one embodiment, first data representing a user interaction with a Web page presented by a browser application is encrypted at an application level by a cipher module communicatively coupled to the browser application running at a local client. A JavaScript module embedded within the browser application is configured to transmit the encrypted first data over a network to a remote server for updating the Web page. In response to second data received from the remote server, the cipher module is configured to decrypt the second data at the application level and the decrypted second data is then rendered by the browser application to update the Web page without having to reload the entire Web page. Other methods and apparatuses are also described. | 09-02-2010 |
20100223457 | GENERATION AND/OR RECEPTION, AT LEAST IN PART, OF PACKET INCLUDING ENCRYPTED PAYLOAD - An embodiment may include circuitry to generate, at least in part, and/or receive, at least in part, a packet. The packet may include at least one field and an encrypted payload. The at least one field may include, at least in part, a first key and/or at least one value. The first key and at least one value, as included in the at least one field, may be encrypted by a second key. The encrypted payload may be capable of being decrypted, at least in part, based, at least in part, upon the first key and/or the at least one value to yield an unencrypted payload. The unencrypted payload may include at least a portion of application layer data that is to be communicated in a secure session. | 09-02-2010 |
20100241847 | ENCRYPTED EMAIL BASED UPON TRUSTED OVERLAYS - Sending and receiving encrypted emails. At a web browser, user input is received requesting a compose email page user interface for a web-based email system. The compose email page user interface is requested from a server for the web-based mail system. Web page code is received from the server for the compose email page user interface. The web page code for the compose email page user interface is parsed to determine screen locations of one or more user input interface elements. The compose email page user interface is rendered in the browser. One or more browser-based interface elements implemented integral to the browser are overlaid onto the compose email page user interface. User input is received in the browser user interface elements. The user input received is encrypted. The encrypted user input is transferred into one or more elements of the compose email page user interface. | 09-23-2010 |
20100250920 | TECHNIQUES FOR PACKET PROCESSING WITH REMOVAL OF IP LAYER ROUTING DEPENDENCIES - Techniques for packet processing with removal of Internet Protocol (IP) layer routing dependencies are presented. Encrypted packets associated with network communications occurring via a VPN and IP tunnel are grabbed off the network stack before being processed by an IP layer of the network stack. Next, an IP header is generated for the encrypted packets and the encrypted packets are sent to a socket application. The socket application provides the encrypted packets back to the network stack at the data link layer for delivery to the VPN over the IP tunnel. | 09-30-2010 |
20100268934 | METHOD AND SYSTEM FOR SECURE DOCUMENT EXCHANGE - A document management (DM), data leak prevention (DLP) or similar application in a data processing system is instrumented with a document protection service provider interface (SPI). The service provider interface is used to call an external function, such as an encryption utility, that is used to facilitate secure document exchange between a sending entity and a receiving entity. The encryption utility may be configured for local download to and installation in the machine on which the SPI is invoked, but a preferred approach is to use the SPI to invoke an external encryption utility as a “service.” In such case, the external encryption utility is implemented by a service provider. When the calling program invokes the SPI, preferably the user is provided with a display panel. Using that panel, the end user provides a password that is used for encryption key generation, together with an indication of the desired encryption strength. The service provider uses the password to generate the encryption key. In one embodiment, the service provider provides the key to the service provider interface, which then uses the key to encrypt the document and to complete the file transfer operation. In the alternative, the service provider itself performs the document or file encryption. The service provider interface also preferably generates and sends an email or other message to the receiving entity that includes the key or a link to enable the receiving entity to retrieve the key. This approach obviates the sending and receiving entity having to install and manage matched or other special-purpose encryption utilities. | 10-21-2010 |
20100281251 | Mobile Virtual Private Networks - An apparatus for establishing a virtual private network with an internet protocol multimedia subsystem (IMS) device that includes a key derivation module, a tunneling protocol module, a tunnel management module, and a security policies module. The apparatus includes a non-volatile memory configured to store a first routing table that maps host addresses and IMS addresses of security devices allowing access to those hosts, such that when an application running in the IMS device requests communication to a host address, the apparatus initiates a session with the IMS address to which the host address is mapped. The session is initiated by a message that includes a body that contains, for each tunneling protocol supported by the tunneling protocol module, data about the local tunnel endpoint (e.g., an address and a port), an identifier corresponding to the tunneling protocol, and identifiers corresponding to the cryptographic suite(s) supported by the cryptographic module that may be applied together with the tunneling protocol, as determined by a query from the apparatus to the security policies module. | 11-04-2010 |
20100299518 | PORTABLE SECURE COMPUTING NETWORK - As provided herein, when using an untrusted network connection, a secure online environment can be created for a remote machine by connecting to a trusted computer with a trusted network connection. A proxy server is installed on a first computing device and shared encryption keys are generated for the first device and a portable storage device. A connection is initiated between a second computing device (e.g., remote device), connected to an untrusted network, and the first computing device, comprising initiating a proxy server protocol from the portable storage device (e.g., attached to the second device), using the second computing device. A secure connection between the first and second devices is created using the encryption keys. | 11-25-2010 |
20110004752 | PERFORMING SECURE AND NON-SECURE COMMUNICATION OVER THE SAME SOCKET - A packet processing type determiner includes a non-secure packet processing module configured to process packets received over a single socket using a non-secure protocol. The packet processing type determiner also includes a data indicator checking module configured to check the packets for a first indicator denoting a beginning of a secure data record. The packet processing type determiner further includes a secure packet processing module configured to use a secure protocol to process the packets when a packet with the first indicator is detected until a packet with a second indicator denoting an end of the secure data record is detected. | 01-06-2011 |
20110035581 | SYSTEM FOR MANAGEMENT AND PROCESSING OF ELECTRONIC VENDOR MAIL - A computer-implemented system processes secure electronic documents from one or more content providers in accordance with subscriber instructions has a processor and modules operative within the processor. A monitoring module obtains a provider GUID, a subscriber GUID, and a transaction ID from public metadata associated with a transaction received from a particular content provider. A determination module determines any designees of the subscriber and contact information one or more of the subscriber and any designees. A transaction module distributes a transaction addressed to at least one of the subscriber and any designees. Each distributed transaction includes data that is used for management, tracking, and alerting. Also described is a station for constructing transactions for distribution to subscribers through such a system. An end-to-end system and method are described. | 02-10-2011 |
20110035582 | NETWORK AUTHENTICATION SERVICE SYSTEM AND METHOD - A network authentication service system and method are provided. The network authentication service system is applied to a network application layer and includes: a Web service security device, adapted to intercept a message exchanged in the network application layer; and an authentication server, adapted to perform authentication processing for the message intercepted by the Web service security device. The network authentication service method includes: intercepting a request message of a network application layer; performing encryption processing for the request message to obtain an encrypted message; performing authentication processing for the encrypted message; and decrypting the encrypted message that passes the authentication. Thus security processing can be performed for the transmitted message, and various security authentication manners can be available. | 02-10-2011 |
20110113235 | PC Security Lock Device Using Permanent ID and Hidden Keys - The invention is a method, system, and apparatus providing user control and security of a PC system. Using the hardware and associated installation software, the system is capable of uniquely securing a PC system without the need for name and password entry. The secure USB device contains a unique asymmetrical key pair, unique device ID, secure storage area, and the firmware to control all of this. In providing the security and control, one embodiment of the invention does not require biomechanical devices or name and password entry systems. There are no passwords and login names to be found, and the encryption/decryption keys are protected from exposure. This provides a more secure environment, as the keys are protected from exposure. The user is in control of the PC system and the data which is desired to be kept secure. | 05-12-2011 |
20110131407 | USING A PKCS MODULE FOR OPENING MULTIPLE DATABASES - A security initialization system obtains load data that identifies a first database storing security data to be opened. The initialization system determines that a PKCS-based module for opening the first database is already initialized, where the PKCS-based module is already initialized from previously opening a second database. The initialization system causes the PKCS-based module to create a slot to open the first database, without shutting down the PKCS-based module, in response to determining that the PKCS-based module is already initialized. | 06-02-2011 |
20110202756 | SECURE ENCRYPTED EMAIL SERVER - A computing system utilizing a local or remote secure email server that intercepts secure message that include an identifying domain extension provides secure data transmissions between internet or intranet users. The secure email messages can only be accessed from the secure email server by an intended recipient. | 08-18-2011 |
20110213956 | TECHNIQUES FOR MANAGING A SECURE COMMUNICATION SESSION - Techniques for managing a secure communication session are provided. A non-browser application utilizes a browser to establish a secure communication session with a server. The session cookie set in the browser is mapped by the server to a secret token that is supplied via the browser to the non-browser application. The browser is then closed and the secure communication session between the server and the non-browser application continues unabated via the secret token. | 09-01-2011 |
20110231651 | STRONG SSL PROXY AUTHENTICATION WITH FORCED SSL RENEGOTIATION AGAINST A TARGET SERVER - Embodiments are directed towards establishing an encrypted session between a client device and a target server device when the client device initiates network connections through a proxy device. In one embodiment, the client device initiates an encrypted session with the proxy device. Once the encrypted session is established, the client device communicates the address of the target server device to the proxy device. Then, the proxy device sends an encrypted session renegotiation message to the client device. The client device responds to the encrypted session renegotiation message by transmitting an encrypted session handshake message to the proxy device. The proxy device forwards the encrypted session handshake message to the target server device, and continues to forward handshake messages between the client device and the target server device, enabling the client device and the target server device to establish an encrypted session | 09-22-2011 |
20110238978 | COMMUNICATING CONFIDENTIAL INFORMATION BETWEEN AN APPLICATION AND A DATABASE - Disclosed is a system and method for communicating confidential information in a resource friendly manner between an application and a database using an application programming interface, API. The method establishes first and second socket connections between the application and the database in an API connection between the application and the database. The first socket connection is arranged to be secure and the second socket connection is arranged to be non-secure. Information is then communicated through the first or second socket connection based on whether the information is identified as being confidential information or not. The evaluation of confidentiality may be undertaken at the client side of a JDBC or ODBC layer without putting any extra pressure on the database server side. | 09-29-2011 |
20110296167 | Selecting a Security Format Conversion for Wired and Wireless Devices - A selection system and method to receive an indication of a security format from a network and to select one of a plurality of security format conversions based on the received indication is described. The indication may be an indication of a wireless security format such as WTLS used by a wireless access device or a wired security format such as SSL used by a wired access device and the security format conversion selected based on the indication may be to another secured format or a plain data format. The indication may include an indication of a port and an indication of a security feature that is supported by the access device. | 12-01-2011 |
20110296168 | DIGITAL IDENTITY DEVICE - A digital identity device for uniquely identifying legal entities. The digital identity device is used for secure electronic communications. | 12-01-2011 |
20120011357 | SYSTEM AND METHOD FOR PROVIDING SECURITY VIA A TOP LEVEL DOMAIN - A system and method is disclosed for providing end-to-end security for communications between registered clients of a top level domain without the need for further encryption/decryption protocols than those provided by said at least one of said plurality of secure communication links and said at least one secure message server. Clients registered with the top level domain are assigned at least one email and IM account and to ensure message security, are required to communicate with other registered others strictly via the assigned email and IM accounts. In this manner, non-registered users are denied secure access to the top level domain. In one embodiment, registered clients of the top-level domain may communicate with non-registered users via a gateway server in a secure or non-secure manner, as is the option of the registered client (sender). | 01-12-2012 |
20120110322 | SYSTEM AND METHOD OF DELIVERING CONFIDENTIAL ELECTRONIC FILES - A private document delivery system and method includes a sending computer configured to transmit an electronic document over a computer network, a dynamically established encrypted line to traverse the computer network from a receiving computer to the sending computer where the delivery address of the receiving computer is resolved a at the time of transmission of the private message such that no third parties to the message receive a permanent copy of the message. The system and method also includes a signaling mechanism configured to notify the receiving computer that the electronic document is waiting for delivery. The system and method includes a verification agent configured to verify the receiving computer's identity with a protocol specified by the sending computer and to provide access instructions to the receiving computer with which the receiving computer locates the sending computer via the dynamically established encrypted line and receives the transmitted electronic document. | 05-03-2012 |
20120144187 | Application Layer Security Proxy for Automation and Control System Networks - Embodiments provide an application layer security proxy that protects substation automation systems. The application layer security proxy inspects a received, inbound data packet at the application layer, and either drops the data packet, forwards the data packet, or processes the data packet rather than dropping it in order to maintain the communications network connection, the later two according to a predefined role-based access control policy. The application layer security proxy calculates a round trip time for each reply to a received, inbound data packet and observes the bandwidth usage from the amount of bytes transmitted. Round trip time and bandwidth usage are used to detect abnormal communication traffic. | 06-07-2012 |
20130019091 | AGILE NETWORK PROTOCOL FOR SECURE COMMUNICATIONS WITH ASSURED SYSTEM AVAILABILITY - A plurality of computer nodes communicate using seemingly random Internet Protocol source and destination addresses. Data packets matching criteria defined by a moving window of valid addresses are accepted for further processing, while those that do not meet the criteria are quickly rejected. Improvements to the basic design include (1) a load balancer that distributes packets across different transmission paths according to transmission path quality; (2) a DNS proxy server that transparently creates a virtual private network in response to a domain name inquiry; (3) a large-to-small link bandwidth management feature that prevents denial-of-service attacks at system chokepoints; (4) a traffic limiter that regulates incoming packets by limiting the rate at which a transmitter can be synchronized with a receiver; and (5) a signaling synchronizer that allows a large number of nodes to communicate with a central node by partitioning the communication function between two separate entities. | 01-17-2013 |
20130031357 | METHOD FOR SECURE TRANSFER OF AN APPLICATION FROM A SERVER INTO A READING DEVICE UNIT - A method and a system for secure transfer of an application from a server (S) into a reading device unit ( | 01-31-2013 |
20130046970 | PERIPHERAL APPARATUS, INFORMATION PROCESSING APPARATUS, COMMUNICATION CONTROL METHOD, AND STORAGE MEDIUM - A peripheral apparatus is communicably connected to a management apparatus. The management apparatus manages information of jobs in services provided from a providing apparatus via a network to execute processing of the jobs. The peripheral apparatus includes a communication unit. The communication unit transmits, in a series of processes in the services, checking information used to determine whether there is any job in the management apparatus to the management apparatus by a communication method that does not execute encryption. The communication unit transmits, in the series of processes in the services, other information different from the checking information to the management apparatus by a communication method that executes encryption. | 02-21-2013 |
20130103939 | Securing Communications of a Wireless Access Point and a Mobile Device - In one or more embodiments, a network provider can receive a request to access a public network via a wireless network implemented via one or more wireless access points. The network provider can receive, via an unsecured wireless communication from a mobile device utilizing the wireless network and via a hypertext transfer protocol secure (HTTPS), an encryption key usable to secure wireless communications from the mobile device utilizing the wireless network. The encryption key can be encrypted via a public encryption key, received from the network provider or previously stored by the mobile device, associated with the network provider. The network provider can decrypt the encryption key and can provide the encryption key to a wireless access point implementing the wireless network and communicating with the mobile device. The wireless access point and the mobile device can communicate in a secure fashion based on the encryption key. | 04-25-2013 |
20130124852 | FILE-BASED APPLICATION PROGRAMMING INTERFACE PROVIDING SSH-SECURED COMMUNICATION - A data communication security system is disclosed that includes a network interface configured for transport layer protocol communications at a communication port. The network interface includes a security module configured to provide secure shell (SSH) data security on a transport layer data path, and which is communicatively connected to the transport layer data path. The data communication security system also includes a file-based application programming interface defining a plurality of attributes of the network interface and including at least one attribute configured for selection of the security module and accessible for use in logical I/O operations. | 05-16-2013 |
20130132715 | STORAGE DEVICE WITH A COMMUNICATIONS FUNCTION - The present invention relates to a storage device with a communications function which comprises an integrated circuit module and an application program. The integrated circuit module comprises at least a USB connector, at least a substrate, at least a controller and at least a memory in which there is at least an authentication code; the application program comprises a communications module and a transmission module wherein the communications module is used to receive digital information of at least a data input device in a computer for both the authentication code and the digital information, which has been received by the communications module, transmitted to at least a server or at least a peer by the transmission module. | 05-23-2013 |
20130151843 | CRYPTOGRAPHY FOR SECURE SHELL IN EMULATED ENVIRONMENTS - Calls from an application in an emulated environment to a module in the operating system hosting the emulated environment may be combined to reduce the overhead of accessing the module. An application handling secure shell (SSH) communications may execute multiple calls to a cryptographic module in the host operating system. Because many calls to the cryptographic module during SSH communications follow patterns, two or more related calls may be combined into a single combined call to the cryptographic module. For example, a call to generate a server-to-client key and a call to generate a client-to-server key may be combined into a single call. | 06-13-2013 |
20130179679 | Methods And Apparatuses For Secure Information Sharing In Social Networks Using Randomly-Generated Keys - There can be problems with the security of social networking communications. For example, there may be occasions when a number of friends wish to communicate securely through a social network infrastructure, such that non-trusted 3 | 07-11-2013 |
20130305037 | Method And Apparatus For Accelerating Connections In A Cloud Network - Various embodiments provide a method and apparatus of providing accelerated encrypted connections in a cloud network supporting transmission of data including per-user encrypted data. Transmission of encrypted data from an application server uses an encryption scheme that encrypts static data using a first encryption scheme that derives keys from the content itself and encrypts dynamic data, such as dynamic website content with personalized user data, using a second encryption scheme. | 11-14-2013 |
20130305038 | NETWORK SECURITY LOAD BALANCING - A website hosting system includes a request routing node and a plurality of security termination nodes coupled to the request routing node. Each security termination node is configured to secure connections between servers hosting websites and customers of the websites in accordance with a predetermined quality of service level. The request routing node balances incoming requests for secure websites among the security termination nodes based on an application-specific parameter (e.g., quantity of items in a product catalog, location, etc.). | 11-14-2013 |
20130311767 | SYSTEM AND METHOD EMPLOYING AN AGILE NETWORK PROTOCOL FOR SECURE COMMUNICATIONS USING SECURE DOMAIN NAMES - A method and system are used to transparently create an encrypted communications channel between a client device and a target device. Audio video communications between the client device and the target device are allowed over the encrypted communications channel once the encrypted communications channel is created. The method comprises: (1) receiving from the client device a request for a network address associated with the target device; (2) determining whether the request is requesting access to a device that accepts an encrypted channel connection with the client device; and (3) depending on the determination made in step (2) providing provisioning information required to initiate the creation of the encrypted communications channel between the client device and the target device such that the encrypted communications channel supports secure audio/video communications transmitted between the two devices. | 11-21-2013 |
20130326212 | HELPER APPLICATIONS FOR DATA TRANSFERS OVER SECURE DATA CONNECTIONS - Data rates in secure data communications may be improved by executing helper applications to assist a computer system in responding to requests for secure data. The computation-intensive calculations may be offloaded to helper applications executing on different central processor units (CPUs). When the helper applications execute on different CPUs, higher data rates are achievable because additional CPU time is available for handling the encryption and decryption processing. A main application receives the initial request for secure data connections and assigns tasks related to the connections to the helper applications. | 12-05-2013 |
20140059341 | CREATING AND ACCESSING ENCRYPTED WEB BASED CONTENT IN HYBRID APPLICATIONS - In a method and program product for decrypting web based content in a hybrid mobile application, a computer receives a request to access encrypted content. The computer determines that a secret key is not cached on the computer. The computer decrypts an encrypted secret key to expose the secret key. The computer caches the secret key on the computer and decrypts the encrypted content. | 02-27-2014 |
20140164759 | Systems and Methods for Controlling Email Access - Embodiments of the disclosure relate to proxying one or more email resources in transit to the client devices from the email services, removing one or more email attachments from the email resources, and encoding the stripped email attachments based at least in part on one or more cryptographic keys. | 06-12-2014 |
20140195797 | EFFICIENT FORWARDING OF ENCRYPTED TCP RETRANSMISSIONS - A network device receives TCP segments of a flow via a first SSL session and transmits TCP segments via a second SSL session. Once a TCP segment has been transmitted, the TCP payload need no longer be stored on the network device. Substantial memory resources are conserved, because the device may have to handle many retransmit TCP segments at a given time. If the device receives a retransmit segment, then the device regenerates the retransmit segment to be transmitted. A data structure of entries is stored, with each entry including a decrypt state and an encrypt state for an associated SSL byte position. The device uses the decrypt state to initialize a decrypt engine, decrypts an SSL payload of the retransmit TCP segment received, uses the encrypt state to initialize an encrypt engine, re-encrypts the SSL payload, and then incorporates the re-encrypted SSL payload into the regenerated retransmit TCP segment. | 07-10-2014 |
20140208094 | CONTROL PLANE ENCRYPTION IN IP/MPLS NETWORKS - A method for providing control plane encryption in layer 3 networks is disclosed. The method for providing control plane encryption in layer 3 networks includes for a network having a subset of network elements forming a secured domain; the steps of at a network element which is in the secured domain, encrypting all unencrypted Layer 3 packets as they egress an encryption enable egress interface; unencrypting all encrypted Layer 3 packets as they egress an egress interface is not enabled for encryption; and leaving encrypted all encrypted Layer 3 packets as they egress an encryption enable egress interface. A system and machine readable storage media are also disclosed. | 07-24-2014 |
20140208095 | MANAGED REAL-TIME COMMUNICATIONS BETWEEN USER DEVICES - Managed real-time communications between user devices may be provided. Upon receiving a request to instantiate a communication connection from an application, a secure session may be established between the application and a remote application. Input from a user of the application may be received, subjected to at least one management policy, and transmitted to the remote application. | 07-24-2014 |
20140331040 | Systems and Methods for Controlling Email Access - Embodiments of the disclosure relate to proxying one or more email resources in transit to the client devices from the email services, removing one or more email attachments from the email resources, and encoding the stripped email attachments based at least in part on one or more cryptographic keys. | 11-06-2014 |
20140337614 | SELECTIVE MODIFICATION OF ENCRYPTED APPLICATION LAYER DATA IN A TRANSPARENT SECURITY GATEWAY - According to one embodiment, a transparent security gateway is coupled between a client end station (CES) and a web application server (WAS). The security gateway monitors an encryption protocol handshake between the CES and the WAS to capture, using a provided private key of the WAS, a generated symmetric key to be used for an encryption layer connection. Using the captured symmetric key, the security gateway receives an encrypted connection record of the encryption layer connection, decrypts the encrypted connection record to yield a plaintext connection record, modifies the plaintext connection record, encrypts the modified plaintext connection record using the symmetric key, and transmits one or more packets carrying the encrypted modification plaintext connection record instead of the received encrypted connection record such that neither the CES or WAS is aware of the modification of the encrypted data. | 11-13-2014 |
20150026454 | CHUNK-LEVEL CLIENT SIDE ENCRYPTION IN HIERARCHICAL CONTENT ADDRESSABLE STORAGE SYSTEMS - Techniques for chunk-level client side encryption are provided. In a content addressable storage system, a plurality of chunks is used to implement a hierarchical file system. The hierarchical file system supports both encrypted and non-encrypted volumes. A folders and files layer makes calls directly to a chunk system layer for operations involving non-encrypted volumes. The folders and files layer makes calls to a volume encryption layer for operations involving encrypted volumes. The volume encryption layer receives calls from the folders and files layer through an API that matches the API through which the chunk system layer receives calls from the folders and files layer. | 01-22-2015 |
20150033009 | Method and System for Authenticating a User by an Application - The invention relates to a method for authenticating a user by an application by means of a challenge-response method. In this case, the challenge ( | 01-29-2015 |
20150095635 | Secure Communication Port Redirector - A method and system that allows a host system application to securely communicate with a legacy device is provided. A redirector software module receives data that is destined for a host system serial COM port. Data is secured and re-directed to a legacy device via a network port instead of the serial COM port. Conversely, data destined for the host system is provided to a device server via a server COM port by the legacy serial device. The data can be encrypted and sent to the host system via the network. The redirector software module decrypts the encrypted data and presents it to the consumer application as if the data had arrived via the local COM port. | 04-02-2015 |
20150121061 | SYSTEMS AND METHODS FOR MANAGING A GUEST VIRTUAL MACHINE EXECUTING WITHIN A VIRTUALIZED ENVIRONMENT - The present disclosure relates to methods and systems for managing a guest virtual machine executing within a virtualized environment. A daemon is established on a guest virtual machine executing within a virtualized environment. The daemon is configured to communicate with a management service virtual machine executing within the virtualized environment. The daemon receives, from the management service virtual machine via an application layer protocol, a request identifying an action type of a plurality of predetermined action types. The daemon identifies the action type of the plurality of predetermined action types from the received request and performs an action corresponding to the identified action type. In some implementations, the application layer protocol is one of Hypertext Transfer Protocol (HTTP) or Hypertext Transfer Protocol Secure (HTTPS). | 04-30-2015 |
20150134948 | SYSTEM AND METHOD OF DELIVERING CONFIDENTIAL ELECTRONIC FILES - A sending computer (sender) delivers private messages over a network via dynamically established encrypted channels where no copies of the message are persisted on third party computers. Private messages are routed dynamically based on membership status of the receiving computer (receiver) and direct addressability status of the sender and receiver. The system determines membership status of the receiver and provides a notification message and delivery link to the receiver when the receiver is not a member of the private network. When the receiver is a member, direct addressability of sender and receiver is determined, and the message is delivered directly to the receiver over an encrypted channel when the sender is directly addressable. When the sender is not directly addressable, the encrypted channel between the sender and receiver is established through a third party relay without persisting a copy of the private message on the third party relay. | 05-14-2015 |
20150293777 | PROCESSOR EXTENSIONS FOR EXECUTION OF SECURE EMBEDDED CONTAINERS - Methods and apparatus relating to processor extensions for execution of secure embedded containers are described. In an embodiment, a scalable solution for manageability function is provided, e.g., for UMPC environments or otherwise where utilizing a dedicated processor or microcontroller for manageability is inappropriate or impractical. For example, in an embodiment, an OS (Operating System) or VMM (Virtual Machine Manager) Independent (generally referred to herein as “OI”) architecture involves creating one or more containers on a processor by dynamically partitioning resources (such as processor cycles, memory, devices) between the HOST OS/VMM and the OI container. Other embodiments are also described and claimed. | 10-15-2015 |
20150312260 | METHODS OF PROVIDING SOCIAL NETWORK SERVICE AND SERVER PERFORMING THE SAME - Methods and apparatuses for sharing content through a chatting space of a social networking service (SNS) are provided. The method includes detecting an access of a plurality of users to the chatting space, and decrypting encrypted content that was previously shared by the plurality of users in the chatting space, in response to the plurality of users accessing the chatting space. | 10-29-2015 |
20150324593 | INTELLIGENT SECURITY ANALYSIS AND ENFORCEMENT FOR DATA TRANSFER - An approach is provided for managing a message in a transfer from a computer. A level of sensitivity of data in a payload of the message is determined. A level of security protecting the transfer of the data is determined. Based on the level of sensitivity, the level of security is determined to satisfy or not satisfy a threshold level. If the level of security satisfies the threshold level, the computer is connected and the message is transferred using the level of security. If the level of security does not satisfy the threshold level, then based on the levels of sensitivity and security, an action to change the level of security is determined so that the changed level of security satisfies the threshold level. The action is executed to connect the computer and transfer the message using the changed level of security. | 11-12-2015 |
20150365385 | METHOD AND APPARATUS FOR SECURING SENSITIVE DATA IN A CLOUD STORAGE SYSTEM - In one aspect, relates to a system and method of seamlessly encrypting data files before uploading them to a public cloud storage system by providing an encrypted drive system (EDS) that forms a security layer around existing cloud storage services to provide enhanced protection to data. The EDS also provides a convenient interface to specify data protection policies across connected cloud storage applications. The EDS implements standard functionalities like accessing, search and sharing directly on the encrypted data using secure indexing and querying of encrypted data. The EDS is able to guarantee a much higher level of security for data in the cloud without the user having to compromise on the features of the various applications. | 12-17-2015 |
20150365423 | METHOD AND APPARATUS TO REGULATE A DIGITAL SECURITY SYSTEM THAT CONTROLS ACCESS TO A RESOURCE - A method and system to regulate a digital security system that controls access to a resource is disclosed. The system controls access to the resource according to a multi-level security protocol including a high-security-level access protocol and a low-security-level access protocol. The regulation method and system are configured to collect data from a set of user-data sources with which the user interacts during his daily life and, based on the collected data, to compute security parameters characterizing user activity. The computed security parameters are compared to a digital profile that models the characteristic behavior of this user. When the comparison indicates that the observed user activity is inconsistent with the digital behavior profile, the digital security system is regulated to set (or maintain) it in an operating state such that, when the user requests access to the resource in the future, the system will automatically implement the high-security-level access protocol. | 12-17-2015 |
20160006697 | REMOTE BROWSING SESSION MANAGEMENT - A browsing process is directed to the generation and management of a browse session at a network computing provider. A client computing device transmits secure requests for network resources to a network computing provider. The network computing provider comprises one or more virtual network computing providers for processing secure communications between a client computing device and a content source. A virtual network computing provider handles the secure communications, decrypting and processing the communications while preventing third parties from accessing the unencrypted communication data. The virtual network computing provider may determine a browse configuration identifying processing actions to perform on the request content. The virtual network computing provider may retrieve the requested content, perform a first set of processing actions to generate a processing result, and provide the processing result to the client computing device, which may perform a second set of processing actions, including display. | 01-07-2016 |
20160014099 | SYSTEM AND METHOD FOR SECURE VOIP COMMUNICATION | 01-14-2016 |
20160014123 | APPARATUS AND METHOD FOR VERIFYING INTEGRITY OF APPLICATIONS | 01-14-2016 |
20160057115 | INTELLIGENT SECURITY ANALYSIS AND ENFORCEMENT FOR DATA TRANSFER - An approach is provided for managing a message being transferred from a mobile device. A sensitivity level of data in the message payload is determined prior to sending the message to a wireless access point (WAP) en route to a destination device. If the payload data has a first sensitivity level, the mobile device sends the message to a first secure WAP having encryption at a threshold strength at a network layer and utilizes a protocol having encryption at an application layer. If the data has a second sensitivity level, the mobile device (a) sends the message to the first secure WAP without utilizing the protocol or (b) sends the message to a second, less secure WAP having encryption at a lesser strength and utilizes the protocol. If the data has a third sensitivity level, the mobile device sends the message to the second WAP without utilizing the protocol. | 02-25-2016 |
20160094522 | SECURING RELAYED EMAIL COMMUNICATION - Disclosed are systems and methods that facilitate encryption of email messages that are transported between mail servers. In some cases, email messages may be relayed through relay mail servers as well. An email message can be encrypted using a public key that corresponds to an organization associated with the recipient rather than a public key associated with the particular recipient. The email message can then be decrypted by the recipient mail server and deposited into a mailbox of the recipient. | 03-31-2016 |
20160127367 | SYSTEMS AND METHODS FOR PRIVATELY PERFORMING APPLICATION SECURITY ANALYSIS - Systems and methods for analyzing applications on a mobile device for risk so as to maintain the privacy of the application user are provided. In the example method, the process receives a request from a mobile device. The request includes a cryptographic representation of application information for an application residing on a mobile device. The method includes comparing the cryptographic representation to an application information database that includes cryptographic representations of applications. The method also includes automatically remediating, e.g., quarantining and retiring, the application if the application matches an application that is a known risk in the database. Exemplary embodiments provide companies with controls to prevent specific applications—which have specific behaviors and are present on mobile devices being used by employees—from being used by employees, without the company having any visibility into what particular applications are being used by the employees on the mobile device. | 05-05-2016 |
20170237714 | SERVER SYSTEMS AND METHODS FOR DECRYPTING DATA PACKETS WITH COMPUTATION MODULES INSERTABLE INTO SERVERS THAT OPERATE INDEPENDENT OF SERVER PROCESSORS | 08-17-2017 |
20170237777 | SYSTEM AND METHOD TO ESTIMATE QUALITY OF EXPERIENCE FOR CONSUMPTION OF ENCRYPTED MEDIA NETWORK TRAFFIC | 08-17-2017 |
20180026950 | LEVERAGING TRANSPORT-LAYER CRYPTOGRAPHIC MATERIAL | 01-25-2018 |
20180027018 | System and Method for Sharing Information in a Private Ecosystem | 01-25-2018 |