| Entries |
| Document | Title | Date |
|---|
| 20080201574 | Data encryption apparatus, data decryption apparatus, data encryption method, data decryption method, and data relay apparatus - A RAID system includes a RAID controller that sends to a disc apparatus data to be encrypted by a data relay apparatus connected to the RAID controller and the disk apparatus. When receiving a data transfer request packet indicating a first receivable size, the data relay apparatus establishes a second receivable size that is equal to or greater than the first receivable size and that is a multiple of an encryption data size. When the RAID controller receives a data transfer request packet containing the established second receivable size, and in response to the data transfer request packet thus received, the data relay apparatus receives data of the second receivable size sent from the RAID controller. The data relay apparatus also encrypts the received data in units of the encryption data size, and then the encrypted data is sent to the disk apparatus in units of the first receivable size. | 08-21-2008 |
| 20080209205 | Zero knowledge attribute storage and retrieval - Some embodiments of zero knowledge attribute storage and retrieval have been presented. In one embodiment, the content of a piece of data is encrypted at a client machine. Further, an identifier of the piece of data is hashed at the client machine. The encrypted content and the hashed identifier may be stored in a database maintained by a server without disclosing the content of the data to the server. | 08-28-2008 |
| 20080222411 | SYSTEM FOR MANAGING PROGRAM APPLICATIONS STORABLE IN A MOBILE TERMINAL - Management server | 09-11-2008 |
| 20080229095 | METHOD AND APPARATUS FOR DYNAMICALLY SECURING VOICE AND OTHER DELAY-SENSITIVE NETWORK TRAFFIC - A method comprises receiving a request for secure network traffic from a device having a private network address at a source node, obtaining the private network address of a requested destination device at a destination node from a route server based on signaling information associated with the request, obtaining the public network address of the destination node associated with the private network address, creating in response to the request a virtual circuit between the source node and the destination node based on the public network address of the destination node, and encrypting network traffic for transporting at least from the source node to the destination node through the virtual circuit. The process is dynamic in that the virtual circuit is created in response to the request. Hence, the process operates as if a fully meshed network exists but requires less provisioning and maintenance than a fully meshed network architecture. Furthermore, the process is readily scalable as if a hub and spoke network exists but is more suitable for delay-sensitive traffic, such as voice and video, than a hub and spoke network architecture. | 09-18-2008 |
| 20080244260 | SYSTEM AND METHOD FOR MANAGING INTEROPERABILITY OF INTERNET TELEPHONY NETWORKS AND LEGACY TELEPHONY NETWORKS - A system and method for providing interoperability between Internet telephony networks and legacy telephony networks includes conveying an address of an Internet telephony endpoint in a legacy telephony protocol. A globally unique Uniform Resource Identifier, referred to as a Universal Global Title, may be assigned as the address of the Internet telephony endpoint. The URI-based address of the Internet telephony endpoint can be conveyed to a legacy telephony network as an Internet Address Parameter, implemented as an extension to the ANSI ISDN User Part legacy telephony protocol. As such, a Universal Teletraffic EXchange may be provided where Internet telephony networks and legacy telephony networks can exchange addressing and signaling information while interoperating at a peer-to-peer level. | 10-02-2008 |
| 20080250237 | Operating System Independent Architecture for Subscription Computing - A system for managing a subscription-based computer independent of an operating system of the computer may include a security module that accesses, decrements, and stores subscription data during operation of the subscription-based computer. Additionally, the system may include a network module in communication with the security module and comprising a network stack, a web server, and a user interface in an operating system independent format. A web browser of the computer may request the user interface from the network stack. The interface may be populated with the subscription data, and a network driver may retrieve the populated user interface from the network module. The populated interface may then be sent to the web server to be served back to the requesting web browser. | 10-09-2008 |
| 20080250238 | METHOD AND SYSTEM FOR CONTROLLED MEDIA SHARING IN A NETWORK - A method for controlling media sharing among a plurality of nodes in a network. The present method is comprised of availing to the network an instance of media content for sharing among the plurality of nodes by a source node communicatively coupled to the network. The present method further includes decrypting the instance of media content from an encryption local to the source node. The present method further includes encrypting the instance of media content into an intermediate encryption. The present method further includes transferring the instance of media content to a node while the instance of media content is in the intermediate encryption. The node is associated with the network. The decrypting and the encrypting and the transferring are in response to receiving a request for the instance of media content from the node. | 10-09-2008 |
| 20080250239 | METHOD AND SYSTEM FOR CONTROLLED MEDIA SHARING IN A NETWORK - A method for controlling media sharing among a plurality of nodes in a network. The present method is comprised of availing to the network an instance of media content for sharing among the plurality of nodes by a source node communicatively coupled to the network. The present method further includes decrypting the instance of media content from an encryption local to the source node. The present method further includes encrypting the instance of media content into an intermediate encryption. The present method further includes transferring the instance of media content to a node while the instance of media content is in the intermediate encryption. The node is associated with the network. The decrypting and the encrypting and the transferring are in response to receiving a request for the instance of media content from the node. | 10-09-2008 |
| 20080256354 | Systems and methods for exception handling - Systems and methods for managing digital assets in a distributed computing environment are described. Meta-data for the digital assets is stored separately from the digital assets. Meta-data for some of the digital assets is copied and stored at a central location. Meta-data for the digital assets is generated by clients of the system. A method for overriding a policy associated with a digital asset on a client computer after determining a centralized policy database is inaccessible includes: selecting, by a management computing device, a first digital asset likely to exist on a client; digitally signing, by the management computing device information corresponding to the first digital asset and information identifying a second digital asset and a policy corresponding to the second digital asset; receiving, by the client, the digitally signed information; and implementing, by the client, the policy corresponding to the second digital asset. | 10-16-2008 |
| 20080256355 | Communication Apparatus, Control Method For A Communication Apparatus, Computer Program Product, And Computer Readable Storage Medium - A communication apparatus for outputting e-mail to a network including a storing part configured to store e-mail addresses and related encryption information signifying whether e-mail directed to the addresses should be encrypted or in plain text; a displaying part configured to display the e-mail addresses stored in the storing unit as selectable destinations by a user; a receiving part configured to receive an instruction to encrypt e-mail or keep the e-mail in plain text for addresses selected as destinations via the displaying part; an e-mail control part configured to control creation of the e-mail based on the instruction received by the receiving part and the encryption information related to the selected e-mail addresses; and an output part configured to output the created e-mail through the e-mail control part to the network. | 10-16-2008 |
| 20080263353 | AUTOCONFIGURED PREFIX DELEGATION BASED ON DISTRIBUTED HASH - In one embodiment, a method comprises detecting, by a router, an unsolicited first router advertisement message from an attachment router that provides an attachment link used by the router, the first router advertisement message specifying a first IPv6 address prefix owned by the attachment router and usable for address autoconfiguration on the attachment link; detecting, by the router, an unsolicited delegated IPv6 address prefix from the attachment router and that is available for use by the router; and automatically selecting by the router a second IPv6 address prefix based on concatenating a suffix to the delegated IPv6 address prefix, including dynamically generating the suffix based on a prescribed distributed hash operation executed by the router, the second IPv6 address prefix for use on at least one ingress link of the router. | 10-23-2008 |
| 20080282081 | MUTUALLY AUTHENTICATED SECURE CHANNEL - A system and methods for establishing a mutually authenticated secure channel between a client device and remote device through a remote access gateway server. The remote access gateway server forwards secure connection requests and acknowledgements between the client and the remote device such that the remote access gateway does not possess any or all session keys necessary to decrypt communication between the client device and remote device. | 11-13-2008 |
| 20080282082 | NETWORK COMMUNICATION DEVICE - A disclosed network communication device corresponds to IP communications and is capable of performing IPsec communication. The network communication device includes a setting unit configured to obtain and set an operation mode specified by an administrator user; a detecting unit configured to detect a communication error caused by an incorrect portion in an IPsec setting; and a changing unit configured to change the IPsec setting, based on the operation mode set by the setting unit, to correct the incorrect portion or to cancel the IPsec communication, in the event that the communication error is detected. | 11-13-2008 |
| 20080282083 | METHOD AND SYSTEM FOR CONTROLLED MEDIA SHARING IN A NETWORK - A method for controlling media sharing among a plurality of nodes in a network. The present method is comprised of availing to the network an instance of media content for sharing among the plurality of nodes by a source node communicatively coupled to the network. The present method further includes decrypting the instance of media content from an encryption local to the source node. The present method further includes encrypting the instance of media content into an intermediate encryption. The present method further includes transferring the instance of media content to a node while the instance of media content is in the intermediate encryption. The node is associated with the network. The decrypting and the encrypting and the transferring are in response to receiving a request for the instance of media content from the node. | 11-13-2008 |
| 20080294890 | METHOD AND APPARATUS FOR CONTROLLING OUTPUT OF CONTENT DEVICE - Provided are a method and apparatus for controlling an output of a content device. The method includes: receiving a request signal that requests the use of encrypted content; executing software for decrypting the encrypted content in response to the received request signal; and controlling the decrypted content to be output through an output port that is allowed by the executed software. | 11-27-2008 |
| 20080301433 | Secure Communications - The subject matter of this specification can be embodied in, among other things, an apparatus that includes a verification module to provide information used to identify a user of the apparatus, a memory for storing information used for securing communications transmitted to a remote device, a processing unit for generating a secured communication based on the stored information, and an interface to communicate with a peripheral interface of a host device. The host device configured to transmit the secured communication to the remote device without accessing content of the secured communication. | 12-04-2008 |
| 20080301434 | METHOD AND APPARATUS FOR COMBINING INTERNET PROTOCOL AUTHENTICATION AND MOBILITY SIGNALING - Methods and apparatuses for combining internet protocol layer authentication and mobility signaling are disclosed. Various embodiments for providing authentication and mobility signaling when a mobile node moves from a 3GPP access network to a non 3GPP access network and vice versa are described. | 12-04-2008 |
| 20080307219 | SYSTEM AND METHOD FOR DISTRIBUTED SSL PROCESSING BETWEEN CO-OPERATING NODES - A secure communication protocol (e.g., SSL) transaction request from a client to a server is intercepted at a client-side proxy communicatively coupled to the client and logically deployed between the client and the server. The client-side proxy initiates a secure connection with the server and passes an attribute (e.g., a cryptographic key) associated with that secure connection to a server-side proxy communicatively coupled to the server and logically deployed between the client and the server. This enables the server-side proxy to engage in secure communications with the server in a transparent fashion. | 12-11-2008 |
| 20080313455 | KEY SUPPORT FOR PASSWORD-BASED AUTHENTICATION MECHANISMS - According to an example embodiment, a session key (e.g., MSK/EMSK) may be determined for a password-based authentication method based on a secret and one or more security parameters used for peer authentication of the method. For example, a session key (e.g., EMSK) may be determined for a EAP-MSCHAP (Extensible Authentication Protocol-Microsoft PPP CHAP Extension) protocol family method between a peer node and an EAP server, the determining being based on a secret and one or more security parameters used for the EAP-MSCHAP protocol family peer authentication. | 12-18-2008 |
| 20090077372 | PROCESS FOR TRANSMITTING AN ELECTRONIC MESSAGE IN A TRANSPORT NETWORK - In a process for transmitting an electronic message that contains protected and unprotected content, the authenticity of the header elements HE is ensured by obtaining a subsequent authenticity verification of the sender. For this purpose, a checking device which is inserted into the transmission network transforms the header elements of the original message into a new message whose contents are protected by known encryption methods. The new message is sent back to the sender which decrypts it and checks the header elements. If the sender verifies the authenticity of the transmitted data, the header elements on which the original message is based are also considered to be verified. According to the invention, the sender who sends the message, and is later requested to verify its authenticity, may be the mail server (Message Transfer Agent “MTA”) as well as the client of the MTA (and thus, the author of the message, who first forwards the message to the MTA). | 03-19-2009 |
| 20090083536 | Method and apparatus for distributing group data in a tunneled encrypted virtual private network - A packet forwarding process, on a data communications device, forwards a packet to a plurality of destinations within a network from that data communications device using an “encrypt then replicate” method. The packet forwarding process receives a packet that is to be transmitted to the plurality of destinations, and applies a security association to the packet using security information shared between the data communications device, and the plurality of destinations, to create a secured packet. The secured packet contains a header that has a source address and a destination address. The source address is inserted into the header, and then the packet forwarding process replicates the secured packet, once for each of the plurality of destinations. After replication, the destination address is inserted into the header, and the packet forwarding process transmits each replicated secured packet to each of the plurality of destinations authorized to maintain the security association. | 03-26-2009 |
| 20090083537 | SERVER CONFIGURATION SELECTION FOR SSL INTERCEPTION - A network intermediary device such as a transaction accelerator intercepts a client request for a secure communication connection with a server. The intermediary issues a substitute connection request to the server and receives a digital certificate during establishment of a secure communication session between the intermediary and the server. Based on information in the received digital certificate, the intermediary selects an appropriate operational configuration for responding to the client's request. The intermediary consults an ordered list or other collection of digital certificates it possesses, and chooses one having a common name that matches the server's common name. The match may comprise the first matching name, the longest match, the best match, the broadest match (e.g., a certificate having a name that includes one or more wildcard characters), etc. The intermediary then uses the selected certificate (and corresponding private key) to establish a secure communication session with the client. | 03-26-2009 |
| 20090083538 | REDUCING LATENCY OF SPLIT-TERMINATED SECURE COMMUNICATION PROTOCOL SESSIONS - A method is provided for establishing a split-terminated secure communication connection between a client and a server. A first network intermediary intercepts a secure communication connection request directed from the client to the server. A second intermediary having a digital certificate in the name of the server (and a corresponding private key) acts in place of the server to establish a first secure communication session with the client, during which it receives a secret from the client for generating the session key. The second intermediary supplies the secret and/or the session key to the first intermediary, which allows the first intermediary to establish follow-on secure communication sessions in which the secret is reused. The second intermediary may also supply the first intermediary with a copy of its certificate so that it can respond to new secure communication requests and, yet further, may also supply a copy of the private key. | 03-26-2009 |
| 20090094453 | Interoperable systems and methods for peer-to-peer service orchestration - Systems and methods are described for performing policy-managed, peer-to-peer service orchestration in a manner that supports the formation of self-organizing service networks that enable rich media experiences. In one embodiment, services are distributed across peer-to-peer communicating nodes, and each node provides message routing and orchestration using a message pump and workflow collator. Distributed policy management of service interfaces helps to provide trust and security, supporting commercial exchange of value. Peer-to-peer messaging and workflow collation allow services to be dynamically created from a heterogeneous set of primitive services. The shared resources are services of many different types, using different service interface bindings beyond those typically supported in a web service deployments built on UDDI, SOAP, and WSDL. In a preferred embodiment, a media services framework is provided that enables nodes to find one another, interact, exchange value, and cooperate across tiers of networks from WANs to PANs. | 04-09-2009 |
| 20090113204 | Secure Messaging - A method for secure communication of a message. The method includes providing a message including a plurality of message packets, providing a nodal network including a plurality of nodes, where nodal operations are capable of execution on the message packets at the nodes, gaining, by a first node of the network, a first message packet, processing the first message packet by the first node, relinquishing the first message packet as processed by the first node, gaining, by any other node of the network, at least one other message packet, processing the other message packet by the other node, relinquishing the other message packet as processed by the other node, receiving, by a message destination node of the network, a first message packet, receiving, by the message destination node, at least a second message packet, and processing the first message packet and the second message packet to provide a reproduced message. | 04-30-2009 |
| 20090119503 | SECURE PROGRAMMABLE HARDWARE COMPONENT - A cryptographic device may include a programmable hardware component, such as a Field Programmable Gate Array for example, and a processor. The programmable hardware component may encrypt and decrypt data. The programmable hardware component may be securely configured via cryptographically signed and encrypted configuration package. The configuration package may contain a hardware image and executable code. The processor may load the new hardware image onto the programmable hardware device and may execute the executable code to test an operation of the programmable hardware component and the new hardware image. The processor and the programmable hardware component may be physically and/or operationally independent of one another; thus, a security compromise associated with one may not affect the other. Once the programmable hardware component and the hardware image have been tested according to the executable code, the cryptographic device may be ready to encrypt and decrypt user data. | 05-07-2009 |
| 20090119504 | INTERCEPTING AND SPLIT-TERMINATING AUTHENTICATED COMMUNICATION CONNECTIONS - Systems and methods are provided for enabling optimization of communications within a networked computing environment requiring secure, authenticated client-server communication connections. Optimization is performed by a pair of intermediary network devices installed in a path of communications between the client and the server. A secure, authenticated communication connection between the client and server is split-terminated at a pair of intermediary network devices by intercepting a request from the client for a client-server connection, authenticating the client at the intermediaries, establishing a first secure, authenticated connection to the client, authenticating the client or an intermediary to the server, and establishing a second secure, authenticate connection to the server. Depending on the operative authentication protocol (e.g., NTLM, Kerberos), an intermediary may interface with a domain controller, key distribution center or other entity. | 05-07-2009 |
| 20090125713 | Wireless mesh network with secure automatic key loads to wireless devices - A wireless mesh network provides secure communication by encrypting data using one or more encryption keys. A configuration device in communication with a security manager of the network provides a temporary secure communication path between the security manager and a new field device to be added to the mesh network. Cryptographic material and other configuration data can then be transferred between the security manager of the network and the new field device securely via the configuration device. | 05-14-2009 |
| 20090132809 | Method and Apparatus for the Provision of Unified Systems and Network Management of Aggregates of Separate Systems - A method and apparatus for the provision of unified systems and network management of aggregates of separate systems is described herein. | 05-21-2009 |
| 20090138702 | METHOD AND APPARATUS FOR SUPPORTING CRYPTOGRAPHIC-RELATED ACTIVITIES IN A PUBLIC KEY INFRASTRUCTURE - In a node ( | 05-28-2009 |
| 20090150664 | COMPUTER MANAGEMENT SYSTEM - A computer management system is provided. In addition to a console and a computer, the computer management system comprises an encryption device and a decryption device. The console outputs a control signal. The encryption device encrypts the control signal to output an encryption signal. The decryption device then decrypts the encryption signal into the control signal, such that the computer is controller. | 06-11-2009 |
| 20090150665 | Interworking 802.1 AF Devices with 802.1X Authenticator - An apparatus comprising a supplicant proxy port authorization entity (PAE) configured to communicate with a user equipment (UE) and a network, wherein the supplicant proxy PAE causes a communication path to forward or block communications between the UE and the network. Included is a network component comprising at least one processor configured to implement a method comprising authenticating a UE with a network using an Institute of Electrical and Electronics Engineers (IEEE) 802.1X protocol, and exchanging a secure key with the UE using an IEEE 802.1 AF protocol. Also included is a method comprising authenticating a user UE configured for a first authentication protocol with a network configured for a second authentication protocol using a port entity configured for the first authentication protocol and the second authentication protocol, and securing the UE's access to the network by completing a security key agreement using the first authentication protocol. | 06-11-2009 |
| 20090172390 | PACKET-PARALLEL HIGH PERFORMANCE CRYPTOGRAPHY SYSTEMS AND METHODS - A cryptographic system ( | 07-02-2009 |
| 20090177879 | SECURITY COMMUNICATION APPARATUS AND SECURITY COMMUNICATION METHOD - A negotiation unit, of a logical network control apparatus connected to a LAN, judges settings of processing to be performed on communication data by a network connection apparatus, from properties of an application to be used in communication, and decides parameters to be used for a VPN connection. The VPN connection is performed using the determined parameters. | 07-09-2009 |
| 20090177880 | TRANSMISSION OF SECURE ELECTRONIC MAIL FORMATS - A method and system for providing e-mail messages to a receiving e-mail application. The e-mail messages as sent from a sending e-mail application being secure and in opaque signed format. The opaque signed e-mail messages being converted to clear signed e-mail messages by decoding extracting message content and digital signatures. The clear signed e-mails being sent to a receiving e-mail application. | 07-09-2009 |
| 20090187757 | METHOD AND SYSTEM FOR MEDIATED SECURE COMPUTATION - Techniques are described for mediated secure computation. A unique identifier value may be assigned to each one of a plurality of nodes included in a network. An encrypted portion of a logical circuit may be received at a server from each of the nodes, the logical circuit including one or more gates, each gate associated with one or more logical input wires and one or more logical output wires, the logical circuit associated with a function, wherein each encrypted portion is encrypted based on a random number value that is common to the plurality of nodes and unknown at the server. A result may be obtained based on executing the logical circuit, based on combining the encrypted portions of the logical circuit received at the server. | 07-23-2009 |
| 20090187758 | Data communication system and data transmitting apparatus - An LDAP server stores security levels individually assigned to a plurality of destinations and a plurality of users in advance. When a user is authenticated successfully by the LDAP server, a control section of a multi-functional machine obtains the security level of the authenticated user from the LDAP server via a communication section, and then restricts/relaxes display contents necessary in transmission processing, in accordance with the high/low of the security level. Further, when the security level is not lower than a predetermined threshold value, the control section obtains from the LDAP server a destination in which the user is adopted as the addressee. | 07-23-2009 |
| 20090198995 | System and method for providing security via a top level domain - A system and method is disclosed for providing end-to-end security for communications between registered clients of a top level domain without the need for further encryption/decryption protocols than those provided by said at least one of said plurality of secure communication links and said at least one secure message server. Clients registered with the top level domain are assigned at least one email and IM account and to ensure message security, are required to communicate with other registered others strictly via the assigned email and IM accounts. In this manner, non-registered users are denied secure access to the top level domain. In one embodiment, registered clients of the top-level domain may communicate with non-registered users via a gateway server in a secure or non-secure manner, as is the option of the registered client (sender). | 08-06-2009 |
| 20090204805 | Method for secure signal transmission in a telecommunication network, in particular in a local area network - In a telecommunication network, a modular expandable gateway connects a local area network to a wide area network and includes a base module and a plurality of add-on modules arranged in one or more stacks, the base module and the add-modules including respective encryption/decryption engines to exchange secure information with each other, thus frustrating any possible fraudulent interception of the information at the module interconnections. | 08-13-2009 |
| 20090210698 | Multiple DRM management - A DRM packager has a programmed processor for receipt of licensing information including a plurality of encryption keys for a corresponding plurality of DRM encryption algorithms and for receipt of content from a content provider. An encrypter encrypts the content under each of the plurality of DRM algorithms to produce multiple DRM selectively encrypted content, where the multiple DRM selectively encrypted content has segments of the specified content that are unencrypted, and selected segments of the content which are duplicated to produce one copy of the selected content for each of the DRM algorithms with each duplicate copy of the selected segments encrypted under a different one of the DRM algorithms, and where the unencrypted segments of content are assembled together with each of the DRM encrypted duplicate selected segments to produce a single unified content assembly that can be played on any of the player devices. This abstract is not to be considered limiting, since other embodiments may deviate from the features described in this abstract. | 08-20-2009 |
| 20090217030 | ADAPTIVE SERVER PERFORMANCE ADJUSTMENT - Apparatus, systems, and methods may operate to calculate the cryptographic throughput for a gateway server, calculate the input-output throughput for the gateway server, and responsive to determining that the cryptographic throughput is less than the input-output throughput, add nodes to the gateway server cryptographic buffer queue when a projection indicates that the sum of data remaining in the cryptographic buffer queue and data available to enter the cryptographic buffer queue is greater than a preselected watermark value. Additional apparatus, systems, and methods are disclosed. | 08-27-2009 |
| 20090217031 | Electrical System of a Motor Vehicle With a Master Security Module - The invention relates to an electrical system of a motor vehicle with control apparatuses, which communicate with one another by means of a data bus. To recognise manipulations to the electrical system of a motor vehicle, in particular on the software of the control apparatuses of the electrical system, and to derive suitable measures, it is proposed that a master security module is provided in a first control apparatus and a client security module is provided in each case in a plurality of the further second control apparatuses, and the master security module of the first control apparatus, preferably a central gateway control apparatus, signs a message and sends the signed message to at least one of the second control apparatuses by means of the data bus. The client security module of the second control apparatus checks the signed message received from the master security module as to whether it comes from an authorised master security module. | 08-27-2009 |
| 20090271615 | BRIDGING SYSTEM, BRIDGE, AND BRIDGING METHOD | 10-29-2009 |
| 20090271616 | Method for transferring encoded messages - Disclosed is a method for transferring encoded messages between at least two users, particularly cryptographic protocol, the message transaction taking place by inserting an authentication device which decodes the messages received from the users and sends especially encoded messages to the users. Said method comprises the following steps: a1) the user (A) sends a message (NA | 10-29-2009 |
| 20090276619 | PARALLEL DISTRIBUTION AND FINGERPRINTING OF DIGITAL CONTENT - Distributing information, including the steps of watermarking the digital content, distributing the digital content using a multi-source system, and partially fingerprinting digital content at each stage of moving information from a point of origin to the viewer. “Adaptation” of the digital content to the recipient includes maintaining the digital content in encrypted form at each such intermediate device, including decrypting the digital content with a key unique to both the device and the specific movie, selecting a portion of the watermark locations into which to embed information, embedding fingerprinting information into those locations sufficient to identify the recipient, and encrypting the fingerprinted digital content with a new such key. | 11-05-2009 |
| 20090282237 | HITLESS MANUAL CRYTOGRAPHIC KEY REFRESH IN SECURE PACKET NETWORKS - In a hitless manual cryptographic key refresh scheme, a state machine is independently maintained at each network node. The state machine includes a first state, a second state, and a third state. In the first state, which is the steady state, a current cryptographic key is used both for generating signatures for outgoing packets and for authenticating signatures of incoming packets. In the second state, which is entered when a new cryptographic key is provisioned, the old (i.e. formerly current) key is still used for generating signatures for outgoing packets, however one or, if necessary, both of the old key and the newly provisioned key is used for authenticating signatures of incoming packets. In the third state, the new key is used for generating signatures for outgoing packets and either one or both of the old key and new key are used for authenticating signatures of incoming packets. | 11-12-2009 |
| 20090292914 | NODES AND SYSTEMS AND METHODS FOR DISTRIBUTING GROUP KEY CONTROL MESSAGE - Nodes, systems and methods for distributing a group key control message are disclosed. The system mainly includes a root node and child nodes. The apparatus includes a distribution tree establishment node. The method mainly includes: establishing a distribution tree for the group key control message in the group key management system, a root node delivering the group key control message to the child nodes according to the distribution tree; the child nodes receiving the group key control message delivered from the root node, forwarding or locally processing the received group key control message. With the present disclosure, a replication/distribution mechanism for the group key control message is established within the group key management system, thereby eliminating the dependence of the group key management system on the deployed environment multicast service, and improving the availability and expansibility of the group key management system. | 11-26-2009 |
| 20090307482 | Method and Apparatus for Encryption and Pass-Through Handling of Confidential Information in Software Applications - Methods and apparatus for securely transmitting sensitive information to a remote device at the request of an application program are provided. The application program generates a request to a secure channel provider to make a transmission to a remote device. A first message is passed from the from the application program to the secure channel provider containing insertion point codes indicating locations within the first message where the sensitive information should be inserted. Sensitive information is obtained from a source outside of the application program and the sensitive information is inserted into the first message at the locations in the first message indicated by the insertion point codes to form a second message containing the sensitive information. The second message is encrypted and this encrypted message is transmitted to the remote device. The sensitive information is unaccessed by the application program during the execution of the method. | 12-10-2009 |
| 20090307483 | METHOD AND SYSTEM FOR PROVIDING A MESH KEY - Method for providing a mesh key which can be used to encrypt messages between a first node and a second node of a mesh network, wherein a session key is generated when authenticating the first node in an authentication server, the first node and the authentication server or an authentication proxy server using a predefined key derivation function to derive the mesh key from said session key, which mesh key is transmitted to the second node. | 12-10-2009 |
| 20090307484 | WIRELESS ACCESS POINT SECURITY FOR MULTI-HOP NETWORKS - Security in wireless communication networks that employ relay stations to facilitate communications between base stations and mobile stations is enhanced. In one embodiment, resource information provided to one or more relay stations from a base station or another relay station is encrypted prior to being delivered to the one or more relay stations. Only authorized relay stations are allocated an appropriate key necessary to decrypt the resource information. As such, only appropriate relay stations are able to access and use the resource information to effect communications directly or indirectly between the base stations and the mobile stations. In certain embodiments, the resource information is delivered between the various base and relay stations using either unicast or multicast delivery techniques. | 12-10-2009 |
| 20090307485 | METHOD FOR MITIGATING DENIAL OF SERVICE ATTACKS AGAINST A HOME AGAINST - The invention relates to a method for mitigating the effects of a DoS attack against a home agent supporting mobility for a plurality of mobile nodes. Furthermore the invention also relates to a home agent, a mobile node and a communication system implementing the method for mitigating the effects of a DoS attack against a home agent supporting mobility for a plurality of mobile nodes. To consider the problem of DoS attacks in the design of a mechanism for improving communication systems enabling mobility of mobile nodes, the invention proposes to configure a plurality of addresses at which the home agent is reachable in a communications network and to assign to each of the mobile nodes at least one of the plurality of home agent addresses. If a denial of service attack is detected by the home agent, the home agent de-configures the home agent address to which data packets of the denial of service attack are destined. | 12-10-2009 |
| 20090313465 | METHODS AND APPARATUS FOR SECURING OPTICAL BURST SWITCHING (OBS) NETWORKS - An optical network, having an optical communication link and first and second routers. The first router receives and classifies data, then forms a data burst based on destination. The first router sends an encrypted header and the data burst via the optical link. The second router, at least one hop from the first router, receives, decrypts and authenticates the header. Then, the second router extracts data burst information from the header and determines whether the address of the second router is the destination address for the data burst. If so, the second router receives the data burst and sends data to an appropriate line interface. If not, the second router selects and reserves a wavelength on a second optical link for the data burst. The second router selects an encryption key for the header, encrypts and sends the header, and then routes the data burst to the selected wavelength. | 12-17-2009 |
| 20090319772 | IN-LINE CONTENT BASED SECURITY FOR DATA AT REST IN A NETWORK STORAGE SYSTEM - A network storage server receives multiple write requests from a set of clients via a network and internally buffers multiple data blocks written by the write requests. At a consistency point, the storage server commits the data blocks to a nonvolatile mass storage facility. The consistency point process includes using a storage operating system in the network storage server to compress the data blocks, encrypt selected data blocks, and store the compressed and (possibly) encrypted data blocks in the nonvolatile mass storage facility. Data blocks can also be fingerprinted in parallel with compression and/or encryption, to facilitate subsequent deduplication. Data blocks can be indexed and classified according to content or attributes of the data. Encryption can be applied at different levels of logical container granularity, where a separate, unique cryptographic key is used for each encrypted logical container. | 12-24-2009 |
| 20090319773 | ENCRYPTION-BASED CONTROL OF NETWORK TRAFFIC - A computer-implemented method for protecting a computer network ( | 12-24-2009 |
| 20090319774 | IDENTIFICATION INFORMATION PROTECTION METHOD IN WLAN INTER-WORKING - By introducing a hierarchical encryption scheme and the use of asymmetric cryptography, the critical information in message exchanges is concealed from unauthorized entities. This helps greatly in preventing man-in-the-middle attacks faced by inter-working. In addition, access control is conducted by introducing a network structure having a rule interpreter that is capable of mapping general rules to WLAN specific commands. It obviates the needs for mobile user's home network to understand information about every WLAN it is inter-worked with. A common interface independent of WLAN technologies could be used by the home network for all the WLANs. The above conception provides a solution to the problems of the protection of user identification information and access control in the inter-working of WLAN. | 12-24-2009 |
| 20090319775 | Data Path Security Processing - Methods and associated systems provide secured data transmission over a data network. A security device provides security processing in the data path of a packet network. The device may include at least one network interface to send packets to and receive packets from a data network and at least one cryptographic engine for performing encryption, decryption and/or authentication operations. The device may be configured as an in-line security processor that processes packets that pass through the device as the packets are routed to/from the data network. | 12-24-2009 |
| 20090327698 | PROCESS AND STREAMING SERVER FOR ENCRYPTING A DATA STREAM WITH BANDWIDTH BASED VARIATION - There is disclosed a process for encrypting a data stream to secure the data stream for single viewing and to protect copyrights of the data stream. Specifically, there is disclosed a process for protecting streaming multimedia, entertainment and communications in an Internet-type transmission. There is further disclosed a streaming server component operably connected with a streaming server that interacts with a client system to affect the inventive process. | 12-31-2009 |
| 20090327699 | SYSTEM AND METHOD FOR BEND-IN-THE-WIRE ADJACENCY MANAGEMENT - A method for translating network data transmissions begins with a data transmission received at a router. An interface identifier is prepended before a first field of the data transmission, forming a prepended field. The data transmission is transmitted to a translation device. The data transmission is translated without altering the prepended field. The translated data transmission is transferred back to the router. The interface identifier is removed. The translated data is transmitted while maintaining adjacency with an adjacent peer using the interface identifier. | 12-31-2009 |
| 20100023752 | METHOD AND DEVICE FOR TRANSMITTING GROUPCAST DATA IN A WIRELESS MESH COMMUNICATION NETWORK - A method for transmitting groupcast data in a wireless mesh communication network as provided improves security of groupcast data. The method comprises processing, at a supplicant node, authentication handshake data received from an authenticator node, wherein the supplicant node is a next-hop neighbor of the authenticator node away from a root node. The supplicant node then stores a group transient key (GTK) received from the authenticator node. Next, the supplicant node processes authentication handshake data received from a third node, wherein the third node is a next-hop neighbor of the supplicant node away from the root node. The GTK is then transmitted from the supplicant node to the third node. Encrypted groupcast data are then generated at the supplicant node by using the GTK to encrypt groupcast data received from the authenticator node. Finally, the encrypted groupcast data are transmitted from the supplicant node to the third node. | 01-28-2010 |
| 20100023753 | SYSTEM AND METHOD OF GENERATING SUBTITLING FOR MEDIA - A method for media subtitling is described, wherein subtitles and/or captions for media are first created on a web interface in a first language along with the appropriate synchronization information with respect to the media. The document content may be created via the web interface, or it may be created locally and uploaded to the interface. Subsequent to creation and/or upload of at least a portion of the subtitling, personnel in different locations (e.g., different terminals or different countries) then access the web interface, which includes the first language and the synchronization information, to create foreign/alternative subtitling. | 01-28-2010 |
| 20100031017 | SYSTEM AND METHOD FOR ENCRYPTING SECONDARY COPIES OF DATA - A system and method for encrypting secondary copies of data is described. In some examples, the system encrypts a secondary copy of data after the secondary copy is created. In some examples, the system looks to information about a data storage system, and determines when and where to encrypt data based on the information. | 02-04-2010 |
| 20100031018 | INFORMATION DELIVERY SYSTEM, DELIVERY CENTER DEVICE, USER TERMINAL DEVICE AND INFORMATION DELIVERY METHOD - A user terminal device specifies presence or absence of additional recording in issuing a content request, and in the case of additional recording, the device transmits medium information and encrypted information of pre-recorded contents to a delivery center. When receiving a content additional recording request from the device, the delivery center decrypts once encrypted contents to be additionally recorded with the corresponding-content keys. The encrypted key information is decrypted by the medium information from the device to decrypt content keys of the pre-recorded contents and re-encrypts encrypted contents to be additionally recorded to deliver the re-encrypted contents to the device. When receiving contents for additional recording, the device records the received contents so as to be related to the pre-recorded contents, on a recording medium. | 02-04-2010 |
| 20100031019 | SECURE APPLICATION ROUTING - Disclosed is a computer implemented method and apparatus to secure a routing path. A local node receives a request for secure route identification from an upstream node. Responsive to receiving a request for secure route identification, the local node transmits a local node security level and an authentication key to the upstream node. The local node determines whether at least one downstream node is authentic and has sufficient security level from a second-level downstream node. The local node may then establish a socket to the upstream node. | 02-04-2010 |
| 20100031020 | Systems and Methods for the Management and Security of Digital Idea Submissions - A system and method is described for managing and securing electronically submitted ideas to a central repository. Users can submit an idea to a central controller which stores that idea in digital form. The user is able to view and update the idea over time, and determine who may or may not have access to the stored files. Access to the stored information is regulated by a central controller. Such control may be dictated by the preferences of the user storing the information. The user may elect to allow only himself to have access to the information, or to allow access to trusted friends or to anyone who enters the central control or website. There is also a method for securing parental/guardian permission to share ideas generated and electronically stored when the idea is generated by a minor. | 02-04-2010 |
| 20100042828 | DOCUMENT DATA ENCRYPTION METHOD AND DOCUMENT DATA ENCRYPTION SYSTEM - An encrypting device encrypts original document data by use of a password of an addressee, thereby generating encrypted document data. A decryption authority changing device, of which operating authority is held by the addressee, generates authority changing information M structured by encrypting the password of the addressee with a password of a proxy, and notifies a decrypting device of the information, of which the operating authority is held by the proxy. The decrypting device decrypts the password of the addressee by employing the password of the proxy, and decrypts the encrypted document data by use of the decrypted password of the addressee. | 02-18-2010 |
| 20100042829 | System and Method for Processing Data and Communicating Encrypted Data - Systems and methods for processing data and communicating encrypted data are provided. A method of processing data and communicating encrypted data may include receiving input traffic data at a first interface of a channel service unit/data service unit (CSU/DSU). The method may also include encrypting management data associated with the input traffic data at the CSU/DSU to produce encrypted management data. The method may further include sending the encrypted management data via a second interface of the CSU/DSU to a remote terminal of a local area network via a data router coupled to the CSU/DSU. | 02-18-2010 |
| 20100049966 | SECRET INFORMATION DELIVERY SYSTEM AND SECRET INFORMATION DELIVERY METHOD - To prevent information leakage at the time of transferring secret information data stored by using secret sharing scheme to the outside. | 02-25-2010 |
| 20100049967 | METHOD AND NETWORK FOR ENSURING SECURE FORWARDING OF MESSAGES - The method and network ensure secure forwarding of a message in a telecommunication network that has at least one first terminal and another terminal. The first terminal moves from a first address to a second address. A secure connection between the first address of the first terminal and the other terminal defining at least the addresses of the two terminals is established. When the first terminal moves from the first address to a second address, the connection is changed to be between the second address and to the other terminal by means of a request from the first terminal and preferably a reply back to the first terminal. | 02-25-2010 |
| 20100049968 | COMPUTER NETWORK - A computer network is disclosed in which a group of computers co-operate to perform a distributed application. In order to ensure that only members of that group of computers are able to carry out certain operations, messages sent in the performance of the distributed application are checked by the recipient for the presence of a group membership token. The inclusion of a group membership token is controlled by one or more group membership handlers which intercept messages from local components and only include a group membership token with the message if they list the sending local component as being entitled to include the group membership token in the message. Furthermore, by operating the group membership token on a separate machine, or preferably a separate virtual machine from the local component, security is further improved. In the most preferred embodiments, the group token handler and/or the local component are hosted on virtual machines which provide virtualised cryptographic functionality. | 02-25-2010 |
| 20100058052 | METHODS, SYSTEMS AND DEVICES FOR SECURING SUPERVISORY CONTROL AND DATA ACQUISITION (SCADA) COMMUNICATIONS - A secure supervisory control and data acquisition (SCADA) system includes a SCADA control host system and any number of remote terminal unit (RTU) systems. Each RTU system includes an RTU transceiver, an RTU and a remote security device (RSD) coupling the RTU to the RTU transceiver. The SCADA control host system includes a SCADA control host configured to exchange SCADA information with each of the RTUs in a SCADA format, and a host security device (HSD) coupling the SCADA control host to a host transceiver. The host transceiver is configured to establish communications with each of the plurality of RTU transceivers. The HSD communicates with the RSDs to transparently encrypt the SCADA information using a cryptographic protocol that is independent of the SCADA protocol to thereby secure the communications between the HSD and each of the RSDs. | 03-04-2010 |
| 20100064132 | METHOD AND SYSTEM FOR CLOSE RANGE COMMUNICATION USING CONCENTRIC ARCS MODEL - The present invention relates to a method and system for close range communication involving colored images preferably involving concentric circles and/or arcs as coloured image based information identifiers. More particularly, the invention is directed to a method and system to communicate information between two mobile phones using the display (Screen) and Capturing units (Camera) of the mobile devices. | 03-11-2010 |
| 20100070755 | METHOD AND DEVICE FOR CONFIRMING AUTHENTICITY OF A PUBLIC KEY INFRASTRUCTURE (PKI) TRANSACTION EVENT - A method and device for confirming authenticity of a public key infrastructure (PKI) transaction event between a relying node and a subject node in a communication network enables improved network security. According to some embodiments, the method includes establishing at a PKI event logging (PEL) server a process to achieve secure communications with the relying node (step | 03-18-2010 |
| 20100070756 | DEVICE AND METHOD FOR DIGITAL PROCESSING MANAGEMENT OF CONTENT SO AS TO ENABLE AN IMPOSED WORK FLOW - A device receives protected content and a license for the content, unprotects the content using an input key and retrieves a rule associated with the input key. The device then processes the content to create new content, retrieves at least one output key associated with the input key in the retrieved rule, protects the content using the output key and sends the newly protected content and the corresponding license. It is thus possible to impose a work flow as it is necessary for a device to store a particular key in order to access the content and as the rule imposes a particular output key depending on the input key. In a preferred embodiment, the content is scrambled using a symmetrical key that is encrypted by an asymmetrical key in the license. An alternate embodiment uses watermarking techniques instead of encryption. The invention finds particular use in video processing. | 03-18-2010 |
| 20100077203 | RELAY DEVICE - “Leakage”, “falsifying”, “masquerading”, “approach”, or “attack” of data on the Internet are prevented in a communication between a personal computer and the outside thereof without installing software or hardware in the personal computer. An intermediary apparatus includes NIC (Network Interface Card) drivers connected to networks respectively and a network layer and a transport layer which include “TCP/IP” defining a communication method for communicating while carrying out routing (ROUTING) between any two nodes and is provided for a physical layer and a data-link layer including the NIC drivers. Between the data-link layer and network layer, the function of “TCP2” can be provided. | 03-25-2010 |
| 20100077204 | INFORMATION PROCESSING APPARATUS, MANAGEMENT APPARATUS, COMMUNICATION SYSTEM AND COMPUTER READABLE MEDIUM - An information processing apparatus connected to a management apparatus via a communication line, includes: an other-apparatuses information acquisition unit that acquires information concerning a plurality of other information processing apparatuses from the management apparatus; a key registration unit that registers first keys to be used in encrypted communication between the information processing apparatus and each of the plurality of other information processing apparatuses, into a storage unit; a key transmitting unit that collectively transmits the first keys to the management apparatus; and a key acquisition unit that acquires from the management apparatus second keys that each has been transmitted to the management apparatus from the respective one of plurality of other information processing apparatuses. The key registration unit further registers the second keys acquired by the key acquisition unit into the storage unit. | 03-25-2010 |
| 20100077205 | System and Method for Cipher E-Mail Protection - The preferred embodiments of the present invention disclose a security transformation system which includes an e-mail client, a cipher proxy, a dictionary database and an Internet e-mail system. The system is capable of generating and receiving messages and performing a cipher substitution and encryption of key fields of messages when they are stored at a user's Internet e-mail system. When the messages are received or accessed the system permits deciphering and decrypting the message using a reverse security transformation The preferred embodiments of the method of the present invention comprises steps of generating and receiving messages at an Internet e-mail system, performing a security transformation on said messages, encrypting said messages, updating a cipher dictionary at a cipher proxy, and decoding and decrypting the messages when accessed by a user. | 03-25-2010 |
| 20100077206 | DIGITAL RIGHTS MANAGEMENT PROVISION APPARATUS, SYSTEM, AND METHOD - Provided is digital rights management (DRM) provision technology, and more particularly, are an apparatus, system, and method which can easily provide content using one or more DRM systems. A DRM provision apparatus includes a content download unit which downloads encrypted real content and dummy content from a download server and which manages the downloaded real content and dummy content; a license management unit which manages a license issued by a license server; and a processing unit which manages the downloaded real content and dummy content and the issued license. | 03-25-2010 |
| 20100082971 | APPLYING DIGITAL RIGHTS TO NEWLY CREATED ELECTRONIC DOCUMENTS - A routing computer is connected to one or more multi-function peripherals (MFPs) on a network. A routing manager located in the routing computer contains user information for users that operate one or more of the MFPs connected on the network. Based on a set of user preferences and or default settings, document data scanned by or received via facsimile for a particular user is sent from one of the MFPs to the routing computer. The routing manager then applies rights management and optional encryption to the destination document created from the document data and sends the destination document to a folder or to one or more individuals via electronic mail. As a result, rights management policy may be applied to newly created documents automatically and before the documents are accessible to users in network storage or by email. | 04-01-2010 |
| 20100088505 | CONTENT DELIVERY NETWORK ENCRYPTION - A system and method for delivering content to end users encrypted within a content delivery network (CDN) for content originators is disclosed. CDNs transport content for content originators to end user systems in a largely opaque manner. Caches and origin servers in the CDN are used to store content. Some or all of the content is encrypted within the CDN. When universal resource indicators (URIs) are received from an end user system, the CDN can determine the key used to decrypt the content object within the CDN before delivery. Where there is a cache miss, an origin server can be queried for the content object, which is encrypted in the CDN. | 04-08-2010 |
| 20100095110 | OUT OF BAND ENCRYPTION - Embodiments of the invention relate to systems and methods for securing data transmission in networks. Embodiments of the invention further relate to encryption methods that dynamically adjust during the course of data transmission. Further, the encryption methods can adapt dynamically without user intervention. In one embodiment, an encryption scheme can be established, controlled, and monitored via out-of-band communication between transceiver modules. | 04-15-2010 |
| 20100095111 | Gateway Registry Methods and Systems - A gateway device for managing a set of two or more local management devices at a location. A system for networks at a plurality of locations. A method of operating a gateway device in a control network. A method for storing information to operate a gateway device in a control network. A method for storing information to operate a replacement gateway device in a control network. | 04-15-2010 |
| 20100095112 | DATA ENCRYPTION USING A KEY AND MONIKER FOR MOBILE STORAGE MEDIA ADAPTED FOR LIBRARY STORAGE - Disclosed are a method and apparatus for a data storage library comprising a plurality of drives and a combination bridge controller device adapted to direct and make compatible communication traffic between a client and the plurality of drives. The combination bridge controller device is further adapted to encrypt a first data package received from the client. The combination bridge controller device is further adapted to transmit the encrypted first data package, a first moniker and a first message authentication code to one of the plurality of drives for storage to a cooperating mobile storage medium. The combination bridge controller device is further adapted to decrypt the first data package when used in combination with a first key associated with the first moniker and guarantee the decryption of the first data package was successfully accomplished with authentication of the first message authentication code. | 04-15-2010 |
| 20100106961 | METHODS AND APPARATUS FOR ENABLING UNIFIED (INTERNET PROTOCOL VERSION) IPV6/IPV4 ROUTING SERVICES OVER IPv4-ONLY INTERFACES - Some embodiments of the present invention provide an apparatus that provides routing services between a red network and a black network. The apparatus includes a red router within the red network, a black router within the black network, and an IP encryptor having a red side IPv4-only interface and a black side interface, with the red side interface operatively coupled to the red router and the black side interface operatively coupled to the black network. The apparatus is configured to provide unified IPv6/IPv4 OSPFv3 routing over IPv4-only interfaces using cross-layer extensions. | 04-29-2010 |
| 20100106962 | METHOD, APPARATUS, AND SYSTEM FOR MANAGING MULTIMEDIA SERVICES - A method for managing multimedia services includes the following steps: A session receiver sends Real-time Transport Control Protocol (RTCP) packets to a distribution aggregation point, and each distribution aggregation point is connected to at least one session receiver and aggregates the received RTCP packets into the first aggregated packet whose format is different from the format of the RTCP packets; the distribution aggregation point sends the first aggregated packet to a distribution source over a transmission network, and the distribution source aggregates the aggregated packet into a second aggregated packet, and then processes the second aggregated packet and transmits it to a session sender, or transmits the second aggregated packet to the session sender directly. The present invention implements feedback of mass packets from the session receiver to the sender in large-scale multicast applications, and avoids the unicast bottleneck. | 04-29-2010 |
| 20100115264 | System and Method for Processing Encoded Messages for Exchange with a Mobile Data Communication Device - A system and method are provided for pre-processing encrypted and/or signed messages at a host system before the message is transmitted to a wireless mobile communication device. The message is received at the host system from a message sender. There is a determination as to whether any of the message receivers has a corresponding wireless mobile communication device. For each message receiver that has a corresponding wireless mobile communication device, the message is processed so as to modify the message with respect to one or more encryption and/or authentication aspects. The processed message is transmitted to a wireless mobile communication device that corresponds to the first message receiver. The system and method may include post-processing messages sent from a wireless mobile communications device to a host system. Authentication and/or encryption message processing is performed upon the message. The processed message may then be sent through the host system to one or more receivers. | 05-06-2010 |
| 20100125730 | BLOCK-LEVEL DATA STORAGE SECURITY SYSTEM - A secure storage appliance is disclosed, along with methods of storing and reading data in a secure storage network. The secure storage appliance is configured to present to a client a virtual disk, the virtual disk mapped to the plurality of physical storage devices. The secure storage appliance is capable of executing program instructions configured to generate a plurality of secondary blocks of data by performing splitting and encrypting operations on a block of data received from the client for storage on the virtual disk and reconstitute the block of data from at least a portion of the plurality of secondary blocks of data stored in shares on corresponding physical storage devices in response to a request from the client. | 05-20-2010 |
| 20100131753 | IMAGE FORMING APPARATUS, HOST APPARATUS AND ENCRYPTION METHOD OF JOB OBJECT DOCUMENT THEREOF - An image forming apparatus, a host apparatus, and an encryption method for print data, the method of encrypting the print data of the host apparatus connected to the image forming apparatus including: displaying an encryption setting screen for the print data; selecting an encryption logic to encrypt the print data through the encryption setting screen; converting the print data according to the selected encryption logic; and transmitting the converted print data to the image forming apparatus. Accordingly, the print data is encrypted and decrypted on the basis of the selected encryption logic and corresponding decryption logic set up according to users, thereby increasing security. | 05-27-2010 |
| 20100131754 | Apparatus, and an Associated Method, for Providing and Using Opaque Presence Indications in a Presence Service - An apparatus, and an associated method, enables presence information of a presentity to be retrieved by a watcher. Elements, or portions, of the presence information may be made selectively opaque (unreadable) to any but authorized watchers or other consumers of the presentity information. | 05-27-2010 |
| 20100138650 | SECURE COMMUNICATION SYSTEM, GATEWAY APPARATUS AND ITS OPERATING METHOD - A secure communication system includes: an external peer terminal for generating a security group and participating in the security group by connecting to a peer-to-peer (P2P) network; and a legacy terminal connected to a local area network. The system further includes a gateway apparatus, connected to both of the P2P network and the local area network, for enabling the legacy terminal to participate in the security group. | 06-03-2010 |
| 20100153703 | STORAGE SECURITY USING CRYPTOGRAPHIC SPLITTING - Methods and systems for storing data securely in a secure data storage network are disclosed. One method includes receiving at a secure storage appliance a block of data for storage on a volume, the volume associated with a plurality of shares distributed across a plurality of physical storage devices. The method also includes cryptographically splitting the block of data received by the secure storage appliance into a plurality of secondary data blocks. The method further includes encrypting each of the plurality of secondary data blocks with a different session key, each session key associated with at least one of the plurality of shares. The method also includes storing each data block and associated session key at the corresponding share, remote from the secure storage appliance. | 06-17-2010 |
| 20100153704 | Trusted Bypass For Secure Communication - A device having an encryption module in communication with first and second communication ports may facilitate connecting to an access network, without requiring a non-secure hard drive to initiate the network access. The encryption module may define a normal mode and a bypass mode. In normal mode, data from the first port may be sent encrypted to the second port, for communicating securely in an encrypted environment. In bypass mode, data from the first port may be sent unencrypted to the second port. The data being sent may be intercepted and presented to the user for approval in a human readable format. The user may confirm that the data is appropriate for being sent unencrypted. This data may be sent unencrypted in response to a request for information (e.g., an assent to terms and conditions) from the access network, such as at a hotel or public wireless hotspot, for example. | 06-17-2010 |
| 20100153705 | ENCRYPTION DEVICE, DECRYPTION DEVICE, ENCRYPTION METHOD, AND DECRYPTION METHOD - It is possible to provide an encryption device, a decryption device, an encryption method, and a decryption method capable of effectively performing encryption and decryption by using the packet type judgment result. An encryption/decryption device ( | 06-17-2010 |
| 20100153706 | Securing IP Traffic - A method of securing IP traffic sent from a first host to a second host attached respectively to first and second access points. The method comprises establishing a shared secret between said first and second hosts, and for each packet to be sent, using the next value in a pseudo-random number sequence as an interface identifier part of the source IP address. | 06-17-2010 |
| 20100161962 | SYSTEM AND METHOD OF TRANSMITTING/RECEIVING SECURITY DATA - There are provided a security server for intermediating transmission/reception of security data between a service providing server and a user terminal, a security data transmission/reception system and a method. In order to intermediate the transmission/reception of security data between the service providing server and the user terminal, the security server may generate a session key corresponding to a secret key provided from a user terminal, receive security data together with the session key from a security data transmitter, encode the security data with the secret key corresponding to the session key, store the encoded security data, provide a data encryption key to the security data transmitter, decode the encoded security data with the secret key corresponding to the session key when the session key is received together with a security data request key from a security data receiver, and provide the decoded security data to the security data receiver. | 06-24-2010 |
| 20100161963 | TRUSTED AND SECURE TECHNIQUES FOR ITEM DELIVERY AND EXECUTION - Documents and other items can be delivered electronically from sender to recipient with a level of trustedness approaching or exceeding that provided by a personal document courier. A trusted electronic go-between can validate, witness and/or archive transactions while, in some cases, actively participating in or directing the transaction. Printed or imaged documents can be marked using handwritten signature images, seal images, electronic fingerprinting, watermarking, and/or steganography. Electronic commercial transactions and transmissions take place in a reliable, “trusted” virtual distribution environment that provides significant efficiency and cost savings benefits to users in addition to providing an extremely high degree of confidence and trustedness. The systems and techniques have many uses including but not limited to secure document delivery, execution of legal documents, and electronic data interchange (EDI). | 06-24-2010 |
| 20100169638 | COMMUNICATION SYSTEM HAVING MESSAGE ENCRYPTION - A system includes a communication device configured to transmit a message to an unsecured server. A secured server is in communication with the communication device, and is configured to receive the message from the communication device before the message is transmitted to the unsecured server, encrypt the message, and transmit the encrypted message to the unsecured server. | 07-01-2010 |
| 20100169639 | METHOD FOR MANAGING A GLOBALLY ACCESSIBLE OPERATIONAL DATA WAREHOUSE SYSTEM WITH IMPROVED SECURITY AND CONSUMER RESPONSE - A secure data exchange and access system, method, and architecture for allow web-based data transfer with improved security and scalability. The system incorporates and enables serialized pedigree systems while allowing security for storing, authenticating, and tracking a change of custody of a serialized item along a transfer chain. A plurality of independent databases, respectively blind to each other but for a global construct, retains pieces of information along a product supply chain. Specific encryption/decryption protocols enable secure information transfer in a number of modes including a post point of sale anti-counterfeiting system that includes a process for consumer involvement as a triggering mechanism. | 07-01-2010 |
| 20100174899 | DATA DISTRIBUTION SYSTEM, KEY MANAGEMENT DEVICE, AND KEY MANAGEMENT METHOD - Receiving terminals joining a multicast group are divided into sub groups and rekeying is performed only on the sub group which one of the receiving terminals has left. An encryption key management system having an encryption method is provided in which a multicast server is connected via an IP network, a seed node carries out encryption multicast communications among receiving terminals by using an encryption key, the receiving terminals are properly divided into the sub groups, the single encryption key is used for data distribution of the multicast server, and the number of decoding keys is equal to the number of divided sub groups. | 07-08-2010 |
| 20100180113 | METHOD FOR MISBEHAVIOUR DETECTION IN SECURE WIRELESS MESH NETWORKS - In a method for secure data transmission in a wireless mesh network, a sending node sends at least one packet to at least one forwarding node which receives the packet from the sending node and forwards the packet to one or more receiving nodes. A destination node receives the packet. A challenge is transmitted from the sending node to the forwarding node causing the forwarding node to reply both to the sending and the receiving node with a response which has transformed information about one or more of the packet/packets. The response is processed to find out whether the forwarding node is misbehaving or not by verifying whether the transformed information is equal to an information which can be or has been derived from the requested packet/packets, wherein the processing is carried out both by the sending node and the receiving node. | 07-15-2010 |
| 20100185848 | SECURE EXTERNAL BUFFER FOR HARD DISK DRIVE SYSTEM ON A CHIP - A system securely buffers hard disk drive data using a host side eXlusive OR (XOR) encryption engine. A host communicates with an encryption interface interposed between the host and a client. Communicatively coupled to the encryption interface is an external buffer for the collection and processing of data. A host side XOR encryption engine, using a random seed, encrypts data originating from the host and places it on the external buffer. Once collected at the buffer and ready for transmittal to the client, the encrypted data is retrieved by the encryption interface and decrypted using the same random seed. The clear data is then encrypted once again using a robust encryption means such as Advance Encryption Standard (AES) encryption by a client side device for conveyance to the client. | 07-22-2010 |
| 20100191958 | METHOD AND NETWORK DEVICE FOR PROCESSING NESTED INTERNET PROTOCOL SECURITY TUNNELS - A method and network device for processing nested IPSec tunnels are for processing outbound packets flowing into QC and inbound packets flowing out an IPSec tunnel via the network device. The network device ( | 07-29-2010 |
| 20100199085 | DETERMINING COMPOSITION OF AN INITIALIZATION VECTOR FOR ENCAPSULATING SECURITY PAYLOAD PROCESSING - A method which includes receiving a request to perform encapsulating security payload (ESP) processing for data exchanged between a node and an other node over a secure network connection established via an Internet Protocol security (IPsec) security association. Information associated with the IPsec security association is obtained based on the request. The information indicates a prepend data unit size for an initialization vector, a generated data unit size for the initialization vector and an append data unit size for the initialization vector. A composition of each initialization vector included with encrypted data exchanged between the node and the other node based, at least in part, on the prepend, generated and append data unit size for the initialization vector is then determined. | 08-05-2010 |
| 20100205428 | Method and Apparatus for Distributing Group Data In A Tunneled Encrypted Virtual Private Network - A packet forwarding process, on a data communications device, forwards a packet to a plurality of destinations within a network from that data communications device using an “encrypt, then replicate” method. The packet forwarding process receives a packet that is to be transmitted to the plurality of destinations, and applies a security association to the packet using security information shared between the data communications device, and the plurality of destinations, to create a secured packet. The secured packet contains a header that has a source address and a destination address. The source address is inserted into the header, and then the packet forwarding process replicates the secured packet, once for each of the plurality of destinations. After replication, the destination address is inserted into the header, and the packet forwarding process transmits each replicated secured packet to each of the plurality of destinations authorized to maintain the security association. | 08-12-2010 |
| 20100211771 | KEY DISTRIBUTION - Methods and systems are provided for trusted key distribution. A key distribution or an identity service acts as an intermediary between participants to a secure network. The service provisions and manages the distribution of keys. The keys are used for encrypting communications occurring within the secure network. | 08-19-2010 |
| 20100217971 | AGGREGATION OF CRYPTOGRAPHY ENGINES - Systems, methods, and other embodiments associated with aggregation of cryptography engines are described. One example method includes receiving an outbound data packet on an outbound side of a data connection. The example method may also include analyzing the outbound data packet to determine a distribution value. The example method may also include selectively distributing the outbound data packet to one of a plurality of outbound processors based, at least in part, on the distribution value. The example method may also include receiving an inbound data packet on an inbound side of the data connection. The example method may also include examining the inbound data packet for an identifier. The example method may also include selectively distributing the inbound data packet to one of a plurality of inbound processors based, at least in part, on the identifier. | 08-26-2010 |
| 20100217972 | LOCK ADMINISTRATION SYSTEM - A lock administration system for self-powered locks is provided. The system comprises an ASP (application service provider) server operationally connected to the Internet and configured to store lock system related information, at least one client module configured to control the generating of shared secrets for encrypting and decrypting, and the generating and the encrypting of lock access data packets using a token, transmit the data packets to the ASP server using public networks, receive an encrypted status packet from the ASP server using public networks, control the decrypting of the status packet and send information regarding the decrypt status packet to the ASP server using public networks and at least one lock configured to receive data packets from the ASP server via public networks, decrypt the data packets and send an encrypted status packet to the ASP server using public networks. | 08-26-2010 |
| 20100217973 | SYSTEM AND METHOD FOR ENCRYPTING PROVIDER IDENTIFIERS ON MEDICAL SERVICE CLAIM TRANSACTIONS - The present invention relates to a method and a system for collecting and providing reports of activities of medical service providers, while encrypting confidential information. Specifically, the present invention provides systems and methods for collecting and providing information from medical claim transactions without information for specifically identifying the particular medical service provider. The present invention also allows for correlation of medical claim transactions with providers' information without using information that can be used to specifically identify the particular medical service provider (provider identifier). | 08-26-2010 |
| 20100223458 | PAIR-WISE KEYING FOR TUNNELED VIRTUAL PRIVATE NETWORKS - In an embodiment, a method for generating and distributing keys retains the scalability of a group VPN, but also provides true pair-wise keying such that an attacker who compromises one of the devices in a VPN cannot use the keys gained by that compromise to decrypt the packets from the other gateways in the VPN, or spoof one of the communicating gateways. The method is resistant to collusion when co-operating attackers overtake several VPN gateways and observe the keys stored in those gateways. In an embodiment, a VPN gateway comprises a cryptographic data processor configured to encrypt and to decrypt data packets; group key management logic; and Key Generation System logic. In one approach a gateway performs, in relation to adding a group member, receiving in a security association (SA) message secret data for use in the KGS; and derives keys for secure communication with one or more peer VPN gateways using the secret data. | 09-02-2010 |
| 20100228965 | SYSTEM AND METHOD FOR USING A STREAMING PROTOCOL - An initialization vector (IV) is employed to decrypt a block of a stream that has been encrypted with Cypher Block Chaining (CBC) encryption, without requiring decryption of previous blocks within the stream. For example, a listener who accesses a distribution point to retrieve encrypted content authenticates himself to an application server that regulates access to encrypted content on the distribution point, and responsively receives a key. The listener then requests access to a reference point within the encrypted content stream somewhere after its beginning (e.g., using preview clips). The distribution point relates the reference point to a corresponding block of the encrypted stream, and identifies an IV previously used for encryption of that block. The distribution point provides the associated encrypted block of content and the IV to the listener to enable mid-stream rendering of the encrypted content, without requiring the listener to decrypt previous blocks within the encrypted stream. | 09-09-2010 |
| 20100235621 | METHOD OF SECURELY PAIRING DEVICES WITH AN ACCESS POINT FOR AN IP-BASED WIRELESS NETWORK - A wireless access point and method of using a wireless access point to allow a user to use a pre-determined security key provided with the access point or a personal security key that is provided by the user. The access point is purchased with a pre-determined security key. A user of the access point may press a pairing button on the access point to automatically pair other devices with the access point using the pre-determined security key. A label with a passphrase that corresponds to the pre-determined security key is provided with the access point, allowing the user to manually enter the passphrase into devices that cannot automatically pair with the access point. The wireless access point also has a “security on/off” button. When the user presses the security on/off button, the access point may cease use of the pre-determined security key in favor of a personal security key. | 09-16-2010 |
| 20100235622 | TRANSFER DEVICE FOR SENSITIVE MATERIAL SUCH AS A CRYPTOGRAPHIC KEY - Mechanisms are provided for transferring sensitive information, such as cryptographic keys, between entities. Particularly, a device is provided with a user input connected directly to a secure element. The device enables a user to enter sensitive information in the user input which is then passed directly to the secure element without traversing any other element such that the secure element can encode and/or encrypt the sensitive information. Once the sensitive information has been encoded and/or encrypted by the secure element, the now secure sensitive information can be shared with other entities using familiar and popular, yet relatively unsecure, transfer methods. | 09-16-2010 |
| 20100241848 | SYSTEM AND METHOD FOR SECURELY COMMUNICATING WITH ELECTRONIC METERS - An infrastructure for securely communicating with electronic meters is described, which enables secure communication between a utility and a meter located at a customer, over a communication link or connection such as via a network. This enables messages to be sent from the utility to the meter and vice versa in a secure manner. The network provides a communication medium for communicating via the C12.22 protocol for secure metering. A cryptographic backend is used to cryptographically process messages to be sent to the meter and to similarly cryptographically process messages sent from the meter. By providing appropriate cryptographic measures such as key management, confidentiality and authentication, the meter can only interpret and process messages from a legitimate utility and the utility can ensure that the messages it receives are from a legitimate meter and contain legitimate information. | 09-23-2010 |
| 20100241849 | INTEROPERABLE SYSTEMS AND METHODS FOR PEER-TO-PEER SERVICE ORCHESTRATION - Systems and methods are described for performing policy-managed, peer-to-peer service orchestration in a manner that supports the formation of self-organizing service networks that enable rich media experiences. In one embodiment, services are distributed across peer-to-peer communicating nodes, and each node provides message routing and orchestration using a message pump and workflow collator. Distributed policy management of service interfaces helps to provide trust and security, supporting commercial exchange of value. Peer-to-peer messaging and workflow collation allow services to be dynamically created from a heterogeneous set of primitive services. The shared resources are services of many different types, using different service interface bindings beyond those typically supported in a web service deployments built on UDDI, SOAP, and WSDL. In a preferred embodiment, a media services framework is provided that enables nodes to find one another, interact, exchange value, and cooperate across tiers of networks from WANs to PANs. | 09-23-2010 |
| 20100262822 | CONTENT TRANSMITTING APPARATUS, CONTENT TRANSMITTING METHOD, AND CONTENT TRANSMITTING PROGRAM - A content transmitting apparatus, includes: an acquisition device configured to acquire content data distributed in streaming mode; a temporary storage device configured to store temporarily the content data acquired by the acquisition device; a data control device configured to read the content data from the temporary storage device on a first-in first-out basis; an encryption device configured to encrypt in units of a predetermined amount the content data read out by the data control device; and a transmission device configured to transmit the content data encrypted by the encryption device to a predetermined receiving apparatus via a network. If the remaining capacity of the temporary storage device becomes smaller than a predetermined threshold value depending on status of the network, then the data control device discards the content data read from the temporary storage device. | 10-14-2010 |
| 20100268935 | METHODS, SYSTEMS, AND COMPUTER READABLE MEDIA FOR MAINTAINING FLOW AFFINITY TO INTERNET PROTOCOL SECURITY (IPSEC) SESSIONS IN A LOAD-SHARING SECURITY GATEWAY - Methods, systems, and computer readable media for maintaining flow affinity to IPSec sessions in a load-sharing security gateway are disclosed. According to one embodiment, the method includes receiving packets at a security gateway that provides communications of packet flows between source and destination entities using IPSec sessions. For each packet, it is determined whether the packet is assigned to an existing packet flow between a source and a destination entity that is being processed by the SG. In response to determining that the packet belongs to an existing flow, the packet is forwarded to a processing element associated with that flow and IPSec processing is performed at the processing element. In response to determining that the packet does not belong to an existing flow, a new flow is defined and assigned to a next available processing element. IPSec processing is performed for the flow at the next available processing element. | 10-21-2010 |
| 20100268936 | INFORMATION SECURITY DEVICE AND INFORMATION SECURITY SYSTEM - Provided is a migration system considering security authentication levels and data protection strength levels of the both security devices between which data is migrated. | 10-21-2010 |
| 20100268937 | KEY MANAGEMENT FOR SECURE COMMUNICATION - A method and arrangement is disclosed for managing session keys for secure communication between a first and at least a second user device in a communications network. The method is characterized being independent of what type of credential each user device implements for security operations. A first user receives from a first key management server keying information and a voucher and generates a first session key. The voucher is forwarded to at least a responding user device that, with support from a second key management server communicating with the first key management server, resolves the voucher and determines a second session keys. First and second session keys are, thereafter, used for secure communication. In one embodiment the communication traverses an intermediary whereby first and second session keys protect communication with respective leg to intermediary. | 10-21-2010 |
| 20100268938 | SECURING DATA IN A DISPERSED STORAGE NETWORK USING SECURITY SENTINAL VALUE - A sentinel value is combined with a data segment, and encrypted. A digest of the encrypted combined data segment is calculated, and used in conjunction with an encryption key to generate a masked key. This masked key is then appended to the encrypted combined data segment and transmitted to an encoder. When the data segment is retrieved, the original encryption key can be recovered and used to decrypt the data segment. The sentinel value can then be extracted from the data segment and checked for integrity. The data segment can then be delivered, discarded, flagged, or otherwise handled based on the integrity of the sentinel value. | 10-21-2010 |
| 20100275008 | METHOD AND APPARATUS FOR SECURE PACKET TRANSMISSION - A source endpoint includes a security association database; a processing device and an interface operatively coupled to: receive a first packet requiring security processing; retrieve from the first packet a destination endpoint data address for a destination endpoint that is to receive the first packet; determine an address translation; apply the address translation to the retrieved destination endpoint data address to generate a destination endpoint security address, and create an entry in a storage device, wherein the entry corresponds only to the destination endpoint and comprises the generated destination endpoint security address and a set of security parameters. The source endpoint further indexes the storage device to obtain the security parameters for security processing of the first packet to generate a secured first packet; and sends the secured first packet to the destination endpoint. | 10-28-2010 |
| 20100306526 | Staged Establishment of Secure Strings of Symbols - A multi-stage technique of establishing a plurality of secure strings of symbols is disclosed. In the first stage, the illustrative embodiment establishes a first-stage string of symbols with each other node. The first-stage strings are chosen from a first, small, key space, which means that they can be established more quickly than a highly secure key from a large key space. The advantage of the first-stage strings is that it enables the user to transmit secure messages more quickly than messages secured with highly secure strings. The disadvantage of the illustrative embodiment is that the first-stage strings are not as secure as strings from a larger key space. This disadvantage is mitigated, however, by the fact that the first-stage strings are only used for a short amount of time—until the second-stage strings are established in the second stage. | 12-02-2010 |
| 20100306527 | CONTROLLING THE VALIDITY PERIOD OF A DECRYPTION KEY - The invention provides a method and a system for allowing access to a digital broadcast stream on a client device in a conditional access system, wherein the start time and end time of events in the broadcast stream are predefined. If entitled, a server system transmits for an even the start time and end time to the client device. As long as the current time, which is also transmitted from the server system to the client device, is within the range from the start time to the end time, the client device is allowed to decrypt the broadcast stream. To allow events to extend in time without requiring the generation of a new end time, the start time and end time on the one hand and the current time on the other hand are defined on different timescales. | 12-02-2010 |
| 20100306528 | SECURED PRESENTATION LAYER VIRTUALIZATION FOR WIRELESS HANDHELD COMMUNICATION DEVICE HAVING ENDPOINT INDEPENDENCE - The connectivity and security of wireless handheld devices (HDs) can he leveraged to provide a presentation appliance (PA) (e.g. a laptop) with an ability to securely communicate with an enterprise's private network. A split-proxy server, with part of it executing on the HD and a part executing on the PA, implements a full HTTP 1.1 compliant Internet/Web Proxy to couple the PA for communication through the HD. Support for the pragmatic keep-alive header, the CONNECT method, socket connection sharing, and thread pooling, enables a fully functional browsing environment to access web-based applications that are built on standard Internet technologies without the need for re-rendering or re-writing the user interfaces to suit the HD. In addition, Intranet web-based applications are made securely accessible without the need for additional VPN and remote access technologies. The PA may be configured to prevent residual storage of sensitive data on the PA. | 12-02-2010 |
| 20100306529 | SECURE MODEM GATEWAY CONCENTRATOR - The present invention provides a method and system for secure access to computer equipment. An embodiment includes a secure access controller connected to a link between a transceiver (such as a modem) and the computer equipment. Public and private keys are used by the secure access controller and a remote user. The keys are provided to the secure access controller by an authentication server. Once the transceiver establishes a communication link with the user, the access controller uses these keys to authenticate packets issued by the user to the computer equipment. If the packet is authenticated, the access controller passes the packet to the computer equipment. Otherwise, the packet is discarded. Another embodiment includes a secure access controller having a plurality of ports for connection to a plurality of different pieces of computer equipment. The secure access controller thus intermediates communications between the modem and the plurality of different pieces of computer equipment. | 12-02-2010 |
| 20100325421 | APPARATUS AND METHOD FOR PROVIDING SECURITY SERVICE IN HOME NETWORK - An apparatus and method for providing a security service is provided. The apparatus includes a reception module which receives first data including a first public key and marked with a security ID, the first public key being one of a pair of public keys necessary for providing a security service to a home server and the security ID indicating that the first data needs to be encrypted; a response generation module which generates second data by encrypting part of a response message for the first data; and a transmission module which transmits the second data to a home server in a home network. | 12-23-2010 |
| 20100325422 | SYSTEM AND METHOD FOR POLICY-DRIVEN FILE SEGMENTATION AND INTER-CLOUD FILE STORAGE AND RETRIEVAL - A file storage system includes one or more document input devices and a processor communicating with both a memory and the one or more document input devices. The processor executes a software application stored on the memory to separate a sensitive portion of a document from an insensitive portion of a document. A first type of cloud storage includes one or more storage devices in operable communication with the one or more document input devices. The first type of cloud storage is configured to store one or both of the separated portions with a level of encryption agreed upon by a user. A second type of cloud storage includes one or more storage devices in operable communication with the one or more document input devices. The second type of cloud storage is configured to store the insensitive portion of a document based on a consent of the user. | 12-23-2010 |
| 20100325423 | System and Method for Securing an Electronic Communication - A system for securing an electronic communication comprises a gateway server configured to receive and store a device identifier and a network address from a first computing device. The device identifier identifies the first computing device, and the network address is associated with the first computing device. Thereafter, the gateway server receives from a second computing device the network address of the first computing device and an encryption key request. The gateway server derives from the device identifier for the first computing device an encryption key and sends the encryption key to the second computing device. A communication from the second computing device to the first computing device may thereafter be secured using the encryption key. A related method of securing an electronic communication is also disclosed. | 12-23-2010 |
| 20110016308 | ENCRYPTED DOCUMENT TRANSMISSION - Apparatuses, systems and methods are provided for secure transmission of data. | 01-20-2011 |
| 20110016309 | CRYPTOGRAPHIC COMMUNICATION SYSTEM AND GATEWAY DEVICE - A GW (PDG) at the termination of remote access is installed in the 3GPP system. After an IPSec tunnel between a terminal and the GW is opened, an IPSec tunnel between a VPN client and the corporate network GW is opened, whereby the data from the terminal is transferred via two tunnels between the terminal and the GW and between the VPN client and the corporate network GW to the corporate network. Also, the GW checks if the destination network uses the global address from the destination IP address of a message received from the terminal making the remote VPN access. If the global address is required, the source IP address of the message received from the terminal is translated from the private address for use within the corporate network to which the terminal is allocated to the global address to transfer the message. | 01-20-2011 |
| 20110022835 | Secure Communication Using Asymmetric Cryptography and Light-Weight Certificates - Encrypted communications between servers and client devices over an unsecured channel, such as the Internet, without using a public key infrastructure are disclosed. Messages to a client device are encrypted using an encryption key of an authorized individual, regardless of the identity of the user of the client device. Encryption is performed by a system that does not expose encryption keys to the client device or the server, thereby preventing man-in-the-middle attacks against the encryption key. Secure communications are combined with a two-factor protocol for authenticating the identity of an individual. An individual authenticates by generating a cipher using a light-weight certificate that has a shared secret but no other information identifying the individual. Separately, a server generates the same cipher using the shared secret, thereby authenticating the individual's identity to a relying party. | 01-27-2011 |
| 20110047371 | SYSTEM AND METHOD FOR SECURE DATA SHARING - A system and method for providing secure data storage and retrieval is disclosed. The system utilizes a protocol for distributing authentication tokens amongst potential recipients of information. Digital information is then disseminated via the system to authorized recipients. Various types of hardware and software authentication devices may be utilized to provide additional security during the storage and retrieval processes. | 02-24-2011 |
| 20110055551 | METHOD AND NETWORK NODES FOR GENERATING CRYPTOGRAPHICALLY GENERATED ADDRESSES IN MOBILE IP NETWORKS - A method for generating a cryptographically generated address (CGA) comprises steps of: generating, in a network node located on a communication path between a first node and a second node, the network node having unique information of the first node, a cryptographically generated address (CGA) for the first node using the unique information of the first node; and assigning the CGA to the first node. The network node further comprises a generator of CGA for the first node using the unique information of the first node, and an output for assigning the CGA to the first node. | 03-03-2011 |
| 20110055552 | PRIVATE, ACCOUNTABLE, AND PERSONALIZED INFORMATION DELIVERY IN A NETWORKED SYSTEM - A client receives a notification of a user interaction with an information item and creates a record describing this interaction. The client encrypts the record using an encryption key associated with a server. The encrypted record is then communicated to at least one proxy, which in turn forwards the encrypted record to a server. Upon receiving the encrypted record from the proxy, a server decrypts the record using a decryption key and analyzes the decrypted record to identify the information item and the type of user interaction. This information may be used individually or in aggregate for tracking user interests, billing advertisers or information item providers, and/or collecting anonymous information from users. | 03-03-2011 |
| 20110066843 | MOBILE MEDIA PLAY SYSTEM AND METHOD - A mobile play device rights-managed media system and method are provided herein. | 03-17-2011 |
| 20110066844 | METHOD AND SYSTEM FOR DIGITAL RIGHTS MANAGEMENT BROKERING AND DIGITAL ASSET SECURITY TRANSCODING - A computer-implemented method and system for DRM brokering and digital asset security transcoding comprising utilizing a broker for converting content from one format into one or more alternative DRM-protected formats for distribution to end-users. The broker operates an escrow system for securing and tracking the content and information about the content and encryption keys associated with a plurality of DRM content formats. The broker further provides a common inter-DRM log format for receiving usage transaction logs and payment logs associated with transcoding and distribution the content in one or more DRM-protected content formats. | 03-17-2011 |
| 20110066845 | TRANSMISSION OF SECURE ELECTRONIC MAIL FORMATS - A method and system for providing e-mail messages to a receiving e-mail application. The e-mail messages as sent from a sending e-mail application being secure and in opaque signed format. The opaque signed e-mail messages being converted to clear signed e-mail messages by decoding extracting message content and digital signatures. The clear signed e-mails being sent to a receiving e-mail application. | 03-17-2011 |
| 20110083010 | Conditionally intercepting data indicating one or more aspects of a communique to obfuscate the one or more aspects of the communique - A computationally implemented method includes, but is not limited to: intercepting communiqué aspect data that is directed to an end user entity and that indicates one or more aspects of a communiqué directed to the end user entity and that is affiliated with a particular source entity, the intercepting of the communiqué aspect data being in accordance with one or more conditional directives of the end user entity to conditionally obfuscate the communiqué affiliated with the source entity; and transmitting to the end user entity, in response to intercepting the communiqué aspect data and in lieu of transmitting direct indication of the communiqué to the end user entity, covert indicator data that upon reception by the end user entity covertly indicates the one or more aspects of the communiqué. In addition to the foregoing, other method aspects are described in the claims, drawings, and text forming a part of the present disclosure. | 04-07-2011 |
| 20110087879 | Communication network with secure access for portable users - A communication network includes a local area network (LAN) and a wireless access point coupled to the LAN. In one embodiment, each access point includes a medium access control (MAC) stage, and a radio frequency (RF) transmitter/receiver for communicating unsecure message data via RF links with users of associated wireless devices. An optical transmitter/receiver in the access point enables the users to communicate secure message data over the LAN via free space optical (FSO) links with the users. The MAC stage operates (i) to direct unsecure data from the LAN to the wireless device users and to direct unsecure data from the users to the LAN, via the RF transmitter/receiver; and (ii) to direct secure data from the LAN to the wireless device users and to direct secure data from the users to the LAN, via the optical transmitter/receiver. An integrated VoIP/FSO portable handset is also disclosed. | 04-14-2011 |
| 20110093696 | DEVICE AND METHOD FOR DIRECTING EXCHANGE FLOWS FOR PUBLIC OR NON SENSITIVE VALUES FOR CREATING COMMON SECRET KEYS BETWEEN AREAS - A method and a system for routing exchange flows of public or non-sensitive values for creating common keys between a number of areas in a system in which the entities communicate with each other by trust group, including: each entity generates a public value and communicates this public value to a router; the router, having a mapping table correlating a virtual network number and the MAC addresses of the associated entities, recovers all the public addresses transmitted by the entities by associating them with their MAC address, and retransmits, to each of the entities, a public value of another entity belonging to the same trust group; each entity recovering the public value of another entity belonging to the same trust group then determines the value of the encryption key common to the entities of one and the same trust group; and uses this key to encrypt the data to be transmitted to another entity. | 04-21-2011 |
| 20110093697 | SYSTEM AND METHOD FOR UPGRADING THE REMOTE CONTROL FUNCTIONALITY OF A DEVICE - A system and method for upgrading remote control application resident on a device. To this end, a markup language file is created. The markup language file has a representation of information used to setup the remote control application to communicate with an appliance. The markup language file may be executed, on the device or an intermediate client with which the device is synchronized, to upload the representation of the information to a remote server. At the remote server, the uploaded information is used to automatically display user-selectable, downloadable data files relevant to the control of the appliance. Downloaded data files, which may include command codes and/or graphical user interface elements, may be used within the device to upgrade the ability of the remote control application to communicate with the appliance. The information uploaded to the server may also be used to generate demographic data regarding consumer preferences. | 04-21-2011 |
| 20110093698 | SENDING MEDIA DATA VIA AN INTERMEDIATE NODE - A method and apparatus for sending protected media data from a data source node to a client node via an intermediate node. The data source node establishes a first hop-by-hop key to be shared with the intermediate node and an end-to-end key to be shared with the client node. A single security protocol instance is configured and used to trans-protocol form data from a media stream into transformed data using the keys. The transformed data is then sent to the intermediate node. The intermediate node uses the first hop-by-hop key to apply a security processing to the transformed data, and establishes a second hop-by-hop key with the client node. A second transformation is performed on the transformed data using the second hop-by-hop key to produce further transformed media data, which is then sent to the client node. At the client node a single security protocol instance is configured with the second hop-by-hop key and the end-to-end key, which are used to apply further security processing to the transformed media data. | 04-21-2011 |
| 20110099366 | Secure Transfer of Information - Disclosed is a method for secure transfer of information through a centralized system. The method comprising: maintaining user account information, a user account of a certain user comprising at least a user id and associated public and private keys, the private key being retrievable by means of a password of said certain user; receiving ( | 04-28-2011 |
| 20110107084 | SYSTEM FOR AND METHOD FOR RELAYING MESSAGES - A system for and method of relaying messages is presented. In an exemplary embodiment, the system and method may include receiving a request from a user to transmit a message to an intended recipient, processing the message for transmission, wherein processing the message comprises assigning metadata to the message, and transmitting the message with the metadata to the intended recipient, where transmitting the message with metadata comprises searching for at least one proximate ad hoc relay device in the event that a communication link cannot be established with a communication network. | 05-05-2011 |
| 20110131408 | DOCUMENT LINK SECURITY - A method, system, and computer usable program product for document link security are provided in the illustrative embodiments. A link is created to a document stored in a data storage device accessible from a data processing system. A characteristic of the document is encrypted in the link. The link with the encrypted characteristic forms an encrypted locator. The encrypted locator may be embedded into another data, such as a page, which may be transmitted with the embedded encrypted locator. A request for the document may be received. The request may include encrypted information. The encrypted information may be the encrypted locator, the encrypted characteristic, or a combination thereof. The encrypted information is decrypted. The document is accessed using the decrypted information. The document is provided in response to the request. | 06-02-2011 |
| 20110131409 | Conditionally intercepting data indicating one or more aspects of a communique to obfuscate the one or more aspects of the communique - A computationally implemented method includes, but is not limited to: intercepting communiqué aspect data that is directed to an end user entity and that indicates one or more aspects of a communiqué directed to the end user entity and that is affiliated with a particular source entity, the intercepting of the communiqué aspect data being in accordance with one or more conditional directives of the end user entity to conditionally obfuscate the communiqué affiliated with the source entity; and transmitting to the end user entity, in response to intercepting the communiqué aspect data and in lieu of transmitting direct indication of the communiqué to the end user entity, covert indicator data that upon reception by the end user entity covertly indicates the one or more aspects of the communiqué. In addition to the foregoing, other method aspects are described in the claims, drawings, and text forming a part of the present disclosure. | 06-02-2011 |
| 20110131410 | WIDE AREA NETWORK ACCESS MANAGEMENT COMPUTER - A system and method for connecting a classified internet protocol (IP) network to a public IP network including an unclassified computing device. The unclassified computing device is a wide area network access management computer which directly connects to a National Security Agency (NSA) High Assurance Internet Protocol Encryptor (HAIPE) device and interfaces between the IP network and the classified IP network. The wide area network access management computer includes a graphical user interface, an internal data network communications interface, an external data network communications interface and a processing unit. The processing unit operates the network interfaces and presents information to the graphical user interface and interprets user input from the graphical user interface. The processing unit also performs the processing and protocols associated with the internal and external networks, performs client processing and allows the user to interact with services on any of the attached networks. | 06-02-2011 |
| 20110138171 | GLOBAL PROFILE MANAGEMENT METHOD AND SYSTEM - A profile management method and system. The method includes retrieving by a computer processor from a user of social network, a user request for generating a profile. The computer processor retrieves user data and an encrypted master security token comprising an identifier associated with the user. The computer processor generates the profile with the user data and associates the profile with the encrypted master security token. The computer processor receives from the social network a request associated with a membership to the social network. The computer system adds communication data to the encrypted master security token and enables access to the profile based on the encrypted master security token. The computer processor transmits to said first social network, a copy of the profile. | 06-09-2011 |
| 20110154019 | Graceful Conversion of a Security to a Non-security Transparent Proxy - A graceful conversion of a security to a non-security transparent proxy is performed. A security transparent proxy is an intermediary between two end devices, with an established secure connection with each end device using different security keys. In response to a policy decision or other stimulus, the security transparent proxy is gracefully converted to a non-security transparent proxy such that it can forward, without decrypting and encrypting, the information received from a first endpoint on the first connection therewith to the second endpoint on the second connection therewith. This conversion is “graceful” in that it does not drop either of the two original sessions. In one embodiment, this graceful conversion is accomplished by triggering a key renegotiation on both of the two sessions such that the two connections will use the same encryption key. | 06-23-2011 |
| 20110154020 | Conditionally releasing a communique determined to be affiliated with a particular source entity in response to detecting occurrence of one or more environmental aspects - A computationally implemented method includes, but is not limited to: intercepting a communiqué that is determined to be affiliated with a source entity and that is addressed to an end user to prevent, at least temporarily, the communiqué from being received by a communication device associated with the end user; and releasing the communiqué to the communication device in response to at least detecting occurrence of one or more environmental aspects associated with the communication device, the releasing of the communiqué being in accordance with one or more conditional directives of the end user to conditionally obfuscate the communiqué determined to be affiliated with the source entity. In addition to the foregoing, other method aspects are described in the claims, drawings, and text forming a part of the present disclosure. | 06-23-2011 |
| 20110154021 | APPARATUS AND METHOD TO PREVENT MAN IN THE MIDDLE ATTACK - A system, peripheral device, and method for authenticating an encryption key before transmitting encrypted messages containing sensitive information are provided. Authentication of a client device during the coordination of data transfer among multiple computer devices is possible by providing a peripheral device that does not have a direct connection to a network, but rather, any message to be transmitted over the network must be relayed through a client device. Any sensitive information to be transferred to a remote device is inserted into a message, then the message is encrypted in the peripheral device. This prevents any process running on the client device from fooling the client device into communicating confidential information to a third party rather than the desired remote computer, because the client device never sees the sensitive information in an unencrypted form; only the peripheral device has access to the sensitive information in an unencrypted form. | 06-23-2011 |
| 20110161656 | SYSTEM AND METHOD FOR PROVIDING DATA SECURITY IN A HOSTED SERVICE SYSTEM - Aspects of the present disclosure are directed to methods and systems for protecting sensitive data in a hosted service system. The system includes a host system and the host system includes a key management system (KMS) and a metadata service system (MSS). The KMS and the MSS are communicatively coupled to each other. The system further includes a database management system (DBMS) having a database, a query pre-parser, and a results handler. The query pre-parser and the results handler are communicatively coupled to the KMS and the MSS, and the system also includes a processing application adapted to process at least some data received from a tenant system. | 06-30-2011 |
| 20110161657 | METHOD AND SYSTEM FOR PROVIDING TRAFFIC HASHING AND NETWORK LEVEL SECURITY - An approach is provided for enabling traffic hashing and network level security. A unit of transmission associated with a flow of network traffic is received at a routing node. The unit of transmission is encrypted. A pseudo-address to assign to the encrypted unit of transmission is determined. The pseudo-address is assigned to the encrypted unit of transmission. | 06-30-2011 |
| 20110167255 | SYSTEM, APPARATUS AND METHOD FOR ENCRYPTION AND DECRYPTION OF DATA TRANSMITTED OVER A NETWORK - A method and system for securing data transmitted between a client device and a server by obtaining input text at an intermediate module, processing the input text to obtain processed text, and transmitting the processed text to the server. Embodiments of the invention include securing data between a client device and a server by processing the input text at the intermediate module by applying an order-preserving transformation, the order-preserving transformation comprising: generating order information based on the input text, the order information indicative of a relative order of the input text within a set of possible input texts according to a collation rule. | 07-07-2011 |
| 20110173440 | Conditionally releasing a communique determined to be affiliated with a particular source entity in response to detecting occurrence of one or more environmental aspects - A computationally implemented method includes, but is not limited to: intercepting a communiqué that is determined to be affiliated with a source entity and that is addressed to an end user to prevent, at least temporarily, the communiqué from being received by a communication device associated with the end user; and releasing the communiqué to the communication device in response to at least detecting occurrence of one or more environmental aspects associated with the communication device, the releasing of the communiqué being in accordance with one or more conditional directives of the end user to conditionally obfuscate the communiqué determined to be affiliated with the source entity. In addition to the foregoing, other method aspects are described in the claims, drawings, and text forming a part of the present disclosure. | 07-14-2011 |
| 20110173441 | HIGHLY SCALABLE ARCHITECTURE FOR APPLICATION NETWORK APPLIANCES - A highly scalable application network appliance is described herein. According to one embodiment, a network element includes a switch fabric, a first service module coupled to the switch fabric, and a second service module coupled to the first service module over the switch fabric. In response to packets of a network transaction received from a client over a first network to access a server of a data center having multiple servers over a second network, the first service module is configured to perform a first portion of OSI (open system interconnection) compatible layers of network processes on the packets while the second service module is configured to perform a second portion of the OSI compatible layers of network processes on the packets. The first portion includes at least one OSI compatible layer that is not included in the second portion. Other methods and apparatuses are also described. | 07-14-2011 |
| 20110179266 | Method for secure transmission using a fax server, system and computer program for implementing this method - The present invention relates to a method for secure transmission using a fax server, comprising the following steps: a step of transmitting the document to be faxed, by the sender to a server, in the form of a digital file in a non-fax format, as well as information relative to the identity of the recipient, a step of calculating a Tiff format file from said digital file on the one hand, the creation date and time of said file and an informative file on the other hand and modifying said Tiff file to be transmitted to insert a signature and information allowing the recipient to access the recorded files. This file is then transmitted by the server to the telephone address of the recipient of said file, according to a fax standard. The invention also relates to a computer system and program for implementing this method. | 07-21-2011 |
| 20110179267 | METHOD, SYSTEM AND SERVER FOR IMPLEMENTING SECURITY ACCESS CONTROL - A method for implementing network security access control is provided, including: receiving and decrypting terminal identity information that is encrypted in a bi-directional encryption mode and forwarded by a switch, and authenticating the decrypted terminal identity information; returning an authentication result to the switch so that the switch controls access of a terminal to a network according to the authentication result; encrypting the decrypted terminal identity information in a solo-directional encryption mode and authenticating the encrypted terminal identity information; returning an authentication result to a security access control gateway so that the security access control gateway controls access of the terminal to network resources according to the authentication result; delivering a security policy to a security control module on the terminal so that the security control module controls the terminal according to the security policy. A server is provided, including a first authentication module and a second authentication module. A system for implementing network security access control is provided, including a server, a switch, a security access control gateway and a terminal. | 07-21-2011 |
| 20110185169 | Agile Network Protocol For Secure Communications With Assured System Availability. - A plurality of computer nodes communicate using seemingly random Internet Protocol source and destination addresses. Data packets matching criteria defined by a moving window of valid addresses are accepted for further processing, while those that do not meet the criteria are quickly rejected. Improvements to the basic design include (1) a load balancer that distributes packets across different transmission paths according to transmission path quality; (2) a DNS proxy server that transparently creates a virtual private network in response to a domain name inquiry; (3) a large-to-small link bandwidth management feature that prevents denial-of-service attacks at system chokepoints; (4) a traffic limiter that regulates incoming packets by limiting the rate at which a transmitter can be synchronized with a receiver; and (5) a signaling synchronizer that allows a large number of nodes to communicate with a central node by partitioning the communication function between two separate entities. | 07-28-2011 |
| 20110202757 | AUTHENTICATION APPARATUS, AUTHENTICATION SYSTEM, AUTHENTICATION METHOD, AND AUTHENTICATION PROGRAM - An authentication system receives encrypted terminal identification information and terminal identification information, from a transmission terminal, and determines whether decrypted identification information decrypted using a terminal public key obtained by the authenctaion system matches the terminal identification information received from the transmission terminal. | 08-18-2011 |
| 20110208960 | System and Method for Secure Communications - Encryption of electronic messages may be automatically processed by a messaging system based on keywords or other attributes of the messages. In one example, if the message includes a predefined keyword, the messaging system may automatically encrypt the message for all recipients outside of a private network. In another example, the messaging system may automatically encrypt messages based on recipient address. Thus, if a recipient is on a list of addresses to which encryption applies, the message being sent to that particular recipient may be encrypted while a copy of the message being sent to other recipients not on the list might remain unencrypted. | 08-25-2011 |
| 20110213957 | LAYERED PROTECTION AND VALIDATION OF IDENTITY DATA DELIVERED ONLINE VIA MULTIPLE INTERMEDIATE CLIENTS - A method is provided for securely delivering identity data units over a communications network to a client device. The method includes receiving a selection from a customer identifying a final zipped package to be unpacked. The final zipped package is unpacked to obtain a common package and a digital signature file signed by an entity generating identity data requested by the customer. The digital signature in the digital signature file is verified and the common package is unpacked to obtain a plurality of outer packages and an encrypted symmetric key. The symmetric key is decrypted with a private key associated with the customer and each of the outer packages is decrypted with the symmetric key to obtain a plurality of identity data units. | 09-01-2011 |
| 20110213958 | SYSTEMS AND METHODS FOR UTILIZING IMS DATA SECURITY MECHANISMS IN A CIRCUIT SWITCHED NETWORK - Aspects of the present invention provide a mechanism to utilize IMS media security mechanisms in a CS network and, thereby, provide end-to-end media security in the case where the media traffic travels across both a CS network and a PS network. | 09-01-2011 |
| 20110225418 | SECURE STORAGE OF PROTECTED DATA IN A WIRELESS COMMUNICATION DEVICE - A wireless communication device comprises first processing circuitry configured to execute an RF operating system and second processing circuitry configured to execute an open operating system, wherein the first processing circuitry is linked to a secure memory device inaccessible to the second processing circuitry. The RF operating system is configured to receive protected data and store the protected data in the secure memory device. The open operating system is configured to receive a request for the protected data from one of a plurality of user applications and transfer the request to the RF operating system. In response to the request for the protected data, the RF operating system is configured to retrieve the protected data from the secure memory device, encrypt the protected data, and transfer the encrypted protected data to the open operating system for delivery to the one of the user applications associated with the request. | 09-15-2011 |
| 20110225419 | AGILE NETWORK PROTOCOL FOR SECURE COMMUNICATIONS WITH ASSURED SYSTEM AVAILABILITY - A plurality of computer nodes communicate using seemingly random Internet Protocol source and destination addresses. Data packets matching criteria defined by a moving window of valid addresses are accepted for further processing, while those that do not meet the criteria are quickly rejected. Improvements to the basic design include (1) a load balancer that distributes packets across different transmission paths according to transmission path quality; (2) a DNS proxy server that transparently creates a virtual private network in response to a domain name inquiry; (3) a large-to-small link bandwidth management feature that prevents denial-of-service attacks at system chokepoints; (4) a traffic limiter that regulates incoming packets by limiting the rate at which a transmitter can be synchronized with a receiver; and (5) a signaling synchronizer that allows a large number of nodes to communicate with a central node by partitioning the communication function between two separate entities. | 09-15-2011 |
| 20110231652 | PROXY SSL AUTHENTICATION IN SPLIT SSL FOR CLIENT-SIDE PROXY AGENT RESOURCES WITH CONTENT INSERTION - A traffic management device (TMD), system, and processor-readable storage medium are directed to determining that an end-to-end encrypted session has been established between a client and an authentication server, intercepting and decrypting subsequent task traffic from the client, and forwarding the intercepted traffic toward a server. In some embodiments, a second connection between the TMD and server may be employed to forward the intercepted traffic, and the second connection may be unencrypted or encrypted with a different mechanism than the encrypted connection to the authentication server. The encrypted connection to the authentication server may be maintained following authentication to enable termination of the second connection if the client becomes untrusted, and/or to enable logging of client requests, connection information, and the like. In some embodiments, the TMD may act as a proxy to provide client access to a number of servers and/or resources. | 09-22-2011 |
| 20110231653 | SECURE DISTRIBUTION OF SESSION CREDENTIALS FROM CLIENT-SIDE TO SERVER-SIDE TRAFFIC MANAGEMENT DEVICES - A traffic management device (TMD), system, and processor-readable storage medium are directed to securely transferring session credentials from a client-side traffic management device (TMD) to a second server-side TMD that replaces a first server-side TMD. In one embodiment, a client-side TMD and the first server-side TMD have copies of secret data associated with an encrypted session between a client device and a server device, including a session key. For any of a variety of reasons, the first server-side TMD is replaced with the second server-side TMD, which may not have the secret data. In response to a request to create an encrypted connection associated with the encrypted session, the client-side TMD encrypts the secret data using the server device's public key and transmits the encrypted secret data to the second server-side TMD. If the second server-side TMD has a copy of the server device's private key, and is therefore considered to be an authentic and trusted TMD, the second sever-side TMD decrypts the secret data and participates in the encrypted connection. | 09-22-2011 |
| 20110231654 | METHOD, SYSTEM AND APPARATUS PROVIDING SECURE INFRASTRUCTURE - Methods and apparatus for automatically providing secure network infrastructure over non-secure network infrastructure such as by automatically generating IPSec tunnels through non-secure networks, terminating the IPSec tunnels at a boundary device and creating appropriate services to bridge traffic between the IPSec tunnels and a secure network. Various embodiments provide rapid provisioning of secure network infrastructure, a Secure Gateway (SEG) embodiment adapted to particular customer requirements and various business methodologies. | 09-22-2011 |
| 20110231655 | PROXY SSL HANDOFF VIA MID-STREAM RENEGOTIATION - A traffic management device (TMD), system, and processor-readable storage medium directed towards re-establishing an encrypted connection of an encrypted session, the encrypted connection having initially been established between a client device and a first server device, causing the encrypted connection to terminate at a second server device. As described, a traffic management device (TMD) is interposed between the client device and the first server device. In some embodiments, the TMD may request that the client device renegotiate the encrypted connection. The TMD may redirect the response to the renegotiation request towards a second server device, such that the renegotiated encrypted connection is established between the client device and the second server device. In this way, a single existing end-to-end encrypted connection can be used to serve content from more than one server device. | 09-22-2011 |
| 20110238979 | Device for Preventing, Detecting and Responding to Security Threats - A device to prevent, detect and respond to one or more security threats between one or more controlled hosts and one or more services accessible from the controlled host. The device determines the authenticity of a user of a controlled host and activates user specific configurations under which the device monitors and controls all communications between the user, the controlled host and the services. As such, the device ensures the flow of only legitimate and authorized communications. Suspicious communications, such as those with malicious intent, malformed packets, among others, are stopped, reported for analysis and action. Additionally, upon detecting suspicious communication, the device modifies the activated user specific configurations under which the device monitors and controls the communications between the user, the controlled host and the services. | 09-29-2011 |
| 20110238980 | SYSTEM AND METHODS FOR REMOTE MAINTENANCE IN AN ELECTRONIC NETWORK WITH MULTIPLE CLIENTS - A method for verifying electronic software code integrity may comprise providing a list of encryption keys to a client, encrypting a software code packet using one of the plurality of encryption keys, delivering the encrypted software code packet to the client, and informing the client to choose an encryption key for decryption based on the specific time factor. Each encryption key on the list may correlate to a respective time factor. The one of the plurality of encryption keys may be chosen from the list based at least in part on a specific time factor. | 09-29-2011 |
| 20110252228 | METHOD AND APPARATUS FOR ENSURING PACKET TRANSMISSION SECURITY - An apparatus and method for ensuring distributed packet transmission security are provided. In an embodiment of the present invention, a main control board allocates SA information to multiple processing boards according to a pre-defined criterion, so that each processing board which receives and stores the SA information may implement IPSec processing. As such, the IPSec processing is shared by the multiple processing boards. Accordingly, when there are a large number of IPSec tunnels on one interface, the IPSec processing to the packets passing the IPSec tunnels will not completely rely on only the processing board where the interface is located. Instead, the IPSec processing is allocated to different processing boards. Therefore, the multiple processing boards effectively share the IPSec processing corresponding to multiple SAs. The efficiency of the IPSec processing is increased. | 10-13-2011 |
| 20110258433 | GATEWAY SUPPORTING TRANSPARENT REDUNDANCY IN PROCESS CONTROL SYSTEMS AND OTHER SYSTEMS AND RELATED METHOD - A method includes synchronizing a first gateway with information from a second gateway. The second gateway operates in a primary role with at least one primary network address. The second gateway communicates with at least one wireless device that uses at least one encryption key during at least one secure communication session. The information includes the at least one encryption key. The method also includes detecting a switchover event at the first gateway. The method further includes, in response to detecting the switchover event, switching the first gateway to the primary role, communicating using the at least one primary network address, and maintaining the at least one secure communication session at the first gateway after the first gateway switches to the primary role. | 10-20-2011 |
| 20110258434 | ONLINE SECURE DEVICE PROVISIONING WITH UPDATED OFFLINE IDENTITY DATA GENERATION AND OFFLINE DEVICE BINDING - A system for generating new identity data for network-enabled devices includes a whitelist reader configured to extract attributes from a whitelist. The whitelist includes, for each device specified in the whitelist, a previously assigned identifier of the first type. The previously assigned identifiers of the first type are linked to identity data previously provisioned in each of the respective devices. A data retrieval module is configured to receive the identifiers of the first type from the whitelist reader and, based on each of the identifiers, retrieve each of the previously provisioned identity data records linked thereto. A new data generation module is configured to (i) obtain a cryptographic key associated with the identity data previously provisioned in the devices specified on the whitelist and the corresponding identifiers of the first type, (ii) generate new identity data records each linked to a new identifier and (iii) encrypt each of the new identity data records with one of the cryptographic keys and link each new identity data record to the identifier of the first type corresponding to each respective cryptographic key. A data output module is configured to load onto an external source the encrypted new identity data records along with their respective new identifiers and their respective previously assigned identifiers of the first type. | 10-20-2011 |
| 20110264906 | METHOD AND NODES FOR PROVIDING SECURE ACCESS TO CLOUD COMPUTING FOR MOBILE USERS - A mobile node, a gateway node and methods are provided for securely storing a content into a remote node. The mobile node, or a gateway node of a network providing access to the mobile node, applies a content key to the content prior to sending the content for storage in the remote node. The content key is generated at the mobile node, based on a random value obtained from an authentication server, or directly at the authentication server if applied by the gateway node. The content key is not preserved in the mobile node or in the gateway node, for security purposes. When the mobile node or the gateway node fetches again the content from the remote node, the same content key is generated again for decrypting the content. The remote node does not have access to the content key and can therefore no read or modify the content. | 10-27-2011 |
| 20110264907 | SECURING INFORMATION WITHIN A CLOUD COMPUTING ENVIRONMENT - Embodiments of the invention provide a solution for securing information within a Cloud computing environment. Specifically, an encryption service/gateway is provided to handle encryption/decryption of information for all users in the Cloud computing environment. Typically, the encryption service is implemented between Cloud portals and a storage Cloud. Through the use of a browser/portal plug-in (or the like), the configuration and processing of the security process is managed for the Cloud computing environment user by pointing all traffic for which security is desired to this encryption service so that it can perform encryption (or decryption in the case of document retrieval) as needed (e.g., on the fly) between the user and the Cloud. | 10-27-2011 |
| 20110264908 | Method and device for preventing network attacks - A method for preventing network attacks is provided, which includes: obtaining a data packet, where a source address of the data packet is a cryptographically generated address (CGA); determining that the obtained data packet includes a CGA parameter and signature information; authenticating the CGA parameter; authenticating the signature information according to the authenticated CGA parameter; and sending the data packet to a destination address when the signature information is authenticated. Accordingly, a device for preventing network attacks is also provided. A CGA parameter used by a data packet is directly used to ensure authenticity of a source address of the data packet, thus preventing network attacks performed by counterfeiting the address. In addition, by authenticating signature information, authenticity of identification of a sender of the data packet and bound address of the sender of the data packet are further ensured. Therefore, illegal data packets are filtered to prevent network attacks on servers, thus improving network security. | 10-27-2011 |
| 20110264909 | METHOD AND SYSTEM FOR IP MULTIMEDIA BEARER PATH OPTIMIZATION THROUGH A SUCCESSION OF BORDER GATEWAYS - A method for identifying alternative end-to-end media paths through Internet protocol realms using substitute session description protocol parameters is disclosed. The method includes receiving a session description protocol offer, including a list of internet protocol realms. The list may include any number of previously traversed through internet protocol realms and/or secondary internet protocol realms. The method continues with determining the outgoing internet protocol realm for a media path based on unspecified signaling criteria. Finally, the method includes that if the outgoing internet protocol realm to be traversed through is on the list of previously traversed through and/or secondary internet protocol realms, bypassing at least one border gateway associated with the incoming and previously traversed through internet protocol realms. The system implementing a method for identifying optimal end-to-end media paths and internet protocol multimedia subsystems includes a list of internet protocol realm instances and an application level gateway configured to receive a session description protocol offer having connection information and port information, and a procedure to determine that if the outgoing internet protocol realm that the media path may traverse through is on the list of instances, the media path connection information and port information is substituted to facilitate border gateway bypassing. | 10-27-2011 |
| 20110271096 | Loosely-Coupled Encryption Functionality for Operating Systems - Described are computer-based methods and apparatuses, including computer program products, for loosely-coupled encryption functionality for operating systems. A data packet is processed through one or more internet protocol stack layers to generate a processed data packet. Encryption information is determined that includes parameters for encrypting and decrypting data packets transmitted between the first computing device and the remote computer. A message comprising data indicative of the encryption information is transmitted to a second computing device, wherein an operating system being executed is unaware of a security nature of the transmission. A bypass encryption routine is executed to generate a unencrypted data packet, wherein the bypass encryption routine does not encrypt the processed data packet. The unencrypted data packet is transmitted to the second computing device. The unencrypted data packet is encrypted based on the message transmitted from the first computing device to generate an encrypted data packet. | 11-03-2011 |
| 20110271097 | Loosely-Coupled Encryption Functionality for Operating Systems - Described are computer-based methods and apparatuses, including computer program products, for loosely-coupled encryption functionality for operating systems. A data packet is processed through one or more internet protocol stack layers to generate a processed data packet. Modified encryption information is determined that does not comprise a desired security policy for the data packet and comprises null parameter(s) and is based on encryption information that comprises the desired security policy. A message comprising data indicative of the encryption information is transmitted. An operating system is unaware of a security nature of the transmission. A null-encryption routine is executed to generate an unencrypted data packet, wherein the null-encryption routine does not encrypt the processed data packet. The unencrypted data packet is transmitted to the second computing device. The unencrypted data packet is encrypted based on the message transmitted from the first computing device to generate an encrypted data packet. | 11-03-2011 |
| 20110271098 | SYSTEM AND METHOD FOR SECURING DATA THROUGH A PDA PORTAL - Consumers may utilize computing devices to assist in the purchase and/or loyalty process, and in particular, the consumer may utilize a PDA to facilitate the purchase and/or loyalty process. During the purchase and/or loyalty process, the consumer may need to insure that any content downloaded or used in association with the PDA is secure in how it is collected, assembled, and delivered to the PDA device. This system and method secures the data from its source to when it is actually viewed or used by the authorized user. The exemplary system and method may establish a PDA portal link to the web site for collecting specified information for a user and transmitting the information to the remote device. To receive the information, the PDA contacts the portal and establishes a connection, authenticates itself to the network and allows the user to complete secured transactions or transmissions over the network. | 11-03-2011 |
| 20110283102 | METHOD AND SYSTEM FOR SUPPORTING WATERMARK EMBEDDING IN MULTIMEDIA SYSTEM-ON-CHIPS - A secure server may be utilized to support watermark embedding in multimedia system-on-chips, by generating an encrypted and signed watermarking signal for use in each particular system-on-chip. The encrypted and signed watermarking signal is generated based on a unique per-chip ID associated with the particular system-on-chip. The watermarking signal may be signed by the secure server utilizing a random number generated in and/or provided by the particular system-on-chip. The watermarking signal may be encrypted by the secure server based on a secret encryption key associated with the particular system-on-chip. The secret encryption key may be determined based on the unique per-chip ID associated with the particular system-on-chip. The secure server may store information, received from various system-on-chips, for use during generation of watermarking signals. The information received from each system-on-chip may comprise corresponding unique per-chip ID and/or a random number associated with each particular system-on-chip. | 11-17-2011 |
| 20110289312 | TCP COMMUNICATION SCHEME - A TCP communication scheme which ensures safe communication up to the communication path near a terminal and eliminates direct attacks from hackers, etc. A terminal (A) and terminal (B) are connected to a relay apparatus (X) and relay apparatus (Y), where the terminal (A) and the terminal (B) are the endpoint terminals positioned at the two ends of a TCP communication connection. The relay apparatuses (X, Y) are each connected to a network (NET). The relay apparatuses (X and Y) are provided so as to be between the terminals (A and B) which had been performing conventional TCP communication, and neither of the relay apparatuses (X and Y) have IP addresses. The relay apparatuses (X and Y) take over the TCP connection between the terminal (A) and the terminal (B), divide the connection into three TCP connections, and establish TCP communication. | 11-24-2011 |
| 20110296169 | FACILITATING SECURE COMMUNICATION BETWEEN UTILITY DEVICES - Communication is facilitated between a plurality of servers ( | 12-01-2011 |
| 20110302408 | Secure Communication Systems, Methods, and Devices - In par, the invention relates to a secure communication system. The system includes a voice call processing server; a user database in communication with the server; and a security gateway in communication with the server and the database, wherein the gateway transmits an encrypted signaling key and at least one encrypted media key in response to validating a mobile device using configuration data stored in the database, wherein the server tracks call traffic encrypted using the at least one media key, the call traffic routed using the Internet. | 12-08-2011 |
| 20110302409 | METHOD AND SYSTEM FOR VERIFICATION OF AN ENDPOINT SECURITY SCAN - A method of granting access to resources includes the step of receiving a request from a node to access a resource. A scanning agent is generated to gather information about the node. A key is generated and embedded in the scanning agent. The scanning agent is transmitted to the node and gathers information regarding the node. The scanning agent encrypts the gathered information using the at least one generated key. The encrypted gathered information is received from the scanning agent and decrypted. | 12-08-2011 |
| 20110307693 | Agile Network Protocol For Secure Communications With Assured System Availability - A plurality of computer nodes communicates using seemingly random IP source and destination addresses and (optionally) a seemingly random discriminator field. Data packets matching criteria defined by a moving window of valid addresses are accepted for further processing, while those that do not meet the criteria are rejected. In addition to “hopping” of IP addresses and discriminator fields, hardware addresses such as Media Access Control addresses can be hopped. The hopped addresses are generated by random number generators having non-repeating sequence lengths that are easily determined a-priori, which can quickly jump ahead in sequence by an arbitrary number of random steps and which have the property that future random numbers are difficult to guess without knowing the random number generator's parameters. Synchronization techniques can be used to re-establish synchronization between sending and receiving nodes. | 12-15-2011 |
| 20110314272 | SECURE TRANSFER OF BUSINESS DATA TO A HOSTED SYSTEM - A system and method for uploading data from a customer system to a hosted system is disclosed. A stub is integrated with a firewall between the customer system and the hosted system. The stub includes an inbound layer on the customer system side of the firewall and an outbound layer on the hosted system side of the firewall, and the inbound layer includes a write-only directory. A demon is connected between the inbound layer and the outbound layer of the stub. The demon is configured to recognize newly received data in the write-only directory of the inbound layer, encrypt the newly received data to generate encrypted data, and move the encrypted data to the outbound layer for access by the hosted system. | 12-22-2011 |
| 20110314273 | DATA GRADING TRANSMISSION METHOD - A data grading transmission method includes steps of enabling a transmitting terminal to grade data according to a preset data security rule and to mark the data with labels; designating transmission routes of the data according to levels of the graded data; and enabling the data to be transmitted from the transmitting terminal to the receiving terminal through the designated transmission routes, and cascading the data having the same label according to the labels of the data. Thereby, grading data according to privacy and designating transmission routes of data reduce network establishment cost and effectively regulate data transmission rate through the data grading transmission method. | 12-22-2011 |
| 20110320807 | SYSTEM AND METHOD FOR PROCESSING ENCODED MESSAGES - Systems and methods for processing encoded messages at a message receiver. A received encoded message is decoded and stored in a memory. The stored decoded message can subsequently be displayed or otherwise processed without repeating the decoding operations. Decoding operations may include signature verification, decryption, other types of decoding, or some combination thereof. | 12-29-2011 |
| 20120005476 | MULTI-SERVICE VPN NETWORK CLIENT FOR MOBILE DEVICE HAVING INTEGRATED ACCELERATION - An integrated, multi-service virtual private network (VPN) network client for cellular mobile devices is described. The multi-service network client can be deployed as a single software package on cellular mobile network devices to provide integrated services including secure enterprise VPN connectivity, acceleration, security management including monitored and enforced endpoint compliance, and collaboration services. The multi-service client integrates with an operating system of the device to provide a VPN handler to establish a VPN connection with a remote VPN security device. The VPN network client includes to data acceleration module exchange network packets with the VPN handler and apply at least one acceleration service to the network packets, and a VPN control application that provides a unified user interface that allows a user to configure both the VPN handler and the data acceleration module. | 01-05-2012 |
| 20120005477 | MULTI-SERVICE VPN NETWORK CLIENT FOR MOBILE DEVICE HAVING DYNAMIC FAILOVER - An integrated, multi-service network client for cellular mobile devices is described. The multi-service network client can be deployed as a single software package on cellular mobile network devices to provide integrated services including secure enterprise virtual private network (VPN) connectivity, acceleration, security management including monitored and enforced endpoint compliance, and collaboration services. Once installed on the cellular mobile device, the multi-service client establishes the VPN connection to concurrently include both a layer three (L3) tunnel that uses a first type of transport layer protocol of the operating system and a layer four (L4) tunnel that uses a second type of transport layer protocol of the operating system. The VPN handler determines whether network ports associated with the L3 tunnel are unblocked by an operating system and, when the network ports are unblocked, automatically transitions from the L4 tunnel to the L3 tunnel without terminating the VPN connection. | 01-05-2012 |
| 20120011358 | REMOTE ADMINISTRATION AND DELEGATION RIGHTS IN A CLOUD-BASED COMPUTING DEVICE - Methods and apparatus for providing remote administration and delegation rights for a computing system are disclosed. An example method for facilitating remote administration of a first computing device includes receiving, by a second computing device, an administrator name and a username for a user account for a cloud-based computing service, where the user account is assigned to a user of the first computing device. The example method further includes transmitting, from the second computing device to a server, the username for the user account and the administrator name and receiving, by the second computing device, a control panel transmitted from the server, where the control panel accepting inputs to change user preferences for the user account and system settings for the first computing device. The example method also includes receiving, by the second computing device, an input from the control panel to change at least a user preference for the user account and transmitting, from the second computing device to the server, the changed user preference. | 01-12-2012 |
| 20120017078 | PERIMETER ENCRYPTION METHOD AND SYSTEM - A method and system for consistent format preserving encryption (C-FPE) are provided to protect sensitive data while the sensitive data is in a domain while allowing encrypted sensitive data to be treated inside the domain as if it were the unencrypted sensitive data. The method includes inserting a transparent coupling into a data flow at a perimeter of the domain, and translating a sensitive data element from an unprotected data element to a protected data element using the transparent coupling such that the sensitive data element is a protected data element within the domain. | 01-19-2012 |
| 20120017079 | Secure Acknowledgment Device For One-Way Data Transfer System - An apparatus for relaying a hashed message from a first node to a second node, comprising an inlet interface for receiving a message from the first node, a hash number calculator for hashing the message from the inlet interface, an outlet interface for sending the hashed message to the second node, a first one-way data link for unidirectional transfer from the inlet interface to the hash number calculator, and a second one-way data link for unidirectional transfer from the hash number calculator to the outlet interface, is provided. While the apparatus is capable of bidirectional communications with either or both of the first and second nodes through the respective interfaces, the unidirectionality of data flow through the apparatus is strictly enforced by the hardware of the apparatus. The apparatus provides a secure mechanism and communication channel for relaying hashed acknowledgment messages from a receive node to a send node to inform the status of data transfer from the send node to the receive node across a one-way data link. The apparatus may be further implemented with the capability of comparing hashed messages from the two nodes. | 01-19-2012 |
| 20120030459 | Secure Network Extension Device and Method - A network extension device comprising a CPU, memory, protected I/O connectable to local controls and peripherals, external communications port, a trusted device connected to the CPU such that it can provide attestation of the network extension device's trusted operation to a connected known external network, and a protected interface connected to at least one network extension module that includes a local network communications port. Optionally, a traffic encryption module may be provided, and the trusted device's attestation may include a check of its operation. Also, a method comprising connecting the network extension device to an external network, performing an operating mode check, causing the network extension device to operate in a mode and perform a security check that correspond to the result, causing the trusted device to attest trusted operation to the external network and thereafter causing the CPU to function fully and permitting access to the external network. | 02-02-2012 |
| 20120036352 | Anonymization of Personal Data - A method for anonymization of personal data is provided for protecting the privacy of a user while sharing user information with a third party. The method includes receiving from a user a domain name address associated with an intended website and an Internet Protocol (IP) address associated with the user and determining that the domain name address is an invalid domain name. The method may further include encrypting the IP address associated with the user by translating the IP address into a unique identifier, with the encryption being a one-way hashing process, and then sending the unique identifier and the invalid domain name address to the third party. The method may further include receiving, from the third party, the unique identifier and a third party content, with the third party content being based on the invalid domain name; decrypting the unique identifier by translating the unique identifier back into the IP address, associating the third party content with the IP address, and based on the IP address, providing the third party content to the user. | 02-09-2012 |
| 20120047362 | PORTABLE ELECTRONIC FULL SCREEN SYSTEM EQUIPPED WITH COMPUTER PROCESSING FUNCTION - A portable electronic full screen system equipped with comprehensive computer processing function includes a portable electronic full screen module and a remote host. The portable electronic full screen module is linked to the remote host through a public network to get comprehensive processing power to perform application processing. Processed data is presented in a multimedia fashion on the portable electronic full screen module. Compared with conventional mobile devices such as E-book, iPAD, SmartBook, Netbook and the like, the portable electronic full screen module has a powerful computer processing capability and has a screen of the same size of the conventional mobile devices without changing too much of hardware structure, and maintains features of the mobile devices of thin and light, energy-saving, lower cost and longer power life. | 02-23-2012 |
| 20120066490 | CRYPTOGRAPHIC DEVICE MANAGEMENT METHOD, CRYPTOGRAPHIC DEVICE MANAGEMENT SERVER, AND PROGRAM - A cryptographic device management server receives a first cryptographic calculation request from an arbitrary terminal device via a network, transmits a second cryptographic calculation request generated on the basis of the first cryptographic calculation request, management information of the terminal device and management information of the cryptographic device to a cryptographic device selected on the basis of the management information of the terminal devices and management information of the cryptographic devices stored in the cryptographic device management server, via a connection interface, receives a second cryptographic calculation result from the cryptographic device, and transmits a first cryptographic calculation result generated on the basis of the second cryptographic calculation result, the management information of the terminal device and the management information of the cryptographic device to the terminal device of the source of the first cryptographic calculation request via the network. | 03-15-2012 |
| 20120066491 | HITLESS MANUAL CRYPTOGRAPHIC KEY REFRESH IN SECURE PACKET NETWORKS - In a hitless manual cryptographic key refresh scheme, a state machine is independently maintained at each network node. The state machine includes a first state, a second state, and a third state. In the first state, which is the steady state, a current cryptographic key is used both for generating signatures for outgoing packets and for authenticating signatures of incoming packets. In the second state, which is entered when a new cryptographic key is provisioned, the old (i.e. formerly current) key is still used for generating signatures for outgoing packets, however one or, if necessary, both of the old key and the newly provisioned key is used for authenticating signatures of incoming packets. In the third state, the new key is used for generating signatures for outgoing packets and either one or both of the old key and new key are used for authenticating signatures of incoming packets. | 03-15-2012 |
| 20120072713 | General Purpose Distributed Encrypted File System - A general purpose distributed encrypted file system generates a block key on a client machine. The client machine encrypts a file using the block key. Then, the client encrypts the block key on the first client machine with a public key of a keystore associated with a user and associates the encrypted block key with the encrypted data block as crypto metadata. The client machine caches the encrypted data block and the crypto metadata and sends the encrypted data block and the crypto metadata to a network file system server. When the client machine receives a return code from the network file system server indicating successful writes of the encrypted data block and the crypto metadata, the client machine clears the cached encrypted data block and the crypto metadata. | 03-22-2012 |
| 20120089829 | Accelerating stream cipher operations using single and grid systems - Systems and methods for accelerating stream cipher encryption operations are described. In one aspect, a computer-implemented method receives data. The method separates the data into multiple file chunks for compression. A respective compression-encryption instructions header is provided for each compressed file chunk. Each compressed file chunk then is encrypted according to corresponding encryption instructions in the file-chunk's compression-encryption instructions. In one implementation, the compressed file chunks are encrypted by respective worker nodes in a peer-to-peer computing environment. The compressed and encrypted file chunks are merged into a single encrypted-compressed-merged file. | 04-12-2012 |
| 20120096258 | SERVICE SYSTEM - A service server can: associate identification tags which identify users, with other-user identification tags, and store said identification tags; and associate the identification tags with identification data uniquely identifying users in service servers, and an encryption key for identification data and store said identification tags. A control server device stores a table for storing encryption data, encrypted identifiers of service servers used by users. The gateway server device receives an other-user identification tag associated with an identification tag and stored in a service server. If the other-user identification tag is associated and stored, the encryption key, the encryption data, which is associated with identification data related to the other-user identification tag and stored in the control server device, is decoded, the service server that can be used by users of the other-user identification tags is obtained; and is determined whether the first identification tag should be associated with the other-user identification tag. | 04-19-2012 |
| 20120110323 | METHODS FOR PROCESSING PRIVATE METADATA - According to one aspect of the invention, a file received from a first user is stored in a storage device, where the file includes private metadata encrypted by a secret key associated with a second user. A private metadata identifier is stored in a predetermined storage location, indicating that private metadata of the file has not been decrypted and indexed. In response to an inquiry subsequently received from the second user, the predetermined storage location is scanned to identify the private metadata identifier based on the inquiry. The encrypted metadata identified by the private metadata identifier is transmitted to the second user for decryption. In response to the metadata that has been decrypted by the second user, the decrypted metadata is indexed for the purpose of subsequent searches of at least one of the metadata and the file. | 05-03-2012 |
| 20120117376 | METHOD AND APPARATUS FOR ANONYMOUS IP DATAGRAM EXCHANGE USING DYNAMIC NEWTORK ADDRESS TRANSLATION - Methods, apparatus, system and computer program are provided for concealing the identity of a network device transmitting a datagram having a network layer header. A unique local identifier and broadcast address are determined in accordance with a next-hop address. A partially encrypted network layer header is determined by encrypting a plurality of identifying portions of the network layer header, where one portion of the network layer header is the unique local identifier. The datagram is encapsulated with another network layer header whose address is set to the broadcast address. The encapsulated datagram can be received and detunneled, and an address of a recipient can be extracted from the network layer header. The datagram is then admitted into a network domain. | 05-10-2012 |
| 20120117377 | Mobile security protocol negotiation - A security gateway/home agent controller HAC is used to assign one home agent HA from a plurality of HAs and to identify at least one security protocol that is common between a mobile node MN and the assigned HA. Establishment of a security association between the MN and the assigned HA is enabled according to the identified security protocol and utilizing bootstrapping parameters provided over a secure connection between the security gateway/HAC and the MN. The bootstrapping parameters include at least a home address for the MN, an address of the assigned HA and security credentials and security parameters for the identified at least one security protocol. In an exemplary embodiment the home address for the MN may be an IPv6 home address and the MN may have certain capabilities with respect to security protocols and ciphering suites which the MN sends to the security gateway. | 05-10-2012 |
| 20120117378 | Multi-Network Cryptographic Device - A Personal Computer Memory Card International Association (PCMCIA) card is disclosed. The PCMCIA card may include a cryptographic module, a communications interface, and a processor. The cryptographic module may perform Type 1 encryption of data received from a computer into which the card is inserted. The cryptographic module may support High Assurance Internet Protocol Encryption (HAIPE). The communications interface may provide connectivity to a network adapter. The communications interface may include a Universal Serial Bus (USB) interface. The processor may detect whether a network adapter is coupled to the communications interface, identify a device driver that corresponds to the network adapter, and employ the device driver to provide operative communication between the cryptographic module and the network adapter. The PCMCIA card may contain a datastore that maintains a plurality device drivers. For example, the plurality of device drivers support any one of IEEE 802.x, Ethernet, V.90, or RS-232 network protocols. | 05-10-2012 |
| 20120124367 | System and Method for Securely Communicating Across Multiple Networks Using a Single Radio - A communications module for facilitating secure communications on a first network and a second network includes: a single transceiver for receiving and transmitting first network messages from and to the first network and at least transmitting second network messages to the second network; at least a first processor connected to the single transceiver for processing one or more first network messages and second network messages; the at least a first processor including first network logic for processing first network messages and second network logic for processing second network messages; and the second network logic including instructions for securing second network messages such that decryption of the second network messages is limited to a particular receiving device on the second network. The second network messages may include commodity pricing and use information. | 05-17-2012 |
| 20120124368 | Digital Rights Convergence Place Chaser - The present invention is an apparatus and method for the money transactions required in the selling of merchandise or media content on the Internet or other public or private network. It can then track and maintain digital rights to merchandise or media. Methods of access to digitally protected content are disclosed. License metadata and credentials from multiple types of digital rights management systems may be used to grant access through a home based or other end-user custodial digital rights “place-chaser” to content protected by different types of serial copy management systems. Content security using a non-audible or invisible code signal sequence(s) can provide traceability as well as absolute anonymity for the purchaser. This apparatus can be used to conduct transactions off the web so that business can be done on the web. | 05-17-2012 |
| 20120131330 | System and Method for Processing Secure Transmissions - Secured transmissions between a client and a server are detected, a policy formulated whether encrypted material needs to be decrypted, and if content is to be decrypted it is, using decrypting information obtained from the client and server. Resulting plain test is then deployed to an entity such as a processor, store or interface. The plain text can be checked or modified. The transmission between client and server could be blocked, delivered without being decrypted, decrypted and then re-encrypted with or without modification. Each transmission is given an ID and a policy tag. | 05-24-2012 |
| 20120137125 | METHODS AND APPARATUS FOR TRANSMITTING AND RECEIVING SECURE AND NON-SECURE DATA - Devices, methods, and systems capable of an enabling transmission and receipt of secure and non-secure data are discussed in this document. According to some embodiments, a network apparatus can transmit ciphered and unciphered data. The network apparatus transmits a first signal indicating a cipher to be used and transmits a second signal indicating that non-secure data is to be transmitted and received unciphered. The network apparatus can cipher secure data and transmits ciphered-secure data and unciphered-non-secure data. A wireless terminal can receive the first and second signals, the ciphered secure data, and the unciphered non-secure data. The wireless terminal can deciphers the received secure data and does not decipher the received non-secure data. System embodiments can include both network-side and network terminal components. Embodiments of the present invention enable secure transmission of data in concert with efficient processing. Other aspects, embodiments, and features are also claimed and described. | 05-31-2012 |
| 20120144188 | METHOD FOR CONNECTING A FIRST COMPUTER NETWORK TO AT LEAST A SECOND EXTENDED COMPUTER NETWORK - Method for connecting a first computer network and at least a second extended computer network wherein the at least second extended computer network is not connected to the Internet and does not have a routing path to the first computer network, the method comprising: installing a concentration router within an intermediate network and associating the concentration router to a public IP address; interconnecting the intermediate network to the at least second extended computer network through a CPE router, and interconnecting the intermediate network to the first computer network via the Internet passing through the concentration router; implementing an IP tunnel between the at least second extended computer network and the first computer network across the direct intermediate network and the Internet, wherein the IP tunnel is implemented as a first external and encrypted IP tunnel, across the Internet, and a second internal non-encrypted IP tunnel across the intermediate network. | 06-07-2012 |
| 20120159151 | Evolved Packet System Non Access Stratum Deciphering Using Real-Time LTE Monitoring - A monitoring system is coupled to interfaces in an LTE network and passively captures packets from the network interfaces. First data packets associated with an authentication and key agreement procedure are captured on a first interface. Second data packets associated with the authentication and key agreement procedure are captured on a second interface. Individual ones of the first data packets are correlated to individual ones of the second data packets based upon a same parameter. An authentication vector table is created comprising information from the correlated first data packets and second data packets, wherein entries in the table comprise authentication data for a plurality of security contexts. A cipher key is identified to decipher additional packets for the user. The cipher key can also be identified in case of Inter Radio Access Technology Handover by the user equipment. | 06-21-2012 |
| 20120173869 | SERVICE LOCATION BASED AUTHENTICATION - A computer is configured to receive a request to access an application, the request having a header. The header includes a source address and an encrypted address generated based on the source address. The computer is further configured to generate a decrypted address from the encrypted address. The computer is further configured to determine whether the source address and the decrypted address match, transmit the source address to a data store, and determine whether a customer profile corresponding to the source address is found within the data store. | 07-05-2012 |
| 20120173870 | Systems and Methods for Multi-Level Tagging of Encrypted Items for Additional Security and Efficient Encrypted Item Determination - The present disclosure is directed towards systems and methods for performing multi-level tagging of encrypted items for additional security and efficient encrypted item determination. A device intercepts a message from a server to a client, parses the message and identifies a cookie. The device processes and encrypts the cookie. The device adds a flag to the cookie indicating the device encrypted the cookie. The device re-inserts the modified cookie into the message and transmits the message. The device intercepts a message from a client and determines whether the cookie in the message was encrypted by the device. If the message was not encrypted by the device, the device transmits the message to its destination. If the message was encrypted by the device, the device removes the flag, decrypts the cookie, removes the tag from the cookie, re-inserts the cookie into the message and transmits the message to its final destination. | 07-05-2012 |
| 20120173871 | SYSTEM FOR SECURING VIRTUAL MACHINE DISKS ON A REMOTE SHARED STORAGE SUBSYSTEM - Embodiments of the present invention provide a method, data processing system and computer program product for secure distribution of virtualized storage. In an embodiment of the invention, a method for secure distribution of virtualized storage in a host in a cloud computing can include composing at least one virtual machine (VM) disk in a secure container and configured to deploy VM images into a cloud computing environment, encrypting the composed at least one VM disk, transmitting the encrypted VM disk to a hypervisor in the cloud computing environment receiving a request to activate a VM instance and generating a bootloader in the secure container, transmitting the bootloader to the hypervisor in the cloud computing environment and providing a key to the bootloader to unlock the at least one VM disk. | 07-05-2012 |
| 20120179902 | NETWORK KEY UPDATE SYSTEM, A SERVER, A NETWORK KEY UPDATE METHOD AND A RECORDING MEDIUM - In order to reduce the frequency with which communication occurs when updating a network key is reduced and minimize the deterioration in performance due to updating without relying on a key tree, a server is provided with an address key allocation unit which generates identifiers for identifying clients by the combination of addresses on a plurality of address spaces and allocates address keys to respective addresses included in the generated identifier, and a network key ciphering unit which generates a network key update key which cannot be generated from the address keys allocated to a client to be disconnected, ciphers a new network key using the network key update key, and delivers the new network key to the clients. | 07-12-2012 |
| 20120191970 | Sending Protected Data in a Communication Network - A method of sending protected data from a sender unit to a receiver unit via an intermediate unit. The intermediate unit stores information associated with a certificate belonging to the receiver unit, and information associated with a certificate belonging to the intermediate unit, which has previously been signed by the receiver unit. The intermediate unit receives a request from the sender unit to send protected data to the receiver unit, and so it sends a response to the sender unit. The response includes the information associated with the certificate belonging to the receiver unit, which allows the sender unit to verify that the intermediate unit is authorised to receive data on behalf of the receiver unit. The intermediate unit then receives data from the sender unit that is protected using the information associated with the certificate belonging to the receiver unit for subsequent forwarding to the receiver unit. Having the receiver unit sign the intermediate unit's certificate allows the exchange of credentials to allow a sender unit to send protected data to a receiver unit via an intermediate unit. | 07-26-2012 |
| 20120216034 | METHOD AND SYSTEM FOR SECURING COMMUNICATION ON A HOME GATEWAY IN AN IP CONTENT STREAMING SYSTEM - A home gateway, which enables communication with a plurality of devices, recovers a root-content key from a key server of a service provider for secure delivery of content requested by a client device. The recovered root-content key is utilized to generate a content key for corresponding content scrambling. The home gateway communicates the scrambled content to the client device. The home gateway utilizes the RSA protocol to request the root-content key from the key server. The root-content key is recovered from the received key index. The content key is encrypted utilizing a public key and delivered to the client device. The key server distributes the public key to the gateway through authentication messages. The client device utilizes its own private key to recover the content key by decrypting the encrypted content key. The scrambled content from the home gateway is descrambled using the recovered content key for content consumption. | 08-23-2012 |
| 20120221846 | CRYPTOGRAPHIC SANCTION SERVER AND METHODS FOR USE THEREWITH - A sanction server includes a network interface that receives a request for media content from a client device and transmits first sanction data to a caching server and second sanction data to the client device. A sanction processing module generates the first sanction data based on a random number and generates the second sanction data based on the random number. The caching server generates first cryptographic data based on the first sanction data and sends the first cryptographic data to the client device. The client device generates second cryptographic data based on the first sanction data and sends the second cryptographic data to the caching server. The caching server generates a scrambling control word based on the first sanction data and the second cryptographic data. The client device generates the scrambling control word based on the second sanction data and the first cryptographic data. | 08-30-2012 |
| 20120221847 | SANCTIONED CLIENT DEVICE AND METHODS FOR USE THEREWITH - A client device includes a network interface that transmits a request for the media content to the sanction server, receives second sanction data from the sanction server, transmits second cryptographic data to the caching server, receives first cryptographic data from the caching server and that receives scrambled media content from the caching server. A random number generator generates a random number. A client processing module, in response to the second sanction data, generates the second cryptographic data based on the random number and the second sanction data, generates a scrambling control word based on the second sanction data and the first cryptographic data and descrambles the scrambled media content based on the scrambling control word. | 08-30-2012 |
| 20120221848 | SANCTIONING CONTENT SOURCE AND METHODS FOR USE THEREWITH - A content source includes a random number generator that generates scrambling control word based on at least one random number. A source processing module generates proxy data that includes cryptographic parameters that are based on the scrambling control word, generates cryptographic data and generates scrambled media content based on the scrambling control word. A network interface sends the proxy data to a sanction server, and sends the cryptographic data and the scrambled content to a caching server. | 08-30-2012 |
| 20120226902 | APPARATUS AND METHOD FOR ACCESS CONTROL OF CONTENT IN DISTRIBUTED ENVIRONMENT NETWORK - An apparatus for generating a key for access control of content in a distributed environment network is provided. The apparatus includes a first key distributor configured to generate first encrypted keys by encrypting a first key corresponding to a key for write authorization using each public key of members having write authorization among members included in an access control list including information of at least one user and distribute the access control list and information about access authorization and the first encrypted keys to the members having write authorization, and a second key distributor configured to generate second encrypted keys by encrypting a second key corresponding to a key for read authorization using the first key using each public key of members having read authorization among members included in the access control list and distribute the access control list and second encrypted keys to the members having read authorization. | 09-06-2012 |
| 20120239923 | Wireless Activation Of IP Devices - A method of activating a wireless IP device by providing access to an installer to a customer's personal router or modem/router combination and providing access to the installer to a wireless Access Point which is supplied by the installer where the Access Point has a first slot for a default SSID2 password for a first wireless IP device and a second slot for an SSID1 password for a second wireless IP device. Connecting a first wireless IP device while in its initial or default state to the first slot where the first device and the wireless Access Point have a common default SSID2 code and factory preprogrammed public key and where, as soon as the device is powered up, the IP device immediately begins communicating through the wireless access point and the customer's router or modem/router to the internet, checking into a control server. | 09-20-2012 |
| 20120239924 | SYSTEM AND METHOD FOR SEQUENTIALLY PROCESSING A BIOMETRIC SAMPLE - This invention provides for progressive processing of biometric samples to facilitate user verification. A security token performs initial processing. Due to storage and processing limitations, false rejections may occur. To overcome this, the biometric sample is routed to a stateless server with greater processing power and data enhancement capabilities. The stateless server processes and returns an enhanced biometric sample to the security token for another attempt at verification. In another embodiment, the security token may have a second failure when verifying the enhanced biometric sample. It can then send the enhanced or raw biometric sample to a stateful server. The stateful server processes the biometric sample and performs a one to many search of a biometric database having a master set of enrolled authorized user biometric templates. The security token uses signals from the stateful server to grant or deny access. In both embodiments, heuristics remain with the security token. | 09-20-2012 |
| 20120239925 | SECURE MESSAGING - A method for secure communication of a message. The method includes providing a message including a plurality of message packets, providing a nodal network including a plurality of nodes, where nodal operations are capable of execution on the message packets at the nodes, gaining, by a first node of the network, a first message packet, processing the first message packet by the first node, relinquishing the first message packet as processed by the first node, gaining, by any other node of the network, at least one other message packet, processing the other message packet by the other node, relinquishing the other message packet as processed by the other node, receiving, by a message destination node of the network, a first message packet, receiving, by the message destination node, at least a second message packet, and processing the first message packet and the second message packet to provide a reproduced message. | 09-20-2012 |
| 20120246463 | SYSTEMS AND METHODS FOR IMPLEMENTING TRANSPARENT ENCRYPTION - A method of providing transparent encryption for a web resource includes a key manager receiving an encryption key policy; receiving user identifiers and resource locators; defining an access control list based the user identifiers; generating an encryption key and a key identifier for a first resource locator; and establishing a secure communication channel between first and second watchdog modules. The method also includes the watchdog sending encryption information using the secure communication channel. The method also includes a transparent encryption module storing the encryption key and the access control list in protected memory; receiving an input comprising a request to access the first resource stored in the web resource; determining that the user identifier is included in the access control list; encrypting data using the encryption key; and decrypting data using the encryption key. | 09-27-2012 |
| 20120254608 | SSL VPN GATEWAY AND SSL VPN TUNNEL ESTABLISHING METHOD - A Secure Socket Layer Virtual Private Network (SSL VPN) gateway for establishing a SSL VPN tunnel with another SSL VPN gateway includes a storage unit, a processor and a tunnel establishing unit. The storage unit stores a plurality of packet criterions and a plurality group of parameter set values. The tunnel establishing unit includes a tag generator, an initiator, and a negotiator. The tag generator generates a plurality of tags corresponding to the packet criterion and attaches the tags to packets which meet the corresponding packet criterions. When the initiator receives the tagged packets, the initiator initiates the negotiating to negotiate with another gateway for establishing a SSL VPN tunnel according to the group of parameter set values corresponding to the tagged packets. | 10-04-2012 |
| 20120254609 | METHOD FOR TRANSFERRING ENCRYPTED MESSAGES - A method for transferring encoded messages between at least two users, particularly cryptographic protocol, includes message transaction taking place by inserting an authentication device which decodes the messages received from the users and sends especially encoded messages to the users. The method includes the following steps: a | 10-04-2012 |
| 20120272055 | METHOD AND APPARATUS FOR ESTABLISHING SECURED LINK BETWEEN DEVICES - A method and apparatus for establishing a secured link between devices. In the establishing of the secured link, a coordinator respectively receives from the first and second devices first pairing information indicating that a first device is to establish a secured link and second pairing information indicating that a second device is to establish a secured link. The coordinator further receives via a first secured link established between the first device and the coordinator shared secured information. The shared secured information is shared between the first and second devices. The coordinator establishes a second secured link with the second device based on the shared secured information; and broadcasts partner notice information indicating that the first and second devices are partner devices. The broadcast partner notice information is then used to establish a third secured link. | 10-25-2012 |
| 20120278611 | VPN-BASED METHOD AND SYSTEM FOR MOBILE COMMUNICATION TERMINAL TO ACCESS DATA SECURELY - A VPN-based method for a mobile communication terminal to access data securely comprises: when a data security device is operating in the mobile communication terminal, the data security device allows the mobile communication terminal to access an intranet but inhibits the mobile communication terminal from accessing an external network; and when the data security device is not operating in the mobile communication terminal, a VPN server inhibits the mobile communication terminal from accessing the intranet. The data security device is disposed in the mobile communication terminal. The data security device cooperates with the VPN server to inhibit the user of the mobile communication terminal from sending protected files to the external network via a network when the data security device is deactivated and to inhibit applications running on the data security device from accessing networks outside the VPN resources to release the protected files to the external network. | 11-01-2012 |
| 20120297183 | TECHNIQUES FOR NON REPUDIATION OF STORAGE IN CLOUD OR SHARED STORAGE ENVIRONMENTS - Techniques for non-repudiation of storage in cloud or shared storage environments are provided. A unique signature is generated within a cloud or shared storage environment for each file of the storage tenant that accesses the cloud or shared storage environment. Each signature is stored as part of the file system and every time a file is accessed that signature is verified. When a file is updated, the signature is updated as well to reflect the file update. | 11-22-2012 |
| 20120303949 | PACKET TRANSMISSION METHOD, APPARATUS, AND NETWORK SYSTEM - Embodiment of the present invention provides a packet transmission method. The method includes: receiving an encrypted packet sent by a client by using a virtual private network (VPN) tunnel, wherein the encrypted packet is sent by the client after the client determines, according to a preset control policy, that the control policy comprises an Internet Protocol (IP) address and a port number that are the same as a destination IP address and a destination port number of a packet to be sent and encrypts the packet to be sent, and the control policy comprises information about an IP address and a port number of an intranet server that can exchange a packet with a security socket layer protocol (SSL) VPN server; decrypting the encrypted packet; and sending the decrypted packet to a corresponding intranet server, wherein a source IP address of the decrypted packet is an external network IP address. | 11-29-2012 |
| 20120317410 | PROTECTING DATA FROM DATA LEAKAGE OR MISUSE WHILE SUPPORTING MULTIPLE CHANNELS AND PHYSICAL INTERFACES - A system and method for two devices that communicate via a network, wherein at least one of the devices is a touch sensitive device, the two devices storing a common cryptographic key that enables all communications via the network to be encrypted. | 12-13-2012 |
| 20120317411 | SYSTEM AND METHOD FOR ESTABLISHING A VIRTUAL PRIVATE NETWORK - A system and method for establishing a virtual private network (VPN) between a client and a private data communication network. An encrypted data communication session, such as a-Secure Sockets Layer (SSL) data communication session, is established between a gateway and the client over a public data communication network. The gateway then sends a programming component to the client for automatic installation and execution thereon. The programming component operates to intercept communications from client applications destined for resources on the private data communication network and to send the intercepted communications to the gateway via the encrypted data communication session instead of to the resources on the private data communication network. | 12-13-2012 |
| 20120324216 | TUNNEL INTERFACE FOR SECURING TRAFFIC OVER A NETWORK - Methods and systems for a flexible, scalable hardware and software platform that allows a managed security service provider to easily provide security services to multiple customers is provided. According to one embodiment, a request to establish an IP connection between two locations of a subscriber is received at a service management system (SMS) of the service provider. A tunnel is established between service processing switches coupled in communication through a public network. First and second packet routing nodes within the service processing switches are associated with the first and second locations, respectively. An encryption configuration decision is bound with a routing configuration of the packet routing nodes, by, when the request is to establish a secure IP connection, configuring, the packet routing nodes to cause all packets transmitted to the other location to be encrypted and to cause all packets received from the other location to be decrypted. | 12-20-2012 |
| 20120324217 | SYSTEM AND METHODS FOR FACILITATING SECURE COMMUNICATIONS ON A WEBSITE - A system and methods for facilitating secure communications on a website are presented. The system comprising a security server configured to receive a secure message from a creator device is disclosed. The security server encodes the received message and sends the encoded message or a representation of the encoded message for posting on the website so that one or more users of the website have the ability to request that the security server make the message available after the encoded message has been decoded. | 12-20-2012 |
| 20120331284 | Media Agnostic, Distributed, and Defendable Data Retention - A data protector is described. In an implementation, the data protector promotes and enforces a data retention policy of a data consumer. In an implementation, the data protector limits access to sensitive data to the data consumers. A key manager provides a time-limited encryption key to the data protector. Responsive to collection of the time-limited encryption key from the key manager and sensitive data from a data provider, the data protector encrypts the sensitive data with the time-limited encryption key effective to produce encrypted sensitive data. In some embodiments, the data protector' provides a data consumer with access to the encrypted sensitive data and the key manager provides the data consumer with access to the time-limited encryption key to decrypt the encrypted sensitive data. The key manager deletes the time-limited encryption key in compliance with the data retention policy of the data consumer. | 12-27-2012 |
| 20130013913 | ELECTRONIC DEVICE WITH MESSAGE ENCRYPTION FUNCTION AND MESSAGE ENCRYPTION METHOD - An electronic device with a message encryption function includes a configure interface module for setting an encryption code, a storage module, an encryption module, and a message processing module. The message processing module is electrically connected to the configure interface module, the storage module and the encryption module for receiving or sending a message, accessing the encryption code from the configure interface module, and transmitting the message and the encryption code to the encryption module. The encryption module encrypts the message with the encryption code so as to generate an encrypted message and then transmits the encrypted message to the message processing module. The message processing module stores the encrypted message in the storage module. | 01-10-2013 |
| 20130013914 | System and Method for Monitoring Secure Data on a Network - A system and method for monitoring secure digital data on a network are provided. An exemplary network monitoring system may include a network device in communication with a user and a network. Further, a server may be in communication with the network. A browser and monitoring program may be stored on the network device, and the network device may receive secure digital data from the network. The browser may convert the secure digital data or a portion thereof into source data, and the monitoring program may transfer the source data or a portion thereof to the server. In an exemplary embodiment, the monitoring program may include a service component and an interface program. | 01-10-2013 |
| 20130024685 | PROVISIONING CREDENTIALS FOR EMBEDDED WIRELESS DEVICES - A system and method are used to connect an installed device to a local premise network, such as a home network provided by a router in the home. A user may use a host device, such as a mobile telephone that is already connected to the home network to provide the home network credentials to the installed device without having to enter the home network credentials manually into the installed device such as a thermostat. | 01-24-2013 |
| 20130031358 | WIRELESS NETWORK SECURITY - A method includes identifying a suspect node of a network that includes multiple nodes in wireless communication. The method also includes initiating formation of a sub-network of the network in response to identifying the suspect node. The suspect node is not a member of the sub-network. After formation of the sub-network, first communications between the suspect node and a device of the network are routed to or through at least one of the members of the sub-network. The sub-network is configured to enable second communications between members of the sub-network, where the second communications are communicated in a manner that is secured against access by the suspect node. | 01-31-2013 |
| 20130054959 | Security Control in a Communication System - A method includes controlling security in a communication system that involves a node capable of routing traffic according to one or more security algorithms with respective security levels. The node is adapted to estimate at least one safety degree relating to the node, to select at least one security algorithm of the one or more security algorithms, depending on the estimated safety degree; and to activate the at least one security algorithm. | 02-28-2013 |
| 20130067215 | System for Enabling a Virtual Private Network ("VPN") Over an Unsecured Network - A system for enabling a virtual private network over an unsecured network includes a local network coupled to an internet server configured with a firewall. Coupled to both is an appliance that includes a cryptographic module. A remote modem, for example, a cellular modem, is coupled to a counterpart appliance that includes a compatible cryptographic module. The two modules are keyed to be exclusively, mutually responsive to each other and enable the transmission of encrypted data between the local network and the remote modem. The appliance coupled to the remote modem may further be coupled to either of a remote computer device or a remote network. | 03-14-2013 |
| 20130086375 | PERSONAL POINT OF SALE - Embodiments provided herein include techniques for enabling a mobile device to communicate with smart media in a manner that can sidestep the secure element of the mobile device—and the costs associated with it. The mobile device can communicate with the smart media using near-field communication (NFC) by creating an encrypted connection with a remote computer while bypassing a secure element of the mobile device. This allows the mobile device to provide point-of-sale (POS) functionality by reading and/or writing to the smart media, without compromising the security of the smart media. | 04-04-2013 |
| 20130091350 | METHODS AND SYSTEMS FOR PROXYING DATA - Methods and systems are provided for proxying data between an application server and a client device. One exemplary application system includes an application server to generate a virtual application and a proxy server coupled to the application server over a network to provide the virtual application to a client device. The proxy server receives input data from the client device and provides the input data to the application server, wherein the application server encodes the input data for an action in response to authenticating the proxy server and provides the data encoded for the action to the proxy server. The proxy server performs the action on the data and provides the result to the client device. | 04-11-2013 |
| 20130091351 | DIFFERENTIAL CLIENT-SIDE ENCRYPTION OF INFORMATION ORIGINATING FROM A CLIENT - A method may include allocating a number of public keys, where each respective public key is allocated to a respective entity of a number of entities; storing a number of private keys, where each respective private corresponds to a respective public key; storing one or more decryption algorithms, where each respective decryption algorithm is configured to decrypt data previously encrypted using at least one encryption algorithm of the encryption algorithms. Each respective encryption algorithm may be configured to encrypt data using at least one public key. Each respective decryption algorithm may be configured to decrypt data using at least one private key. The method may include receiving encrypted data, where the encrypted data is encrypted using a first public key and a first encryption algorithm, and the encrypted data is provided over a network. | 04-11-2013 |
| 20130111205 | Methods And Apparatus For Sharing Real-Time User Context Information | 05-02-2013 |
| 20130124853 | DIGITAL RIGHTS MANAGEMENT DISTRIBUTION SYSTEM - In an example embodiment, a digital content distributor may transmit an unsigned license associated with a protected digital object to a digital rights management provider. The digital rights management provider may digitally sign the license and may transmit the signed license to the digital content distributor. | 05-16-2013 |
| 20130138948 | SYSTEM AND METHOD FOR RETAINING USERS' ANONYMITY - A method and a system are provided for generating information that relates to services being utilized by a user, by which: at a user device, retrieving usage information that relates to services consumed by the user of the user device; forwarding by the user device the retrieved usage information towards a central processing unit; at the central processing unit, determining based on the received usage information and based on at least one pre-determined criterion associated with the services being consumed by the user, whether a message should be sent to that user; and if in the affirmative, sending a message to the user that relates to the received usage information, without logging any information that relates to the message being sent to the user, at the central processing unit. | 05-30-2013 |
| 20130138949 | KEY SETTING METHOD, NODE, AND NETWORK SYSTEM - A key setting method executed by a node transmitting and receiving a packet through multi-hop communication in an ad-hoc network among ad-hoc networks, includes receiving a packet encrypted using a key specific to a gateway and simultaneously reported from the gateway in the ad-hoc network; detecting a connection with a mobile terminal capable of communicating with a server retaining a key specific to a gateway in each ad-hoc network among the ad-hoc networks; transmitting to the server, via the mobile terminal and when a connection with the mobile terminal is detected, the encrypted packet received; receiving from the server and via the mobile terminal, a key specific to a gateway in the ad-hoc network and for decrypting the encrypted packet transmitted; and setting the received key specific to the gateway in the ad-hoc network as the key for encrypting the packet. | 05-30-2013 |
| 20130138950 | KEY SETTING METHOD, NODE, AND NETWORK SYSTEM - A key setting method executed by a node transmitting and receiving data through multi-hop communication in an ad-hoc network among multiple ad-hoc networks, includes detecting connection with a mobile terminal communicating with a server connected to a gateway in each ad-hoc network among the ad-hoc networks; transmitting by simultaneously reporting to the ad-hoc network, an acquisition request for a key for encrypting the data when the connection with the mobile terminal is detected at the detecting; receiving from the server via the mobile terminal, a key specific to a gateway and transmitted from the gateway to the server consequent to transfer of the simultaneously reported acquisition request to the gateway in the ad-hoc network; and setting the key specific to the gateway received at the receiving as the key for encrypting the data. | 05-30-2013 |
| 20130138951 | METHOD AND DEVICE FOR AUTOMATICALLY DISTRIBUTING UPDATED KEY MATERIAL - A method for handling an encrypted message received on an electronic device that has not been encrypted using a current public key. The portable electronic device automatically generates a reply message to the sender in response to determining that the message has not been encrypted with the current public key. The reply message may contain the current public key of the recipient device, and may request the sender to resend the message encrypted with the current public key. | 05-30-2013 |
| 20130145145 | SYSTEM AND METHOD OF SECURING DATA USING A SERVER-RESIDENT KEY - A system and method for increasing security of data is presented. This system uses a remote server to increase the security of locally stored data, even in the presence of physical and software security threats. This method is significantly bolstered when at least a small portion of memory on the local machine used to temporarily store the encryption key is safe from physical and software attacks and can be further bolstered if user-interaction is required upon authentication. | 06-06-2013 |
| 20130145146 | SYSTEMS AND METHODS FOR BULK ENCRYPTION AND DECRYPTION OF TRANSMITTED DATA - A method for using a network appliance to efficiently buffer and encrypt data for transmission includes: receiving, by an appliance via a connection, two or more SSL records comprising encrypted messages; decrypting the two or more messages; buffering, by the appliance, the two or more decrypted messages; determining, by the appliance, that a transmittal condition has been satisfied; encrypting, by the appliance in response to the determination, the first decrypted message and a portion of the second decrypted message to produce a third SSL record; and transmitting, by the appliance via a second connection, the third record. Corresponding systems are also described. | 06-06-2013 |
| 20130145147 | Content Protection Method - A method for protecting content to be distributed to a pool of receiving terminals connected to a content distribution network and each having a specific security level depending on the technical securing means used, the method comprising the following steps:
| 06-06-2013 |
| 20130151844 | Method and Apparatus for Secure Setup of an Encrypted Connection between Two Communication Devices - An electronic device includes a first connection interface and a second connection interface. The first connection interface is operable to exchange security information with another electronic device for use in encrypting data transmissions with the other electronic device. The first connection interface is inoperable to communicate payload data encrypted using the security information. The second connection interface is different than the first connection interface and operable to securely communicate payload data with the other electronic device over an unsecure medium in accordance with the security information exchanged via the first connection interface. | 06-13-2013 |
| 20130151845 | METHODS, SYSTEMS, AND COMPUTER READABLE MEDIA FOR ENCRYPTING DIAMETER IDENTIFICATION INFORMATION IN A COMMUNICATION NETWORK - The subject matter described herein includes systems, methods, and computer readable media for encrypting Diameter identification information contained in Diameter signaling messages. The system includes a Diameter agent that comprises a network interface configured to receive, from a first Diameter node, a Diameter signaling message that includes Diameter identification information associated with the first Diameter node and a Diameter encryption topology hiding module (ETHM) configured to encrypt the Diameter identification information to generate encrypted Diameter identification information and to replace the Diameter identification information in the Diameter signaling message with the encrypted Diameter identification information. The Diameter agent further includes a routing module configured to route the Diameter signaling message with the encrypted Diameter identification information to a second Diameter node. | 06-13-2013 |
| 20130173907 | PKI GATEWAY - A PKI gateway allows an enterprise to maintain a limited number of PKI protocol interfaces while servicing every standard and proprietary PKI protocol used by a customer of the enterprise. The PKI gateway listens for a PKI management request, adds contextual information needed by the certificate authority, translates the request into the appropriate protocol, and executes the request. | 07-04-2013 |
| 20130173908 | Hash Table Organization - Disclosed are various embodiments for improving hash table utilization. A key corresponding to a data item to be inserted into a hash table can be transformed to improve the entropy of the key space and the resultant hash codes that can generated. Transformation data can be inserted into the key in various ways, which can result in a greater degree of variance in the resultant hash code calculated based upon the transformed key. | 07-04-2013 |
| 20130173909 | KEY ENCRYPTION SYSTEM, METHOD, AND NETWORK DEVICES - A network includes encryption devices at customer sites and transport devices provide transport functionality for encrypted data for transmission across networks. A method of controlling access to a first plurality of functions of the encryption devices and access to a second plurality functions of the transport devices is disclosed. The method involves providing a customer with access to at least some of the first plurality of functions and providing a network service provider with access to at least some of the second plurality of functions. The method also involves providing the network service provider with restricted access to a first subset of the first plurality of functions and/or providing the network service provider with restricted access to a second subset of the second plurality of functions. This allows the customer and the service provider to share access to hardware resources such as the encryption devices and the transport devices. | 07-04-2013 |
| 20130173910 | METHOD FOR SHARING SECRET VALUES BETWEEN SENSOR NODES IN MULTI-HOP WIRELESS COMMUNICATION NETWORK - A method for sharing a secret key between a source node and a destination node includes (a) adding, at each forward intermediate node, a secret key between the forward intermediate node and a node before the forward intermediate node to the secret key sharing request message; (b) generating a shared secret key between the source node and the destination node from the secret key between the forward intermediate node and the node before the forward intermediate node added in the secret key sharing request message; (c) adding, at each backward intermediate node, a secret key between the backward intermediate node and a node before it to the secret key sharing response message; and (d) generating the shared secret key between the destination node and the source node from the secret key between the backward intermediate node and the node before it added in the secret key sharing response message. | 07-04-2013 |
| 20130179680 | DIGITAL RIGHTS DOMAIN MANAGEMENT FOR SECURE CONTENT DISTRIBUTION IN A LOCAL NETWORK - Systems and methods for secure content distribution to playback devices connected to a local network via a residential gateway using secure links are disclosed. One embodiment of the invention includes a content server, a rights management server, a residential gateway configured to communicate with the content server and the rights management server via a network, and a playback device configured to communicate with the residential gateway via a local network. In addition, the residential gateway is configured to receive protected content from the content server, the playback device is configured to request access to the protected content from the residential gateway, the residential gateway is configured to request access to the protected content from the rights management server and the request includes information uniquely identifying the playback device, the rights management server is configured to provide access information to the residential gateway when the information uniquely identifying the playback device satisfies at least one predetermined criterion with respect to playback devices associated with the residential gateway, the residential gateway and the playback device are configured to create a secure link between the residential gateway and the playback device via the local network, and the residential gateway is configured to decrypt the protected content using the access information provided by the rights management server and to encrypt the decrypted content for distribution to the playback device via the secure link. | 07-11-2013 |
| 20130191628 | Media Path Monitoring Over a Secure Network - Techniques are provided for obtaining header information from a packet configured for real-time communications transport over a network. The header information is used to monitor network performance of one or more secure portions of the network. The packet is encrypted using a security protocol and encapsulated using a transport protocol to produce a transport packet for transmission over the network. The transport packet header information is inserted into the transport packet prior to transmission over the network. The header information is used by a downstream network device or network analyzer to determine performance metrics for the network without decrypting the encrypted packet. | 07-25-2013 |
| 20130191629 | SECURE GROUP-BASED DATA STORAGE IN THE CLOUD - Methods of securely storing documents electronically for access by members of a workgroup, methods of changing membership in the workgroup, and systems for providing secure data storage for a workgroup of changeable membership. Various embodiments use an encrypting vault key for a workgroup to encrypt the data files or session keys, and then encrypt the decrypting vault key, which corresponds with the encrypting vault key, using the public key of each member of the workgroup. If the workgroup membership is changed, the decrypting vault key can be re-encrypted with the public keys of each member of the workgroup without needing to download or re-upload the encrypted files associated with that workgroup. Other embodiments are disclosed. | 07-25-2013 |
| 20130191630 | Auditing and controlling encrypted communications - Use of one or more computer systems may be audited by performing a man-in-the-middle attack against a cryptographic protocol (e.g., SSH) at one or more interceptors, transmitting audit data to a centralized audit server. Operations performed using the encrypted connection may be controlled and restricted. | 07-25-2013 |
| 20130191631 | Auditing and policy control at SSH endpoints - SSH sessions and other protocol sessions (e.g., RDP) may be audited using an interceptor embedded within an SSH server or other protocol server. Operations performed over an SSH connection may be controlled, including controlling what files are transferred. | 07-25-2013 |
| 20130219167 | NETWORK NODE WITH NETWORK-ATTACHED STATELESS SECURITY OFFLOAD DEVICE EMPLOYING IN-BAND PROCESSING - A network node for communicating data packets secured with a security protocol over a communications network includes a host information handling system (IHS) and one or more external security offload devices coupled by a secure data link. The host IHS communicates state information about data packets, and the external offload security device provides stateless secure data encapsulation and decapsulation of packets using a security protocol. An external network interface controller or internal network interface controller communicates encapsulated data packets over the communications network to a final destination. Encapsulation and decapsulation of packets by the external security offload device reduces network latency and reduces the computational load on the processor in the host IHS. Maintaining state information in the host IHS allows hot-swapping of external security offload devices without information loss. The external security offload device may be included in a firewall, or intrusion detection device, and may implement IPsec protocol. | 08-22-2013 |
| 20130219168 | NETWORK NODE WITH NETWORK-ATTACHED STATELESS SECURITY OFFLOAD DEVICE EMPLOYING OUT-OF-BAND PROCESSING - A network node for communicating data packets secured with a security protocol over a communications network includes a host information handling system (IHS) and one or more external security offload devices coupled by a secure data link. The host IHS communicates state information about data packets, and the external offload security device provides stateless secure data encapsulation and decapsulation of packets using a security protocol. An external network interface controller or internal network interface controller communicates encapsulated data packets over the communications network to a final destination. Encapsulation and decapsulation of packets by the external security offload device reduces network latency and reduces the computational load on the processor in the host IHS. Maintaining state information in the host IHS allows hot-swapping of external security offload devices without information loss. The external security offload device may be included in a firewall, or intrusion detection device, and may implement IPsec protocol. | 08-22-2013 |
| 20130219169 | Public Cloud Data at Rest Security - An encryption switch which is used in a cloud environment to secure data on the LUNs used by the clients. A client provides a certificate to the cloud service. The encryption switch develops a cloud crypto domain (CCD) as a secure area, with the data at rest on the LUNs encrypted. The encryption switch develops a master key for client use in the CCD, which is provided to the client encrypted by the client's public key. Data encryption keys (DEKs) are created for each LUN and provided to the client. The DEKs are stored in a key vault by the client for use if needed. The cloud service provisions a client VM to be used with the encrypted LUN and develops a nexus between the LUN and the client VM for the encryption switch to use in data operations. The client communicates through the client VM to access the LUN. | 08-22-2013 |
| 20130219170 | DATA COMMUNICATION AUTHENTICATION SYSTEM FOR VEHICLE GATEWAY APPARATUS FOR VEHICLE DATA COMMUNICATION SYSTEM FOR VEHICLE AND DATA COMMUNICATION APPARATUS FOR VEHICLE - A vehicular data communication system is disclosed. The vehicular data communication system includes an authentication device for authenticating an external tool connected to a bus, an authentication control device for determining whether an external tool is authenticated by the authentication device and for setting an authenticated state to permit a data communication between the external tool and an access target ECU on the bus upon determining that the external tool is authenticated by the authentication device, and an authentication maintain device for maintaining the authenticated state within a predetermined period after the authenticated state is set by the authentication control device. | 08-22-2013 |
| 20130219171 | NETWORK NODE WITH NETWORK-ATTACHED STATELESS SECURITY OFFLOAD DEVICE EMPLOYING IN-BAND PROCESSING - A network node for communicating data packets secured with a security protocol over a communications network includes a host information handling system (IHS) and one or more external security offload devices coupled by a secure data link. The host IHS communicates state information about data packets, and the external offload security device provides stateless secure data encapsulation and decapsulation of packets using a security protocol. An external network interface controller or internal network interface controller communicates encapsulated data packets over the communications network to a final destination. Encapsulation and decapsulation of packets by the external security offload device reduces network latency and reduces the computational load on the processor in the host IHS. Maintaining state information in the host IHS allows hot-swapping of external security offload devices without information loss. The external security offload device may be included in a firewall, or intrusion detection device, and may implement IPsec protocol. | 08-22-2013 |
| 20130219172 | SYSTEM AND METHOD FOR PROVIDING A SECURE BOOK DEVICE USING CRYPTOGRAPHICALLY SECURE COMMUNICATIONS ACROSS SECURE NETWORKS - A gateway device is used to control the flow of data to and from a network. To ensure that a message is not transmitted beyond the edge of an intranet without authorization such as outside of a private network, or to a device within the private network without authorization, a gateway will only establish a communication session with a computing device within the private network that possess a requisite community-of-interest key. If either the gateway device or computing device does not possess a matching community-of-interest key then a communication session cannot be established between the computing device and gateway device. Other aspects include transmitting a message destined for another network by converting it into a format in which it can be received outside the private network without knowledge of the type of security measures used within the private network. | 08-22-2013 |
| 20130227274 | PRIVACY-PRESERVING PUBLISH-SUBSCRIBE PROTOCOL IN A CLOUD-ASSISTED MODEL - A server receives from a client at least one interest pseudonym produced by a double application of a pseudo random function to at least one interest of the client. The server encrypts an item. The server computes at least one intermediate topic pseudonym for at least one topic associated with the item by applying the function to each of the at least one topic associated with the item. The server transmits the at least one intermediate topic pseudonym, the at least one interest pseudonym, and the encrypted item to a third party. The third party may apply the function to the at least one intermediate topic pseudonym to produce at least one topic pseudonym associated with the item and transmit the encrypted item to the client for decryption when one of the at least one masked topic pseudonym is equal to one of the at least one interest pseudonym of the client. | 08-29-2013 |
| 20130232334 | SYSTEM AND METHOD FOR OBTAINING CERTIFICATE STATUS OF SUBKEYS - Systems and methods for updating status of digital certificate subkeys. A request is made to a key server to verify if a given key is revoked. If it is not, then the key with its subkeys is acquired from the key server. If one or more subkeys or signatures of the subkeys are different in the acquired key, then the key is replaced. | 09-05-2013 |
| 20130238891 | Method and System for Encrypting Short Message - The present invention discloses a method and system for implementing short message encryption. Both the Mobile Station (MS) and the Mobile Switching Center (MSC) are configured with encryption-decryption modules ( | 09-12-2013 |
| 20130246784 | WIRELESS ACCESS POINT SECURITY FOR MULTI-HOP NETWORKS - Security in wireless communication networks that employ relay stations to facilitate communications between base stations and mobile stations is enhanced. In one embodiment, resource information provided to one or more relay stations from a base station or another relay station is encrypted prior to being delivered to the one or more relay stations. Only authorized relay stations are allocated an appropriate key necessary to decrypt the resource information. As such, only appropriate relay stations are able to access and use the resource information to effect communications directly or indirectly between the base stations and the mobile stations. In certain embodiments, the resource information is delivered between the various base and relay stations using either unicast or multicast delivery techniques. | 09-19-2013 |
| 20130254532 | Secure Computation Using a Server Module - A server module evaluates a circuit based on concealed inputs provided by respective participant modules, to provide a concealed output. By virtue of this approach, no party to the transaction (including the sever module) discovers any other party's non-concealed inputs. In a first implementation, the server module evaluates a garbled Boolean circuit. This implementation also uses a three-way oblivious transfer technique to provide a concealed input from one of the participant modules to the server module. In a second implementation, the server module evaluates an arithmetic circuit based on ciphertexts that have been produced using a fully homomorphic encryption technique. This implementation modifies multiplication operations that are performed in the evaluation of the arithmetic circuit by a modifier factor; this removes bounds placed on the number of the multiplication operations that can be performed. | 09-26-2013 |
| 20130262855 | DOCUMENT ENCRYPTING SYSTEM AND METHOD USING SAME - A document encrypting system in an electronic apparatus includes a communicating module, an encoding module, a decoding module, and a deleting module. The communicating module builds a communication with the network storage device, downloads the encryption algorithm from the network storage device, and stores the encryption algorithm in the local storage device. The encoding module employs the encryption algorithm to encode the document. The decoding module employs the encryption algorithm to decode the document. The deleting module deletes the encryption algorithm stored in the local storage device. | 10-03-2013 |
| 20130268749 | DIGITAL RIGHTS MANAGEMENT SYSTEM AND METHODS FOR PROVISIONING CONTENT TO AN INTELLIGENT STORAGE - The present invention relates to digital rights management (DRM) for content that downloaded and saved to a storage device. The storage may be a disk drive, or network attached storage. In addition, the storage device performs cryptographic operations and provides a root of trust. The DRM employs a binding key, a content key, and an access key. The binding key binds the content to a specific storage and is based on a key that is concealed on the storage. The binding key is not stored on the storage device with the content. The content key is a key that has been assigned to the content. The access key is determined based on a cryptographic combination of the content key and the binding key. In one embodiment, the content is provisioned based on the access key and stored in encrypted form in the storage device. | 10-10-2013 |
| 20130268750 | ENCODED DATABASE MANAGEMENT SYSTEM, CLIENT AND SERVER, NATURAL JOINING METHOD AND PROGRAM - An encrypted database management system includes: a client terminal which includes a column encrypting unit that uses an encrypting key and a group generator to encrypt data of columns indicated by specific labels of externally input tables, and output it, an intra-label projection request unit that generates an intra-label key from encrypting key and label, and outputs it, and an inter-label projection request unit that generates an inter-label projection key from encrypted key, label, and intra-label key; and a database server which includes an intra-label projection unit that generates an intra-label comparison value by the action of label and intra-label key on data of columns of specific labels of encrypted tables, an inter-label projection unit that generates an inter-label comparison value by the action of the inter-label projection key on intra-label comparison value, and an encrypted table natural join unit that conducts natural joining using intra-label comparison value. | 10-10-2013 |
| 20130275745 | System and Method for Secure Communication - The invention specifies a method and a system for secure communication of a first computing device and a network. A second computing device with a hardened operating system is employed. The second computing device is different from the operating system of the first computing device. An authentication module in the second computing device authenticates a user. An encryption module in the second computing device encrypts the data received from the first computing device, so that an encrypted communication with the network is made possible. A decryption module in the second computing device decrypts the encrypted data received from the network for the first computing device. | 10-17-2013 |
| 20130275746 | DATA ENCRYPTION PARAMETER DISPERSAL - A method for securely distributing a profile within a dispersed storage network (DSN) that begins by encrypting a profile using a key. The method continues by encoding the encrypted profile in accordance with a dispersed storage error encoding function. The method continues by outputting the set of encoded profile slices to the DSN for storage therein. The method continues by encoding the key in accordance with an error encoding function and outputting the set of secure key portions to a set of devices of the DSN for storage therein. A device obtains the profile by retrieving secure key portions from the set of devices and recovering the key therefrom. The device then retrieves encoded profile slices from the DSN and decodes them to recover the encrypted profile. The device then decrypts the encrypted profile using the key to recover the profile. | 10-17-2013 |
| 20130283038 | Seamless Remote Storage of Uniformly Encrypted Data for Diverse Platforms and Devices - A way of providing seamless remote data storage and access with a universal encryption key is provided. Data may be able to be uploaded from and/or downloaded to a variety of user devices and/or types of user devices. During transfer of data, a secure communication channel may be established between a user device and a destination storage. Data may be compressed and/or encrypted before being passed to the destination storage. Such compression and/or encryption may be performed at the user device or an intermediate processing module. Likewise, when downloading data, the data may be decompressed and/or decrypted before being made available to a destination user device. Such decompression and/or decryption may be performed at the destination device or the intermediate processing module. In any case, the universal encryption key may be utilized by all user devices to generate uniformly encrypted data. | 10-24-2013 |
| 20130283039 | MECHANISM FOR EFFICIENT PRIVATE BULK MESSAGING - Secure bulk messaging mechanism in which, roughly described, a sender first encrypts a message once. The message can be decrypted with a message decryption key. These can be symmetric or asymmetric keys. For each recipient, the sender then encrypts the message decryption key with the recipient's public key. The sender then sends the encrypted message and the encrypted message decryption keys to a store-and-forward server. Subsequently, one or more recipients connect to the server and retrieve the encrypted message and the message encryption key that has been encrypted with the recipient's public key. Alternatively, the server can forward these items to each individual recipient. The recipient then decrypts the encrypted message decryption key with the recipient's private key, resulting in an unencrypted message decryption key. The recipient then decrypts the message using the unencrypted message decryption key. | 10-24-2013 |
| 20130290700 | COMPUTATIONAL SYSTEMS AND METHODS FOR ENCRYPTING DATA FOR ANONYMOUS STORAGE - Methods, apparatuses, computer program products, devices and systems are described that carry out accepting from a user identifier encryption entity at least one encrypted identifier corresponding to a user having at least one instance of data for encryption; encrypting the at least one instance of data to produce level-one-encrypted data; associating the at least one encrypted identifier with the level-one-encrypted data, wherein a level-one decryption key for the level-one-encrypted data is inaccessible to the user identifier encryption entity; and transmitting the level-one-encrypted data and associated encrypted identifier. | 10-31-2013 |
| 20130290701 | KEY SETTING METHOD, NODE, SERVER, AND NETWORK SYSTEM - A key setting method executed by a node within communication ranges of multiple ad-hoc networks, includes receiving encrypted packets encrypted by respective keys specific to gateways and broadcasted from the gateways in the ad-hoc networks; detecting connection with a mobile terminal communicable with a server retaining the keys specific to the gateways in each ad-hoc network among the ad-hoc networks; transmitting to the server when connection with the mobile terminal is detected, the encrypted packets via the mobile terminal; receiving from the server via the mobile terminal, the keys that are specific to the gateways in the ad-hoc networks and that are for decrypting each encrypted packet among the encrypted packets; and setting each of the received keys as a key to encrypt data that is to be encrypted in the node and decrypt data that is to be decrypted in the node. | 10-31-2013 |
| 20130305039 | CLOUD FILE SYSTEM - A cloud storage system supporting user agnostic encryption and deduplication of encrypted files is described. Further the cloud storage system enables users to share a file, a group of files, or an entire file system with other users without a user sending each file to the other users. The cloud storage system further allows a client device to minimize the utilization of bandwidth by determining whether the encrypted data to transfer is already present in the cloud storage system. Further the cloud storage system comprises mechanisms for a client device to inform the cloud storage system of which data is likely to be required in the future so that the cloud storage system can make that data available with less latency one the client device requests the data. | 11-14-2013 |
| 20130332724 | User-Space Enabled Virtual Private Network - This invention includes apparatus, systems, and methods to establish a virtual private network (“VPN”), or a secured network for authenticated and encrypted data transmission to prevent disclosure of private information to unauthorized parties. This invention provides secure and authenticated data transmission from a communication device to another device over any public or private network while using existing standard applications such as email, VoIP, internet browsers, ISR applications, video conferencing, telecommuting, inventory tracking and control, etc. without the need to secure or add encryption features into each specific application. This invention provides the opportunity to selectively secure one or more existing applications with configuration changes that can be made at the user-space level of the software stack and without need for higher level software stack access, such as root access. | 12-12-2013 |
| 20130339726 | FILE SERVER APPARATUS AND FILE SERVER SYSTEM - According to one embodiment, a reception unit receives post-office box's encrypted data, which is obtained by encrypting the data by using a post-office box's public key, from the sending apparatus. A re-encryption key storage unit stores a re-encryption key used for re-encrypting the post-office box's encrypted data into recipient's encrypted data, which is obtained by encrypting the data using a recipient's public key that is different from the post-office box's public key. A re-encryption unit re-encrypts the received post-office box's encrypted data to the recipient's encrypted data using the re-encryption key stored in the re-encryption key storage unit. A transmission unit transmits the re-encrypted recipient's encrypted data to the receiving apparatus. | 12-19-2013 |
| 20130339727 | WAN Optimization Without Required User Configuration for WAN Secured VDI Traffic - In order for intermediary WAAS devices to process and accelerate ICA traffic, they must decrypt the ICA traffic in order to examine it. Disclosed is a mechanism by which the ICA traffic may be re-encrypted for transport over the WAN in a manner that does not require explicit configuration by the administrator of the WAAS devices. For example, VDI traffic may be intercepted and all data redundancy elimination messages may be encrypted and sent to a peer network device. | 12-19-2013 |
| 20130346739 | METHOD AND APPARATUS FOR PROVIDING SECURE STREAMING DATA TRANSMISSION FACILITIES USING UNRELIABLE PROTOCOLS - The disclosure provides a method and apparatus for transmitting data securely using an unreliable communication protocol, such as User Datagram Protocol. In one variation, the disclosure describes retaining compatibility with conventional Secure Sockets Layer (SSL) and SOCKS protocols, such that secure UDP datagrams can be transmitted between a proxy server and a client computer in a manner analogous to conventional SOCKS processing. Further, the disclosure describes a network arrangement that employs a cache having copies distributed among a plurality of different locations. SSL/TLS session information for a session with each of the proxy servers is stored in the cache so that it is accessible to at least one other proxy server. Using this arrangement, cached SSL/TLS communication session information may be retrieved and used by a second proxy server to accept a session with the client device when the client device switches proxy servers. | 12-26-2013 |
| 20140019750 | VIRTUAL GATEWAYS FOR ISOLATING VIRTUAL MACHINES - Virtual machines in a network may be isolated by encrypting transmissions between the virtual machines with keys possessed only by an intended recipient. Within a network, the virtual machines may be logically organized into a number of community-of-interest (COI) groups. Each COI may use an encryption key to secure communications within the COI, such that only other virtual machines in the COI may decrypt the message. Virtual machines may further be isolated through a virtual gateway assigned to handle all communications between a virtual machine and a device outside of the virtual machine's COI. The virtual gateway may be a separate virtual machine for handling decrypting and encrypting messages for transmission between virtual machines and other devices. | 01-16-2014 |
| 20140019751 | METHOD AND APPARATUS HAVING NULL-ENCRYPTION FOR SIGNALING AND MEDIA PACKETS BETWEEN A MOBILE STATION AND A SECURE GATEWAY - Disclosed is a method for efficient transport of packets between a mobile station and a secure gateway over a wireless local area network for accessing home services. In the method, a first encryption security association is established for transporting first-type packets from the secure gateway to the mobile station, and a second encryption security association is established for transporting first-type packets from the mobile station to the secure gateway. Next, a first null-encryption security association is established for transporting second-type packets from the secure gateway to the mobile station, and a second null-encryption security association is established for transporting second-type packets from the mobile station to the secure gateway. Second-type packets are selected for transport using the second null-encryption security association based on a traffic selector. Also, second-type packets may be selected for transport using the first null-encryption security association based on a traffic selector. The traffic selector may be preconfigured. | 01-16-2014 |
| 20140025945 | PAIR-WISE KEYING FOR TUNNELED VIRTUAL PRIVATE NETWORKS - In an embodiment, a method for generating and distributing keys retains the scalability of a group VPN, but also provides true pair-wise keying such that an attacker who compromises one of the devices in a VPN cannot use the keys gained to decrypt the packets from the other gateways in the VPN, or spoof one of the communicating gateways. The method is collusion resistant when co-operating attackers overtake several VPN gateways and observe the keys stored in those gateways. In an embodiment, a VPN gateway comprises a cryptographic data processor configured to encrypt and to decrypt data packets; group key management logic; and Key Generation System logic. In one approach a gateway performs, in relation to adding a group member, receiving in a security association message secret data for use in the KGS; and derives keys for secure communication with one or more peer VPN gateways using the secret data. | 01-23-2014 |
| 20140052980 | SECURE NETWORK SYSTEMS AND METHODS - Secure network systems and methods are provided. In an aspect of the invention, a secure network system is provided that includes a computing system that comprises a client system and a specialized NIC (network interface controller) system equipped with the capability to form a secure connection with an endpoint system and encrypt and decrypt communications between the client system and the network to which it is connected. This trusted network interface (TNI), which may present itself as a physical peripheral connected to a physical client system or a virtual peripheral connected to a virtual client system, takes the place of a client system's standard NIC, and the connection that it forms with the trusted network is negotiated and enforced externally to and independent of the client system. | 02-20-2014 |
| 20140095863 | INTERNET BASED SECURITY INFORMATION INTERACTION APPARATUS AND METHOD - The present invention discloses a device and method for security information interaction. The device for security information interaction includes: an interface circuit, configured to connect the device for security information interaction to an internet terminal; an information input unit, configured to allow user to input security information; a secure encryption/decryption unit, configured to store and process the security information; an information reader, configured to read information data from an external information carrier; wherein the secure encryption/decryption unit processes the security information in connection with the information data, and complete a business function on the secure channel through the interaction with the security information processing server. The device and method for security information interaction disclosed in the present invention improves the flexibility and efficiency of the information processing system, enhances the security of the information processing system, and extending new applications of an external information carrier in an open network environment. | 04-03-2014 |
| 20140101436 | DIFFERENTIAL CLIENT-SIDE ENCRYPTION OF INFORMATION ORIGINATING FROM A CLIENT - A method may include allocating a number of public keys, where each respective public key is allocated to a respective entity of a number of entities; storing a number of private keys, where each respective private corresponds to a respective public key; storing one or more decryption algorithms, where each respective decryption algorithm is configured to decrypt data previously encrypted using at least one encryption algorithm of the encryption algorithms. Each respective encryption algorithm may be configured to encrypt data using at least one public key. Each respective decryption algorithm may be configured to decrypt data using at least one private key. The method may include receiving encrypted data, where the encrypted data is encrypted using a first public key and a first encryption algorithm, and the encrypted data is provided over a network. | 04-10-2014 |
| 20140115321 | ENCRYPTED STATISTICAL PROCESSING SYSTEM, DEVICE, METHOD, AND PROGRAM - A service provider device includes key generation means, which generates a service public key for encrypting data and a secret key, and proxy key generation means, which inputs the service public key and the secret key and generates a proxy key. A data registration device includes encrypted data generation means, which generates encrypted data upon input of the service public key and data, and stores the generated encrypted data in a database. Proxy devices each includes encrypted portion statistical data generation means, which generates encrypted portion statistical data upon input of the proxy key with respect to the encrypted data stored in the database. An integrated data generation device includes encrypted statistical data generation means, which inputs the encrypted portion statistical data from each of the proxy devices, generates encrypted statistical data, and stores the generated encrypted statistical data in an integrated data storage device. | 04-24-2014 |
| 20140115322 | METHOD, APPARATUS AND SYSTEM FOR PERFORMING PROXY TRANSFORMATION - A method for performing proxy transformation between a user and a server includes: selecting a first proxy relationship between a target user and a first user from a proxy relationship library; selecting a random value, and generating a second proxy relationship according to the random value and the first proxy relationship; and encrypting original information according to the public key of the first user and the random value to obtain the encrypted information, and transmitting the encrypted information and the second proxy relationship to the server, so that the server performs proxy transformation on the encrypted information according to the second proxy relationship to obtain the transformed information. The method for performing proxy transformation thoroughly solves the security hazard that the server performs proxy transformation without user permission. The present invention further discloses a user terminal and a system for performing proxy transformation. | 04-24-2014 |
| 20140122866 | Crypto Proxy for Cloud Storage Services - In one embodiment, a proxy receives, from a client node, a file to be stored by a cloud storage server, where the proxy and the client node are part of a private network that does not include the cloud storage server. The proxy retrieves an encryption key associated with a user of the client node and encrypts the file using the encryption key. The proxy then transmits the encrypted file to the cloud storage server. | 05-01-2014 |
| 20140129825 | ADAPTIVE VIDEO SERVER WITH FAST INITIALIZATION AND METHODS FOR USE THEREWITH - A streaming video server includes a virtual file system that stores playlist data corresponding to a plurality of video programs available from at least one video source and that stores at least one initial video program segment for each of the plurality of video segments. The streaming video server receives a request for a selected one of the plurality of video programs from a client device. The selected one of the plurality of video programs is retrieved from the at least one video source in response to the request. A plurality of encoded segments are generated from the selected one of the plurality of video programs, based on rate data. A multiplexer generates a plurality of output segments from the at least one initial video program segment corresponding to the selected one of the plurality of video programs and the plurality of encoded video program segments. | 05-08-2014 |
| 20140136835 | SECURE COMPUTER NETWORK - A computer network ( | 05-15-2014 |
| 20140143536 | WIRELESS NETWORK SECURITY - A method includes identifying a suspect node of a network. The method also includes initiating formation of a sub-network of the network by identifying neighbor nodes of the suspect node and sending an invitation message to a first neighbor node to invite the first neighbor node to the sub-network. The invitation message is encrypted using a first encryption key associated with the first neighbor node. The invitation message is not sent to a second node that is identified as a neighbor node only by the suspect node. The sub-network is configured to enable first communications between members of the sub-network. The first communications are communicated in a manner that is secured against access by the suspect node. Subsequent to formation of the sub-network, second communications between the suspect node and a device of the network are routed to or through at least one of the members of the sub-network. | 05-22-2014 |
| 20140149733 | SYSTEM FOR ENCRYPTING CONTENT NAME - A system encrypts a name of content stored in a node of a hierarchical structure. A content receiving node encrypts a name of a predetermined node among names of nodes included in a content name, such as by using a hash function, and transmits the encrypted content name to receive the stored content. A relay node receives the content name including the encrypted name of the node and decrypts the encrypted name of the node, such as by using a reference table. The relay node uses the decrypted node name to relay the content request to the content storage node. Since the content name is encrypted, content routing may be performed without disclosing information associated with a hierarchical structure in which the content is stored. | 05-29-2014 |
| 20140164760 | APPARATUS AND METHODS FOR CONTENT TRANSFER PROTECTION - Methods and apparatus for ensuring protection of transferred content. In one embodiment, content is transferred while enabling a network operator (e.g., MSO) to control and change rights and restrictions at any time, and irrespective of subsequent transfers. This is accomplished in one implementation by providing a premises device configured to receive content in a first encryption format and encodes using a first codec, with an ability to transcrypt and/or transcode the content into an encryption format and encoding format compatible with a device which requests the content therefrom (e.g., from PowerKey/MPEG-2 content to DRM/MPEG-4 content). The premises device uses the same content key to encrypt the content as is used by the requesting device to decrypt the content. | 06-12-2014 |
| 20140173271 | POWER LINE BASED THEFT PROTECTION OF ELECTRONIC DEVICES - Technologies for establishing and managing a connection with a power line communication network include establishing a communication connection between an electronic device and a security server. A default device encryption key associated with the electronic device is changed to correspond with a new device encryption key of the security server. Thereafter, the electronic device may only join a power line communication network of a particular security server using a network membership key, which is encrypted with the device encryption key that the particular security server associates to the electronic device. The electronic device contains a circuit interrupt to interrupt a circuit of the electronic device if the electronic device is not able to successfully decrypt the network membership key. | 06-19-2014 |
| 20140173272 | CLOUD STORAGE SYSTEM, DATA ENCRYPTION PROCESSING DEVICE AND DATA ENCRYPTION METHOD IN CLOUD STORAGE SYSTEM - A cloud storage system includes a plurality of cloud storage modules for storing and managing data and a data encryption processing device. The data encryption processing device includes a priority manager for managing priorities on encrypting data of a plurality of cloud storage modules by using information on whether encryption processing for each of the plurality of the cloud storage modules is supported; and an encryption requester for selecting at least one cloud storage module on the basis of the priorities managed by the priority manager when receiving request of a data encryption, and performing, by the selected at least one cloud storage module, encryption after delivering the data to the selected cloud storage module. | 06-19-2014 |
| 20140189343 | SECURE INTERNET PROTOCOL (IP) FRONT-END FOR VIRTUALIZED ENVIRONMENTS - An IPSec front-end may be configured to encrypt, decrypt and authenticate packets on behalf of a host on an insecure network and a peer on a secure network. For example, the IPSec front-end may receive internet protocol (IP) packets from the host and encrypt the data and format the data as an internet protocol security (IPsec) packet for transmission to the peer. When the peer responds with an IPSec packet, the IPSec front-end may decrypt the data and format the data as an IP packet. The IPSec front-end may be software executing on a Linux server. | 07-03-2014 |
| 20140189344 | PROVIDING A WEB PAGE TO A CLIENT - To display pieces of data provided by different servers in one page, a providing apparatus provides a page to a client terminal, the page including data retrieved from a server. The providing apparatus includes a) a page return unit for, upon receipt of a page retrieval request from the client terminal, returning a page including code to the client terminal, the code to be executed on the client terminal, the code causing the client terminal to transmit a data transmission instruction to the server, the data transmission instruction instructing the server to transmit the data to the providing apparatus, b) a data reception unit for receiving the data transmitted by the server, the server having received the data transmission instruction from the client terminal, and c) a transfer unit for transferring the data received from the server, to the client terminal. | 07-03-2014 |
| 20140215204 | DEVICE FOR PREVENTING LOGGING OF CLIENTS INPUT DATA IN A COMPUTER SYSTEM - A device for preventing logging of client input data in a computer system, characterized in that it includes a first transmission interface used to connect the smart electronic device, a second transmission interface used to connect the computer system, and a data encryption chip for encryption of the input data. The data encryption chip is set between the first and second transmission interfaces and is used to encrypt data input from the first transmission interface, and then transmit the encrypted data to the computer system via the second transmission interface. The device allows for the use of a smart electronic device as a real keyboard, and the computer system permits the data encryption chip to encrypt the data input by the smart electronic device, which are then sent to the computer system, helping to prevent logging of keying data with higher efficacy and applicability. | 07-31-2014 |
| 20140223170 | SYSTEM AND METHOD FOR ELECTRONIC SECURE OBFUSCATION NETWORK - Described are a secure obfuscation network (SON) and ingress nodes, transit nodes and egress nodes used in such a network. Also described is a method for implementing such a network. | 08-07-2014 |
| 20140281483 | SYSTEM AND METHOD FOR ENABLING A SCALABLE PUBLIC-KEY INFRASTRUCTURE ON A SMART GRID NETWORK - A method for enabling a scalable public-key infrastructure (PKI) comprises invoking a process of receiving a message for a device, identifying an association ID for the device, retrieving encrypted association keys stored on the server for communicating with the device, the encrypted association keys encrypted using a wrapping key stored on a Hardware Security Module (HSM). The method further comprises sending the message and the encrypted association keys to the HSM, unwrapping, by the HSM, the encrypted association keys to create unwrapped association keys, cryptographically processing the message to generate a processed message, deleting the unwrapped association keys, sending the processed message to the device, and invoking, concurrently and by a second application, the process. | 09-18-2014 |
| 20140281484 | System and Method to Securely Transfer Data - Various embodiments of the invention achieve optimal data security by adding a security layer to data at the point of generation. Some embodiments add a security feature to data that controls or configures a device at a physical interface. | 09-18-2014 |
| 20140281485 | Efficient Encryption, Escrow and Digital Signatures - A network server is operated so as to facilitate legal eavesdropping by receiving, from the first user via a network, a session key (SK) encrypted with a second user's public key, k | 09-18-2014 |
| 20140281486 | COMMUNITY-BASED DE-DUPLICATION FOR ENCRYPTED DATA - Technologies for de-duplicating encrypted content include fragmenting a file into blocks on a computing device, encrypting each block, and storing each encrypted block on a content data server with associated keyed hashes and member identifications. The computing device additionally transmits each encrypted block with an associated member encryption key and member identification to a key server. As part of the de-duplication process, the content data server stores only one copy of the encrypted data for a particular associated keyed hash, and the key server similarly associates a single member encryption key with the keyed hash. To retrieve the file, the computing device receives the encrypted blocks with their associated keyed hashes and member identifications from the content data server and receives the corresponding member decryption key from the key server. The computing device decrypts each block using the member decryption keys and combines to blocks to generate the file. | 09-18-2014 |
| 20140281487 | SYSTEMS AND METHODS FOR CRYPTOGRAPHIC SECURITY AS A SERVICE - A system and a computer-based method for providing bundled services to a client application in a service call to a service system in a service provider computer system includes receiving a message defining an API service request comprising at least a parameter portion and a payload portion, determining at the gateway system an identity of an application transmitting the received message using identity information that has been established within the service provider computer system, providing, by a services platform, at least one of encryption services and decryption services for data contained in the payload portion using the parameters received in the parameter portion, managing key material for security of the data, and transmitting the encrypted data back to the calling application. | 09-18-2014 |
| 20140281488 | System and Method for Offloading Cryptographic Functions to Support a Large Number of Clients in a Wireless Access Point - The present disclosure discloses a method and network device for offloading cryptographic functions to support a large number of clients. Specifically, a network device receives a packet corresponding to a client device via an interface, and determines whether a first hardware module that performs cryptographic operations on a per-client basis overflows. If first hardware module overflows, the network device retrieves a cryptographic key for the packet, and sends the received packet with the retrieved cryptographic key to a second hardware module that performs cryptographic operations on a per-packet basis to perform one or more cryptographic operations. If not, the network device sends the packet to the first hardware module to perform the one or more cryptographic operations. | 09-18-2014 |
| 20140281489 | SECURITY AND KEY MANAGEMENT OF DIGITAL CONTENT - Managing access to digital content within a particular domain, including: receiving the digital content at a first client device; decrypting the received digital content at the first client device using a first key; transcoding the digital content to another format; re-encrypting the transcoded content using a second key, wherein the second key is obtained by one of: (1) directly from a server; or (2) indirectly by deriving it locally based on information received from the server; and transmitting the re-encrypted content to a second client device, wherein the second client device obtains the second key and decrypts the re-encrypted content at the second client device. | 09-18-2014 |
| 20140298006 | DATA ENCRYPTION AND DECRYPTION - Systems and methods for data encryption and decryption are provided. Packets of a streaming video from a video source are received. A first packet of the streaming video is encrypted with a encryption key and transmitted to a client device. The first packet is encrypted with a reference key and is designated as a reference packet. A number of packets of the encrypted media that follow the first packet are selected. For each of one or more selected packets, an XOR operation is performed on the respective selected packet with the reference packet. Result values of the XOR operation are rearranged by a shuffle key and divided into segments. Each of the segments is assigned to an even list or an odd list, which are combined to form a respective encrypted packet. The respective encrypted packet is designated as a non-reference packet and is transmitted to the client device. | 10-02-2014 |
| 20140298007 | NETWORK SWITCH CONFIGURATION - Provided is a method of configuring a network switch. A configuration file is allowed to be edited on a server. The compatibility of the configuration file with a network switch is validated on the server. The configuration file is encrypted and applied to the network switch. | 10-02-2014 |
| 20140304500 | Authentication and Initial Key Exchange in Ethernet Passive Optical Network over Coaxial Network - A method comprising generating an updated security key upon expiration of a key exchange timer, transferring the updated security key to a Coaxial Network Unit (CNU), retaining an original key, wherein the updated security key comprises a different key identification number than the original key, accepting and decrypting upstream traffic that employs either the original key or the updated key, after transferring the updated security key to the CNU, creating a key switchover timer, before the key switchover timer expires, verify that upstream traffic transferred from the CNU on a logical link uses the updated security key, and when upstream traffic is encrypted using the updated security key, begin using the updated security key to encrypt downstream traffic and clear the key switchover timer. | 10-09-2014 |
| 20140304501 | Method and System for Establishing a Trusted and Decentralized Peer-to-Peer Network - The present invention offers a new and improved method and system to establish a trusted and decentralized peer-to-peer network for: the sharing of computer files between and among computing devices; trusted chat sessions; and for other applications of trusted peer-to-peer networks. | 10-09-2014 |
| 20140310513 | METHOD AND SYSTEM FOR MANAGING SECURITY IN A COMPUTING ENVIRONMENT - A method and system for managing data security in a computing environment. A processor at the gateway server receives, from a user device, at least one message. Each message requests that an encryption key be downloaded to the user device. The gateway server interfaces between the user device and a cloud that includes interconnected computing systems external to the user device. In response to the received at least one message, the processor generates at least one unique encryption key for each message and sends the at least one generated encryption key to the user device, but does not store any of the generated encryption keys in the cloud. For each encryption key having been sent to the user device, the processor receives each encryption key returned from the user device. For each encryption key received from the user device, the processor stores each received encryption key in the cloud. | 10-16-2014 |
| 20140310514 | SECURE MESSAGING - A method for transmitting an encrypted message from a messaging server ( | 10-16-2014 |
| 20140317397 | SELECTIVELY PERFORMING MAN IN THE MIDDLE DECRYPTION - A device within the network receives a domain name service (DNS) request for an address of a first resource outside the network, the first resource associated with a security policy of the network. An address of a second resource within the network is returned to the device within the network in response the DNS request, the second resource address having previously been associated with the first resource address. A first encrypted connection is established between the device and the second resource, and a second encrypted connection is established between the second resource and the first resource, to facilitate encrypted communication traffic between the device and the first resource. The encrypted communication traffic passing between the device and the first resource is selectively decrypted and inspected depending on the address of the first resource. | 10-23-2014 |
| 20140337615 | ONE-TIME PAD COMMUNICATIONS NETWORK - A system and method for providing secure and anonymous communication between a plurality of individuals relying on the cryptographic method of the one-time pad (OTP) is described. Unique, randomly generated blocks of data are generated to serve as one-time pads, and each is given a unique identification that serves as a system address. One-time pads are anonymously distributed to communicants with a copy of each being retained by a service provider that operates a One-Time Pad Hub. Messages may be exchanged among holders of one-time pads through the Hub using the identifier addresses. | 11-13-2014 |
| 20140351573 | SELECTIVELY PERFORMING MAN IN THE MIDDLE DECRYPTION - Methods, systems, and apparatus, including computer programs encoded on computer storage media, for selectively performing man in the middle decryption. One of the methods includes receiving a first request to access a first resource hosted by a server outside the network, determining whether requests from the client device to access the first resource outside the network should be redirected to a second resource hosted by a proxy within the network, providing a redirect response to the client device, the redirect response including the second universal resource identifier, establishing a first encrypted connected between the client device and the proxy hosting the second resource, and a second encrypted connection between the proxy hosting the second domain and the server hosting the first resource, and decrypting and inspecting the encrypted communication traffic passing between the client device and the server hosting the first resource. | 11-27-2014 |
| 20140359275 | Method And Apparatus Securing Traffic Over MPLS Networks - Multi-protocol label switching (MPLS) data is typically sent non-encrypted over MPLS-based networks. If encryption is applied to MPLS data frames and MPLS labels are encrypted, each node receiving any of the MPLS data frame would have to perform decryption in order to direct the data frames to a next node, therefore resulting in extra processing and data latency. According to an example embodiment, encryption and decryption mechanisms for MPLS data include encrypting/decrypting payload data while keeping the MPLS labels in the clear (i.e., unencrypted). A MPLS encryption label is also employed within the MPLS label stack to indicate that encryption is applied. The MPLS encryption label is inserted in the MPLS label stack when encrypting the payload and is removed when decrypting the payload. | 12-04-2014 |
| 20140359276 | SECURING DATA IN A DISPERSED STORAGE NETWORK - A method begins by a source processing module securing data based on a key stream to produce secured data, where the key stream is derived from a unilateral encryption key accessible only to the source processing module, and sending the secure data to an intermediator processing module, where desecuring the secured data is divided into two partial desecuring stages. The method continues with the intermediator processing module partially desecuring the secure data in accordance with a first partial desecuring stage to produce partially desecured data and sending the partially desecured data to a destination processing module. The method continues with the destination processing module further partially desecuring the partially desecured data in accordance with a second desecuring stage to recover the data, where the destination processing module does not have access to the encryption key or to the key stream. | 12-04-2014 |
| 20140365761 | Secure Relay System - A method and apparatus for use in securely relaying data. The data is received by a first relay unit from a data provider. The data is sent by the first relay unit to a mail server. The data is retrieved by a second relay unit in a second network from the mail server. The data is sent by the second relay unit to a data subscriber. | 12-11-2014 |
| 20140372748 | TOPIC PROTECTION POLICY FOR PUBLISH-SUBSCRIBE MESSAGING SYSTEM - Exemplary embodiments of the present invention disclose a method and system for securing a message published to a topic by a publisher in a publish-subscriber messaging system with a topic policy for the topic. In a step, an exemplary embodiment establishes a topic policy for a topic. In another step, an exemplary embodiment associates a message published to the topic with a topic policy. In another step, an exemplary embodiment signs a message published to the topic by a publisher with a private key of the publisher if the topic policy directs. In another step, an exemplary embodiment provides a public key of a subscriber if the topic policy directs that the subscriber receive a message in encrypted form. In another step, an exemplary embodiment encrypts a message for a subscriber specified in a topic policy to receive the message encrypted with a public key of the subscriber. | 12-18-2014 |
| 20150019859 | TUNNEL INTERFACE FOR SECURING TRAFFIC OVER A NETWORK - Methods and systems for a flexible, scalable hardware and software platform that allows a managed security service provider to easily provide security services to multiple customers are provided. According to one embodiment, a method is provided for delivering customized network services to subscribers of a service provider. Multiple virtual routers (VRs) are provided within each of multiple service processing switches of a service provider. Each VR is supported by an object group and each object of the object group supports a network service. One or more VRs are assigned to a subscriber of multiple subscribers of the service provider. Customized network services are provided to the subscriber by the one or more VRs assigned to the subscriber. | 01-15-2015 |
| 20150019860 | METHOD FOR PROVIDING DATA TO A PERSONAL PORTABLE DEVICE VIA NETWORK AND A SYSTEM THEREOF - Disclosed are a method and a system for synchronizing and providing data requiring digital rights protection, to a portable device, wherein a contents providing server is connected with a contents synchronization server to which the portable device is connected. | 01-15-2015 |
| 20150026455 | SYSTEMS AND METHODS FOR SECURING EMAIL IN MOBILE DEVICES - A computer-implemented method for providing secure mobile email communications is described. At least one application programming interface (API) of a native email client is hooked in order to transmit data securely via email. The native email client is native to an operating system of the mobile device. An email originating from a registered application is detected, via the hooked API. The email includes the data to transmit securely. The registered application is registered in a registry according to a mobile application authentication procedure. The registry includes a plurality of registered applications authenticated according to the mobile application authentication procedure. | 01-22-2015 |
| 20150026456 | APPARATUS AND METHOD FOR MANAGING DIGITAL COPYRIGHT ON EPUB-BASED CONTENT, AND APPARATUS AND METHOD FOR PROVIDING EPUB-BASED CONTENT ACCORDING TO USER'S RIGHT - Disclosed are an apparatus and method for managing a digital copyright on electronic publication (EPUB)-based content and an apparatus and method for providing EPUB-based content according to a user's right. An encryption unit of the apparatus for managing digital copyright generates encrypted unit files by encrypting a plurality of unit files included in content in the form of a compressed archive including the plurality of unit files with different encryption keys, stores the encrypted unit files in a content database, generates mapping data by mapping the encryption keys to pieces of identification information of the encrypted unit files, and stores the mapping data in an encryption key database. A rights management unit transmits an encryption key selected from among the plurality of encryption keys to a content provision apparatus, which decrypts the encrypted unit files and provides the unit files to a user, based on at least one of identification information of the user and identification information of the content included in an encryption key provision request message received from the content provision apparatus. | 01-22-2015 |
| 20150033010 | METHOD FOR THE SECURE EXCHANGE OF DATA OVER AN AD-HOC NETWORK IMPLEMENTING AN XCAST BROADCASTING SERVICE AND ASSOCIATED NODE - A method for the secure exchange of data over an ad-hoc network implementing an Xcast broadcasting service and an associated node are disclosed. The method includes providing a security graph for the network and a communication graph for the network, routing a data item between the sender node sending the data and each receiver node receiving the data along a secure route on the security graph. The method also includes generating, between one relay node and a subsequent relay node of the secure route, an appropriate message, containing the data protected in accordance with a security association shared between the relay node and the subsequent relay node. The method further includes routing the message from the relay node to the subsequent relay node along a communication route on the communication graph. | 01-29-2015 |
| 20150039882 | IDENTIFYING CONTENT FROM AN ENCRYPTED COMMUNICATION - Provided is an identifying device for identifying request content from an encrypted request to a server, the identifying device including: a target acquiring unit for acquiring the data size of an encrypted response returned from the server for the encrypted request to the server to be identified; a candidate acquiring unit for acquiring the data size of each of a plurality of encrypted response candidates returned by the server in response to a plurality of encrypted request candidates to be identified sent to the server corresponding to a plurality of known request content candidates; and an identifying unit for identifying the request content to be identified from the plurality of request candidates on the basis of results obtained by comparing the data size of an encrypted response for an encrypted request to be identified to the data sizes of a plurality of encrypted response candidates. | 02-05-2015 |
| 20150046694 | METHOD AND APPARATUS FOR SECURELY ESTABLISHING L3-SVC CONNECTIONS - A system and method are provided for securely establishing Layer-3 SVCs or SPVCs across an ATM network. An originating multiservice switch that generates the connection setup message for the Layer-3 connection includes security information within the setup message, such as a Closed User Group Interlock Code. When the destination multiservice switch receives the setup message, it extracts the embedded security information and compares it with stored security information corresponding to the connection. The correspondence may be determined from the destination user. If the embedded security information matches the stored security information, the destination multiservice switch allows the connection to be established. | 02-12-2015 |
| 20150052349 | Splicing into an active TLS session without a certificate or private key - An origin server selectively enables an intermediary (e.g., an edge server) to shunt into and out of an active TLS session that is on-going between a client and the origin server. The technique allows for selective pieces of a data stream to be delegated from an origin to the edge server for the transmission (by the edge server) of authentic cached content, but without the edge server having the ability to obtain control of the entire stream or to decrypt arbitrary data after that point. The technique enables an origin to authorize the edge server to inject cached data at certain points in a TLS session, as well as to mathematically and cryptographically revoke any further access to the stream until the origin deems appropriate. | 02-19-2015 |
| 20150067322 | SYSTEMS AND METHODS FOR MULTI-LEVEL TAGGING OF ENCRYPTED ITEMS FOR ADDITIONAL SECURITY AND EFFICIENT ENCRYPTED ITEM DETERMINATION - The present disclosure is directed towards systems and methods for performing multi-level tagging of encrypted items for additional security and efficient encrypted item determination. A device intercepts a message from a server to a client, parses the message and identifies a cookie. The device processes and encrypts the cookie. The device adds a flag to the cookie indicating the device encrypted the cookie. The device re-inserts the modified cookie into the message and transmits the message. The device intercepts a message from a client and determines whether the cookie in the message was encrypted by the device. If the message was not encrypted by the device, the device transmits the message to its destination. If the message was encrypted by the device, the device removes the flag, decrypts the cookie, removes the tag from the cookie, re-inserts the cookie into the message and transmits the message to its final destination. | 03-05-2015 |
| 20150082022 | DEVICES AND TECHNIQUES FOR CONTROLLING DISCLOSURE OF SENSITIVE INFORMATION - Devices and techniques for controlling disclosure of sensitive information are provided. A request for information may be received through a first communication channel. The request may be provided using an account of a user. First encrypted data, which includes the requested information and has been encrypted with a first asymmetric encryption key, may be decrypted. The decrypted information may be re-encrypted with a second asymmetric encryption key different from the first asymmetric encryption key to obtain second encrypted data comprising the information. The second encrypted data may be sent to the user through a second communication channel different from the first communication channel. | 03-19-2015 |
| 20150089212 | Systems and Methods For Utilizing IMS Data Security Mechanisms in a Circuit Switched Network - Aspects of the present invention provide a mechanism to utilize IMS media security mechanisms in a CS network and, thereby, provide end-to-end media security in the case where the media traffic travels across both a CS network and a PS network. | 03-26-2015 |
| 20150095636 | TUNNEL INTERFACE FOR SECURING TRAFFIC OVER A NETWORK - Methods and systems for a flexible, scalable hardware and software platform that allows a managed security service provider to easily provide security services to multiple customers are provided. According to one embodiment, a method is provided for delivering customized network services to subscribers of the service provider. A request is received, at a service management system (SMS) of the service provider, to establish an Internet Protocol (IP) connection between a first and second location of a first subscriber of the managed security service provider. Responsive to the request, the SMS causes a tunnel to be established between a first virtual router (VR) and a second VR running on a first and second service processing switch, respectively, of the service provider which are coupled in communication via a public network and associated with the first location and the second location, respectively. | 04-02-2015 |
| 20150121062 | METHOD AND SYSTEM FOR MODIFYING AN AUTHENTICATED AND/OR ENCRYPTED MESSAGE - A method and system for modifying an authenticated and/or encrypted message by a modifying party exchanged between a sending party and a receiving party based on a secure communication protocol, the method includes the steps of
| 04-30-2015 |
| 20150121063 | SYSTEM AND METHOD FOR SECURED CONTENT DELIVERY - A content delivery platform is provided that includes generating a first content package of content that is encrypted with a unique symmetric key, and a second content package including a link encrypted with the key to the first content package. The first content package is stored in a repository, and a request including the key is transmitted to a first computing device associated with a mail exchange for an encryption key file. An encryption key file is generated using the unique symmetric key and together with a authorizing token is received. A third content package is generated that is encrypted using the encryption key file and includes the encrypted link. The third content package is transmitted to a distributor gateway and the encrypted link is accessible in response to the consumer decrypting the third content package. The link is available to provide to access to the content for the consumer. | 04-30-2015 |
| 20150121064 | TECHNIQUES FOR SECURE MESSAGE OFFLOADING - Techniques for secure message offloading are presented. An intermediary is transparently situated between a user's local messaging client and an external and remote messaging client. The user authenticates to the local client for access and the intermediary authenticates the user for access to the remote client using different credentials unknown to the user. Messages sent from the local client are transparently encrypted by the intermediary before being passed to the remote client and messages received from the remote client are transparently decrypted before being delivered to the local client. | 04-30-2015 |
| 20150134949 | METHOD AND APPARATUS FOR PROVIDING DIRECTIONAL PARTICIPANT BASED IMAGE AND VIDEO SHARING - Methods for processing a media content are disclosed. For example, a method captures the media content, determines a direction from which the media content is captured, encrypts the media content, and sends the media content that is encrypted toward a receiving device in the direction from which the media content was captured. Another method captures the media content, determines a direction from which the media content is captured, encrypts the media content and uploads the media content that is encrypted to a data store. The method then sends a notification toward a receiving device in the direction from which the media content was captured. The notification identifies that the media content that is encrypted has been uploaded to the data store. | 05-14-2015 |
| 20150143103 | MESSAGING AND NETWORKING KEEPSAKES - Disclosed herein are systems, methods, and non-transitory computer-readable storage media for allowing parties exchanging digital objects and members of social networks to catalog certain data objects as favorites in a cataloged interface and which allow the parties to access and interact with the catalog of favorited content. | 05-21-2015 |
| 20150143104 | APPARATUS, SYSTEM, METHOD, AND MEDIUM - An apparatus includes a memory; and a processor coupled to the memory and configured to generate a first common key whose key value varies based on a first elapsed time when a notification of the first elapsed time after a start-up of another apparatus to which a data frame to be encrypted is to be transmitted has been made, generate a second common key whose key value varies based on a second elapsed time after a start-up of the apparatus when a notification of the first elapsed time has not been made, and encrypt the data frame by any one of the first common key and the second common key as a common key and transmit the encrypted data frame to the another apparatus. | 05-21-2015 |
| 20150143105 | USB INTERFACE FOR PERFORMING TRANSPORT I/O - Systems and methods for implementing a Transport I/O system are described. Network encrypted content may be received by a device. The device may provide the network encrypted content to a secure processor, such as, for example, a smart card. The secure processor obtains a network control word that may be used to decrypt the network encrypted content. The secure processor may decrypt the network encrypted content to produce clear content. In embodiments, the secure processor may then use a local control word to generate locally encrypted content specific to the device. The device may then receive the locally encrypted content from the secure processor and proceed to decrypt the locally encrypted content using a shared local encryption key. The secure processor may connect to the device via a standard connection, such as via a USB 3.0 connector. | 05-21-2015 |
| 20150149764 | METHOD FOR NETWORK COMMUNICATION PAST ENCRYPTION DEVICES - This disclosure is directed to techniques for providing communication between devices in different networks wherein the communication must first pass through an encryption mechanism and the devices do not have the stand-alone capability to encrypt or decrypt the communication. According to these techniques, an adapter may determine certain fields in a data packet that remain unencrypted when the data packet passes through the encryption mechanism. The adapter may then process those fields in such a way that, when the data packets are received by a second adapter, the second adapter may read those fields and obtain information. | 05-28-2015 |
| 20150149765 | METHOD OF ANONYMIZATION - This invention is aimed at a method for the anonymisation of data that could help identify the user while a profile of said user is collected by a targeting data collection server. To implement such anonymisation, an anonymisation server is placed between a user terminal and the collections server. The profile data collected are encrypted by the terminal using a secret key shared with the data collection server. Those profile data supplemented with data that could help identify the user are then sent to the anonymisation server. The anonymisation server encrypts the data that could help identify the user with an anonymisation key of said anonymisation server before sending on the encrypted collected data and the anonymised identification data to said collection server. | 05-28-2015 |
| 20150295712 | METHOD AND SYSTEM FOR PROTECTED EXCHANGE OF DATA - A result of application of a test to information about a user (U) is securely transmitted between a source of information (A) and a destination of information (B) via an intermediary device (C). The source of information can be, for example, a database of personal data, and the destination of information (B) a server of a service provider performing services depending on an age limit. The intermediary device (C) minimizes the information that is made available to the source (A) and the destination (B) about the purpose of the test and the underlying data. To this end, the intermediary device (C) executes a secure comparison protocol with the source (A), whereby the encrypted result is additionally blinded, for example, with a blinding that comes from the user. The intermediary device (C) decrypts the blinded encrypted result, so that a blinded result is left. The destination B removes the blinding, preferably on the basis of blinding information of the user. The intermediary device (C) preferably sends the blinded comparison result to the user (U). | 10-15-2015 |
| 20150295903 | Efficient Routing of Streams Encrypted Using Point-to-Point Authentication Protocol - Embodiments relate to routing encrypted data from a source to a sink via a router without decrypting the data in the router. The source authenticates with the router, the result of which produces a session key and a pseudo-random number. The router authenticates with the sink using the same session key and pseudo-random number. The router passes encrypted data received from the source to the sink without decryption and re-encryption. | 10-15-2015 |
| 20150304282 | Nested Independent Virtual Private Networks With Shared Rekey And Consistency Services - First and second nested virtual private networks share a common rekey service. A first key server generates first cryptographic keys and policies for use by gateways of the VPN to encrypt and decrypt data packets. The key server establishes a connection with a second key server to generate second cryptographic keys and policies independently of the first key server for use by encryption units of a second VPN that is nested with and operates independently of the first VPN. The first key server refreshes the first cryptographic keys in the first VPN gateways using a common rekey service, and cooperates with the second key server to refresh the second cryptographic keys in the second VPN encryption units using the common rekey service. | 10-22-2015 |
| 20150304289 | NOTARIZATION AGENT AND METHOD FOR COLLECTING DIGITAL EVIDENCE USING NOTARIZATION AGENT - In a digital evidence collection method, an evidence collection device sends an evidence collection request message requesting permission of evidence collection to a notarization server through a notarization agent. The notarization server sends a collection permission message permitting evidence collection to the evidence collection device through the notarization agent. The evidence collection device requests evidence data from an evidence collection target system through the notarization agent. The evidence collection target system transmits the evidence data to the notarization agent. The notarization agent encrypts the evidence data and transfers encrypted evidence data to the evidence collection device. | 10-22-2015 |
| 20150317483 | INTERMEDIATE SERVER, DATABASE QUERY PROCESSING METHOD AND PROGRAM - To make it possible to prevent leakage of sensitive information from a database without using a server having both secure operation management and a high database operation processing capability. An intermediate server includes: a cryptography processing unit that encrypts or decrypts data stored in a database; a query conversion unit that converts a query to the database into a first query that does not need processing by the cryptography processing unit and a second query that needs the processing by the cryptography processing unit; and a query processing unit that sends the first query to a database server connected to the database to acquire a result from the database server, and executes the second query using the cryptography processing unit. | 11-05-2015 |
| 20150333908 | Three-Tiered Security and Computational Architecture - A computing system, method, and computer program product provide cryptographic isolation between a client device and a server computer for providing a network service to the client device. The computing system stores encrypted user authentication data of the client device and its user, and encrypted service authorization data of the server computer in such a way that neither the client device nor the server computer can obtain information about the other. Upon subsequent receipt in the computing system of purported user authentication data and a request to access the network service, the computing system encrypts the purported authentication data and compares it against the stored, encrypted data. Only when these encrypted data match is the computing system able to decrypt the service authorization data and provide it to the server computer to gain access to the network service. | 11-19-2015 |
| 20150334094 | DISTRIBUTED COMPUTING SERVICE PLATFORM FOR MOBILE NETWORK TRAFFIC - Described herein are systems, methods, and apparatus for processing network packet data in a distributed computing platform, such as a content delivery network, to provide services to mobile network operators and/or their mobile subscribers. According to the teachings hereof, distributed computing resources can be organized into a service platform to provide certain value-add services—such as deep packet inspection, transcoding, lawful intercept, or otherwise—using a service function chaining model. The platform resources are preferably located external to the mobile network, on the public Internet. The platform preferably operates on and processes traffic entering or exiting the mobile network. In some embodiments, the service platform is able to establish an encrypted channel between itself and the mobile client through the mobile network, e.g., using content provider key and certificate information available to the platform (but which may not be available to the mobile network operator). | 11-19-2015 |
| 20150380046 | OPTIONAL DATA ENCRYPTION BY PARTITION FOR A PARTITIONABLE DATA STORAGE LIBRARY - Disclosed are a method and apparatus for a data storage library comprising a first and second drive, a first and second mobile medium, a first and second partition wherein the first partition comprises the first drive and the first mobile medium and the second partition comprises the second drive and the second mobile medium, and a combination bridge controller device. The combination bridge controller device is configurable to control first communication traffic between at least a first client and the first partition wherein the first communication traffic can comprise a first data package. The combination bridge controller device is further configurable to optionally encrypt the first data package for storage on the first mobile medium when the first mobile medium is in cooperation with the first drive. | 12-31-2015 |
| 20150381487 | CLOUD-BASED ANONYMOUS ROUTING - A system and computer-implemented method for cloud-based anonymous traffic routing is disclosed. The method may include receiving, from a client application by a router, network traffic identified for a destination. The method may include determining, for a set of internal cloud nodes distinct from both the client application and the destination, a set of internet protocol (IP) addresses including a first IP address for a first internal cloud node of the set of internal cloud nodes. The method may also include establishing an anonymity algorithm for cloud-based anonymous traffic routing, the anonymity algorithm configured to use the set of IP addresses. The method may also include routing, based on the anonymity algorithm, the network traffic to the first internal cloud node using the first IP address. The method may also include routing the network traffic from the set of internal cloud nodes to the destination identified by the client application. | 12-31-2015 |
| 20150381583 | SELECTIVELY PERFORMING MAN IN THE MIDDLE DECRYPTION - Methods, systems, and apparatus, including computer programs encoded on computer storage media, for selectively performing man in the middle decryption. One of the methods includes receiving a first request to access a first resource hosted by a server outside the network, determining whether requests from the client device to access the first resource outside the network should be redirected to a second resource hosted by a proxy within the network, providing a redirect response to the client device, the redirect response including the second universal resource identifier, establishing a first encrypted connected between the client device and the proxy hosting the second resource, and a second encrypted connection between the proxy hosting the second domain and the server hosting the first resource, and decrypting and inspecting the encrypted communication traffic passing between the client device and the server hosting the first resource. | 12-31-2015 |
| 20150381586 | Splicing into an active TLS session without a certificate or private key - An origin server selectively enables an intermediary (e.g., an edge server) to shunt into and out of an active TLS session that is on-going between a client and the origin server. The technique allows for selective pieces of a data stream to be delegated from an origin to the edge server for the transmission (by the edge server) of authentic cached content, but without the edge server having the ability to obtain control of the entire stream or to decrypt arbitrary data after that point. The technique enables an origin to authorize the edge server to inject cached data at certain points in a TLS session, as well as to mathematically and cryptographically revoke any further access to the stream until the origin deems appropriate. | 12-31-2015 |
| 20150381588 | File Sharing Method and Apparatus - A file sharing method and apparatus. The method includes uploading, by a first terminal, each encrypted file to a server for saving, and receiving a uniform resource locator (URL) that is returned by the server and corresponds to a location for saving each encrypted file, generating a key package that includes a shared key and a URL that correspond to a file to be shared, and providing the key package for a second terminal, so that the second terminal acquires a corresponding encrypted file by using the URL in the key package, and decrypts the acquired encrypted file by using the shared key in the key package. | 12-31-2015 |
| 20150381656 | SELECTIVE MODIFICATION OF ENCRYPTED APPLICATION LAYER DATA IN A TRANSPARENT SECURITY GATEWAY - According to one embodiment, a transparent security gateway is coupled between a client end station (CES) and a web application server (WAS). The security gateway monitors an encryption protocol handshake between the CES and the WAS to capture, using a provided private key of the WAS, a generated symmetric key to be used for an encryption layer connection. Using the captured symmetric key, the security gateway receives an encrypted connection record of the encryption layer connection, decrypts the encrypted connection record to yield a plaintext connection record, modifies the plaintext connection record, encrypts the modified plaintext connection record using the symmetric key, and transmits one or more packets carrying the encrypted modification plaintext connection record instead of the received encrypted connection record such that neither the CES or WAS is aware of the modification of the encrypted data. | 12-31-2015 |
| 20150381657 | SELECTIVE MODIFICATION OF ENCRYPTED APPLICATION LAYER DATA IN A TRANSPARENT SECURITY GATEWAY - According to one embodiment, a transparent security gateway is coupled between a client end station (CES) and a web application server (WAS). The security gateway monitors an encryption protocol handshake between the CES and the WAS to capture, using a provided private key of the WAS, a generated symmetric key to be used for an encryption layer connection. Using the captured symmetric key, the security gateway receives an encrypted connection record of the encryption layer connection, decrypts the encrypted connection record to yield a plaintext connection record, modifies the plaintext connection record, encrypts the modified plaintext connection record using the symmetric key, and transmits one or more packets carrying the encrypted modification plaintext connection record instead of the received encrypted connection record such that neither the CES or WAS is aware of the modification of the encrypted data. | 12-31-2015 |
| 20160006706 | Reconfigurable Access Network Encryption Architecture - An access platform or other network elements can include multiple line cards configured to encrypt data. The platform and/or each of the line cards may receive encryption management data that conforms to a predefined encryption management data interface. The encryption management data received by a particular line card may be generated by a conditional access system device and converted to conform to the encryption management data interface by an encryption manager. Line cards may alternatively be configured for connection to separate encryption hardware components. Line cards may include a block of field programmable gate arrays or other type of programmable hardware that can be configured to execute an encryption module. | 01-07-2016 |
| 20160006707 | DATA TRANSMISSION METHOD, APPARATUS, AND SYSTEM - The present invention relates to a data transmission method, apparatus, and system. The method includes: obtaining, by a benefited device, a cooperative-layer key, performing encryption, or encryption and integrity protection processing on uplink data by using the cooperative-layer key at a cooperative layer to obtain first encrypted data, performing encapsulation processing on the first encrypted data to obtain first encapsulated data, and sending the first encapsulated data to a supporting device in a short-distance communication mode, so that the supporting device processes the first encapsulated data to obtain second encapsulated data and sends the second encapsulated data to a base station. In embodiments of the present invention, secure data transmission is implemented between the benefited device, the supporting device, and the base station in a cooperative communication process, which improves network security and reliability of data transmission. | 01-07-2016 |
| 20160007192 | WIRELESS SENSOR NETWORK AND CENTRAL NODE DEVICE THEREOF - The invention is directed to a wireless sensor network system. The wireless sensor network system is adapted for a medication information security environment, and the wireless sensor network system comprising a first sensor node, a second sensor node and a central node. The first sensor node sends a request for registration and a user identification. The central node generates and stores a first set of random number and a second set of random number when receiving the request for registration and the user identification. The central node sends the first set of random number and the second set of random number to the first sensor node and the second sensor node respectively. | 01-07-2016 |
| 20160014089 | CLOUD-BASED MAIL SYSTEM AND MAIL SERVICE METHOD FOR PROVIDING IMPROVED SECURITY | 01-14-2016 |
| 20160014098 | ROUTING A DATA PACKET TO A SHARED SECURITY ENGINE | 01-14-2016 |
| 20160021072 | TUNNEL INTERFACE FOR SECURING TRAFFIC OVER A NETWORK - Methods and systems for a flexible, scalable hardware and software platform that allows a managed security service provider to easily provide security services to multiple customers are provided. According to one embodiment, a method is provided for delivering customized network services to subscribers of the service provider. A request is received, at a service management system (SMS) of the service provider, to establish an Internet Protocol (IP) connection between a first and second location of a first subscriber of the managed security service provider. Responsive to the request, the SMS causes a tunnel to be established between a first and second service processing switch of the service provider which are coupled in communication via a public network and associated with the first location and the second location, respectively. | 01-21-2016 |
| 20160044008 | SECURE COMMUNICATION USING PHYSICAL PROXIMITY - Systems and methods may provide for implementing a secure communication using physical proximity. In one example, the method may include transmitting an encrypted first communication including a sensitive information file, decrypting the encrypted first communication to generate a decrypted first communication including the sensitive information file, displaying the decrypted first communication, capturing a version of the decrypted first communication displayed on the intermediary device, and extracting the sensitive information file at a user device. | 02-11-2016 |
| 20160057116 | METHOD FOR NETWORK COMMUNICATION PAST ENCRYPTION DEVICES - This disclosure is directed to techniques for providing communication between devices in different networks wherein the communication must first pass through an encryption mechanism and the devices do not have the stand-alone capability to encrypt or decrypt the communication. According to these techniques, an adapter may determine certain fields in a data packet that remain unencrypted when the data packet passes through the encryption mechanism. The adapter may then process those fields in such a way that, when the data packets are received by a second adapter, the second adapter may read those fields and obtain information. | 02-25-2016 |
| 20160065537 | METHOD AND APPARATUS ENABLING INTEROPERABILITY BETWEEN DEVICES OPERATING AT DIFFERENT SECURITY LEVELS AND TRUST CHAINS - A security device enables direct communications between devices operating at different security levels. The security device receives data from a first device operating at a first security level. The data is secured at the first security level and is intended for a second device operating at a second security level that is different than the first security level. The security device determines whether a condition permitting transmission from the first device to the second device is satisfied. In response to determining that the condition is satisfied, the security device adjusts a security level associated with the data and transmits, to the first device, the data with the adjusted security level. | 03-03-2016 |
| 20160065610 | ANONYMIZED NETWORK DATA COLLECTION AND NETWORK THREAT ASSESSMENT AND MONITORING SYSTEMS AND METHODS - Systems and methods for data collection and processing in a network, including one or more sensors disposed in a network interface and configured to collect raw signal traffic data where each sensor is further configured to parse the raw signal traffic data into network protocols; split the network protocols into content data and metadata; derive contextual metadata from the content data; compile the metadata and the derived metadata to produce anonymized metadata; encrypt the anonymized metadata; and transmit to the encrypted anonymized metadata to a unified data server. | 03-03-2016 |
| 20160072777 | HARDWARE CRYPTO MODULE AND SYSTEM FOR COMMUNICATING WITH AN EXTERNAL ENVIRONMENT - A hardware crypto module encrypts or decrypts data from a device, the device being arranged to be remote and separate from the crypto module in terms of hardware. The crypto module includes an interface for communicating with the remotely arranged device, a memory, and a crypto processor. The crypto processor is configured to encrypt or decrypt, while using a first key, data received via the interface, to encrypt the first key while using a second key stored in the memory, and to output the first key via the interface exclusively in an encrypted form. | 03-10-2016 |
| 20160080327 | TERMINAL APPARATUS, GATEWAY APPARATUS, AND RELAY APPARATUS CONNECTED TO CONTENT-CENTRIC NETWORK, AND COMMUNICATION METHOD - A terminal apparatus is connected to a content-centric network and includes: a processor; and a non-transitory memory having stored therein instructions which, when executed by the processor, cause the processor to perform operations including encrypting a name of content data with a predetermined encryption key to convert the content data name into a first character string and generating a request packet in which a character string including a second character string indicating a name of a gateway apparatus and the first character string is stated as the content data name, and sending the generated request packet to the network. | 03-17-2016 |
| 20160080328 | PROXY SSL HANDOFF VIA MID-STREAM RENEGOTIATION - A traffic management device (TMD), system, and processor-readable storage medium directed towards re-establishing an encrypted connection of an encrypted session, the encrypted connection having initially been established between a client device and a first server device, causing the encrypted connection to terminate at a second server device. As described, a traffic management device (TMD) is interposed between the client device and the first server device. In some embodiments, the TMD may request that the client device renegotiate the encrypted connection. The TMD may redirect the response to the renegotiation request towards a second server device, such that the renegotiated encrypted connection is established between the client device and the second server device. In this way, a single existing end-to-end encrypted connection can be used to serve content from more than one server device | 03-17-2016 |
| 20160080339 | COUNTER CHECK AND RECONFIGURATION METHOD, APPARATUS, AND SYSTEM - The present invention relates to base stations, and a terminal. The primary base station execute the following steps, receiving, by a primary base station, security parameter update request information that is sent by a secondary base station and carries an encryption algorithm, wherein the security parameter update request information comprises the encryption algorithm; adding, by the primary base station, the encryption algorithm in the received security parameter update request information to reconfiguration information; sending, by the primary base station, the reconfiguration information carrying the encryption algorithm to a terminal; and receiving, by the primary base station, reconfiguration complete information sent by the terminal. Thereby, the present invention implements a reconfiguration process in a network architecture in which a primary base station is separated from a secondary base station. | 03-17-2016 |
| 20160085972 | INDUSTRIAL SECURITY AGENT PLATFORM - Systems, methods, and apparatus, including computer programs encoded on computer storage media, for facilitating communication in an industrial control network. A system includes an industrial control network, one or more controller devices, one or more emulators, and an encryption relay processor. Each controller device can be operable to control one or more operational devices connected to the industrial control network. Each emulator can be configured to communicate with a respective controller device, and each emulator can be configured to reference a respective profile that includes information about security capabilities of the respective controller device. The encryption relay processor can be operable to facilitate communication to and from each emulator over the industrial control network. The encryption relay processor can execute a cryptographic function for a communication between the emulator and a node on the industrial control network when the respective controller device is incapable of performing the cryptographic function. | 03-24-2016 |
| 20160088012 | SYSTEM, METHOD AND COMPUTER-ACCESSIBLE MEDIUM FOR DETERRENCE OF MALWARE - An exemplary system method, and computer-accessible medium for initiating a protocol(s) can be provided, which can include, for example, generating a digitally encrypted perishable object(s), distributing the digitally encrypted perishable object(s) to a cyber-physical entity(s), determining if the cyber-physical entity(s) has received the digitally encrypted perishable object(s), and initiating at a predetermined protocol(s) based on the determination. | 03-24-2016 |
| 20160099920 | METHOD FOR ESTABLISHING A CRYPTOGRAPHICALLY PROTECTED COMMUNICATION CHANNEL - Some embodiments are directed to a cryptographic method for providing an electronic first device, an electronic second device and an electronic intermediary device, the cryptographic method establishing a cryptographically protected communication channel between the first device and the second device. The method comprises establishing a session identifier (SID) between the first device and the intermediary device. The first device sends the session identifier and a first key element to the second device over an out-of-band channel. The second device sends a registration message comprising the session identifier to the intermediary device. The first and second device can communicate through the intermediary device protected using a shared key derived at the first and second device. | 04-07-2016 |
| 20160134600 | Authentication and Initial Key Exchange in Ethernet Passive Optical Network over Coaxial Network - A method comprising generating an updated security key upon expiration of a key exchange timer, transferring the updated security key to a Coaxial Network Unit (CNU), retaining an original key, wherein the updated security key comprises a different key identification number than the original key, accepting and decrypting upstream traffic that employs either the original key or the updated key, after transferring the updated security key to the CNU, creating a key switchover timer, before the key switchover timer expires, verify that upstream traffic transferred from the CNU on a logical link uses the updated security key, and when upstream traffic is encrypted using the updated security key, begin using the updated security key to encrypt downstream traffic and clear the key switchover timer. | 05-12-2016 |
| 20160142384 | TUNNEL INTERFACE FOR SECURING TRAFFIC OVER A NETWORK - Methods and systems for a flexible, scalable hardware and software platform that allows a managed security service provider to easily provide security services to multiple customers are provided. According to one embodiment, a method is provided for delivering customized network services to subscribers of the service provider. A request is received, at a service management system (SMS) of the service provider, to establish an Internet Protocol (IP) connection between a first and second location of a first subscriber of the managed security service provider. Responsive to the request, the SMS causes a tunnel to be established between a first and second service processing switch of the service provider which are coupled in communication via a public network and associated with the first location and the second location, respectively. | 05-19-2016 |
| 20160173280 | SECURED COMMUNICATION IN NETWORK ENVIRONMENTS | 06-16-2016 |
| 20160173458 | Method of Encrypting and Transferring Data Between a Sender and a Receiver Using a Network | 06-16-2016 |
| 20160173459 | METHOD FOR ENSURING MEDIA STREAM SECURITY IN IP MULTIMEDIA SUB-SYSTEM | 06-16-2016 |
| 20160180098 | TEXT MESSAGE MANAGEMENT | 06-23-2016 |
| 20160182221 | METHOD AND SYSTEM FOR CONTROLLING THE EXCHANGE OF PRIVACY-SENSITIVE INFORMATION | 06-23-2016 |
| 20160182457 | PROVIDING SECURE COMMUNICATION AND/OR SHARING OF PERSONAL DATA VIA A BROADBAND GATEWAY | 06-23-2016 |
| 20160182463 | SECURE COMMUNICATION DEVICE AND METHOD | 06-23-2016 |
| 20160182467 | ADJUSTABLE PROXY RE-ENCRYPTION | 06-23-2016 |
| 20160182468 | SYSTEM AND METHOD FOR SECURE TRANSMISSION OF MEDIA CONTENT | 06-23-2016 |
| 20160183085 | METHODS AND APPARATUS TO SUPPORT LOCATION SPECIFIC CONTROL OF ACCESS TO SERVICES THROUGH UNTRUSTED WIRELESS NETWORKS | 06-23-2016 |
| 20160197891 | METHOD OF TRANSFERRING RIGHTS OBJECT AND ELECTRONIC DEVICE | 07-07-2016 |
| 20160205077 | Low Latency Active Noise Cancellation System with Client Intercommunication | 07-14-2016 |
| 20160254914 | KEY DEVICE, KEY CLOUD SYSTEM, DECRYPTION METHOD, AND PROGRAM | 09-01-2016 |
| 20160255501 | SELECTION AND USE OF A SECURITY AGENT FOR DEVICE-TO-DEVICE (D2D) WIRELESS COMMUNICATIONS | 09-01-2016 |
| 20160380983 | SYSTEM, APPARATUS AND METHOD FOR ENCRYPTION AND DECRYPTION OF DATA TRANSMITTED OVER A NETWORK - A method and system for securing data transmitted between a client device and a server by obtaining input text at an intermediate module, processing the input text to obtain processed text, deciding whether to transform the input text deterministically or non-deterministically, or a combination of deterministically and non-deterministically, and based on that decision, transforming the input text accordingly, using at least one key to obtain processed text, and transmitting the processed text to the server. Other embodiments and features of the invention include searching for processed text, allowing for sorting of processed text records by applying an order-preserving transformation, storing unabridged processed elements in a storage device managed by the intermediate module, providing a function by the intermediate module on the input data in lieu of the server, and processing the processed text so as to determine by the intermediate module a transformation applied by the server on input text. | 12-29-2016 |
| 20160380984 | SECURED NETWORKS AND ENDPOINTS APPLYING INTERNET PROTOCOL SECURITY - A method of managing secure communications states in an endpoint within a secure network is disclosed. The method includes, in a disconnected state, transmitting from a first endpoint to a second endpoint a first message including an authorization token. The method further includes, in the pending state, receiving from the second endpoint a second message including a second authorization token at the first endpoint. The method includes, based on the receipt of the second message, entering an open state and initializing a tunnel between the first and second endpoints using an IPsec-based secured connection. The method also includes, upon termination of the tunnel due to a termination or timeout message issued by at least one of the first and second endpoints, entering a closed state. | 12-29-2016 |
| 20170237715 | ENCODER, DECODER AND METHOD | 08-17-2017 |
| 20170237719 | MOBILE SECURITY OFFLOADER | 08-17-2017 |
| 20180025175 | INFORMATION OUTPUT DEVICE, CAMERA, INFORMATION OUTPUT SYSTEM, INFORMATION OUTPUT METHOD, AND PROGRAM | 01-25-2018 |
| 20180026951 | ACCURACY AND SECURITY OF DATA TRANSFER TO AN ONLINE USER ACCOUNT | 01-25-2018 |
| 20180027026 | METHOD AND DEVICE FOR SECURE COMMUNICATION USING PREDEFINED URL | 01-25-2018 |
| 20190149528 | MOBILE SECURITY OFFLOADER | 05-16-2019 |
