| Entries |
| Document | Title | Date |
|---|
| 20080215880 | MULTI-DOMAIN DYNAMIC GROUP VIRTUAL PRIVATE NETWORKS - Systems and/or methods of secure communication of information between multi-domain virtual private networks (VPNs) are presented. A dynamic group VPN (DGVPN) can reside in one domain and a disparate DGVPN can reside in a disparate domain. An administrative security authority (ASA) can be employed in each domain. Each ASA can generate and exchange respective keying material and crypto-policy information to be used for inter-domain communications when routing data from a member in one DGVPN to a member(s) in the disparate DGVPN, such that an ASA in one domain can facilitate encryption of data in accordance with the policy of the other domain before the data is sent to the other domain. Each ASA can establish a key server to generate the keying material and crypto-policy information associated with its local DGVPN, and such material and information can be propagated to intra-domain members. | 09-04-2008 |
| 20090019281 | SECURE HOST NETWORK ADDRESS CONFIGURATION - A Personal Computer Memory Card International Association (PCMCIA) card may establish, via a non-secure network, a secure communications channel between a computer and a secure network. The non-secure network may define a first address space. The secure network may define a second address space. The PCMCIA card may include a cryptography module, a network adapter, and/or a processor. The cryptography module may provide Type 1 cryptography of data communicated between the computer and the secure network. The network adapter may be in communication with the non-secure network and may be associated with a first network address from the first address space. The processor may be in communication with the secure network via the cryptography module and the network adapter. The processor may identify a second network address for the computer from the second address space and may communicate the second network address to the computer, for example via dynamic host control protocol (DHCP). | 01-15-2009 |
| 20090024846 | Secured seeding of data in a distributed environment - Techniques for seeding data among client machines, also referred to as boxes herein, are disclosed. To prevent the data distributed among the boxes from being illegitimately accessed or possessed, according to one aspect of the present invention, each box is configured to perform what is referred to herein as a transcription process. In other words, when encrypted data is received, the data is decrypted and then re-encrypted with a key agreeable with a next box configured to receive the data. | 01-22-2009 |
| 20090044009 | Secure identification system - Methods and apparatus are described which provide secure interactive communication of text and image information between a central server computer and one or more client computers located at remote sites for the purpose of storing and retrieving files describing and identifying unique products, services, or individuals. Textual information and image data from one or more of the remote sites are stored separately at the location of the central server computer, with the image data being in compressed form, and with the textual information being included in a relational database with identifiers associated with any related image data. Means are provided at the central computer for management of all textural information and image data received to ensure that all information may be independently retrieved. Requests are entered from remote terminals specifying particular subject matter, and the system is capable of responding to multiple simultaneous requests. Textural information is recalled and downloaded for review, along with any subsequently requested image data, to be displayed at a remote site. Various modes of data and image formatting are also disclosed, including encryption techniques to fortify data integrity. The server computers may be interfaced with other computers to effect financial transactions, and images representing the subjects of transactions may be uploaded to the server computer to create temporary or permanent records of financial or legal transactions. A further feature of the system is the ability to associate an identification image with a plurality of accounts, transactions, or records. | 02-12-2009 |
| 20090055644 | ADDRESS LIST MANAGEMENT APPARATUS, ADDRESS LIST MANAGEMENT METHOD, AND STORAGE MEDIUM - An address list management apparatus stores, for each user of an MFP (Multi Function Peripheral), a different address list that lists address information pieces for transmission of image data by the MFP. Upon being instructed by a logged-in user to transmit image data, the MFP transmits, to the address list management apparatus, a request for the address list that specifies the user. Upon receiving the request, the address list management apparatus transmits, to the MFP, a sending list pertaining to the user. The sending list is created by deleting secret information from address information pieces in the address list, and modifying such address information pieces so that image data is transmitted to the address list management apparatus. The address list management apparatus refers to the address list, and transfers the image data to the specified address. | 02-26-2009 |
| 20090077376 | Method and a system for secure execution of workflow tasks in a distributed workflow management system within a decentralized network system - There are provided a method, a system and an initiator server for a secure execution of workflow tasks of a workflow to be executed according to a given execution pattern in a distributed workflow management system within a decentralized network system with a plurality of servers (b | 03-19-2009 |
| 20090199000 | METHOD AND APPARATUS FOR ENCRYPTED COMMUNICATIONS TO A SECURE SERVER - An embodiment of the invention includes a secure server. A user at a terminal, communicatively coupled to the secure server by a secure link, can obtain web pages from web sites in a network, in encrypted form, via the secure link. Addresses associated with the web pages are altered to make it appear as if the web pages come from the secure server rather than from the web sites. Spoofing units may be used as alternative access points to the secure server, with the secure server sending the requested web pages directly to the terminal. In general, address rewriting and other manipulation can be performed on the requested web pages, such that the true sources of the web pages are disguised and such that subsequent communications from the terminal are directed to the secure server and/or spoofing unit, rather than to the true source of the web pages. Components of the user's privacy may be sold, or advertisements may be provided, in exchange for protection of the user's identity. | 08-06-2009 |
| 20090204814 | Method and apparatus for communicating information between a security panel and a security server - A security panel includes a processor, memory, and a network interface having a unique MAC address, and is configured to communicate over a network with a server. A method for registering the security panel with the server includes contacting the server utilizing a network address stored in the memory. A dealer ID, a line number, and a unique account number is sent to the server. The dealer ID, the line number, and the unique account number are stored in the memory. An encryption key is received for encryption of additional communication between the security panel and the server. The unique MAC address is sent to the server in an encrypted session to verify the security panel to the server. | 08-13-2009 |
| 20090327709 | MEMORY ADDRESS OBFUSCATION - Apparatus, systems, and methods may operate to provide, to a memory device, an obfuscated clear-page address derived from a clear-page address that is not the same as a key-page address and/or providing, to the memory device, an obfuscated key-page address derived from the key-page address when the obfuscated clear-page address is the same as the key-page address. Additional apparatus, systems, and methods are disclosed. | 12-31-2009 |
| 20090327710 | CONTENT RECORDING/REPRODUCING APPARATUS AND CONTENT RECORDING/REPRODUCING METHOD - According to one embodiment, a content recording apparatus is connected with a permission server that permits recording of content through a network. The content recording apparatus reads content encrypted based on a first encryption scheme and binding information from a disposed second recording medium, and uses the binding information to decode the read content encrypted based on the first encryption scheme. The content recording apparatus uses the permission server to authenticate permission of recording of the content, encrypts the decoded content based on a second encryption scheme when recording of the content is permitted, and records the content encrypted based on the second encryption scheme and the biding information in the first recording medium. | 12-31-2009 |
| 20100088511 | INFORMATION TRANSMISSION SECURITY METHOD - A method for securing the transmission of information in a communication network comprising a plurality of nodes, characterized in that it includes the steps of: an information transmitting node encodes the information with a given code; an error of given weight is added to the encrypted information; the encrypted information and the error are divided into a number of portions that is substantially equal to a chosen number r of possible routes for transmitting the information in the network; the destination address is encrypted; and for each portion, a control information item is associated, making it possible to reconstruct the message at the destination and the encrypted address of the destination node. For the various sets, each including a portion of encrypted information, a control information item and the encrypted address of the recipient node are sent in parallel over the r chosen routes. | 04-08-2010 |
| 20100115272 | COMMUNICATING A PACKET FROM A MESH-ENABLED ACCESS POINT TO A MESH PORTAL IN A MULTI-HOP MESH NETWORK - Methods are provided for processing a packet received by a mesh-enabled access point (MAP). When a first MAP receives a packet it can determine whether the packet is destined for a mesh portal based on the destination address. If so, the first MAP can retrieve an encryption key corresponding to the mesh portal, use the encryption key to encrypt the packet and set a mesh forwarding flag in the packet to indicate that the packet is destined for a mesh portal, and is encrypted with an encryption key corresponding to the mesh portal, and then forward the packet to the next hop MAP towards the a mesh portal. The mesh forwarding flag indicates that the packet is destined for a mesh portal, is encrypted with an encryption key corresponding to the mesh portal, and is to be forwarded to the next hop MAP without performing decryption/re-encryption processing on the packet. When a MAP receives a packet, the first MAP it determines whether a mesh forwarding flag is set in the packet. When the mesh forwarding flag is set in the packet, the first MAP skips decryption/re-encryption processing of the packet, and forwards the packet to the next hop MAP towards the mesh portal. When the mesh forwarding flag is not set in the packet, the first MAP retrieves an encryption key corresponding to the mesh portal, encrypts the packet using the encryption key, sets a mesh forwarding flag in the packet and forwards the packet to the next hop MAP. | 05-06-2010 |
| 20100122083 | METHOD AND APPARATUS FOR SECURELY COMMUNICATING PERSONAL HEALTH INFORMATION - A method of securely communicating personal health information between a user terminal and a health care server. The method includes receiving an encryption key from a security key issuing device through a local communication between a user terminal and the security key issuing device; obtaining health information of a user; encrypting the health information by using the encryption key; and transmitting the encrypted health information to a health care server through a network communication between the user terminal and the health care server. | 05-13-2010 |
| 20100131757 | DIGITAL INFORMATION SERVICE - A system comprising a server which is arranged to store encrypted addresses and encryption information associated with the addresses. The server sending the addresses and encryption information to user equipment which is able to decrypt the encrypted addresses using the encryption information; and is able to access a locations associated with the addresses. | 05-27-2010 |
| 20100161974 | MASTER TERMINAL CAPABLE OF REGISTERING AND MANAGING TERMINALS OF PERSONAL USE SCOPE, AND METHOD AND SYSTEM USING THE SAME - Disclosed are a master terminal capable of registering and managing terminals that belong to a personal use scope, which will be referred to as personally used terminals or personal use terminals, hereafter, and a method and system for managing personal use terminals by using the master terminal. The method for managing a personal use group using a first master terminal to register and manage terminals belonging to a personal use scope includes: requesting a second master terminal that belongs to the personal use scope for personal use group information; receiving the personal use group information from the second master terminal; and registering a terminal that belongs to the personal use scope as the personal use group based on the received personal use group information. | 06-24-2010 |
| 20100211774 | INFORMATION GATHERING SYSTEM, TERMINAL UNIT, PROGRAM FOR INFORMATION GATHERING, AND PROGRAM FOR A TERMINAL - A host computer adds a keycode to e-mail and a terminal unit leads an information gathering candidate to add reply information to the e-mail. When the host computer receives the e-mail to which reply information has been added, the host computer stores the reply information in one of data storage areas having a memory address corresponding to a memory address associated the keycode of the e-mail. | 08-19-2010 |
| 20100235630 | SYSTEM AND METHOD FOR PROVIDING KEY-ENCRYPTED STORAGE IN A CLOUD COMPUTING ENVIRONMENT - System and method for providing cloud computing services are described. In one embodiment, the system comprises a cloud computing environment comprising resources for supporting cloud workloads, each cloud workload having associated therewith an internal cloud address; and a routing system disposed between external workloads of an external computing environment and the cloud workloads, the routing system for directing traffic from an external address to the internal cloud addresses of the cloud workloads. A designated one of the cloud workloads obtains one key of a first pair of cryptographic keys, the first pair of cryptographic keys for decrypting encrypted storage hosted within the cloud computing environment. | 09-16-2010 |
| 20100250923 | COMMUNICATION APPARATUS - A communication apparatus includes: a first storage unit configured to store a plurality of addresses of a plurality of first communication apparatuses; an acquiring unit configured to acquire a self-public key; a specifying unit configured to specify an address of at least one of the plurality of first communication apparatuses stored in the first storage unit when the self-public key is acquired; and a first public key sending unit configured to send the self-public key to the address of the at least one of the plurality of first communication apparatuses specified by the specifying unit. | 09-30-2010 |
| 20100250924 | COMMUNICATION APPARATUS - A communication apparatus includes: a first storage unit registering a plurality of addresses of a plurality of communication apparatuses; a command sending unit sending a first command for requesting a first public key, which corresponds to a first secret key of the first communication apparatus, to the address of the first communication apparatus; a response receiving unit receiving from the first communication apparatus a first response including the first public key; a storage control unit associating the first public key the address of the first communication apparatus and registering the first public key; an encrypted data generating unit encrypting first data, which is to be sent to the first communication apparatus, using the first public key registered in association with the address of the first communication apparatus to generate first encrypted data; and a data sending unit sending the first encrypted data to the address of the first communication apparatus. | 09-30-2010 |
| 20100275017 | Peer-to-Peer Forwarding for Packet-Switched Traffic - Establishing peer-to-peer tunnels between clients in a mobility domain. In normal operation, clients attached to a network having access nodes connected to a central controller transfer all traffic through the central controller. This traffic is passed using tunnels between the access node and the central controller. Tunnels may be encrypted, and GRE tunnels may be used. A mobility manager operating in the controller tracks access nodes connected to the controller, and clients connected to those access nodes. When the mobility controller recognizes traffic passing between clients in its mobility domain that is eligible for peer-to-peer forwarding, it instructs the access nodes supporting the clients to establish a peer-to-peer tunnel between the nodes, and direct the client traffic through this peer-to-peer tunnel. The peer-to-peer tunnel may be session based, or may be aged. Eligibility of traffic for peer-to-peer tunnels may be controlled by rules, such as limiting peer-to-peer tunnels by source or destination, by port or protocol, and the like. | 10-28-2010 |
| 20100281254 | SYSTEMS AND METHOD FOR SECURE DELIVERY OF FILES TO AUTHORIZED RECIPIENTS - By asking the recipient of an encrypted received file to read aloud a check text, retrieved from a network server, that address, or URL, is encoded within the file name of the encrypted received file, the system of the invention automatically verifies the identity of the recipient, confirms that the file has been received by the intended recipient, and then decrypts the file. The utterances of text spoken by the recipient are processed by means of an automatic speech recognition component. The system determines whether the spoken text corresponds to the check text presented to the reader, in which case the system applies an automatic speaker recognition algorithm to determine whether the person reciting the check text has voice characteristics matching those of the intended recipient based on a previous enrollment of the intended recipient's voice to the system. When the system confirms the identity of the recipient, the decryption key is transmitted and the encrypted received file is automatically decrypted and displayed to the recipient. In a preferred embodiment, the system records and marks with a time-stamp the recipient's reciting of the voice check text, so that it can later be compared to the intended recipient's voice if the recipient repudiates reception. | 11-04-2010 |
| 20100287371 | METHOD AND APPARATUS FOR USE IN A COMMUNICATIONS NETWORK - A method and apparatus for use in a Proxy Mobile IP communications network. An anchor point function serves at least one mobile host. The anchor point function generates an IP address for use by the mobile host, the address being generated using cryptographic materials owned by the anchor point function. The anchor point function can then perform signalling on behalf of the mobile host, using the IP address generated for the mobile host with IP addresses of other mobile hosts S | 11-11-2010 |
| 20110010541 | Interoperable keychest for use by service providers - There is provided a system and method for distributors to use an interoperable key chest. There is provided a method for use by a distributor to obtain content access authorizations from a key chest or central key repository (CKR), the method comprising receiving a user request from a user device for access to an encrypted content identified by a content identification, transmitting a key request to the CKR including the content identification, receiving an encrypted first key from the CKR, decrypting the encrypted first key using a second key to retrieve the first key, and providing a DRM license for the encrypted content to the user device using the first key for use by the user device to decrypt the encrypted content using the first key. By generating such DRM licenses, distributors can unlock protected content even sourced from distributors using different DRM schemas. | 01-13-2011 |
| 20110035585 | RE-ESTABLISHMENT OF A SECURITY ASSOCIATION - According to a first aspect of the present invention there is provided a method of re-establishing a session between first and second IP hosts attached to respective first and second IP access routers, the session previously having been conducted via a previous access router to which said first host was attached, and where a security association comprising a shared secret has been established between the hosts. The method comprises sending a connection request from said first host to said first access router, said request containing an IP address claimed by said second host, a new care-of-address for the first host, and a session identifier. Upon receipt of said connection request at said first access router, the router obtains a verified IP address for said second access router and sends an on link presence request to the second access router, the request containing at least an Interface Identifier part of the second host's claimed IP address, said care-of-address, and said session identifier. Said second access router confirms that said second host is attached to the second access router using the claimed Interface Identifier, sending to the second host said care-of-address and said session identifier. The second access router then reports the presence status to said first access router. Said second host uses said session identifier to identify said security association, and updates the binding cache entry for said first host with the new care-of-address. | 02-10-2011 |
| 20110040968 | METHOD AND SYSTEM FOR FORWARDING DATA BETWEEN PRIVATE NETWORKS - In the field of communications technology, a method and a system for forwarding data between private networks are provided, which can enable terminals in different private networks to securely communicate with each other by using private network addresses. The method includes the following steps. A Secure Socket Layer (SSL) tunnel to an SSL Virtual Private Network (VPN) device in another private network is established. Address allocation information of the another private network is received through the SSL tunnel. The address allocation information and a mapping relation between the address allocation information and a public network IP address of the SSL VPN device transmitting the address allocation information and a session ID of the SSL tunnel transmitting the address allocation information are saved. A data packet whose destination address belongs to the another private network is forwarded to the SSL VPN device of the private network to which the destination address belongs, according to the address allocation information and the mapping relation. Through the method, the SSL VPN device can resolve private network addresses of other private networks. | 02-17-2011 |
| 20110066850 | COMMUNICATION USING MULTIPLE APPARATUS IDENTITIES - A system for broadcasting multiple public identities corresponding to the same apparatus. For example, each public identity may correspond to different operational environments, while none of the public identities disclose a private identity that uniquely and permanently identifies the apparatus. This allows apparatuses to keep their unique identity a secret while still being able to communicate with other apparatuses in various environments. | 03-17-2011 |
| 20110099370 | METHOD, APPARATUS, AND SYSTEM FOR PROCESSING DYNAMIC HOST CONFIGURATION PROTOCOL MESSAGE - A method, apparatus, and system for processing a Dynamic Host Configuration Protocol (DHCP) message are disclosed. The method includes: receiving a DHCP message, where the source address of the DHCP message is a Cryptographically Generated Address (CGA) and a signature of a DHCP message sender is carried in the DHCP message; verifying the CGA and the signature; and processing a payload of the DHCP message after the verification of the CGA and the signature succeeds. The CGA and the signature are verified in the embodiment of the present invention, thus improving the security of DHCPv6, and bringing convenience for key management due to publicity of the public key. In addition, because the life of the public key is long, configuration on the DHCP server and/or the network client is convenient. | 04-28-2011 |
| 20110202760 | METHOD FOR IDENTIFYING MOBILE STATION - A data transmission and reception method for ensuring privacy and security and a method for identifying a Mobile Station (MS), while ensuring the location privacy of the MS in a wireless access system are disclosed. The MS identification method includes transmitting a ranging request message including a hashed Medium Access Control (MAC) address to a Base Station (BS), for initial ranging, and receiving a ranging response message including a temporary station Identifier (ID) from the BS. The temporary station ID is used to provide security to a MAC address or station ID by which the BS uniquely identifies the MS. | 08-18-2011 |
| 20110296174 | COMMUNICATION APPARATUS AND COMMUNICATION METHOD - A communication apparatus that stores at least one address of transmission destination and at least one file to be transmitted that are obtained from an external device via an interface into a memory, determines whether a password for encrypting a transmission file is obtained by using a controller when receiving a file transmission instruction, and when obtaining the password, encrypts the transmission file by using the obtained password and transmits the encrypted transmission file to a transmission destination terminal. | 12-01-2011 |
| 20120030462 | SYSTEM AND DEVICE FOR ENCRYPTING AND DECRYPTING ELECTRONIC FILES AND METHOD THEREOF - A method for encrypting electronic files includes: receiving a request signal consisting of an IP address of a receiver and information about a desired electronic file; obtaining a function and the desired electronic file from a storage unit, and starting to time; obtaining a timing length when the electronic file has been obtained completely; substituting the timing length into the function to obtain an encryption key via an encryption module; and encrypting the electronic file using the encryption key. | 02-02-2012 |
| 20120084559 | Communications Source Authentication - Methods, systems, and apparatus, including computer programs encoded on a computer storage medium, for authenticating a communications source. In one aspect, a method includes decrypting a symbol that was received over a particular communications channel. The symbol is decrypted using a decryption key that is assigned to a particular endpoint that is assigned the particular communications channel. A measure of error is computed for the decrypted symbol. In turn, a determination is made whether the measure of error exceeds a threshold error measure. If the measure of error does not exceed the threshold error measure the decrypted symbol is identified as a valid symbol transmitted by the particular endpoint, and logged as such. If the measure of error exceeds the threshold error measure, the decrypted symbol is identified as a symbol from a different endpoint; and | 04-05-2012 |
| 20120110326 | ENHANCED CRYPTOGRAPHCIALLY GENERATED ADDRESSES FOR SECURE ROUTE OPTIMIZATION IN MOBILE INTERNET PROTOCOL - Enhanced cryptographically generated addresses (ECGAs) for MIPv6 incorporate a built-in backward key chain and offer support to bind multiple logically-linked CGAs together. Enhanced CGAs may be used to implement a secure and efficient route optimization (RO) for MIPv6. | 05-03-2012 |
| 20120117382 | SYSTEM AND METHOD EMPLOYING AN AGILE NETWORK PROTOCOL FOR SECURE COMMUNICATIONS USING SECURE DOMAIN NAMES - A method and system are used to transparently create an encrypted communications channel between a client device and a target device. Audio video communications between the client device and the target device are allowed over the encrypted communications channel once the encrypted communications channel is created. The method comprises: (1) receiving from the client device a request for a network address associated with the target device; (2) determining whether the request is requesting access to a device that accepts an encrypted channel connection with the client device; and (3) depending on the determination made in step (2) providing provisioning information required to initiate the creation of the encrypted communications channel between the client device and the target device such that the encrypted communications channel supports secure audio/video communications transmitted between the two devices. | 05-10-2012 |
| 20120124372 | Protecting Websites and Website Users By Obscuring URLs - Websites and website users are subject to an increasing array of online threats and attacks. Disclosed herein are, among other things, approaches for protecting websites and website users from online threats. For example, a content server, such as a proxying content delivery network (CDN) server that is delivering content on behalf of an origin server, can modify URLs as they pass through the content server to obscured values that are given to the end-user client browser. The end-user browser can use the obscured URL to obtain content from the content server, but the URL may be valid only for a limited time, and may be invalid for obtaining content from the origin. Hence, information is hidden from the client, making attacks against the website more difficult and frustrating client-end malware that leverages knowledge of browsed URLs. | 05-17-2012 |
| 20120265986 | METHOD AND SYSTEM FOR ENCRYPTING DATA DELIVERED OVER A NETWORK - Systems and methods are provided for delivering e-mail, typically with time relevant content, to users, whose e-mail addresses are encrypted. Specifically, the e-mails are administered by a host or home server that is transparent to the e-mail addresses of the computers and e-mail clients, that electronic communications are being sent to and received from. | 10-18-2012 |
| 20120311325 | METHOD FOR SENDING AND RECEIVING AN ENCRYPTED MESSAGE AND A SYSTEM THEREOF - The present disclosure is directed to a method for sending and receiving an encrypted message and a system thereof. The method includes steps of encrypting a message, transforming the encrypted message into network address, sending the network address to a receiver, and accessing a server according to the network address by the receiver, and a server decrypting the message, presenting the decrypted message to the receiver, and thereafter preventing the message from being accessed. Advantages include that any mobile phone capable of connection to a wireless network can read an encrypted message without installation of a decryption software on a mobile phone of a receiver. | 12-06-2012 |
| 20120311326 | APPARATUS AND METHOD FOR PROVIDING PERSONAL INFORMATION SHARING SERVICE USING SIGNED CALLBACK URL MESSAGE - A mobile terminal provides a personal information sharing service using a signed URL message. The terminal includes; a personal information sharing service module which receives a message that includes a first callback URL and a personal information sharing request and is signed using a private key of a server, and creates a second callback URL by adding a user response result in response to the personal information sharing request to the first callback URL; and an authentication module which verifies a signature of the message using a public key of the server, and signs the second callback URL using a user private key. | 12-06-2012 |
| 20130031364 | Fine-grained security in federated data sets - A data processing system, a server such as a federated server, a computer system, and like devices, and associated operating methods can be configured to support fine-grained security including resource allocation and resource scheduling. A data processing system can comprise a federated server operable to access data distributed among a plurality of remote data sources upon request from a plurality of client users and applications; and logic executable on the federated server. The logic can be operable to enforce fine-grained security operations on a plurality of federated shared data sets distributed among the plurality of remote data sources. | 01-31-2013 |
| 20130061046 | Stateless Application Notifications - Stateless application notifications are described that enable third parties to provide messages to client applications. A communication channel can be established between a notification service and an application. Upon request, the notification service can generate obfuscated routing data for the channel, which can be in the form of a channel handle or token. The routing data can be encrypted and digitally signed to obscure the content and format of the routing data from third parties. An application service possessing the obfuscated routing data can package a notification with the data and send the package to the notification service for delivery. The application service does so without knowing the channel particulars encoded by the obfuscated routing data. The notification service that produces the obfuscated routing data can decrypt and interpret the data, and deliver the notification on the channel to an appropriate endpoint application on behalf of the application service. | 03-07-2013 |
| 20130061047 | SECURE AND EFFICIENT OFFLOADING OF NETWORK POLICIES TO NETWORK INTERFACE CARDS - Techniques for efficient and secure implementation of network policies in a network interface controller (NIC) in a host computing device operating a virtualized computing environment. In some embodiments, the NIC may process and forward packets directly to their destinations, bypassing a parent partition of the host computing device. In particular, in some embodiments, the NIC may store network policy information to process and forward packets directly to a virtual machine (VM). If the NIC is unable to process a packet, then the NIC may forward the packet to the parent partition. In some embodiments, the NIC may use an encapsulation protocol to transmit address information in packet headers. In some embodiments, this address information may be communicated by the MC to the parent partition via a secure channel. The NIC may also obtain, and decrypt, encrypted addresses from the VMs for routing packets, bypassing the parent partition. | 03-07-2013 |
| 20130067224 | AGILE NETWORK PROTOCOL FOR SECURE COMMUNICATIONS USING SECURE DOMAIN NAMES - A method is used to transparently create an encrypted communications channel between a client device and a target device. Each device is configured to allow audio/video communications between the client and target devices over the encrypted communications channel once the encrypted communications channel is created. The method comprises receiving from the client device a request for a network address associated with the target device, determining whether the request is requesting access to a device that accepts an encrypted channel connection with the client device, and in response to determining that the request is requesting access to a device that accepts an encrypted communications channel connection with the client device, providing provisioning information required to initiate the creation of the encrypted communications channel between the client device and the target device such that the encrypted communications channel supports secure audio/video communications transmitted between the two devices. | 03-14-2013 |
| 20130179683 | SECURE REGISTRATION TO A SERVICE PROVIDED BY A WEB SERVER - To check a secure registration to a service provided by a web server from a communication terminal (TC), the web server (SW) saves a dynamically generated code matching the terminal (TC)'s IP address and transmits a message containing the code (CodC) to an e-mail address. This address is provided by the user in response to the terminal's connection to the web server. The server transmits to the terminal an application (App) capable of generating an automated test in order to tell computers apart from humans. The answer provided by the user is encrypted with the terminal's IP address and the code contained in the message transmitted to the e-mail address, and is directly transmitted by the application to the server, which decrypts it and compares it with an expected answer in order to enable access to the Web server if the decrypted answer matches the expected answer. | 07-11-2013 |
| 20130232338 | NETWORK SECURITY APPLIANCE - Methods, devices, and systems that may be used to secure networked devices are provided. One method includes receiving, at a security device, encrypted configuration data from a management server connected to a data network, from packets addressed to a networked device. The method further includes managing, by the security device, packets between the networked device and other devices accessible through a network based upon the configuration data. The method further includes sending, by the security device, a plurality of encrypted heartbeat messages to the management server utilizing an address associated with the networked device as the originating address for packets in which the encrypted heartbeat messages are transmitted. | 09-05-2013 |
| 20130275751 | METHOD AND APPARATUS FOR PROVIDING ADAPTIVE SELF-SYNCHRONIZED DYNAMIC ADDRESS TRANSLATION AS AN INTRUSION DETECTION SENSOR - A translator is provided for translating predetermined portions of packet header information including an address of a data packet according to a cipher algorithm keyed by a cipher key derived by a key exchanger. A mapping device is also provided for mapping the address to a host table stored in memory. If the address does not match an entry in the host table, a security device is triggered. | 10-17-2013 |
| 20130283046 | SERVICE SYSTEM - Multiple service servers can store identification tags, which identify each user, after associating the identification tags with the identification tags of other users; and can also store identification data, which uniquely identifies users across multiple service servers, after associating the identification data with an encryption key for each identification datum. A management server device stores as identification data the user address data encrypted by means of an encryption key that has been generated for each identification datum. A gateway server device receives the identification tags from a first service server, receives the other identification tags associated with the first identification tags, receives the encryption keys associated with the other identification tags, and obtains the encrypted data from the management server. The gateway server device then decodes the encrypted information, and commands delivery that uses the obtained address data. | 10-24-2013 |
| 20130311774 | SYSTEM AND METHOD EMPLOYING AN AGILE NETWORK PROTOCOL FOR SECURE COMMUNICATIONS USING SECURE DOMAIN NAMES - A system and method connect a first network device and a second network device by initiating a secure communication link. The system includes one or more servers configured to: receive, from the first network device, a request to look up a network address of the second network device based on an identifier associated with the second network device; determine, in response to the request, whether the second network device is available for a secure communications service; and initiate a secure communication link between the first network device and the second network device based on a determination that the second network device is available for the secure communications service; wherein the secure communications service uses the secure communication link to communicate at least one of video data and audio data between the first network device and the second network device. | 11-21-2013 |
| 20140019754 | ANONYMOUS AND UNLINKABLE DISTRIBUTED COMMUNICATION AND DATA SHARING SYSTEM - A distributed communication and data sharing system that provides anonymity and unlinkability. A group comprising a number of structures, each having a public/private key pair, is stored on a plurality of nodes in a Distributed Hash Table. Advantageous features of the group management system are provided through the use of Cryptographically Generated Addresses (CGA) for the structures, a secure capture method that enables a user to capture an address and be the only one authorized to request certain operations for the address, and an anonymous get/set mechanism in which a user signs messages, encloses the public key in the message and encrypts the message and public key using the public key of the receiver. The distributed communication and data sharing system of the invention can advantageously be used for group management of social networks. | 01-16-2014 |
| 20140052984 | METHODS AND SYSTEMS FOR REGISTERING A PACKET-BASED ADDRESS FOR A MOBILE DEVICE USING A FULLY-QUALIFIED DOMAIN NAME (FQDN) FOR THE DEVICE IN A MOBILE COMMUNICATION NETWORK - A mobile communication device registers for data communication through a mobile communication network with a packet-based network. The device may or may not have a mobile device number, and registers using a fully-qualified-domain-name (FQDN) uniquely identifying the device in a domain-name-system (DNS) of the packet-based network. A packet-data-network gateway assigns a packet-based address for the device, and generates a request for registering the address with the FQDN in a DNS server. Alternatively, the device generates the packet-based address based on a received portion of the address, retrieves the FQDN from an identity module, and sends a DNS-Update message to the DNS server including the address and FQDN. Again alternatively, a DNS server receives an encrypted DNS update message including a FQDN and a packet-based address, and decrypts the message prior to registering the address and FQDN in a DNS database. | 02-20-2014 |
| 20140059343 | ALGORITHM-BASED ANONYMOUS CUSTOMER REFERENCES - A system and methodology that facilitates management and utilization of domain-specific anonymous customer references (ACRs) for protecting subscriber privacy across different domains is disclosed herein. In one aspect, on receiving user authorization, an ACR services (ACRS) component can generate an ACR that is to be inserted in a communication or message transmitted from a user equipment to an untrusted entity. The ACR can be generated based on address data associated with the untrusted entity and/or a unique subscriber identifier associated with the user equipment. As an example, the ACR creation component can generate the ACR based on a cryptographic hash, a static encryption key, and/or a dynamic encryption key. If the ACR is forwarded to a trusted entity, the trusted entity can calculate the unique subscriber identifier based on evaluating the ACR and/or exchange the ACR for the unique subscriber identifier via a secure communication with the ACRS component. | 02-27-2014 |
| 20140068252 | PUBLIC KEY GENERATION UTILIZING MEDIA ACCESS CONTROL ADDRESS - In some embodiments, in a registration process where a user device is registering for access to a network, a public/private key pair may be generated based on a media access control (MAC) address of a user device. The generated public/private key pair may be transmitted to the user device for future access to the network. In some embodiments, where a user device is requesting access to a network, a MAC address embedded in a public key may be utilized to determine whether access to the network should be granted. | 03-06-2014 |
| 20140089661 | SYSTEM AND METHOD FOR SECURING NETWORK TRAFFIC - One variation of a method for selectively filtering internet traffic includes: receiving DNS queries; determining resource access levels for the DNS queries based on an internet resource database, wherein the resource access levels comprise a first level, a second level, and a third level returning an unmodified IP address for the first level DNS queries; returning a replacement resource IP address for the second level DNS queries; returning a web proxy server IP address for the third level DNS queries; and regulating HTTP traffic directed to the web proxy server IP address. | 03-27-2014 |
| 20140181508 | COMMUNICATION DEVICE AND COMPUTER PROGRAM PRODUCT - According to an embodiment, a communication device includes a cryptographic communication unit, a first communicating unit, and a control unit. The cryptographic communication unit is configured to perform cryptographic communication with an external device via a first network. The first communicating unit is configured to perform communication with a key generating device via a second network, the key generating device being configured to generate a cryptographic key to be used in the cryptographic communication. The control unit is configured to perform control to transmit an address registration request containing address information to the key generating device via the first communicating unit when a predetermined specific request is issued from among requests used in the cryptographic communication. | 06-26-2014 |
| 20140181509 | METHOD AND APPARATUS FOR VERIFYING ANTI-COUNTERFEITING INFORMATION - A method and apparatus for verifying anti-counterfeiting information are provided so as to improve an anti-counterfeiting effect, to lower an anti-counterfeiting cost, to extend the scope of population to which anti-counterfeiting effect is applicable and to guarantee the stability of anti-counterfeiting means. The method includes: a terminal obtains and parses encrypted address information of an object; the terminal connects to a network address corresponding to the parsed encrypted address information; the terminal determines that the encrypted address information is valid upon successful connection and sending verification information of the object to the network address corresponding to the encrypted address information; and the terminal receives feedback information about whether the verification information is valid. | 06-26-2014 |
| 20140245002 | METHOD AND APPARATUS FOR SECURE DATA TRANSMISSIONS - An apparatus, system, and method are disclosed for secure data transmissions. In one embodiment, a method includes receiving a request for data from a remote client, the request including a public Internet protocol address of the remote client, the request encrypted according to an initial encryption scheme, encrypting the requested data according to a different encryption scheme, and transferring the data to the remote client. | 08-28-2014 |
| 20140258715 | Session Attribute Propagation through Secure Database Server Tiers - Mechanisms are provided for handling a database client request. An encrypted database client request (DCR) is received, by an unsecure access local agent, from a client computing device as part of a session between the client computing device and a database data processing system. The unsecure access local agent retrieves a database session information (DSI) address corresponding to the session and generates a first unique identifiable key (UIK) based on a portion of the encrypted DCR. The unsecure access local agent generates a DSI mapping data structure that maps the first UIK to the DSI address. A secure access local agent of the database data processing system processes the encrypted DCR using the DSI mapping data structure. | 09-11-2014 |
| 20140281508 | CHANGING GROUP MEMBER REACHABILITY INFORMATION - In an embodiment, a method comprises obtaining a second network address at a computer node, which has been already associated with a first network address and provided first keying information; sending, to a key server computer, an update message that comprises both the first network address and the second network address; using the first keying information to encrypt messages that the computer node sends from the second network address to one or more other members of a group. | 09-18-2014 |
| 20140289515 | Digital rights management retrieval system - A digital rights management retrieval system is provided. In some embodiments, a digital rights management system includes receiving a first notification from a first client device of a first protected content transaction for a first user with a first content distributor, wherein the first notification includes a first network address for the first content distributor; receiving a second notification from the first client device of a second protected content transaction by the first user with a second content distributor, wherein the second notification includes a second network address for the second content distributor; and maintaining a first list of content distributors for the first user, wherein the first list includes a network address for each content distributor from which the first user has downloaded protected content. | 09-25-2014 |
| 20140289516 | PORTABLE DIGITAL VAULT AND LENDING OF SAME - A portable digital vault and related methods are disclosed that can provide a digital equivalent to the physical act of lending copyrighted content (such as a book or CD) while also providing security to prevent copying of the content. The vault acts as a self-contained authority that contains permissions relating to actions that can be taken with respect to the vault and vault contents. Vault contents can be moved between vaults, vaults can be moved between computing devices, and a vault and its contents can be moved together as a single unit. A vault can store any type of content, such as digital books, audio and video. In some embodiments, the vault can be issued by a government authority and contain currency note information that allows the vault to be used as cash. A vault can also serve as a receipt of a digital legal contract. | 09-25-2014 |
| 20140304504 | LOGICAL NETWORK SEPARATION METHOD AND APPARATUS - Disclosed are a logical network separation method and apparatus. The logical network separation method includes generating a first hash key on the basis of address information included in a service request packet, generating hash information on the basis of a transmission property of the service request packet corresponding to the first hash key when the same hash key as the first hash key is not in the hash table, and generating the policy about the reception of the service response packet corresponding to the service request packet on the basis of a destination of the service request packet. Accordingly, it is possible to block a cyber attack such as hacking, a malicious program, etc. | 10-09-2014 |
| 20140317404 | DYNAMIC ENCRYPTION OF A UNIVERSAL RESOURCE LOCATOR - A system including a computer and a computer readable hardware storage device containing instructions which, upon being executed by the computer, implements a method for restricting access to information transmitted over a computing network. A resource request for a resource to be located is received. The resource request contains a universal resource locator (URL). The URL is evaluated to determine whether encryption of none, part, or all of the URL is required. It is determined that the requested resource is available and in response, the requested resource contained in the resource request is located. It is determined whether encryption is required for none, part, or all of a return URL of the requested resource that is to be returned to a location of the resource request. | 10-23-2014 |
| 20140325211 | METHOD FOR UPDATING A TABLE OF CORRESPONDENCE BETWEEN A LOGICAL ADDRESS AND AN IDENTIFICATION NUMBER - A method for updating a table of correspondence between a logical address associated to a user unit in a communication network and a unique identification number associated to one of a group of user units managed by a management centre, a method where messages are exchanged between said management centre and a specific user unit of said group by using said communication network, these messages being forwarded to the logical address of the specific user in said network, the method including searching in said table for the logical address of the user unit in said communication network corresponding to the unique identification number of the specific user unit; sending of messages to the user unit having the concerned unique identification number, to the logical address corresponding to said communication network; and if the messages are received incorrectly, sending a request containing an identifier of said specific user unit. | 10-30-2014 |
| 20140344568 | SERVER NODE DISCOVERY MECHANISM APPLIED IN CLOUD ENVIONMENT CAPABLE OF SEARCHING SERVER NODE WITHIN CLOUD SERVICE CLUSTER - A packet sending node is employed in a network segment. The packet sending node includes a packet storage module, a packet sending module and a packet accepting module. The packet storage module is configured to store an encryption packet including a network address of the packet sending node. The packet sending module is configured to send the encryption packet to a packet receiving node in the network segment based on the user datagram protocol. The packet accepting module is configured to receive a response packet sent by the packet receiving node according to the network address of the packet sending node in the encryption packet. A server node discovery mechanism and a packet receiving module are also provided. | 11-20-2014 |
| 20150046703 | TARGET DIRECTED JOINING ALGORITHM FOR MULTI-PAN NETWORKS - A method of network joining. A first service node (SN) of SNs in a multi-Personal Area Network including data concentrators (DCs) that communicate with a server over a common communications medium configures a beacon request frame (BRF) including a Media Access Control (MAC) header including a header information element (HIE) or a payload IE (PIE), and a MAC CRC footer. The BRF includes a unique address of a first DC corresponding to the first SN or an encrypted data sequence with a key. The first SN transmits the BRF over the common communications medium. Responsive to receiving the BRF, the first DC processes the BRF to identify the unique address or has the key and applies the key to decipher the encrypted BRF. The first DC transmits a beacon frame over the common communications medium, wherein others of the plurality of DCs do not transmit respective beacon frames. | 02-12-2015 |
| 20150046704 | TARGET DIRECTED JOINING ALGORITHM FOR MULTI-PAN NETWORKS - A method of network joining. A first service node (SN) of SNs in a multi-Personal Area Network including data concentrators (DCs) that communicate with a server over a common communications medium configures a beacon request frame (BRF) including a Media Access Control (MAC) header including a header information element (HIE) or a payload IE (PIE), and a MAC CRC footer. The BRF includes a unique address of a first DC corresponding to the first SN or an encrypted data sequence with a key. The first SN transmits the BRF over the common communications medium. Responsive to receiving the BRF, the first DC processes the BRF to identify the unique address or has the key and applies the key to decipher the encrypted BRF. The first DC transmits a beacon frame over the common communications medium, wherein others of the plurality of DCs do not transmit respective beacon frames. | 02-12-2015 |
| 20150074391 | VERIFICATION OF USER COMMUNICATION ADDRESSES - Disclosed are various embodiments for performing stateless verification of communication addresses. Encrypted verification data is generated for a user, including a communication address, an identifier of the user, a verification code, and a timestamp. The encrypted verification data is sent to the user, and the verification code is transmitted to the communication address. The encrypted verification data and the verification code are received from the user. The communication address is verified based at least in part on the verification code received from the user and the encrypted verification data received from the user. | 03-12-2015 |
| 20150143110 | MANAGE ENCRYPTED NETWORK TRAFFIC USING SPOOFED ADDRESSES - Methods and systems for managing encrypted network traffic using spoofed addresses. One example method includes receiving a request to resolve a domain name; determining that the domain name is included in a predetermined set of domain names; associating a spoofed address with the domain name; sending a response to the request to resolve the domain name, the response including the spoofed address; receiving a secure request for a resource, the secure request directed to the spoofed address; determining that the secure request is directed to the domain name based on the association between the spoofed address and the domain name; and selectively decrypting the secure request based at least in part on determining that the secure request is directed to the domain name. | 05-21-2015 |
| 20150304399 | RUNNING AGENTS TO EXECUTE AUTOMATION TASKS IN CLOUD SYSTEMS - Running an agent to execute an automation task in a cloud system can include receiving configuration data and location data from a database for the agent associated with the automation task in response to an identified scheduled run of the automation task, retrieving the agent using the location data and a distributed duster of servers, and running the agent to execute the automation task in the cloud system using the configuration data. | 10-22-2015 |
| 20150312221 | SECURE DATA EXCHANGE TECHNIQUE - Techniques utilizing common encryption approaches for data from multiple parties enable those parties to discover information that is held in common by the parties without disclosing to any party information that is not held in common by the parties. Encrypted information for each party can be compared to determine which encrypted values match, and those encrypted values can be returned to any of the parties such that a party can determine which corresponding data the parties have in common without having access to any other data of any other parties. | 10-29-2015 |
| 20150319140 | Encryption/decryption method, system and device - An encryption/decryption method are described, which includes that a terminal performs an encryption operation according to information of an encryption sub-node of an Encrypt And Decrypt Management Object (EADMO) node of a local Device Management (DM) tree and reports to a DM server encrypted data state information generated after the encryption succeeds; and the terminal performs a decryption operation according to the encrypted data state information sent from the DM server. An encryption/decryption system and device are also described. By means of technical solutions of embodiments of the disclosure, operations are simple without causing data loss, and a problem that data of a non-local terminal cannot be encrypted is solved. | 11-05-2015 |
| 20160014097 | DOCUMENT-AUTHORIZED ACCESS TO A SHARED WORKSPACE | 01-14-2016 |
| 20160014124 | SERVICE LOCATION BASED AUTHENTICATION | 01-14-2016 |
| 20160028696 | Network Address-Based Encryption - A system for encrypting data and transferring or storing data securely may include a computing device including an encryptor configured to generate an encryption key from a network resource and encrypt data using the encryption key to generate encrypted data, and a decryptor configured to generate a decryption key from the network resource and decrypt the encrypted data to generate the non-encrypted data. | 01-28-2016 |
| 20160072776 | METHOD AND SYSTEM FOR EXCHANGING ENCRYPTED MESSAGES BETWEEN COMPUTING DEVICES IN A COMMUNICATION NETWORK - A method for exchanging a message ( | 03-10-2016 |
| 20160080386 | Boosting Remote Direct Memory Access Performance Using Cryptographic Hash Based Approach - A mechanism is provided in a data processing system for performing a remote direct memory access operation. Responsive to receiving in a network interface controller a hash value of data to be copied from a source address in a source node to a destination address in a destination node in the remote direct memory access operation, the network interface controller performs a lookup operation in a translation protection table in the network interface controller to match the hash value to a hash value for data existing in memory of the destination node. Responsive to the network interface controller finding a match in the translation protection table, the network interface controller completes the remote direct memory access operation without transferring the data from the source node to the destination node. | 03-17-2016 |
| 20160381107 | SYSTEM AND METHOD FOR CONTENT STREAMING WITH FEATURE DETECTION - A system and method for content streaming with feature detection, comprising determining a streaming format compatibility criteria of a remote web browser, determining a content selection from a list of one or more content selections, receiving at a content server a streaming request, streaming the content selection, the streaming including dividing a source content into a plurality of segment files, encrypting the plurality of segment files, sending a manifest file from the content server to the remote web browser, receiving requests at the content server for each of the plurality of segment files and a decryption key, sending from the content server each one of the requested plurality of segment files and the decryption key, and selecting the next content selection in the list until the last content selection is selected and streamed. | 12-29-2016 |
