公开(公告)号：WO2019140385A1

公开(公告)日：2019-07-18

申请号：PCT/US2019/013489

申请日：2019-01-14

Applicant: IDAC HOLDINGS, INC.

Inventor： HERGENHAN, Scott C. ,  TROSSEN, Dirk ,  ROBITZSCH, Sebastian

IPC: H04L29/06 ,  H04L29/08

CPC classification number: H04L63/166 ,  H04L63/0464 ,  H04L63/306 ,  H04L67/02 ,  H04L67/327

Abstract: A method and architecture uses a first Edge Termination Point (ETP) to receive an IP application flow, determine a requested fully qualified domain name (FQDN) associated with the IP flow, and determine whether the IP flow is a transport layer security (TLS) flow. The method and architecture further determine (406) whether the ETP has a hypertext transfer protocol (HTTPS) certificate corresponding to the FQDN. In response to a determination that the ETP has an HTTPS certificate, the ETP terminates the TLS session, extracting an HTTP stream using decryption, and forwarding the HTTP stream to a second ETP to establish a new TLS session with a server (408). In response to a determination that the ETP does not have an HTTPS certificate, the ETP maintains a TLS layer and routes an encrypted HTTP stream to the second ETP based on the FQDN to establish an end-to-end TLS session (407).

公开(公告)号：WO2018208787A1

公开(公告)日：2018-11-15

申请号：PCT/US2018/031615

申请日：2018-05-08

Applicant: ZERODB, INC.

Inventor： EGOROV, Mikhail ,  WILKISON, MacLane Scott ,  NUǸEZ, David ,  AGUDO, Isaac

IPC: H04L29/06 ,  H04L29/08

CPC classification number: H04L67/2809 ,  H04L63/0442 ,  H04L63/0464 ,  H04L67/2842

Abstract: Provided is a computer system and method that enables delegated access to encrypted information for distributed messaging and queuing frameworks, or in general, to publish/subscribe architectures. In said frameworks and architectures, data is published by data producers and organized in channels or queues, which consumer applications can subscribe to, and that are managed by one or multiple broker entities.

公开(公告)号：WO2018109529A1

公开(公告)日：2018-06-21

申请号：PCT/IB2016/057672

申请日：2016-12-15

Applicant: SMART SECURITY SYSTEMS SA

Inventor： MEYER, Stefan ,  SANDOZ, Jean-Paul

IPC: H04L29/06

CPC classification number: H04L63/061 ,  H04L63/0464 ,  H04L63/0492 ,  H04L63/067 ,  H04L63/0853 ,  H04L63/0861

Abstract: The invention concerns a method for securely pairing a first device (1) and a second device (2) for exchanging secure data through a data communication channel (41, 42, 43) being is a wired or a wireless radio channel. The method comprises comprising, on an activation mobile device (3), generating a first secret (71) for coding data and establishing a first 5control communication channel (5) between the activation mobile device and the first device so as to transmit to it the first secret through said first control communication channel, the control communication channel being a wireless non-radio communication channel. Upon a reception of said first secret on said first device, data are coded 10using the secret and exchanged via the data communication channel.

公开(公告)号：WO2018044876A1

公开(公告)日：2018-03-08

申请号：PCT/US2017/049099

申请日：2017-08-29

Applicant: ZITOVAULT SOFTWARE, INC.

Inventor： KEIDAR, Ron ,  DING, Gang ,  MCELWEE, Timothy

IPC: H04L29/06 ,  H04L29/08 ,  H04W4/00

CPC classification number: H04L63/029 ,  H04L9/088 ,  H04L9/0894 ,  H04L9/16 ,  H04L12/2854 ,  H04L12/2856 ,  H04L12/2898 ,  H04L12/4633 ,  H04L41/046 ,  H04L43/028 ,  H04L43/14 ,  H04L63/0428 ,  H04L63/0464 ,  H04L63/0492 ,  H04L67/10 ,  H04L67/12 ,  H04L2209/805

Abstract: A system for the maintenance and creation of security tunnels between IoT devices and IoT cloud servers, comprising the steps of receiving one or more packets from one or more IoT devices in a smart router, routing the one or more packets to an agent within the router, the agent performing one or more services on the one or more packets, routing the one or more packets to a WAN port of the router, and sending the one or more packets by a cloud secure tunnel to one or more IoT cloud servers. The system may have secure tunnels that are formed between the IoT devices using a unique password for each IoT device. The additional step of selectively stopping communication between the IoT devices and the router, wherein when the communication of one IoT device to the router is compromised, the remaining tunnels with unique passwords are integral.

Abstract translation: 一种用于在IoT设备和IoT云服务器之间维护和创建安全隧道的系统，包括以下步骤：从智能路由器中的一个或多个IoT设备接收一个或多个分组，路由该一个或多个分组;或者 向路由器内的代理发送更多分组，代理对一个或多个分组执行一个或多个服务，将一个或多个分组路由到路由器的WAN端口，并且通过云安全隧道将一个或多个分组发送到 一个或多个物联网云服务器。 系统可能使用每个物联网设备的唯一密码在物联网设备之间形成安全通道。 选择性地停止IoT设备和路由器之间的通信的附加步骤，其中当一个IoT设备与路由器的通信受到损害时，具有唯一密码的其余通道是不可或缺的。

公开(公告)号：WO2017139652A1

公开(公告)日：2017-08-17

申请号：PCT/US2017/017481

申请日：2017-02-10

Applicant: MOBILEIRON, INC.

Inventor： TIMOTHY, Jackson

IPC: G06F12/14 ,  G09C1/00 ,  H04L9/32

CPC classification number: G06F21/6245 ,  G06F21/6209 ,  H04L9/0894 ,  H04L9/14 ,  H04L9/30 ,  H04L63/0281 ,  H04L63/0428 ,  H04L63/0464 ,  H04L63/083 ,  H04L2209/76

Abstract: Techniques to securely store and retrieve data are disclosed. In various embodiments, a process of retrieving secure data includes receiving a request, where the request includes a first secret data and a second secret data. The process further includes identifying a first encrypted data to retrieve based on the request, using the first secret data to decrypt the first encrypted data to generate a decrypted data, generating a second encrypted data, where the second encrypted data is encrypted using the second secret data. In response to the request, the second encrypted data is provided.

Abstract translation: 公开了安全存储和检索数据的技术。 在各种实施例中，检索安全数据的过程包括接收请求，其中请求包括第一秘密数据和第二秘密数据。 该过程还包括基于请求识别要检索的第一加密数据，使用第一秘密数据来解密第一加密数据以生成解密数据，生成第二加密数据，其中第二加密数据使用第二秘密来加密 数据。 响应该请求，提供第二加密数据。

公开(公告)号：WO2016172035A1

公开(公告)日：2016-10-27

申请号：PCT/US2016/028083

申请日：2016-04-18

Applicant: CISCO TECHNOLOGY, INC.

Inventor： LU, Chengning ,  BENNUN, Eitan ,  JAYADEV KUMAR, Maypalli ,  RAJGURU, Nikhil, Ravindra ,  JOSHUA, Shamira ,  LIN, Richard ,  CAREDIO, Elisa

IPC: H04L29/06

CPC classification number: H04L63/0281 ,  H04L63/0464 ,  H04L63/166 ,  H04L65/1069 ,  H04L67/14 ,  H04L67/28 ,  H04L67/42

Abstract: An intermediary network device receives a request for a secure communication session between an endpoint server and an endpoint client through the network device. The secure session between the endpoint server and the endpoint client is divided into a first session and a second session. The first session is between the endpoint server and the network device. The second session is between the network device and the endpoint client. The network device receives a first session ticket from the endpoint server. A session state of a proxy client in the first session, including the first session ticket, is determined. The network device also determines a session state of a proxy server in the second session. The combination of the session state of the proxy client, including the first session ticket, and the session state of the proxy server are encapsulated as part of a second session ticket.

Abstract translation: 中间网络设备通过网络设备接收端点服务器和端点客户端之间的安全通信会话的请求。 端点服务器和端点客户端之间的安全会话分为第一会话和第二会话。 第一个会话在端点服务器和网络设备之间。 第二个会话在网络设备和端点客户端之间。 网络设备从端点服务器接收第一个会话凭证。 确定第一会话中的代理客户端的会话状态，包括第一个会话凭证。 网络设备还确定第二会话中的代理服务器的会话状态。 代理客户端的会话状态（包括第一会话票据）和代理服务器的会话状态的组合被封装为第二会话票证的一部分。

公开(公告)号：WO2016129936A1

公开(公告)日：2016-08-18

申请号：PCT/KR2016/001402

申请日：2016-02-11

Applicant: 삼성전자 주식회사

Inventor： 안창섭 ,  곽경수 ,  최지연 ,  홍성현

IPC: H04L9/12 ,  H04L9/14 ,  H04L12/58

CPC classification number: H04L63/0428 ,  G06F21/74 ,  G06F21/86 ,  H04L9/0822 ,  H04L9/0894 ,  H04L63/0464

Abstract: 본 문서는 보안 메시지 전송 장치 및 그 처리 방법에 관한 것이다. 본 문서의 한 실시 예에 따른 보안 메시지 처리 방법은 비보안 메시지 서비스부가 발신측 단말로부터 전송된 메시지를 수신하여 상기 메시지가 암호화된 메시지인지 판단하는 과정; 상기 메시지가 암호화된 메시지인 경우, 상기 비보안 메시지 서비스부가 상기 암호화된 메시지를 보안 메시지 서비스부로 전달하는 과정; 및 상기 보안 메시지 서비스부가 상기 암호화된 메시지를 복호화한 후, 상기 복호화된 메시지를 다시 암호화하여 수신측 단말로 전송하는 과정을 포함할 수 있다.

Abstract translation: 本文件涉及一种安全消息传输装置及其处理方法。 根据本文的实施例的安全消息处理方法包括以下步骤：通过非安全消息服务单元接收从始发终端发送的消息并确定消息是否为加密消息; 当所述消息是加密消息时，由所述非安全消息服务单元将所述加密消息发送到安全消息服务单元; 解码加密消息，再次加密解密消息，然后由安全消息服务单元将消息发送到接收终端。

公开(公告)号：WO2016040565A1

公开(公告)日：2016-03-17

申请号：PCT/US2015/049326

申请日：2015-09-10

Applicant: CISCO TECHNOLOGY, INC.

Inventor： ZHANG, Tao ,  ANTUNES, Helder ,  SINGHAL, Akshay ,  LUNG, Aaron ,  THRIVIKRAMANNAIR, Ajith ,  PATEL, Chintan

IPC: H04L29/06 ,  H04L9/08 ,  H04W88/16 ,  H04L12/40

CPC classification number: H04L63/08 ,  H04L9/0833 ,  H04L63/0464 ,  H04L63/065 ,  H04L63/104 ,  H04L63/105 ,  H04L67/1044 ,  H04L67/28 ,  H04L2209/84

Abstract: A gateway apparatus supports differentiated secure communications among heterogeneous electronic devices. A communication port communicates via communication networks of different types with two or more associated devices having diverse secure communication capabilities. The gateway logic selectively authenticates the associated devices for group membership into a Secure Communication Group (SCG), and selectively communicates Secure Communication Group Keys (SCGKs) to the devices having the diverse secure communication capabilities for selectively generating session keys locally by the associated devices for mutual secure communication in accordance with the group membership of the associated devices in the SCG.

Abstract translation: 网关装置支持异构电子设备之间差异化的安全通信。 通信端口通过具有不同安全通信能力的两个或多个相关设备通过不同类型的通信网络进行通信。 网关逻辑选择性地认证相关联的设备以使组成员进入安全通信组（SCG），并且选择性地将安全通信组密钥（SCGK）传送到具有各种安全通信能力的设备，以便由相关设备本地选择性地生成会话密钥， 根据SCG中相关设备的组成员资格进行相互安全的通信。

公开(公告)号：WO2015112753A1

公开(公告)日：2015-07-30

申请号：PCT/US2015/012516

申请日：2015-01-22

Applicant: FOOTMARKS, INC.

Inventor： GRAIKA, Casey Roger ,  REED, Ryan Preston

IPC: G06F15/16

CPC classification number: H04L9/3236 ,  H04L9/0643 ,  H04L63/0464 ,  H04L63/126 ,  H04L69/22 ,  H04L2209/80 ,  H04W4/06 ,  H04W4/80 ,  H04W12/10 ,  H04W12/12 ,  H04W40/244 ,  H04W48/12

Abstract: Disclosed herein are techniques and systems for transmitting a multi-broadcast signal from a wireless broadcasting device (or beacon) as part of a beacon recognition process. Specifically, the multi-broadcast signal may be in the form of multiple packets that are broadcast from the beacon within a recognition time period. A process may include creating a first packet having a first identifier (ID) and a randomly generated value, broadcasting the first packet from the beacon, generating a second ID based at least in part on the randomly generated value included in the first packet, and broadcasting, within a period of time from the broadcast of the first packet, a second packet having the second ID and a device ID that uniquely identifies the beacon. A mobile device in proximity to the beacon may include logic to detect and interpret a multi-broadcast signal from the beacon.

Abstract translation: 这里公开了用于从无线广播设备（或信标）发送多广播信号作为信标识别过程的一部分的技术和系统。 具体地，多广播信号可以是在识别时间段内从信标广播的多个分组的形式。 过程可以包括创建具有第一标识符（ID）和随机生成值的第一分组，从信标广播第一分组，至少部分地基于包括在第一分组中的随机生成的值生成第二ID，以及 在从第一分组的广播的一段时间内广播具有第二ID的第二分组和唯一地标识信标的设备ID。 靠近信标的移动设备可以包括用于从信标检测和解释多广播信号的逻辑。

公开(公告)号：WO2015023336A3

公开(公告)日：2015-04-16

申请号：PCT/US2014039231

申请日：2014-05-22

Applicant: IBOSS INC

Inventor： MARTINI PAUL MICHAEL

IPC: H04L29/06 ,  H04L29/08

CPC classification number: H04L63/0209 ,  H04L63/0254 ,  H04L63/0281 ,  H04L63/0428 ,  H04L63/0464 ,  H04L63/168 ,  H04L63/20 ,  H04L67/02 ,  H04L67/42

Abstract: Methods, systems, and apparatus, including computer programs encoded on computer storage media, for selectively performing man in the middle decryption. One of the methods includes receiving a first request to access a first resource hosted by a server outside the network, determining whether requests from the client device to access the first resource outside the network should be redirected to a second resource hosted by a proxy within the network, providing a redirect response to the client device, the redirect response including the second universal resource identifier, establishing a first encrypted connected between the client device and the proxy hosting the second resource, and a second encrypted connection between the proxy hosting the second domain and the server hosting the first resource, and decrypting and inspecting the encrypted communication traffic passing between the client device and the server hosting the first resource.

Abstract translation: 方法，系统和装置，包括在计算机存储介质上编码的计算机程序，用于在中间解密中选择性地执行人员。 其中一种方法包括接收访问由网络外的服务器托管的第一资源的第一请求，确定来自客户端设备访问网络外部的第一资源的请求是否应被重定向到由所述网络内的代理托管的第二资源 网络，向客户端设备提供重定向响应，重定向响应包括第二通用资源标识符，建立连接在客户端设备和托管第二资源的代理之间的第一加密，以及托管第二域的代理之间的第二加密连接 以及承载第一资源的服务器，以及解密和检查在客户端设备和托管第一资源的服务器之间传递的加密通信流量。