-
公开(公告)号:US20140317405A1
公开(公告)日:2014-10-23
申请号:US14042182
申请日:2013-09-30
IPC分类号: H04L29/06
CPC分类号: H04L63/02 , G06F21/00 , G06F21/53 , H04L9/0838 , H04L9/0841 , H04L63/0227 , H04L63/0236 , H04L63/0485 , H04L63/061 , H04L63/164 , H04L63/166 , H04L63/205 , H04L69/18
摘要: A secure communications arrangement including an endpoint is disclosed. The endpoint includes a computing system. The computing system includes a user level services component and a kernel level callout driver interfaced to the user level services component and configured to establish an IPsec tunnel with a remote endpoint. The computing system also includes a filter engine storing one or more filters defining endpoints authorized to communicate with the endpoint via the IPsec tunnel. The computing system also includes a second kernel level driver configured to establish a secure tunnel using a second security protocol different from IPsec.
摘要翻译: 公开了包括端点的安全通信布置。 端点包括计算系统。 计算系统包括与用户级服务组件相连的用户级服务组件和内核级标注驱动程序,并配置为与远程端点建立IPsec隧道。 计算系统还包括存储一个或多个过滤器的过滤器引擎,该过滤器定义了被授权通过IPsec隧道与端点通信的端点。 所述计算系统还包括配置为使用不同于IPsec的第二安全协议建立安全隧道的第二内核级驱动程序。
-
2.发明申请公开(公告)号:US20180212927A9
公开(公告)日:2018-07-26
申请号:US14042239
申请日:2013-09-30
IPC分类号: H04L29/06
CPC分类号: H04L63/02 , G06F21/00 , G06F21/53 , H04L9/0838 , H04L9/0841 , H04L63/0227 , H04L63/0236 , H04L63/0485 , H04L63/061 , H04L63/164 , H04L63/166 , H04L63/205 , H04L69/18
摘要: Methods of communicatively connecting first and second endpoints are disclosed. One method includes transmitting from a first endpoint to a second endpoint a connection request, the connection request including an IP address of the second endpoint. The method further includes, based at least in part on the IP address of the second endpoint, selecting IPsec from among a plurality of available security protocols to first attempt to use in forming a tunnel between the first and second endpoints, and forming the tunnel between the first and second endpoints based on the connection request.
-
公开(公告)号:US09794225B2
公开(公告)日:2017-10-17
申请号:US14753146
申请日:2015-06-29
CPC分类号: H04L63/0272 , H04L63/08 , H04L63/104 , H04W88/16
摘要: Methods and systems of communicating with secure endpoints included within a secured network from a mobile device external to the secured network is disclosed. The method includes initiating a VPN-based secure connection to a VPN appliance, and initializing a stealth-based service on the mobile device. The method further includes transmitting user credential information from the mobile device to a VDR broker via the VPN appliance, and receiving status information from the VDR broker identifying a VDR associated with the mobile device and providing a connected status. The method also includes communicating with one or more secure endpoints within the secured network via a VPN connection to the VDR via the VPN appliance and through the VDR to the one or more secure endpoints within a community of interest based on the user credential information transmitted to the VDR broker.
-
公开(公告)号:US10454931B2
公开(公告)日:2019-10-22
申请号:US15001354
申请日:2016-01-20
申请人: Ted Hinaman , Steven J Rajcan , Matthew Mohr , William Gunn , Sarah K Inforzato , Robert A Johnson , Gregory J Small , David S Dodgson
发明人: Ted Hinaman , Steven J Rajcan , Matthew Mohr , William Gunn , Sarah K Inforzato , Robert A Johnson , Gregory J Small , David S Dodgson
摘要: Methods and systems for securing communications with an enterprise from a remote computing system are disclosed. One method includes initiating a secured connection with a VPN appliance associated with an enterprise using service credentials maintained in a secure applet installed on a remote computing device, and initiating communication with an authentication server within an enterprise via the secured connection. The method also includes receiving specific credentials from the authentication server, terminating the secured connection with the VPN appliance, and initiating a second secured connection with the VPN appliance using the specific credentials, the specific credentials providing access to one or more computing devices within the enterprise being within a same community of interest as the remote computing device and obfuscating one or more other computing systems within the enterprise excluded from the community of interest. The method also includes initiating communications with at least one of the one or more computing devices included in the community of interest.
-
5.发明授权公开(公告)号:US10454890B2
公开(公告)日:2019-10-22
申请号:US14042239
申请日:2013-09-30
摘要: Methods of communicatively connecting first and second endpoints are disclosed. One method includes transmitting from a first endpoint to a second endpoint a connection request, the connection request including an IP address of the second endpoint. The method further includes, based at least in part on the IP address of the second endpoint, selecting IPsec from among a plurality of available security protocols to first attempt to use in forming a tunnel between the first and second endpoints, and forming the tunnel between the first and second endpoints based on the connection request.
-
公开(公告)号:US09912663B2
公开(公告)日:2018-03-06
申请号:US15427167
申请日:2017-02-08
CPC分类号: H04L63/0884 , H04L12/4641 , H04L63/0272 , H04L63/029 , H04L63/083 , H04L63/104 , H04W12/06 , H04W72/04 , H04W88/16
摘要: Methods and systems of communicating with secure endpoints included within a secured network from a mobile device external to the secured network is disclosed. The method includes initiating a VPN-based secure connection to a VPN appliance, and initializing a stealth-based service on the mobile device. The method further includes transmitting user credential information from the mobile device to a VDR broker via the VPN appliance, and receiving status information from the VDR broker identifying a VDR associated with the mobile device and providing a connected status. The method also includes communicating with one or more secure endpoints within the secured network via a VPN connection to the VDR via the VPN appliance and through the VDR to the one or more secure endpoints within a community of interest based on the user credential information transmitted to the VDR broker.
-
公开(公告)号:US20170208038A1
公开(公告)日:2017-07-20
申请号:US15001354
申请日:2016-01-20
申请人: Ted Hinaman , Steven J. Rajcan , Matthew Mohr , William Gunn , Sarah K. Inforzato , Robert A. Johnson , Gregory J. Small , David S. Dodgson
发明人: Ted Hinaman , Steven J. Rajcan , Matthew Mohr , William Gunn , Sarah K. Inforzato , Robert A. Johnson , Gregory J. Small , David S. Dodgson
摘要: Methods and systems for securing communications with an enterprise from a remote computing system are disclosed. One method includes initiating a secured connection with a VPN appliance associated with an enterprise using service credentials maintained in a secure applet installed on a remote computing device, and initiating communication with an authentication server within an enterprise via the secured connection. The method also includes receiving specific credentials from the authentication server, terminating the secured connection with the VPN appliance, and initiating a second secured connection with the VPN appliance using the specific credentials, the specific credentials providing access to one or more computing devices within the enterprise being within a same community of interest as the remote computing device and obfuscating one or more other computing systems within the enterprise excluded from the community of interest. The method also includes initiating communications with at least one of the one or more computing devices included in the community of interest.
-
公开(公告)号:US20170237735A1
公开(公告)日:2017-08-17
申请号:US15427167
申请日:2017-02-08
CPC分类号: H04L63/0884 , H04L12/4641 , H04L63/0272 , H04L63/029 , H04L63/083 , H04L63/104 , H04W12/06 , H04W72/04 , H04W88/16
摘要: Methods and systems of communicating with secure endpoints included within a secured network from a mobile device external to the secured network is disclosed. The method includes initiating a VPN-based secure connection to a VPN appliance, and initializing a stealth-based service on the mobile device. the method further includes transmitting user credential information from the mobile device to a VDR broker via the VPN appliance, and receiving status information from the VDR broker identifying a VDR associated with the mobile device and providing a connected status. The method also includes communicating with one or more secure endpoints within the secured network via a VPN connection to the VDR via the VPN appliance and through the VDR to the one or more secure endpoints within a community of interest based on the user credential information transmitted to the VDR broker.
-
公开(公告)号:US09716589B2
公开(公告)日:2017-07-25
申请号:US14042182
申请日:2013-09-30
CPC分类号: H04L63/02 , G06F21/00 , G06F21/53 , H04L9/0838 , H04L9/0841 , H04L63/0227 , H04L63/0236 , H04L63/0485 , H04L63/061 , H04L63/164 , H04L63/166 , H04L63/205 , H04L69/18
摘要: A secure communications arrangement including an endpoint is disclosed. The endpoint includes a computing system. The computing system includes a user level services component and a kernel level callout driver interfaced to the user level services component and configured to establish an IPsec tunnel with a remote endpoint. The computing system also includes a filter engine storing one or more filters defining endpoints authorized to communicate with the endpoint via the IPsec tunnel. The computing system also includes a second kernel level driver configured to establish a secure tunnel using a second security protocol different from IPsec.
-
公开(公告)号:US09596077B2
公开(公告)日:2017-03-14
申请号:US14042212
申请日:2013-09-30
CPC分类号: H04L63/02 , G06F21/00 , G06F21/53 , H04L9/0838 , H04L9/0841 , H04L63/0227 , H04L63/0236 , H04L63/0485 , H04L63/061 , H04L63/164 , H04L63/166 , H04L63/205 , H04L69/18
摘要: A method and system for establishing secure communications between endpoints includes transmitting a first message including a token having one or more entries each corresponding to a community of interest associated with a user of the first endpoint and including an encryption key and a validation key associated with the first endpoint. The method includes receiving a second message including a second authorization token including one or more entries, each entry corresponding to a community of interest associated with a second user and including an encryption key and a validation key associated with the second endpoint. The method includes, for each community of interest associated with both users, decrypting an associated entry in the second authorization token to obtain the encryption key and validation key associated with the second endpoint. The method also includes generating a shared secret based on the key pair, transmitting a third message including the created key pair to the second endpoint, and initializing tunnel using the shared secret to derive encryption keys used for IPsec-secured communications between the endpoints.
摘要翻译: 一种用于在端点之间建立安全通信的方法和系统包括:发送包括令牌的第一消息,所述令牌具有一个或多个条目,每个条目对应于与所述第一端点的用户相关联的感兴趣社区,并且包括与所述第一端点相关联的加密密钥和验证密钥 第一个端点。 该方法包括接收第二消息,其包括包括一个或多个条目的第二授权令牌,每个条目对应于与第二用户相关联的感兴趣社区,并且包括加密密钥和与第二端点相关联的验证密钥。 对于与两个用户相关联的每个感兴趣社区,该方法包括在第二授权令牌中解密相关联的条目以获得与第二端点相关联的加密密钥和验证密钥。 该方法还包括基于密钥对生成共享密钥,将包括所创建的密钥对的第三消息发送到第二端点,以及使用共享密钥初始化隧道以导出用于端点之间的IPsec安全通信的加密密钥。
-
-
-
-
-
-
-
-
-
搜索结果
15 条记录 (耗时 0.016 秒)
