Entries |
Document | Title | Date |
20080229099 | METHOD FOR GENERATING STANDARD FILE BASED ON STEGANOGRAPHY TECHNOLOGY AND APPARATUS AND METHOD FOR VALIDATING INTEGRITY OF METADATA IN THE STANDARD FILE - An apparatus for validating integrity of metadata in a standard file includes: a metadata acquiring unit for acquiring metadata from a protected file; an integrity evidence value acquiring unit for acquiring an integrity evidence value from a file or a database; a secret information extracting unit for extracting secret information of a file data; and a metadata integrity validating unit for checking if the metadata is correct by using the acquired metadata, the acquired integrity evidence value, and the extracted secret information. | 09-18-2008 |
20080313458 | SYSTEM AND METHOD OF PER-PACKET KEYING - A method of per-packet keying for encrypting and decrypting data transferred between two or more parties, each party having knowledge of a shared key that allows a per-packet key to differ for each packet is provided. Avoiding the use of a static session key during encryption offers several advantages over existing encryption methods. For example, rejecting packets received with duplicate sequence numbers, or sequence numbers that are beyond a specified deviation range mitigates Replay Attacks. | 12-18-2008 |
20090049296 | Customizable instant messaging private tags - Systems for customizing the privatizing of instant messages preferably comprise a processing device configured to detect a marking of select portions of an instant message as sensitive data. The instant message is parsed for marked sensitive data. An encryption engine encrypts the sensitive data. A modified unencoder is also preferably included for converting the encrypted sensitive data into a data stream that complies with an XML format. Other systems and methods are also provided. | 02-19-2009 |
20090055643 | SYSTEM AND METHOD FOR DISPLAYING A SECURITY ENCODING INDICATOR ASSOCIATED WITH A MESSAGE ATTACHMENT - An apparatus and method of displaying a message on a display of a computing device. The message comprises at least a first attachment. At least a portion of the message is displayed to a user. The displayed portion comprises an identifier for the first attachment. In one embodiment, a security encoding indicator is associated with the identifier for the first attachment and displayed to the user. If a security encoding has been applied to the first attachment, the security encoding indicator indicates the security encoding applied to the first attachment. | 02-26-2009 |
20090063856 | System and Method for Identifying Encrypted Conference Media Traffic - A method for identifying conference media traffic includes receiving a plurality of dummy packets and matching a series of the plurality of dummy packets to a signature key. The method also includes extracting a first identification from one or more of the plurality of dummy packets in response to matching a series of the plurality of dummy packets to a signature key and determining that a second identification associated with one or more encrypted media packets matches the first identification. The method also includes associating one or more encrypted media packets with a conference in response to determining that the first identification matches the second identification. | 03-05-2009 |
20090077375 | Encapsulation of secure encrypted data in a deployable, secure communication system allowing benign, secure commercial transport - Sensitive, Type 1 KIV-encrypted data is encapsulated into IP packets in a remotely deployed, secure communication system. The IP packets are addressed to a matching IP encapsulator/decapsulator device over the public Internet or other IP protocol network, that then passes it to a similar Type 1 KIV device for decryption. Thus, sensitive, encrypted data is made to appear as if it were any other commercial network data, cloaking it in the vast and busy world of the Internet. The present invention is embodied in a system that provides secure Voice-Over-IP (VoIP), video and data network functionality in a single, small size deployable case, to a remote user. Most importantly, the embodiment allows for the routing of bulk encrypted (i.e., secure) data over a public network, e.g., the Internet. | 03-19-2009 |
20090089576 | TECHNIQUES FOR COMMUNICATING INFORMATION OVER MANAGEMENT CHANNELS - Techniques for communicating information over management channels are described. An apparatus may comprise a classifier module operative to classify management information for a wireless communications network as media access control security management information or media access control management information. The apparatus may further comprise a wireless transceiver to couple to the classifier module, the wireless transceiver operative to communicate the media access control security management information over an insecure management connection and the media access control management information over a secure management connection. Other embodiments are described and claimed. | 04-02-2009 |
20090089577 | MAC FRAME PROVISION METHOD AND APPARATUS CAPABLE OF ESTABLISHING SECURITY IN IEEE 802.15.4 NETWORK - A medium access control (MAC) frame provision method establishes security in an IEEE 802.15.4 network. A MAC frame is generated, which includes a MAC header, a payload field, and a frame check sequence (FCS) field, the payload field including relevant main data according to a frame type defined in the MAC header. A disguised decoy data sequence number (DSN) is generated and inserted into the MAC header. A real DSN, which is a corresponding transmission sequence number of the MAC frame, is generated and inserted into the payload field. The MAC frame is transmitted, including the encrypted payload field, to a counterpart node. A MAC ACK frame acknowledges reception of the transmitted MAC frame; and a DSN is compared in the received MAC ACK frame with the real DSN. An authentication of the counterpart node is performed when the received MAC ACK frame is equal to the real DSN. | 04-02-2009 |
20090094454 | SYSTEMS FOR PROTECTING SUBSCRIBER IDENTIFICATION BETWEEN SERVICE AND CONTENT PROVIDERS - A method and systems for protecting the identification of a subscriber when a service provider transmits a subscriber request to a content provider in a distributed network environment, such as Internet. After the user sends a request to a service provider to which he has subscribed, the service provider encrypts the user identifier before transmitting this request with the encrypted user identifier to the content provider. Upon reception, the content provider uses an authentication Web Service supplied by the service provider for certifying the user identifier. If the user identifier is certified, the content provider transmits the requested content to the service provider, which formats it before sending it to the user. The content provider may charge the user through the service provider. | 04-09-2009 |
20090138705 | Method for User Data Transmission - A first communication device used for a coding enables a direct connection installation message and a coded message to be transmitted in the direction of a second communication device. The direct connection installation message is a first direct connection address identifying a coding device and a coding message is allocated to a second direct connection installation message identifying the first communication device. If it is determined that the second communication device assists the provided coding, a direct connection between the second and the first communication device is established using the second direct connection address. Otherwise, a direct connection between the second communication device and the coding device is established using the first direct connection address and is routed from there to the first communication device. | 05-28-2009 |
20090144543 | SECRET SHARING DEVICE, METHOD, AND PROGRAM - A secret sharing device of (k, n) threshold scheme creates a generator matrix G, first divided secret data, and random number data, calculates shared partial data based on the product of matrices with the random number data, the divided secret data, and the generator matrix G, and delivers the shared information formed by the shared partial data and the header information individually to the storage units. The secret sharing device calculates a recovery matrix and multiplies the shared information by the recovery matrix, hence to recover the secret information. | 06-04-2009 |
20090158035 | Public Key Encryption For Web Browsers - A method, apparatus, and article are provided to support encryption of web service applications on a remote server. In a computer system with a remote server and a local client machine, a browser is provided on the local client machine to access applications on the server. Web server applications are stored on one or more remote servers, with access provided through the browser local to the client machine. A user of one or more web services may encrypt data entered with a public key, and may view received data with a private key. The public key and private key are local to the client machine and are employed to encrypt the data stored on the server. | 06-18-2009 |
20090172393 | Method And System For Transferring Data And Instructions Through A Host File System - A method for encrypting data may generate an encryption instruction and combine it with a payload of data to form a packet. The packet is associated with a command and passed to a host file system process. The packet, now associated with a second command, is received from the host file system process. The encryption instruction and the payload of data are extracted from the packet. At least a portion of the payload of data is encrypted based on the encryption instruction. A method for decrypting data may receive a packet and generate a decryption instruction. At least a portion of the packet is decrypted using at least the decryption instruction. The second packet comprising the decrypted packet is passed to a host file system process. A third packet comprising the decrypted packet is received from the host file system process. The decrypted packet is extracted from the third packet. | 07-02-2009 |
20090172394 | Assigning nonces for security keys - Secure communications may be implemented by transmitting packet data units with information sufficient to enable a receiving entity to reconstruct a nonce. That is, rather than transmitting all of the bits making up the nonce, some of the bits may be transmitted together with an identifier that enables the rest of the bits of the nonce to be obtained by the receiving entity. | 07-02-2009 |
20090204811 | Method For The Encrypted Transmission Of Synchronization Messages - There is described a method for transmitting synchronization messages, for example PTP messages of the IEEE 1588 standard, the PTP message being inserted into a data packet in line with the Internet Protocol, the data packet having an IP header, and the data packet having a UDP header. In this case, for the encrypted transmission on the PTP message, the data packet is addressed to a UDP port that is reserved for encrypted PTP messages, the data packet is provided with an additional S-PTP header that is provided for encryption, the PTP message is extended with a pseudo random number, and the PTP message is encrypted together with the pseudo random number. | 08-13-2009 |
20090204812 | MEDIA PROCESSING - In an example embodiment, an apparatus comprising a communication interface configured to be in data communication with another device, and processing logic that is operably coupled to the communication interface. The processing logic is operable to process a packet received via the communication interface, the packet comprising a header and a payload. The processing logic is configured to acquire information about the contents of the payload from the header. For example, the processing logic can determine from the header of the packet whether the payload contains sensitive data; contains analytic, video, and/or audio data; and/or whether the payload is encrypted. | 08-13-2009 |
20090259844 | CONTENT PROVIDING SYSTEM, USER SYSTEM, TRACING SYSTEM, APPARATUS, METHOD, AND PROGRAM - With each embodiment of the present invention, a content providing system comprises a content encrypting section which encrypts content by use of a session key and a header generating section which encrypts the session key by use of an encryption key in such a manner that the session key can be obtained by use of a decryption key assigned to a user system and generates header information including the encrypted session key and one or more values based on user identification information of each of the user systems that are permitted to obtain the session key. The content providing system transmits the encrypted content and the header information to each user system. Since the header information does not explicitly include user identification information of the user systems, information about whose decryption keys have been revoked is not leaked out in the block box tracing. | 10-15-2009 |
20090276624 | METHOD AND APPARATUS FOR FACILITATING BUSINESS PROCESSES - A method and apparatus for facilitating a business process communication and managing business processes. First business process data is obtained from at least one first trading participant and processed at a process management platform configured to automatically determine second trading participants to satisfy the first business process data. A second protocol is identified for conducting business transactions used by the second trading participants. Second business process data is generated from the first business process data. The second business process data includes a set of transaction messages having a data format in accordance with the identified second protocol. The second business process data is transmitted from the process management platform to the second trading participants. The first and second trading participants conduct the business transactions in accordance with their respective protocols for conducting business transactions. The process management platform is configured to process at least one proprietary transaction definition format. | 11-05-2009 |
20090292917 | SECURE TRANSPORT OF MULTICAST TRAFFIC - Secure tunneled multicast transmission and reception through a network is provided. A join request may be received from a second tunnel endpoint, the join request indicating a multicast group to be joined. Group keys may be transmitted to the second tunnel endpoint, where the group keys are based at least on the multicast group. A packet received at the first tunnel endpoint may be cryptographically processed to generate an encapsulated payload. A header may be appended to the encapsulated payload to form an encapsulated packet, wherein the header includes information associated with the second tunnel endpoint. A tunnel may be established between the first tunnel endpoint and the second tunnel endpoint based on the appended header. The encapsulated packet may be transmitted through the tunnel to the second tunnel endpoint. The second tunnel endpoint may receive the encapsulated packet. Cryptographic processing of the encapsulated packet may reveal the packet having a second header. The packet may then be forwarded on an interface toward at least one multicast recipient identified in the second header. | 11-26-2009 |
20090300350 | SECURITY GROUPS - Methods and devices are provided for implementing security groups in an enterprise network. The security groups include first network nodes that are subject to rules governing communications between the first network nodes and second network nodes. An indicator, referred to as a security group tag (SGT), identifies members of a security group. In some embodiments, the SGT is provided in a field of a data packet reserved for layer 3 information or a field reserved for higher layers. However, in other embodiments, the SGT is provided in a field reserved for layer 1 or layer 2. In some embodiments, the SGT is not provided in a field used by interswitch links or other network fabric devices for the purpose of making forwarding decisions. | 12-03-2009 |
20090313469 | Deployable secure communication system - A secure Voice-Over-IP (VOIP), video and data network functionality in a single, small size deployable case, for a remote user. While capable of secure communications, the disclosed system also provides communication capability (VOIP, video and/or data) in a non-secure manner if desired. Most importantly, bulk encrypted (i.e., secure) data may be routed over a public network, e.g., the Internet. | 12-17-2009 |
20100042831 | Method and System for Secure Transmission of Data in an Ad Hoc Network - Using at least one network consisting of at least one node, a multi-hop communication system is formed in which data are received and forwarded from a transmitting first node to a second node receiving the data via at least one third node interposed between the first and the second node. For transmission, the data are subdivided into packets that have a useful data portion (payload) and at least one first control data portion associated with the multi-hop method and a second control data portion associated with the network. The data are encrypted using a first public key determined by the first node and the second node, but only the useful data portion is encrypted using the first public key. | 02-18-2010 |
20100088510 | APPARATUS AND METHOD FOR DATA PACKET SECURITY IN A WIRELESS SENSOR NETWORK - An apparatus and method for providing data packet security in a wireless sensor network including a plurality of sensor nodes. The apparatus includes a memory unit for storing a plurality of node characteristic information and a plurality of settable security status information, each of the node characteristic information corresponding to at least one of the settable security status information; and a control unit for examining the node characteristic information of the control unit, if a data packet generation request is made, detecting the security status information corresponding to the examined node characteristic information from the memory unit, and generating data packets including the detected security status information. | 04-08-2010 |
20100095114 | METHOD AND SYSTEM FOR ENCRYPTING AND DECRYPTING DATA STREAMS - A method of encrypting a data stream includes receiving the data stream, and for each data packet in the data stream, forming an encrypted packet by encrypting a header portion of the data packet while leaving a body portion of the data packet unencrypted. The method also includes assembling an encrypted data stream comprising all the encrypted packets, and outputting the encrypted data stream. | 04-15-2010 |
20100115271 | Method of Automatically Establishing a Security Link for a Wireless Communication System and Related Communication Device - A method for a access point device having first network identity information to automatically establish a security link with a peer access point device in a wireless communication system includes searching and receiving a beacon corresponding to the peer access point device by radio frequency scan, obtaining second network identity information corresponding to the peer access point device from the beacon, determining a primary-secondary relationship for the access point device and the peer access point device according to the first and second network identity information, generating or receiving security data according to the primary-secondary relationship, and then establishing the security link with the peer access point device according to the security data. | 05-06-2010 |
20100146266 | HOME NETWORK ENCRYPTION TECHNIQUES - A premises based multimedia communication system includes a source device that produces multimedia content, a rendering device that presents the multimedia content, and a premises communication network coupling the source device to the rendering device. The system certifies transfer of the multimedia content from the source device to the rendering device via the at least one premises communication network using link layer encryption operations. After certification, the system at least partially disables the link layer encryption operations for the transfer of the multimedia content from the source device to the rendering device via the at least one premises communication network. With the link layer operations are at least partially disabled, the system at least partially enables content layer encryption operations for the transfer of the multimedia content from the source device to the rendering device via the at least one premises communication network. | 06-10-2010 |
20100153715 | PACKET HANDLING IN A MOBILE IP ARCHITECTURE - A method of handling IP packets transmitted from a correspondent node to a mobile node via an intermediate node using the IPsec security protocol. The method comprises, at the correspondent node, identifying specified selector information within the part of the packet to be encrypted, and incorporating the identified information or a digest thereof into a header part of the packet which is to be sent unencrypted, transmitting the packet from the correspondent node to said intermediate node, and, at the intermediate node, receiving the transmitted packet and identifying a policy to be applied to the packet using said information or digest contained in the packet, and applying the policy to the packet. | 06-17-2010 |
20100174901 | IMPLEMENTING IEEE 802.1AE AND 802.1af SECURITY IN EPON (1GEPON AND 10GEPON) NETWORKS - A method and system is provided for securing communication on an EPON. Particularly different types of encrypted messages, each with a respective short MAC SegTAG, may be sent from the OLT to an ONU and from an ONU to the OLT without need for a full SecTAG with an explicit SCI. Discovery and control messages may be encrypted and a security offset may be less than 30 bytes. A packet header including its MAC address may be encrypted. | 07-08-2010 |
20100318792 | ELECTRONIC SIGNATURE VERIFICATION METHOD IMPLEMENTED BY SECRET KEY INFRASTRUCTURE - An electronic signature verification method implemented by SKI infrastructure adopts a secret key infrastructure (SKI) system for registering a secret key and issuing a signature key and a verification key. After a signer has completed a signature, a signature data, a verification data and a verification key encrypted by the secret key of a signature verification unit are sent to a recipient. After the recipient has received the data, a user needs to send the verification data and the encrypted verification key to a signature verification unit if the user wants to confirm the signature on the signature data. The signature verification unit uses a secret key authorized by the SKI for the decryption to obtain the verification key and uses the verification key to verify the verification data and confirm the existence of the signature of the signature data, so as to authenticate the signature of the signature data. | 12-16-2010 |
20100325430 | GLOBALLY UNIQUE IDENTIFICATION IN COMMUNICATIONS PROTOCOLS AND DATABASES - A globally unique identification system for a communications protocol and database is disclosed. A method for generating the globally unique identification code and for generating a compressed globally unique identification code is also described. The communications protocol permits multiple communications sessions to be sent through a single open port of a firewall. | 12-23-2010 |
20110016313 | HEADER COMPRESSION FOR TUNNELED IPsec PACKET - Aspects describe compressing the concatenation of IP headers, UDP headers, ESP headers, and potentially other headers inside the ESP header. The multiple headers are regarded as one header chain and compressed as a single header chain. The compression can utilize a robust header compression (ROHC) framework. The ROHC ESP profile can be utilized as a basis for compression of ESP/UDP/IP headers with the addition of static chains and dynamic chains for multiple layer transport and application layer headers. Static chains include UDP static header fields either between static IP header fields and static IP header fields or between static IP header fields and static ESP header fields. Dynamic chains include UDP dynamic header fields either between dynamic IP header fields and dynamic ESP header fields or between static IP header fields and static IP header fields. | 01-20-2011 |
20110055558 | GALOIS/COUNTER MODE ENCRYPTION IN A WIRELESS NETWORK - A system includes a temporal key module, a nonce module, and a security module. The temporal key module is configured to generate a first temporal key. The first temporal key is to be used to encrypt a plurality of packets. The nonce module is configured to generate a nonce for each packet encrypted based on the first temporal key. Each nonce includes a packet number that is different than packet numbers associated with other nonces generated by the nonce module. The security module is configured to determine when the packet number included in the nonce generated by the nonce module is greater than or equal to a predetermined threshold. | 03-03-2011 |
20110119487 | System and method for encryption rekeying - Disclosed is a system and method for maintaining a secure, encrypted networking session across a communications network by dynamically replacing encryption keys during the networking session and without terminating the session. A secure control channel is embedded within the general encrypted network connection and is used to transport encrypted control messages from one network endpoint to another. In order to hide that fact that such control messages are being transferred (as opposed to general network data traffic), the control message data packets are formatted in a way to simulate the standard general network data packets. | 05-19-2011 |
20110145571 | SECURITY FOR COLLABORATION SERVICES - Various embodiments, in the form of at least one of systems, methods, and software, are provided that include security solutions for use of collaboration services. Some embodiments include encrypting data to be sent to and stored by a collaboration service. These and other embodiments include capturing, within a computer application used to post data to a collaboration service, data to be sent to the collaboration service, encrypting the captured data, and returning the data in an encrypted form to the computer application for posting to the collaboration service. | 06-16-2011 |
20110145572 | Apparatus and method for protecting packet-switched networks from unauthorized traffic - An apparatus and method for protecting packet-switched network links, intermediate nodes, and/or end nodes from unauthorized traffic identifies authorized traffic via a signature contained in each packet that is associated with a stored cryptographic key. Packets are forwarded (or passed through) only if they contain a signature having a pre-defined correlation to the associated key. Optionally, means for controlling the protection can be provided, so that unauthorized traffic is rejected when the protection is operative but is passed when it is not. Also optionally, intermediate degrees of protection such as prioritization of authorized traffic over unauthorized traffic can be provided. | 06-16-2011 |
20110145573 | SYSTEM FOR SECURE PACKET COMMUNICATION - A system for processing a communication data item. The communication data item is divided into at least two unencrypted packets to be encrypted. Each encrypted packet is generated from a corresponding unencrypted packet. Each unencrypted packet has a packet header and plaintext data. The packet header has an identifier field that includes a packet identifier that is identical for all unencrypted packets. Generating an encrypted packet for each unencrypted packet includes: determining a vector identifier from the identical packet identifier, wherein the vector identifier is associated with the identical packet identifier; ascertaining an initial vector from the vector identifier; and forming an encrypted packet header by inserting the vector identifier into a first portion of the packet header and encrypting a second portion of the packet header through use of the initial vector. The encrypted packets are subsequently decrypted and combined to reconstruct the communication data item. | 06-16-2011 |
20110154029 | METHOD OF ENCRYPTING CONTROL SIGNALING - A method of protecting control signaling transceived between a mobile station and a base station in a wireless access system is disclosed. And, a method of encrypting control signals selectively is disclosed. The present invention defines new control signal encryption key (CSEK) and group control signal encryption key (GCSEK) for encrypting a control signal and discloses methods of protecting a control signal using the control signal encryption keys. Moreover, although the new control signal encryption key and the like are not used, the present invention efficiently protects control signaling by selectively encrypting control signals. | 06-23-2011 |
20110161664 | MEANS OF MITIGATING DENIAL OF SERVICE ATTACKS ON IP FRAGMENTATION IN HIGH PERFORMANCE IPSEC GATEWAYS - Embodiments of the invention reduce the probability of success of a DOS attack on a node receiving packets by decreasing the probability of random collisions of packets sent by a malicious user with those sent by honest users. The probability of random collisions may be reduced in one class of embodiments of the invention by supplementing the identification field of the IP header of each transmitted packet with at least one bit from another field of the header. The probability of random collisions may be reduced in another class of embodiments of the invention by ensuring that packets sent from a transmitting IPsec node to a receiving IPsec node are not fragmented. | 06-30-2011 |
20110173442 | PACKET-BASED AND PSEUDO-PACKET BASED CRYPTOGRAPHIC COMMUNICATIONS SYSTEMS AND METHODS - The disclosed technology provides a system and method of securely communicating data. An encryptor located at a transmitter can provide encrypted data to the transmitter. The transmitter can maintain a packet number indicating a particular packet for carrying the encrypted data and a sub-packet number indicating a position within the packet where the encrypted data is to be stored. The encryptor can produce the encrypted data using an encryptor seed generated based on the packet number and sub-packet number. A receiver can maintain a receiver packet number indicating a number of previously received packets and can compute a receiver sub-packet number. The receiver can receive a packet containing encrypted data and can decrypt the encrypted data using a decryptor seed generated based on the receiver packet number and sub-packet number. | 07-14-2011 |
20110191582 | Agile Network Protocol For Secure Communications With Assured System Availability - A plurality of computer nodes communicates using seemingly random IP source and destination addresses and (optionally) a seemingly random discriminator field. Data packets matching criteria defined by a moving window of valid addresses are accepted for further processing, while those that do not meet the criteria are rejected. In addition to “hopping” of IP addresses and discriminator fields, hardware addresses such as Media Access Control addresses can be hopped. The hopped addresses are generated by random number generators having non-repeating sequence lengths that are easily determined a-priori, which can quickly jump ahead in sequence by an arbitrary number of random steps and which have the property that future random numbers are difficult to guess without knowing the random number generator's parameters. Synchronization techniques can be used to re-establish synchronization between sending and receiving nodes. | 08-04-2011 |
20110246766 | SYSTEMS AND METHODS FOR SECURING DATA IN MOTION - The systems and methods of the present invention provide a solution that makes data provably secure and accessible—addressing data security at the bit level—thereby eliminating the need for multiple perimeter hardware and software technologies. Data security is incorporated or weaved directly into the data at the bit level. The systems and methods of the present invention enable enterprise communities of interest to leverage a common enterprise infrastructure. Because security is already woven into the data, this common infrastructure can be used without compromising data security and access control. In some applications, data is authenticated, encrypted, and parsed or split into multiple shares prior to being sent to multiple locations, e.g., a private or public cloud. The data is hidden while in transit to the storage location, and is inaccessible to users who do not have the correct credentials for access. | 10-06-2011 |
20110252231 | REKEY SCHEME ON HIGH SPEED LINKS - In one embodiment, apparatus and methods for a rekey process are disclosed. In certain rekey embodiments, when a key-generation protocol exchange is executed, instead of generating a single new security relationship, such as a Security Association or SA, a multiple set (e.g., 10) of new security relationships (e.g., SAs) are generated. An authorized device can then individually use these security relationships (e.g., SAs) as needed to securely communicate with each other. For example, a set of SAs can be efficiently programmed into an 802.1ae protocol ASIC for handling transmitted and received data packets. In the description herein, embodiments of the invention are described with respect to SA's, and this “SA” term is generally defined as any type of security relation that can be formed to allow a particular node to securely transmit packets or frames to another receiving node. | 10-13-2011 |
20110258436 | System and Method for Providing Searchable Data Transport Stream Encryption - A packetized transport stream for protecting viewing content from unauthorized access and methods for manufacturing and using same. The transport stream includes a plurality of content frames, each having a frame header and a frame payload. Each frame header includes information for handling the content frame; whereas, the frame payload includes selected viewing content for which protection from unauthorized access is desirable. By encrypting only the frame payload, the header remains unencrypted and can be applied to prepare the encrypted frame payload for presentation. The viewing content thereby can be stored in an encrypted format and can be decrypted on-the-fly as the viewing content is needed for presentation. The combination of the unencrypted frame header and the encrypted frame payload advantageously enables the viewing content to be protected against unauthorized use, copying, and dissemination without impairing the presentation of the viewing content. | 10-20-2011 |
20110271102 | METHOD AND APPARATUS FOR INGRESS FILTERING USING SECURITY GROUP INFORMATION - A method and apparatus for ingress filtering using security group information are disclosed. The method includes performing access control processing on a packet and sending access control information to an ingress node of the packet in response to the access control processing. The access control information includes security group information and an address of a network node. The security group information identifies a security group. The network node is a member of the security group and is a destination of the packet. | 11-03-2011 |
20110314274 | METHOD AND APPARATUS FOR SECURITY ENCAPSULATING IP DATAGRAMS - A method and corresponding apparatus are provided to security encapsulate an original IP datagram received from a network. It is first determined whether an IP payload of the original IP datagram is a TCP segment, UDP datagram or packet of another type of network protocol. Based on this determination, a portion of the IP payload is encrypted resulting in an encrypted payload. A security encapsulated IP packet is then formed with source IP address, destination IP address, and IP protocol field from the original IP datagram, and the encrypted payload. The security encapsulated IP packet is then provided to the network. | 12-22-2011 |
20120036355 | Method and system for encrypting and decrypting transaction in power network - Disclosed herein is a method and system for universally encrypting and decrypting a transaction which is a functional unit in a power network, while reducing a system load. When a transmitting node encrypts a transaction, the serial number of the transaction corresponding to each piece of data included in the transaction is present, and data is selected either using a predetermined criterion or randomly, and is then encrypted. The transaction serial number is added to the encrypted data. A receiving node selects data to be decrypted using the transaction serial number or a predetermined criterion. Through this operation, encryption has been conducted from the standpoint of the transaction, but only part of the data is encrypted based on a probability from the standpoint of the data, so that a system load is reduced, thus enabling efficient encryption and decryption technologies to be implemented. | 02-09-2012 |
20120060029 | METHOD AND SYSTEM FOR DYNAMIC SECURED GROUP COMMUNICATION - A system and method directed to carrying out dynamic secured group communication is provided. The method includes: obtaining a first packet that includes a first header; forming a frame that includes the first header in encrypted form; combining the first header and the frame to form a second packet and forming a second header; encapsulating the second packet with the second header to form a third packet, and communicating the third packet into the second network from the second source node for termination to the second-destination node. The first header includes a first source address of a first source node of a first network, and a first destination address of a first destination node of the first network. The second header includes a second source address of a second source node of a second network, and a second destination address of a second destination node of the second network. | 03-08-2012 |
20120066493 | Secure Transfer and Tracking of Data Using Removable Non-Volatile Memory Devices - A protected memory source device including removable non-volatile memory durably stores a signature such as a serial number or identifier, which is used to mark protected multimedia content legally stored on the protected memory device. The protected multimedia content is moved from the source device to another device, such as a target device used to aggregated protected content in a library. Moving the protected multimedia content involves replacing a source-specific header, comprising digital rights management metadata and/or other security metadata allowing only a device having the source device signature access to the content, with a target-specific header comprising digital rights management metadata and/or other security metadata allowing only a device having the target device signature access to the content. The transfer is done using one of a variety of transfer methods with either a trusted or un-trusted host system connecting the source device to the target device. | 03-15-2012 |
20120066494 | Controlling Download and Playback of Media Content - Systems and methods provide for controlling download and playback of media content. A system includes a client, which can play content, and a server. The server includes a permission system that can determine whether a client request to download or play content should be granted. All purchase, download, and playback requests require permission from the permission system. The server also includes a DD module system that transfers a DD module to the client. The DD module includes a content key decryption module, a content decryption module, and a content decompression module. The content key decryption module decrypts an encrypted content key that was received from the server. The decryption uses a unique DD module key that has been hard-coded into the content key decryption module. The content decryption module uses the content key to decrypt encrypted content. The content decompression module decompresses compressed content so that it can be played. | 03-15-2012 |
20120072722 | SYSTEM AND METHOD OF PROTECTING DATA ON A COMMUNICATION DEVICE - A system and method of protecting data on a communication device are provided. Data received when the communication device is in a first operational state is encrypted using a first cryptographic key and algorithm. When the communication device is in a second operational state, received data is encrypted using a second cryptographic key and algorithm. Received data is stored on the communication device in encrypted form. | 03-22-2012 |
20120084558 | INFORMATION PROCESSING APPARATUS AND INFORMATION PROCESSING METHOD - An information processing apparatus has an authentication and key exchange processing unit, a packet selector, a content key generator, a content decryption unit to decrypt, based on the content key, the encrypted content which is included in the content packet and received following the CCI packet, a CCI set identifier management unit to manage a CCI identifier corresponding to recognizable copy control information, a CCI selector, a CCI analyzer to analyze copy control information corresponding to the CCI identifier selected by the CCI selector, a content processing unit to perform, based on an analysis result of the CCI analyzer, the receiving process on the content data corresponding to the content packet received following the CCI packet, a first communication connection unit to perform the authentication and key exchange process, and a second communication connection unit to transmit the content packet and the CCI packet. | 04-05-2012 |
20120096260 | CONTENT TRANSMISSION DEVICE, CONTENT TRANSMISSION METHOD, AND COMPUTER PROGRAM USED THEREWITH - A content transmission device for transmitting content, whose copying is controlled, includes an authentication section for performing an authentication procedure between the content transmission device and a content receiving device, a first copy-control-information processing section for processing first copy control information describing copy control information concerning the content, a second copy-control-information processing section for processing second copy control information including content information different from the first copy control information, and a content transmission section for generating and transmitting, to the content receiving device, a packet including a header including the first copy control information and the second copy control information, and a payload obtained by encrypting the content with a predetermined content key. | 04-19-2012 |
20120102320 | DEPLOYABLE SECURE COMMUNICATION SYSTEM - A secure Voice-Over-IP (VOIP), video and data network functionality in a single, small size deployable case, for a remote user. While capable of secure communications, the disclosed system also provides communication capability (VOIP, video and/or data) in a non-secure manner if desired. Most importantly, bulk encrypted (i.e., secure) data may be routed over a public network, e.g., the Internet. | 04-26-2012 |
20120151208 | METHOD FOR PROCESSING SECURE PROGRAM USING KEY DISTRIBUTION PROTOCOL IN SERVER/CLIENT - Disclosed are a server and a client processing a security program by using a real-time distribution method and method of controlling the server and the client. A method of controlling a server processing a security program by using a real-time key distribution method according to an exemplary embodiment of the present invention includes: analyzing a security program for transmitting the security program to a client; decomposing a code of the analyzed security program into code blocks; encrypting the code blocks by using an encryption key; changing an original header of the security program to a first header; and transmitting a packed program including the encrypted code blocks and the changed first header to the client. | 06-14-2012 |
20120216036 | ENCRYPTION METHODS AND SYSTEMS - Systems and methods are described for securely transmitting data in a mesh network. The method includes: performing on a processor, assembling a header with a recipient address, wherein the recipient address designates an encryption endpoint; associating encrypted data with the header; and presenting a packet for transmittal on the mesh network, wherein the packet includes the header and the encrypted data. | 08-23-2012 |
20120221853 | EFFICIENT KEY HIERARCHY FOR DELIVERY OF MULTIMEDIA CONTENT - A Digital Rights Management (DRM) system provides a lightweight layering of encryption and decryption of keys that allows efficient use of different cryptographic techniques to effect the secure delivery of multimedia content. Asymmetric cryptography, where a public key is used to encrypt information that can only be decrypted by a matched private key, is used by the DRM system to deliver symmetric keys securely. | 08-30-2012 |
20120254611 | COMMUNICATION APPARATUS, COMMUNICATION SYSTEM, AND COMMUNICATION METHOD - A communication apparatus includes a processor configured to determine whether a secure path has been established between the communication apparatus and a first communication apparatus, when communication apparatus transmits to the first communication apparatus, a command that causes execution of a given operation; an acquirer that acquires a transmission-side key having a given correspondence relation with a reception-side key that is acquired by the first communication apparatus; and a transmitter that transmits to the first communication apparatus a packet that includes the acquired transmission-side key and the command, if the processor has determined that the secure path has not been established. | 10-04-2012 |
20120278615 | SECURTIY ASSOCIATION PREFETCH FOR SECURITY PROTCOL PROCESSING - Described embodiments provide a network processor that includes a security protocol processor for staged security processing of a packet having a security association (SA). An SA request module computes an address for the SA. The SA is fetched to a local memory. An SA prefetch control word (SPCW) is read from the SA in the local memory. The SPCW identifies one or more regions of the SA and the associated stages for the one or more regions. An SPCW parser generates one or more stage SPCWs (SSPCWs) from the SPCW. Each of the SSPCWs is stored in a corresponding SSPCW register. A prefetch module services each SSPCW register in accordance with a predefined algorithm. The prefetch module fetches a requested SA region and provides the requested SA region to a corresponding stage for the staged security processing of an associated portion of the packet. | 11-01-2012 |
20120317413 | DETECTION OF ENCRYPTED PACKET STREAMS USING A TIMER - Methods, systems, and devices are disclosed for detecting encrypted Internet Protocol packet streams. The type of data within an encrypted stream of packets is inferred using an observable parameter. The observable parameter is observable despite encryption obscuring the contents of the encrypted stream of packets. A timer is established that maintains settings despite changes in the type of inferred data. | 12-13-2012 |
20120324219 | Method and System for Resolving a Naming Conflict - A method and a system for naming-conflict-free integration of software components originating from software component manufacturers (OEM), comprising software development devices from different software component manufacturers (OEM) that manufacture and encrypt software components with the respective cryptographic key, wherein when a naming conflict occurs during the integration of encrypted software components, at least one of the encrypted software components in which the naming conflict occurred is expanded by a naming conflict resolution rule to thereby allows for the resolution of naming conflicts in encrypted software components that can originate from different software component manufacturers without the source code of the software components becoming visible to third parties. | 12-20-2012 |
20130019094 | CREATING AND USING SECURE COMMUNICATIONS CHANNELS FOR VIRTUAL UNIVERSES - A system and method provides secure channels for communication in a virtual universe by employing a packet interception layer for incoming and outgoing data packets. A data path is defined and is sequentially encrypted with the public keys of servers in the path. Decryption and identification of the next server occurs in a sequential manner in which the path is known only to the sender. | 01-17-2013 |
20130061044 | SYSTEM AND METHOD FOR INDEPENDENT CONTROL OF FOR-HIRE VEHICLES - A computer system storing parameters pertaining to the regulatory restrictions placed on a for-hire vehicle compares the parameters to a current operating environment of the for-hire vehicle. In some embodiments, the computer system acts as the meter (such as a taximeter) of the for-hire vehicle. The operating parameters may include expiration or exclusion parameters that define the scope of operation of the for-hire vehicle stemming from the for-hire vehicle's medallion or certificate of public convenience and necessity. The expiration or exclusion parameters may also correspond to a driver's permit or any general regulation enacted by the regulatory agency. If the current operating environment does not comply with the expiration or exclusion parameters, the computer system shuts down, or enters a standby mode, and may not accept additional passenger fares until the current operating environment complies with the expiration and exclusion parameters. | 03-07-2013 |
20130061045 | Systems and Methods for Playing Back Alternative Streams of Protected Content Protected Using Common Cryptographic Information - Systems and methods for performing adaptive bitrate streaming using alternative streams of protected content in accordance with embodiments of the invention are described. One embodiment of the invention includes a processor, and memory containing a client application. In addition, the client application configures the processor to: request a top level index file identifying a plurality of alternative streams of protected content, where each of the alternative streams of protected content are encrypted using common cryptographic information; obtain the common cryptographic information; request portions of content from at least the plurality of alternative streams of protected content; access the protected content using the common cryptographic information; and playback the content. | 03-07-2013 |
20130067222 | AGILE NETWORK PROTOCOL FOR SECURE COMMUNICATIONS WITH ASSURED SYSTEM AVAILABILITY - A plurality of computer nodes communicates using seemingly random IP source and destination addresses and (optionally) a seemingly random discriminator field. Data packets matching criteria defined by a moving window of valid addresses are accepted for further processing, while those that do not meet the criteria are rejected. In addition to “hopping” of IP addresses and discriminator fields, hardware addresses such as Media Access Control addresses can be hopped. The hopped addresses are generated by random number generators having non-repeating sequence lengths that are easily determined a-priori, which can quickly jump ahead in sequence by an arbitrary number of random steps and which have the property that future random numbers are difficult to guess without knowing the random number generator's parameters. Synchronization techniques can be used to re-establish synchronization between sending and receiving nodes. | 03-14-2013 |
20130067223 | CONTENT TRANSMISSION DEVICE, CONTENT TRANSMISSION METHOD, AND COMPUTER PROGRAM USED THEREWITH - A content transmission device for transmitting content, whose copying is controlled, includes an authentication section for performing an authentication procedure between the content transmission device and a content receiving device, a first copy-control-information processing section for processing first copy control information describing copy control information concerning the content, a second copy-control-information processing section for processing second copy control information including content information different from the first copy control information, and a content transmission section for generating and transmitting, to the content receiving device, a packet including a header including the first copy control information and the second copy control information, and a payload obtained by encrypting the content with a predetermined content key. | 03-14-2013 |
20130073847 | ENCRYPTION AUTHENTICATION OF DATA TRANSMITTED FROM MACHINE VISION TOOLS - The technology provides, in some aspects, methods and systems for securely transmitting data using a machine vision system (e.g., within a pharmaceutical facility). Thus, for example, in one aspect, the technology provides a method that includes the steps of establishing a communications link between a machine vision processor and a remote digital data processor (e.g., a database server, personal computer, etc.); encrypting, on the machine vision processor, (i) at least one network packet containing machine vision data, and (ii) at least one network packet containing non-machine vision data; and sending to the remote digital data processor the encrypted network packets from the machine vision processor. | 03-21-2013 |
20130086379 | COMMUNICATION APPARATUS, RECEPTION CONTROL METHOD, AND TRANSMISSION CONTROL METHOD - Lookaside-type communication apparatus and reception and transmission control methods make high-rate communication of a packet including encrypted data. Receive data including encrypted data are supplied to an encryption data processing part, and supplied to a security part through a second bus when the packet is received. The encrypted data becomes plain-text data in the security part, and supplied to the control part through the system bus. Transmit data including a data body including a plain-text data to be encrypted are supplied to the security part when the packet is transmitted. The plain-text data become the encrypted data in the security part, and the transmit data having the data body including the encrypted data are supplied to the encryption data processing part through the second bus. The transmit data are transmitted in the form of the packet in the transmission and reception part. | 04-04-2013 |
20130091354 | Agile Network Protocol for Secure Communications with Assured System Availability - A plurality of computer nodes communicates using seemingly random IP source and destination addresses and (optionally) a seemingly random discriminator field. Data packets matching criteria defined by a moving window of valid addresses are accepted for further processing, while those that do not meet the criteria are rejected. In addition to “hopping” of IP addresses and discriminator fields, hardware addresses such as Media Access Control addresses can be hopped. The hopped addresses are generated by random number generators having non-repeating sequence lengths that are easily determined a-priori, which can quickly jump ahead in sequence by an arbitrary number of random steps and which have the property that future random numbers are difficult to guess without knowing the random number generator's parameters. Synchronization techniques can be used to re-establish synchronization between sending and receiving nodes. | 04-11-2013 |
20130103940 | METHODS, SYSTEMS, AND COMPUTER READABLE MEDIA FOR PERFORMING ENCAPSULATING SECURITY PAYLOAD (ESP) REHASHING - Methods, systems, and computer readable media for accelerating stateless IPsec traffic generation by performing ESP rehashing of ESP packets are disclosed. A first ESP packet is generated by encrypting a portion of the packet and adding ESP headers and trailers to the encrypted portion, hashing the encrypted portion and the ESP header to compute a first ESP integrity check value (ICV), and adding the ESP ICV as a trailer to the ESP packet. At least one second ESP packet is generated by modifying parameters in the first ESP packet. The first and second ESP packets are transmitted to a device under test. | 04-25-2013 |
20130179682 | GENERATION OF RELATIVE PRIME NUMBERS FOR USE IN CRYPTOGRAPHY - The disclosed technology generates two relative prime numbers and, then, using the relative prime numbers converts a super-increasing (SI) knapsack into a non-super-increasing (NSI) knapsack. The NSI knapsack becomes a public key and the corresponding SI knapsack, along with the two relative prime numbers, becomes a private key. A message is encrypted using a subset S of the private key that totals a number N. The message, the public key and the number N are transmitted to a recipient, who knows the value of the two relative prime numbers. The recipient uses the relative prime numbers to convert the public key into the private key and, then, generates the subset S by solving the private key with respect to the number N. Using the subset, the message is decrypted. | 07-11-2013 |
20130185554 | METHOD FOR ANALYZING CODED DATA STREAMS SIMULTANEOUSLY TRANSMITTED IN IP NETWORKS - One network protocol (RTP) each, having data packets (dp) comprising an expandable header (KE) is provided for a data stream (ds | 07-18-2013 |
20130219174 | AGILE NETWORK PROTOCOL FOR SECURE COMMUNICATIONS WITH ASSURED SYSTEM AVAILABILITY - A plurality of computer nodes communicates using seemingly random IP source and destination addresses and (optionally) a seemingly random discriminator field. Data packets matching criteria defined by a moving window of valid addresses are accepted for further processing, while those that do not meet the criteria are rejected. In addition to “hopping” of IP addresses and discriminator fields, hardware addresses such as Media Access Control addresses can be hopped. The hopped addresses are generated by random number generators having non-repeating sequence lengths that are easily determined a-priori, which can quickly jump ahead in sequence by an arbitrary number of random steps and which have the property that future random numbers are difficult to guess without knowing the random number generator's parameters. Synchronization techniques can be used to re-establish synchronization between sending and receiving nodes. | 08-22-2013 |
20130219175 | NETWORK NODE WITH NETWORK-ATTACHED STATELESS SECURITY OFFLOAD DEVICE EMPLOYING OUT-OF-BAND PROCESSING - A network node for communicating data packets secured with a security protocol over a communications network includes a host information handling system (IHS) and one or more external security offload devices coupled by a secure data link. The host IHS communicates state information about data packets, and the external offload security device provides stateless secure data encapsulation and decapsulation of packets using a security protocol. An external network interface controller or internal network interface controller communicates encapsulated data packets over the communications network to a final destination. Encapsulation and decapsulation of packets by the external security offload device reduces network latency and reduces the computational load on the processor in the host IHS. Maintaining state information in the host IHS allows hot-swapping of external security offload devices without information loss. The external security offload device may be included in a firewall, or intrusion detection device, and may implement IPsec protocol. | 08-22-2013 |
20130227278 | GENERATION OF RELATIVE PRIME NUMBERS FOR USE IN CRYPTOGRAPHY - The disclosed technology generates two relative prime numbers and, then, using the relative prime numbers converts a super-increasing (SI) knapsack into a non-super increasing (NSI) knapsack. The NSI knapsack becomes a public key and the corresponding SI knapsack, along with the two relative prime numbers, becomes a private key. A message is encrypted using a subset S of the private key that totals a number N. The message, the public key and the number N are transmitted to a recipient, who knows the value of the two relative prime numbers. The recipient uses the relative prime numbers to convert the public key into the private key and, then, generates the subset S by solving the private key with respect to the number N. Using the subset, the message is decrypted. | 08-29-2013 |
20130283044 | SWITCH EQUIPMENT AND DATA PROCESSING METHOD FOR SUPPORTING LINK LAYER SECURITY TRANSMISSION - A switch equipment and data processing method for supporting link layer security transmission are provided. The switch equipment for supporting link layer security transmission comprises a switch module and multiple port modules, each port module is electrically connected with the switch module respectively; the port module supports a link layer key management capability, and is used for establishing a share key for encrypting and decrypting data frames between the switch equipment and other network nodes. | 10-24-2013 |
20130283045 | TERMINAL DEVICE CAPABLE OF LINK LAYER ENCRYPTION AND DECRYPTION AND DATA PROCESSING METHOD THEREOF - There are a terminal device capable of link layer encryption and decryption and a data process method thereof, and the terminal device includes a link layer processing module including a control module, a data frame encryption module, a data frame decryption module, a key management module, an algorithm module, a transmission port and a reception port; and the control module is connected with the transmission port through the data frame encryption module, the reception port is connected with the control module through the data frame decryption module, the control module is connected with the key management module, the data frame encryption module is connected with the data frame decryption module through the key management module, and the data frame encryption module is connected with the data frame decryption module through the algorithm module. | 10-24-2013 |
20130305044 | Geothentication Based on New Network Packet Structure - A system and method for verifying and/or geolocating network nodes in a network in attenuated environments for cyber and network security applications are disclosed. The system involves an origination network node, a destination network node, and at least one router network node. The origination network node is configured for transmitting a data packet downstream to the destination network node through at least one router network node. The data packet contains a header portion and a payload data portion. At least one of the network nodes is an enabled network node. The enabled network node(s) is configured to verify any of the network nodes that are located upstream from the enabled network node(s) by analyzing the header portion and/or the payload data portion of the data packet. | 11-14-2013 |
20140040612 | SYSTEM AND METHOD FOR LOCAL GENERATION OF STREAMING CONTENT WITH A HINT TRACK - Embodiments of a system and method for local generation of streaming content with a hint track are described. Embodiments may include receiving a first version of encrypted content comprising encrypted content samples that each include media content and non-content information. Embodiments may also include receiving a hint track including packet header information for a stream of media packets from which the media content was sourced, and offset information identifying locations of encrypted media content within the encrypted content samples. Embodiments may include generating a second version of the encrypted content for streaming, which may include, based on the information of the hint track, identifying the location of media content within the encrypted content samples. Embodiments may include generating media packets within the second version of the encrypted content, each of those media packets including header information from the hint track and the identified media content from the encrypted content samples. | 02-06-2014 |
20140040613 | STREAMING SYSTEM AND METHOD - A streaming system includes an authoring unit ( | 02-06-2014 |
20140047234 | ADAPTIVE DOCUMENT REDACTION - Described are computer-based methods and apparatuses, including computer program products, for adaptive document redaction. A container is generated comprising a set of redacted documents corresponding to an original document, each redacted document having a level of redaction corresponding to a viewing location, and a header comprising encryption information for each redacted document in the set of redacted documents. A request to view the original document is received from a requesting device. The container is transmitted to the requesting device. A request for additional encryption information for a redacted document from the set of redacted documents is received from the requesting device, wherein the redacted document comprises a level of redaction for a viewing location that is equal to a location of the requesting device. The additional encryption information is transmitted to the requesting device. | 02-13-2014 |
20140052983 | Known Plaintext Attack Protection - A Headend system including a encoder to encode input data yielding a plurality of data packets, each of the packets having a header and a payload, a post encoding processor to identify ones of the data packets having a payload with a suspected known plaintext, and modify at least some of the identified packets, and an encryption processor to encrypt at least some of the data packets yielding encrypted data packets. Related apparatus and methods are also described. | 02-20-2014 |
20140115325 | Simplified Mechanism for Multi-Tenant Encrypted Virtual Networks - The present disclosure provides protection of customer data traveling across a network. A reverse cryptographic map (also referred to herein as a reverse crypto map) can be defined for a customer, where the reverse crypto map indicates how customer data should be protected. A reverse crypto map for a customer is applied to an interface of an edge device that is coupled to that customer's private subnet (or customer-facing interface). A reverse crypto map can be configured by a network administrator on a provider edge device, or can be pushed from a key server as part of group policy. A provider edge device can protect customer data by encrypting and decrypting the customer data according to the reverse crypto map. A provider edge device can also be configured with virtual routing and forwarding (VRF) tables that can be used to forward the VPN traffic flow across a provider network. | 04-24-2014 |
20140115326 | APPARATUS AND METHOD FOR PROVIDING NETWORK DATA SERVICE, CLIENT DEVICE FOR NETWORK DATA SERVICE - An apparatus for providing a network data service, comprising: a packet distributor for dividing data inputted through a transmission side network in the unit of a packet and distributing the divided packet data in parallel; an area detection unit for detecting an object in an interest area in the packet data distributed in parallel and performing encryption on the detected object in the interest area; and a data transmission unit for transmitting the packet data encrypted by the area detection unit to a reception side network. | 04-24-2014 |
20140122874 | Deciphering Internet Protocol (IP) Security in an IP Multimedia Subsystem (IMS) using a Monitoring System - Systems and methods for deciphering Internet Protocol (IP) security in an IP Multimedia Subsystem (IMS) using a monitoring system are described. In some embodiments, a method may include identifying a Security Association (SA) between a User Equipment (UE) and a Proxy Call Session Control Function (P-CSCF) of an Internet Protocol (IP) Multimedia Subsystem (IMS) over a Gm interface during a registration procedure, correlating the SA with a ciphering key (CK) exchanged between the P-CSCF and a Serving CSCF (S-CSCF) of the IMS over an Mw interface during the registration procedure, and storing an indication of the correlated SA and CK in a deciphering record. | 05-01-2014 |
20140149743 | TWO DIMENSIONAL DIRECT MEMORY ACCESS SCHEME FOR ENHANCED NETWORK PROTOCOL PROCESSING PERFORMANCE - Systems and methods are directed to a memory device that includes a plurality of memory buffers and a direct memory access (DMA) descriptor structure. The DMA descriptor structure comprises a transfer command and associated data transfer information and encryption/decryption information that is configured in a two dimensional, tree-linked structure. A DMA controller that is communicatively coupled to the memory device transfers data to/from the memory buffers and encrypts/decrypts the data based on the transfer command and data transfer information and encryption/decryption information provided by the two dimensional, tree-linked DMA descriptor structure. | 05-29-2014 |
20140201521 | Method and Apparatus for Providing an Adaptable Security Level in an Electronic Communication - A method of communicating in a secure communication system, comprises the steps of assembling a message at a sender, then determining a frame type, and including an indication of the frame type in a header of the message. The message is then sent to a recipient and the frame type used to perform a policy check. | 07-17-2014 |
20140201522 | SYSTEM AND METHOD FOR PREVENTING WEB CRAWLER ACCESS - Preventing web crawler access includes receiving a request for a webpage that includes web content that is to be protected from a web crawler, encrypting the web content to be protected to generate encrypted content and responding to the request, including sending the encrypted content and a decryption instruction. The decryption instruction is configured to allow a web browser to decrypt the encrypted content. | 07-17-2014 |
20140245001 | Decryption of Content Including Partial-Block Discard - Embodiments may include receiving a protected version of content that includes multiple encryption chains each including encrypted blocks of content. The protected version of content may include one or more initialization vectors for decrypting the encrypted blocks of content and discard information that specifies non-content portions of one or more data blocks to be discarded after decryption. Embodiments may also include performing chained decryption on the multiple encryption chains using the initialization vectors specified by the decryption information. The chained decryption may result in a sequence of decrypted data blocks. Embodiments may also include, based on the discard information, locating and removing the non-content portions of one or more data blocks in the sequence of decrypted data blocks. Embodiments may also include generating the protected version of content. Embodiments may also include performing any of the aforesaid techniques on one or more computers. | 08-28-2014 |
20140289513 | Enabling Comparable Data Access Control for Lightweight Mobile Devices in Clouds - A new efficient framework based on a Constant-size Ciphertext Policy Comparative Attribute-Based Encryption (CCP-CABE) approach. CCP-CABE assists lightweight mobile devices and storing privacy-sensitive sensitive data into cloudbased storage by offloading major cryptography-computation overhead into the cloud without exposing data content to the cloud. CCP-CABE extends existing attribute-based data access control solutions by incorporating comparable attributes to incorporate more flexible security access control policies. CCP-CABE generates constant-size ciphertext regardless of the number of involved attributes, which is suitable for mobile devices considering their limited communication and storage capacities. | 09-25-2014 |
20140289514 | SECURE TRANSFER AND TRACKING OF DATA USING REMOVABLE NONVOLATILE MEMORY DEVICES - A protected memory source device including removable non-volatile memory durably stores a signature such as a serial number or identifier, which is used to mark protected multimedia content legally stored on the protected memory device. The protected multimedia content is moved from the source device to another device, such as a target device used to aggregated protected content in a library. Moving the protected multimedia content involves replacing a source-specific header, comprising digital rights management metadata and/or other security metadata allowing only a device having the source device signature access to the content, with a target-specific header comprising digital rights management metadata and/or other security metadata allowing only a device having the target device signature access to the content. The transfer is done using one of a variety of transfer methods with either a trusted or un-trusted host system connecting the source device to the target device. | 09-25-2014 |
20140310517 | IDENTIFICATION AND CLASSIFICATION OF WEB TRAFFIC INSIDE ENCRYPTED NETWORK TUNNELS - The present principles are directed to identifying and classifying web traffic inside encrypted network tunnels. A method includes analyzing network traffic of unencrypted data packets to detect packet traffic, timing, and size patterns. The detected packet, timing, and size traffic patterns are correlated to at least a packet destination and a packet source of the unencrypted data packets to create at least one of a training corpus and a model built from the training corpus. The at least one of the corpus and model is stored in a memory device. Packet traffic, timing, and size patterns of encrypted data packets are observed. The observed packet traffic, timing, and size patterns of the encrypted data packets are compared to at least one of the training corpus and the model to classify the encrypted data packets with respect to at least one of a predicted network host and predicted path information. | 10-16-2014 |
20140317402 | METHOD OF PROCESSING PACKET IN BELOW BINARY STACK STRUCTURE - Disclosed is a packet processing method in a below binary stack (BBS) structure. A transmission packet processing method includes receiving a packet from a network layer, reassembling a packet for which a first fragmentation has been performed when the received packet is the packet for which the first fragmentation has been performed, encrypting the reassembled packet, performing a second fragmentation for the encrypted packet when the second fragmentation is necessary for the encrypted packet, adding a header to the packet for which the second fragmentation has been performed, and transmitting the packet with the header added thereto through a physical layer. Accordingly, an encryption function can be provided in the BBS structure. | 10-23-2014 |
20140317403 | DISPERSED STORAGE NETWORK WITH SLICE REFRESH AND METHODS FOR USE THEREWITH - An integrity record is appended to data slices prior to being sent to multiple slice storage units. Each of the data slices includes a different encoded version of the same data segment. An integrity indicator of each data slice is computed, and the integrity record is generated based on each of the individual integrity indicators, and may be, for example, list or a hash of the combined integrity indicators. When retrieving data slices from storage, the integrity record can be stripped off, a new integrity indicator of the data slice calculated, and a new integrity record created. The new integrity record can be compared to the original integrity record, and used to verify the integrity of the data slices. | 10-23-2014 |
20140331042 | APPARATUS AND METHOD FOR PROVIDING SEMANTICALLY AWARE NETWORK SERVICES - A method and apparatus where network-layer devices use host-provided, detailed, per-packet, semantic information (DPPS information), which describes the content, meaning, importance, and/or other attributes of particular application data and is associated with each packet, to provide enhanced network services. In some embodiments of the above method, network-layer devices use DPPS information that includes QoS-related information to provide fine-grained, content-aware, and/or complex QoS assurances or similar services. In some embodiments, network-layer devices use DPPS information to provide network-based, application-protocol-independent, rate-adaptation services. In some embodiments, network-layer devices use DPPS information to provide highly efficient, application-protocol-independent, publish/subscribe dissemination services. | 11-06-2014 |
20140337620 | System and Method for Local Generation of Streaming Content with a Hint Track - Embodiments of a system and method for local generation of streaming content with a hint track are described. Embodiments may include receiving a first version of encrypted content comprising encrypted content samples that each include media content and non-content information. Embodiments may also include receiving a hint track including packet header information for a stream of media packets from which the media content was sourced, and offset information identifying locations of encrypted media content within the encrypted content samples. Embodiments may include generating a second version of the encrypted content for streaming, which may include, based on the information of the hint track, identifying the location of media content within the encrypted content samples. Embodiments may include generating media packets within the second version of the encrypted content, each of those media packets including header information from the hint track and the identified media content from the encrypted content samples. | 11-13-2014 |
20140380043 | SYSTEM AND METHOD FOR INTERLEAVING INFORMATION INTO SLICES OF A DATA PACKET, DIFFERENTIALLY ENCRYPTING THE SLICES, AND OBFUSCATING INFORMATION IN THE DATA PACKET - Approaches for combining different information to be transmitted into different slices of a data packet and/or encrypting the slices using different cryptographic schemes for secure transmission of the information are disclosed. In some implementations, first information and second information may be received. A first data slice representing a portion of the first information may be generated based on a first cryptographic scheme. A second data slice representing a portion of the second information may be generated based on a second cryptographic scheme different than the first cryptographic scheme. A first header may be generated such that the first header may specify the first cryptographic scheme for the first data slice and the second cryptographic scheme for the second data slice. A first data packet may be generated such that the first data packet may include the first header, the first data slice, and the second data slice. | 12-25-2014 |
20150026459 | METHOD AND SYSTEM FOR ENCRYPTING MULTIMEDIA STREAMS - A method and system for encrypting data packets in a multimedia stream are disclosed. Each data packet includes a header portion and a payload portion. In one embodiment, one or more data packets are selected from an incoming multimedia stream. Further, one or more of a header portion and a payload portion are selected within the one or more data packets. Furthermore, one or more regions in the selected one or more of the header portion and the payload portion are encrypted using an encryption algorithm. | 01-22-2015 |
20150046702 | Embedded Encryption/Secure Memory Management Unit for Peripheral Interface Controller - In an embodiment, a peripheral interface controller may include an inline cryptographic engine which may encrypt data being sent over a peripheral interface and decrypt data received from the peripheral interface. The encryption may be transparent to the device connected to the peripheral interface that is receiving/supplying the data. In an embodiment, the peripheral interface controller is included in a system on a chip (SOC) that also includes a memory controller configured to couple to a memory. The memory may be mounted on the SOC in a chip-on-chip or package-on-package configuration. The unencrypted data may be stored in the memory for use by other parts of the SOC (e.g. processors, on-chip peripherals, etc.). The keys used for the encryption/decryption of data may remain within the SOC. | 02-12-2015 |
20150058622 | DATA STREAM TRAFFIC CONTROL - Techniques related to data stream traffic control are disclosed herein. A bit equivalent entropy of an anonymized data stream is computed. Traffic of the data stream is controlled based on the value of the bit equivalent entropy. | 02-26-2015 |
20150113268 | Virtualized AES Computational Engine - A computational engine may include an input configured to receive a first data packet and a second data packet, a context memory configured to store one or more contexts, and a set of computational elements coupled with the input and coupled with the context memory. The set of computational elements may be configured to generate a first output data packet by executing a first sequence of cryptographic operations on the first data packet, and generate a second output data packet by executing a second sequence of cryptographic operations on the second data packet and on a selected context of the one of the one or more contexts. The selected context may be associated with the second packet of data, and the context may be stored in the context memory prior to the execution of the first sequence of cryptographic operations. | 04-23-2015 |
20150143109 | Data Decryption Circuit and Associated Method - A data decryption circuit for decrypting a current encrypted data packet is provided. The current encrypted data packet includes a header and a payload. The data decryption circuit includes an operation unit and a decryption calculation unit. The operation unit generates first data according to the header and a pseudo-random number, second data according to a session key and a constant, and length information and start position information of the payload according to the header. The operation unit generates the first data, the second data, the length information and the start position information by executing a program code. The decryption calculation circuit, coupled to the operation unit, generates a decryption key according to the first and second data, retrieves the payload from the current encrypted data packet according to the start position information and the length information, and decrypts the payload by the decryption key. | 05-21-2015 |
20150295805 | IDENTIFICATION AND CLASSIFICATION OF WEB TRAFFIC INSIDE ENCRYPTED NETWORK TUNNELS - The present principles are directed to identifying and classifying web traffic inside encrypted network tunnels. A method includes analyzing network traffic of unencrypted data packets to detect packet traffic, timing, and size patterns. The detected packet, timing, and size traffic patterns are correlated to at least a packet destination and a packet source of the unencrypted data packets to create at least one of a training corpus and a model built from the training corpus. The at least one of the corpus and model is stored in a memory device. Packet traffic, timing, and size patterns of encrypted data packets are observed. The observed packet traffic, timing, and size patterns of the encrypted data packets are compared to at least one of the training corpus and the model to classify the encrypted data packets with respect to at least one of a predicted network host and predicted path information. | 10-15-2015 |
20150295899 | Group Member Recovery Techniques - Techniques are presented for optimizing secure communications in a network. A first router receives from a second router an encrypted packet with an unknown security association. The first router examines the packet to determine whether the counter value is in a range of predicted counter values. Additionally, a key server is configured to provision routers that are part of a virtual private network. The key server selects a counter value that is part of a security association and calculates a key value. The key server sends the key value together with the security association to enable routers to exchange encrypted packets with each other in the virtual private network using the key value and the security association. The key server increments the counter value to a value within a range of counter values capable of being predicted by the routers. | 10-15-2015 |
20150304427 | EFFICIENT INTERNET PROTOCOL SECURITY AND NETWORK ADDRESS TRANSLATION - Various exemplary embodiments relate to a method performed by a network processing device for creating a NAT session with a tunnel between two nodes, the method comprising: receiving a packet; determining the packet does not have a Security Association; establishing a Security Association associated with a tunnel; generating a tunnel identifier for the tunnel; creating a NAT session information; and storing the NAT session information and the tunnel identifier. | 10-22-2015 |
20150312229 | STREAMING SYSTEM AND METHOD - A streaming system includes an authoring unit, a stream server and a client terminal. The authoring unit generates a file composed of encrypted contents data and the ancillary information at least containing the packetizing control information for generating an RTP packet, a non-encrypted codec dependent header made up of the information pertinent to encoded contents data, and the encryption information for decrypting the encrypted contents data form packet to packet. The streaming server packetizes the encrypted contents data along with at least the codec dependent header and distributes the resulting data as a stream. The client terminal refers to the codec dependent header of the received packet, re-assembles the packet, and decrypts the encrypted contents data of the re-assembled packet to generate contents data. | 10-29-2015 |
20150317460 | COPY PROTECTION USING DETAILED COPY CONTROL INFORMATION - Based on the detailed reproduction control information defining the reproduction control state of data to be transmitted, the CPU | 11-05-2015 |
20150326542 | MANAGING NIC-ENCRYPTED FLOWS FOR MIGRATING GUESTS OR TASKS - An example of a system and method implementing a live migration of a guest on a virtual machine of a host server to a target server is provided. For example, a host server may utilize a flow key to encrypt and decrypt communications with a target server. This flow key may be encrypted using a receive master key, which may result in a receive token. The receive token may be sent to the Network Interface Controller of the host server, which will then encrypt the data packet and forward the information to the target server. Multiple sender schemes may be employed on the host server, and various updates may take place on the target server as a result of the new location of the migrating guest from the host server to the target server. | 11-12-2015 |
20160056925 | INFORMATION PROCESSING APPARATUS AND COMMUNICATION DEVICE - An information processing apparatus comprises a first circuitry and a second circuitry. The first circuitry first/second demand response requests from first/second communication devices. The second circuitry creates first request content information representing contents of the first demand response request, sends it to a time-stamping authority, and acquires first time certification information containing a time stamp that the time-stamping authority issues for the first demand response request. The second circuitry stores the first time certification information in a storage device to be associates with the first demand response request; and determine, when the second demand response request is received, whether the second demand response request is retransmission of the first demand response request. When it is the retransmission, the second circuitry causes the first circuitry to send the second demand response request and the first time certification information associated with it in the storage device, to a second communication device. | 02-25-2016 |
20160065588 | METHODS AND SYSTEMS FOR DETERMINING COMPLIANCE OF A POLICY ON A TARGET HARDWARE ASSET - Methods and systems for determining compliance of a policy on a target hardware asset are disclosed. In an embodiment, based on the policy, a command is generated at a host computing device. Subsequently, the command is transmitted to an I/O port of the target hardware asset over a communication channel. Further, a processor of the target hardware asset facilitates execution of the command. Based on the execution, a response may be generated. The response may be analyzed in order to determine compliance of the policy. Further in an embodiment, a priority level of the command may be controlled. The priority level determines allocation of a computing resource for execution of the command. The computing resource may be obtained from a computing resource pool including the processor and at least one virtual computing resource. | 03-03-2016 |
20160072773 | Lossy Data Stream Decoder - Lossy data stream decoder techniques are described herein. In response to a request for decoded content from a consuming application, a decoder may validate headers and identify portions of the data that are considered pertinent to the request. The decoder then performs lossy extraction to form incomplete data that is provided to the consuming application in response to the request. The full data for the data stream is not exposed to the consuming application or other downstream components. In this way, the consuming application is provided data sufficient to perform requested graphics processing and resource management operations, while at the same time the risk of piracy is mitigated since the consuming application is unable to get a full version of the data in the clear and the data have been validated by the decoder. | 03-10-2016 |
20160087788 | CALCULATING STATE OF CRYPTOGRAPHIC OBJECTS AND GENERATING SEARCH FILTER FOR QUERYING CRYPTOGRAPHIC OBJECTS - Mechanisms are provided for calculating state of cryptographic objects and generating search filters for querying cryptographic objects based on the given state or on the given combination of unique states. The mechanism to calculate a state of a cryptographic object allows an application or system to resolve the current state of any cryptographic object with the following set of state altering date values: initial date, activation date, deactivation date, compromise date, and destroy date. A processing module may retrieve the state meta-data and calculate the current state of a given cryptographic object. The current state may be, for example, one of the following: unknown, pre-active, active, deactivated, compromised, destroyed, and destroyed-compromised. The mechanism to generate a search filter may generate a search query language (SQL) search filter to query for cryptographic objects using the state altering date values stored for each object. | 03-24-2016 |
20160105401 | SYSTEM AND METHOD FOR INTERNET PROTOCOL SECURITY PROCESSING - A decentralized method for IPSec processing in virtual environments includes assigning a unique identifier to each of a set of compute nodes. Each compute node can emulate one or more virtual machines that generate IP packets for forwarding over a network (e.g., the Internet). An IP packet, received from a trusted source at a compute node, is encrypted and a trailer is appended to the encrypted packet. The trailer includes the unique identifier of the compute node. The encrypted packet with appended trailer is forwarded to a secure gateway that can perform an anti-replay check using stored parameters corresponding to the unique identifier in the trailer. In inbound processing, the unique identifier is inserted into a trailer appended to an encrypted packet by the security gateway and a VPN server directs the incoming encrypted packet to the appropriate compute node for forwarding to the virtual machine. | 04-14-2016 |
20160119297 | METHOD FOR SECURE NETWORK BASED ROUTE OPTIMIZATION IN MOBILE NETWORKS - The present invention provides a method of route optimization involving a first mobile device associated with a first home gateway. One embodiment of the method is implemented in a first mobility forwarding entity and includes registering the first mobile device at the first mobility forwarding entity. The first mobile device is registered using a session key included in a registration message transmitted by the first mobile device. The embodiment also includes establishing a secure route between the first mobility forwarding entity and a terminating node using the session key. The secure route bypasses the first home gateway. | 04-28-2016 |
20160134642 | SECURE CONTENT AND ENCRYPTION METHODS AND TECHNIQUES - In order to capture electronic information provided by a user to another user different third parties seek to download tracking software, viruses etc. to the user's computer systems. These may include, but are not limited to, message intercepting, email logging, hacking, spamming, phishing, spyware, malware, keyloggers, screen capturing, Trojan horses, WWW robots (BOTs or bots), IP spoofing, man-in-the-middle attacks, worms and viruses. Whilst within the prior art methodologies exist to protect the message by converting the plaintext at the sender's terminal to ciphertext for transmission before it is re-converted to plaintext at the receiver's (or recipient's) terminal once decrypted the message content, now in plaintext is accessible to malware, Trojan horse software, etc. upon the recipient's terminal allowing its contents to be acquired and transmitted without the recipient's and/or sender's knowledge. Accordingly, it would be beneficial to provide users with methods and systems enabling secure messaging to be undertaken as well as secure document transmission and viewing that overcomes the limitations within the prior art. Accordingly, beneficially embodiments of the invention provide secure messaging and secure document transmission even upon potentially compromised desktop computers. | 05-12-2016 |
20160150404 | WIRELESS COMMUNICATION DEVICE - Provided is a wireless communication device for packet communication. In a case where a communication failure occurs, authentication of the other communication party is performed. In a case where the other communication party is a legitimate party, an encryption key for packet communication is updated, a packet number is returned to an initial value, and the packet communication is resumed. | 05-26-2016 |
20160173460 | POWER AND COST EFFICIENT PERIPHERAL INPUT | 06-16-2016 |
20160182509 | TECHNIQUES FOR LOAD BALANCING IN A PACKET DISTRIBUTION SYSTEM | 06-23-2016 |
20160197836 | SERVICE PROCESSING SWITCH | 07-07-2016 |
20160255054 | Packet Obfuscation and Packet Forwarding | 09-01-2016 |