Patent application number | Description | Published |
20080247392 | Validating Internal Routing Protocol Information Passed Through an External Routing Protocol - In one embodiment, a method includes receiving authenticated site data that includes site ID data and address data. The site ID data indicates a unique site ID for each site among multiple sites for a first network that uses an internal routing protocol. Multiple edge sites of those sites are separate from each other and connected to a second network that is under separate administrative control of at least one different party. The address data indicates network addresses associated with each site of the plurality of sites. An external routing protocol message is discounted based on the authenticated site data. | 10-09-2008 |
20090262941 | TECHNIQUES FOR MANAGING KEYS USING A KEY SERVER IN A NETWORK SEGMENT - The election of a key server is provided. The key server is a single device that broadcasts an encryption key to other devices in a network segment. Also, automatic reelection of a new key server is provided when a current key server becomes unavailable. Key receivers may separately detect that a new key server is needed and separately determine from state information which key receiver should be elected the new key server. The state information may have been received in previously sent messages. Thus, further messaging is not needed to elect a new key server. | 10-22-2009 |
20100034207 | ENFORCING THE PRINCIPLE OF LEAST PRIVILEGE FOR LARGE TUNNEL-LESS VPNs - Techniques for secure communication in a tunnel-less VPN are provided. A key server generates and provides, to each VPN gateway, different, yet mathematically-related keying material. A VPN gateway receives distinct keying material for each designated address block (e.g., subnet) behind the VPN gateway. In response to receiving a packet from one a source host whose address falls within one of the designated address blocks, the VPN gateway identifies the appropriate keying material. The VPN gateway determines an identifier for the address block that includes the destination address. The identifier and the identified keying material are used to generate a key. The VPN gateway encrypts the packet with the key and forwards the encrypted packet to the destination host. | 02-11-2010 |
20100142711 | GROUP KEY MANAGEMENT RE-REGISTRATION METHOD - In an embodiment, a fast group key management re-registration is described. One computer-implemented method comprises, at a key server: receiving a registration request from a network element to join a group of network elements managed by the key server; generating and storing a group member registration state comprising information identifying the network element within the group of network elements; generating a token using information from the group member registration state, wherein the token identifies the network element within the group; deleting the group member registration state for the network element at the key server; generating an encrypted token by encrypting the token using a secret key that is local to the key server; sending the encrypted token to the network element; receiving the encrypted token along with a re-registration request from the network element to re-join the group of network elements; and re-registering the network element using the encrypted token. | 06-10-2010 |
20100220856 | PRIVATE PAIRWISE KEY MANAGEMENT FOR GROUPS - In an example embodiment, a key generation system (KGS) is used to generate private pairwise keys between peers belonging to a group. Each member of the group is provisioned with a set of parameters which allows each member to generate a key with any other member of the group; however, no group member can derive a key for pairings involving other group members. The private pairwise keys may be used to derive session keys between peers belonging to the group. Optionally, an epoch value may be employed to derive the private pairwise keys. | 09-02-2010 |
20100318605 | APPROACH FOR MANAGING STATE INFORMATION BY A GROUP OF SERVERS THAT SERVICES A GROUP OF CLIENTS - An approach for managing state information by a group of servers that services a group of clients is disclosed. One server is designated as the primary server and is responsible for generating state information to be used by both the servers and the clients. The remaining servers are designated as secondary servers that help to manage the group, but which do not generate the state information. When the primary server fails or is not available due to a network partition event, one of the secondary servers changes role to become the primary server. With a network partition event, each partition can have a primary server, and when the network partition heals, one of the primary servers changes role back to being a secondary server. As a result, the group of servers maintains a consistent set of state information without being vulnerable to the single failure of a server. | 12-16-2010 |
20110087878 | ENABLING QoS FOR MACsec PROTECTED FRAMES - Embodiments associated with enabling Quality of Service (QoS) for MACsec protected frames are described. One example method includes identifying a security indicator in an encrypted network communication and selectively forwarding the encrypted network communication according to a QoS policy. The example method may also include selectively storing a control packet security indicator sniffed from a control packet network communication in response to determining that a match exists between a control packet identification field and a QoS database entry. | 04-14-2011 |
20110296044 | KEEP-ALIVE HIATUS DECLARATION - In an embodiment, a method is performed by one or more processors and comprises obtaining a hiatus declaration that indicates that a network device will be incommunicable; suspending communication with the network device until expiration of a hiatus time period during which the network device is expected to be incommunicable; resuming communication with the network device in response to any of: determining that the hiatus time period has expired; obtaining a keep-alive message from the network device; or obtaining other indication that the network device can communicate. | 12-01-2011 |
20120045063 | Techniques for Managing Keys Using a Key Server in a Network Segment - The election of a key server is provided. The key server is a single device that broadcasts an encryption key to other devices in a network segment. Also, automatic reelection of a new key server is provided when a current key server becomes unavailable. Key receivers may separately detect that a new key server is needed and separately determine from state information which key receiver should be elected the new key server. The state information may have been received in previously sent messages. Thus, further messaging is not needed to elect a new key server. | 02-23-2012 |
20120117248 | Restarting Network Reachability Protocol Sessions Based on Transport Layer Authentication - In an embodiment, a method comprises establishing a first data communications session with a first router. In response to receiving a first request to establish a second data communications session, a probe message that is configured to test whether the first data communications session or the first router is responsive is sent to the first router. In response to determining that the first router has not acknowledged the probe message before a probe timer has expired, and receiving a second request to establish the second data communications session, the second data communications session with the first router is established and a state for the first data communications session is deleted. | 05-10-2012 |
20140258532 | KEEP-ALIVE HIATUS DECLARATION - In an embodiment, a method is performed by one or more processors and comprises obtaining a hiatus declaration that indicates that a network device will be incommunicable; suspending communication with the network device until expiration of a hiatus time period during which the network device is expected to be incommunicable; resuming communication with the network device in response to any of: determining that the hiatus time period has expired; obtaining a keep-alive message from the network device; or obtaining other indication that the network device can communicate. | 09-11-2014 |
20140281508 | CHANGING GROUP MEMBER REACHABILITY INFORMATION - In an embodiment, a method comprises obtaining a second network address at a computer node, which has been already associated with a first network address and provided first keying information; sending, to a key server computer, an update message that comprises both the first network address and the second network address; using the first keying information to encrypt messages that the computer node sends from the second network address to one or more other members of a group. | 09-18-2014 |
20150215298 | CHANGING GROUP MEMBER REACHABILITY INFORMATION - In an embodiment, a method comprises obtaining a second network address at a computer node, which has been already associated with a first network address and provided first keying information; sending, to a key server computer, an update message that comprises both the first network address and the second network address; using the first keying information to encrypt messages that the computer node sends from the second network address to one or more other members of a group. | 07-30-2015 |
20150288603 | Path Maximum Transmission Unit Handling For Virtual Private Networks - Techniques are described herein for optimizing communications in a network. At a router in a virtual private network, a packet is received from a device in a subnetwork protected by the router. The router examines the packet to determine a source address that identifies the device and a destination address that identifies a destination network device for the packet. The router also analyzes the packet to determine a size of the packet and determines whether or not the size of the packet is larger than a maximum transmission unit size. If the size of the packet is larger than the maximum transmission unit size, the router encapsulates the packet with a header that includes the destination address and a new source address that identifies the router. | 10-08-2015 |
20150295899 | Group Member Recovery Techniques - Techniques are presented for optimizing secure communications in a network. A first router receives from a second router an encrypted packet with an unknown security association. The first router examines the packet to determine whether the counter value is in a range of predicted counter values. Additionally, a key server is configured to provision routers that are part of a virtual private network. The key server selects a counter value that is part of a security association and calculates a key value. The key server sends the key value together with the security association to enable routers to exchange encrypted packets with each other in the virtual private network using the key value and the security association. The key server increments the counter value to a value within a range of counter values capable of being predicted by the routers. | 10-15-2015 |
20150304282 | Nested Independent Virtual Private Networks With Shared Rekey And Consistency Services - First and second nested virtual private networks share a common rekey service. A first key server generates first cryptographic keys and policies for use by gateways of the VPN to encrypt and decrypt data packets. The key server establishes a connection with a second key server to generate second cryptographic keys and policies independently of the first key server for use by encryption units of a second VPN that is nested with and operates independently of the first VPN. The first key server refreshes the first cryptographic keys in the first VPN gateways using a common rekey service, and cooperates with the second key server to refresh the second cryptographic keys in the second VPN encryption units using the common rekey service. | 10-22-2015 |
Patent application number | Description | Published |
20110000945 | Electronic Device Holder - In one example, we describe a holder for an electronic device, such as a cell phone. The holder allows the user to attach the device to the user, as well as straps, such as car seat belts and purse straps. This holder has the unique property of being able to accommodate a range of sizes of electronic devices. We can adjust length, width, and thickness, or use angles in 3 different directions, for multiple degrees of freedom, in Cartesian, polar, or cylindrical coordinates, or combinations, to adjust the size, for different devices, to make that very easy and cost effective/flexible for the consumers, to adjust very fast and secure, as an example. | 01-06-2011 |
20120012489 | Packaging Article and Device - In one example, we describe a new structure and shape for the packaging objects, for storage, display, and transportation. For example, it can be helpful for the consumers to test/examine/try-before-buy the object(s). It has an opening/closing mechanism, for the object to be secure inside that packaging, without destroying the merchandise or packaging (by the consumer at the store), so that it can be redisplayed on the shelf (at the store), again. Many examples and variations are given here. | 01-19-2012 |
20120018322 | Flash Lens for Mobile Phone Case - In one example, we describe a method and device for solving the problem associated with the cover affecting the flash/light from a cell phone camera (for example), causing and adding erroneous colors, effects, and information on the resulting pictures, images, sensors, or videos. We are using/adding one or more lenses in the assembly. With these examples described here, we are solving this problem and dramatically reducing this effect. Other variations are also discussed here. | 01-26-2012 |
20120019920 | Flash Insert for Mobile Phone Case - In one example, we describe a method and device for solving the problem associated with the cover affecting the flash/light from a cell phone camera (for example), causing and adding erroneous colors, effects, and information on the resulting pictures, images, sensors, or videos. With these examples described here, we are solving this problem and dramatically reducing this effect. Other variations are also discussed here. | 01-26-2012 |
20120024560 | CASE FOR ENCLOSING AND REMAINING ATTACHED TO A MOBILE COMMUNICATION DEVICE WITH APPLIED FABRIC - Cases for enclosing and remaining attached to a mobile communications device may include a semi-rigid shell and a fabric covering attached thereto. The cases may include a semi-rigid shell with a recessed portion for accepting a fabric covering and the fabric covering. | 02-02-2012 |
20120031788 | ONE PIECE CO-FORMED EXTERIOR HARD SHELL CASE WITH AN ELASTOMERIC LINER FOR MOBILE ELECTRONIC DEVICES - A one-piece co-formed exterior hard shell case with an elastomeric liner formed on the interior of the exterior hard shell for mobile electronic devices. This hard protective exterior shell allows the device maximum protection from impacts with sharp objects while the interior elastomeric portion that provides shock protection for the device from impacts. The exterior hard shell part is formed to fit the device closely with a small offset from the devices surface. The exterior hard shell raps around the edges of the device. To allow the shell to be able to be mounted on the device the comers of the hard shell are cut open. This allows each sidewall to flex away when a device is inserted and snap back once it is in place. The elastomeric material fills in the gaps created at the comers of the exterior hard shell to allow flex for mounting. | 02-09-2012 |
20120044638 | CASE FOR ENCLOSING AND REMAINING ATTACHED TO A TABLET-COMPUTING DEVICE - A case for enclosing and remaining attached to a tablet-computing device may include a rigid inner portion and an outer portion attached thereto. The case may be customized to accommodate a particular kind or type of tablet-computing device and may include an aperture aligned within the case to accommodate a feature of the inserted tablet-computing device. The case may be configured to elevate a tablet-computing device to an angled position relative to a planar position and/or maintain the tablet-computing device in the angled position. In some embodiments, the rigid inner portion may be removable from the case. | 02-23-2012 |
20120067751 | CASE FOR ENCLOSING A PERSONAL ELECTRONIC DEVICE AND A CARD - Cases for enclosing a personal electronic device may also enclose one or more cards, such as credit cards, payment cards, coupons, receipts, identification cards, merchandise credit cards, gift cards, or business cards through the use of a retaining system. Exemplary cases may include a flexible inner layer and an exterior hard layer that may be permanently affixed to one another to form two fitted cavities, one for holding the personal electronic device and one for holding inserted cards. | 03-22-2012 |
20120181196 | ELECTRONIC DEVICE CASE WITH RETRACTABLE STAND - A case for an electronic device with a retractable stand may support the case for an inserted electronic device when disposed in a horizontal and/or vertical position. The case may be transitioned from the horizontal and/or vertical disposition and vise-versa without changing the relative positions of the case and the stand to one another. | 07-19-2012 |
20130001105 | CASE FOR ENCLOSING A PERSONAL ELECTRONIC DEVICE AND A CARD - Cases for enclosing a personal electronic device may also enclose one or more cards, such as credit cards, payment cards, coupons, receipts, identification cards, merchandise credit cards, gift cards, or business cards through the use of a retaining system. Exemplary cases may include a personal device portion and a card portion that may be co-molded into a one-piece device for holding the personal electronic device and the inserted cards. | 01-03-2013 |
20130241381 | ONE-PIECE CASE FOR ENCLOSING A TABLET-COMPUTING DEVICE - A one-piece case for enclosing a computing device such as a tablet computer is molded from a single material into a single piece. The case comprises a base portion to hold the computing device and a cover portion to cover the front or screen of the computing device. By varying the thickness of the material used in different areas of the one-piece case, the two portions of the case may be hinged together. Similarly, because of the areas of differing thicknesses, the cover portion of the one-piece case can be folded into various configurations, thereby creating a stand for the computing device. | 09-19-2013 |
20140076747 | CASE FOR ENCLOSING A PERSONAL ELECTRONIC DEVICE AND A CARD - Cases for enclosing a personal electronic device may also enclose one or more cards, such as credit cards, payment cards, coupons, receipts, identification cards, merchandise credit cards, gift cards, or business cards through the use of a retaining system. Exemplary cases may include a personal device portion and a card portion that may be co-molded into a one-piece device for holding the personal electronic device and the inserted cards. | 03-20-2014 |
20140202887 | ELECTRONIC DEVICE CASE WITH RETRACTABLE STAND - A case for an electronic device with a retractable stand may support the case for an inserted electronic device when disposed in a horizontal and/or vertical position. The case may be transitioned from the horizontal and/or vertical disposition and vise-versa without changing the relative positions of the case and the stand to one another. | 07-24-2014 |
20140243053 | ONE PIECE CO-FORMED EXTERIOR HARD SHELL CASE WITH AN ELASTOMERIC LINER FOR MOBILE ELECTRONIC DEVICES - A one-piece co-formed exterior hard shell case with an elastomeric liner formed on the interior of the exterior hard shell for mobile electronic devices. This hard protective exterior shell allows the device maximum protection from impacts with sharp objects while the interior elastomeric portion that provides shock protection for the device from impacts. The exterior hard shell part is formed to fit the device closely with a small offset from the devices surface. The exterior hard shell raps around the edges of the device. To allow the shell to be able to be mounted on the device the corners of the hard shell are cut open. This allows each sidewall to flex away when a device is inserted and snap back once it is in place. The elastomeric material fills in the gaps created at the corners of the exterior hard shell to allow flex for mounting. | 08-28-2014 |
20150094125 | CASE FOR ENCLOSING AND REMAINING ATTACHED TO A TABLET-COMPUTING DEVICE - A case for enclosing and remaining attached to a tablet-computing device may include a rigid inner portion and an outer portion attached thereto. The case may be customized to accommodate a particular kind or type of tablet-computing device and may include an aperture aligned within the case to accommodate a feature of the inserted tablet-computing device. The case may be configured to elevate a tablet-computing device to an angled position relative to a planar position and/or maintain the tablet-computing device in the angled position. In some embodiments, the rigid inner portion may be removable from the case. | 04-02-2015 |
20150366309 | ONE PIECE CO-FORMED EXTERIOR HARD SHELL CASE WITH AN ELASTOMERIC LINER FOR MOBILE ELECTRONIC DEVICES - A one-piece co-formed exterior hard shell case with an elastomeric liner formed on the interior of the exterior hard shell for mobile electronic devices. This hard protective exterior shell allows the device maximum protection from impacts with sharp objects while the interior elastomeric portion that provides shock protection for the device from impacts. The exterior hard shell part is formed to fit the device closely with a small offset from the devices surface. The exterior hard shell raps around the edges of the device. To allow the shell to be able to be mounted on the device the corners of the hard shell are cut open. This allows each sidewall to flex away when a device is inserted and snap back once it is in place. The elastomeric material fills in the gaps created at the comers of the exterior hard shell to allow flex for mounting. | 12-24-2015 |
Patent application number | Description | Published |
20120084571 | IMAGE-BASED KEY EXCHANGE - This disclosure is directed for improved techniques for configuring a device to generate a secondary password based at least in part on a secure authentication key. The techniques of this disclosure may, in some examples, provide for capturing, by a computing device, an image of a display of another computing device. The captured image includes at least one encoded graphical image, such as a barcode, that includes an indication of the content of a secure authentication key. The computing device may use the secure authentication key to generate a secondary password to be used in conjunction with a primary password to gain access to a password-protected web service. | 04-05-2012 |
20120084846 | IMAGE-BASED KEY EXCHANGE - This disclosure is directed for improved techniques for configuring a device to generate a secondary password based at least in part on a secure authentication key. The techniques of this disclosure may, in some examples, provide for capturing, by a computing device, an image of a display of another computing device. The captured image includes at least one encoded graphical image, such as a barcode, that includes an indication of the content of a secure authentication key. The computing device may use the secure authentication key to generate a secondary password to be used in conjunction with a primary password to gain access to a password-protected web service. | 04-05-2012 |
20130067245 | SOFTWARE CRYPTOPROCESSOR - Security of information—both code and data—stored in a computer's system memory is provided by an agent loaded into and at run time resident in a CPU cache. Memory writes from the CPU are encrypted by the agent before writing and reads into the CPU are decrypted by the agent before they reach the CPU. The cache-resident agent also optionally validates the encrypted information stored in the system memory. Support for I/O devices and cache protection from unsafe DMA of the cache by devices is also provided. | 03-14-2013 |
20150067265 | System and Method for Partitioning of Memory Units into Non-Conflicting Sets - A system and method of operation exploit the limited associativity of a single cache set to force observable cache evictions and discover conflicts. Loads are issued to input memory addresses, one at a time, until a cache eviction is detected. After observing a cache eviction on a load from an address, that address is added to a data structure representing the current conflict set. The cache is then flushed, and loads are issued to all addresses in the current conflict set, so that all known conflicting addresses are accessed first, ensuring that the next cache miss will occur on a different conflicting address. The process is repeated, issuing loads from all input memory addresses, incrementally finding conflicting addresses, one by one. Memory addresses that conflict in the cache belong to the same partition, whereas memory addresses belonging to different partitions do not conflict. | 03-05-2015 |
20150089502 | Method and System for Providing Secure System Execution on Hardware Supporting Secure Application Execution - An application such as a virtual machine are executed securely using a software-based, full-system emulator within a hardware-protected enclave, such as an SGX enclave. The emulator may thereby be secure even against a malicious underlying host operating system. In some cases, paging is used to allow even a large application may run within a small enclave using paging. Where the application itself uses enclaves, these guest enclaves may themselves be emulated within an emulator enclave such that the guest enclave(s) are nested as sibling enclaves by the emulator. | 03-26-2015 |
20150227744 | ATTESTATION USING A COMBINED MEASUREMENT AND ITS CONSTITUENT MEASUREMENTS - An attestation system for asserting and verifying assertions of a known-good state of a computer system is provided. The attestation system allows a challenger and a prover to conduct an attestation so that the challenger can verify an assertion of the prover. To conduct the attestation, the prover sends, as an assertion of its state, a combined measurement of resources along with a constituent measurement of each resource to the challenger. The challenger verifies the assertion by verifying that the asserted constituent measurements represent known-good measurements and verifying that the asserted combined measurement can be generated from the asserted constituent measurements. To verify the asserted constituent measurements, the challenger determines whether each asserted constituent measurement for a resource is a known-good measurement for that resource. To verify the asserted combined measurement, the challenger generates a combined measurement from the asserted constituent measurements received from the prover. | 08-13-2015 |
20150269091 | SECURE SUPPORT FOR I/O IN SOFTWARE CRYPTOPROCESSOR - Methods and systems for securing sensitive data from security risks associated with direct memory access (“DMA”) by input/output (“I/O”) devices are provided. An enhanced software cryptoprocessor system secures sensitive data using various techniques, including (1) protecting sensitive data by preventing DMA by an I/O device to the portion of the cache that stores the sensitive data, (2) protecting device data by preventing cross-device access to device data using DMA isolation, and (3) protecting the cache by preventing the pessimistic eviction of cache lines on DMA writes to main memory. | 09-24-2015 |