102results about How to "Network security" patented technology

A proactive network security system to protect against hackers for the proactive automated defense against hackers by automatically finding, reporting, communicating with countermeasures about and removing the common vulnerabilities and exposures (CVEs) that they exploit.

A system for actively updating a cryptography module in a security gateway and related method is used in a security gateway, such as a VPN gateway according to an IPSEC protocol, which is connected between at least one user computer system and a network system. The system includes a Web GUI, a module update unit, a defined module unit, and an extended library. A user can easily update or add decryption/encryption modules into the extended library of the gateway through the Web GUI and the module update unit instead of updating the decryption/encryption modules along with the entire kernel firmware. This can reduce the setting time, increase the efficiency of operation, reduce the maintenance cost, and promote the expansion of decryption/encryption modules of the gateway so that network transmission can become much safer.

Gaining secure access to a ubiquitous network by detecting a user joining one particular network domain of the ubiquitous network, authenticating the joined user by employing symmetric key authentication together with a single sign-on mechanism, and allowing the authenticated user to access one or more other network domains of the ubiquitous network based upon the authenticating for the one particular network domain.

Provided is a key management method to secure security in an onboard network system having multiple electronic control units storing a shared key. In the key management method of the onboard network system including multiple electronic units (ECUs) that perform communication by frames via a bus, a master ECU stores a shared key to be mutually shared with one or more ECUs. Each of the ECUs acquire a session key by communication with the master ECU based on the stored shared key, and after this acquisition, executes encryption processing regarding a frame transmitted or received via the bus, using this session key. In a case where a vehicle in which the onboard network system is installed is in a particular state, the master ECU executes inspection of a security state of the shared key stored by the ECU or the like.

There is described a method and apparatus for managing security for a connection between a user device and a communications network comprising at least one base station and a core network. In one embodiment, the method includes receiving at the core network security capability information for the user device connecting to the communications network. Security capability information for the base station is then obtained from memory or from the base station itself. The security capability information for the user device and the security capability information for the base station is then processed in the core network to select a security policy for a connection between the user device and the base station and the selected security policy is transmitted to the base station.

An admission scheme for a communication network comprising the step of:—a) acquiring and storing the MAC address of a device on admitting the device to the communication network, b) checking the source MAC address of a data packet before said data packet is admitted into the communication network, and c) admitting a data packet into the communication network only if the MAC address is registered with the communication network.

A Monitoring system and a method in a monitoring system comprising a public network, a private network, an access limiting device arranged to limit the access of the private network from the public network, and a control server connected to the public network. The monitoring system further comprises a monitoring device connected to the private network and being arranged to send an HTTP request to the control server. The control server being arranged to send a HTTP response to the monitoring device in response to the HTTP request, wherein the HTTP header's ‘Content-Length’ field of the HTTP response is not defined or wherein the HTTP header's ‘Content-Length’ field is set to a number that is large enough to enable transport of a plurality of future control messages as part of an over time stretched HTTP response resulting in an open path from the control server to the monitoring device through the access limiting device and wherein the control server is arranged to send control messages to the monitoring device via said open path.

A communication game system includes a plurality of game apparatuses which are able to wirelessly communicate with each other. Each of the game apparatus registers identifying information of an opponent obtained by a short-distance wireless communication or by user's input in a friend list. Thereafter, the game apparatus connects to the Internet, and inquires server, etc. whether or not it is possible to communicate with the opponent in the friend list over a network. If it is possible to communicate, the game apparatus obtains an address of the opponent to make a network communication. In a case that a still another opponent being connected to its own apparatus exists, when other game apparatus makes a connection, its own game apparatus transmits their identifying information to introduce the communicating opponents to each other. The game apparatuses introduced to each other make a communication over a network, and add the identifying information of the opponents to the friend list, if necessary.

A risk evaluation support device is used for a safety network which serves to cause an output device to make a controlled device operable based on a detection signal outputted from an input device when the input device detects a safety condition. The support device creates a parameter setting table for correlating a danger source with the input and output devices and a PLC for risk evaluation based on configuration data of the safety network obtained through a communication part and device data on devices obtained from a component database. Operating data for the safety network are obtained according to conditions provided by the parameter setting table and a current risk evaluation value for the danger source is calculated based on the obtained operating data. The calculated risk evaluation value is outputted to a display part.

The disclosure is directed towards systems and methods for improving security in a computer network. The system can include a planner and a plurality of controllers. The controllers can be deployed within each zone of the production network. Each controller can be configured to assume the role of an attacker or a target for malicious network traffic. Simulations of malicious behavior can be performed by the controllers within the production network, and can therefore account for the complexities of the production network, such as stateful connections through switches, routers, and other intermediary devices. In some implementations, the planner can analyze data received from the controllers to provide a holistic analysis of the overall security posture of the production network.

The invention discloses a multi-website shopping cart implementation method, which uses a main website to provide consumers a hyperlink element linking to an associate website. When a consumer selects the hyperlink element, the main website will transmit the ID of the consumer and the verification code to the associate website so as to verify the identity of the consumer. When the consumer wants to purchase a particular commodity sold at the associate website, the main website will receive trade information transmitted from the associate website and thereby charge to the consumer. Finally, the main website places an order to the associate website and provides the name and the address of the receiver to the associate website. With the trade information, the name and the address of the receiver, the associate website sends out the commodity. The invention also discloses a multi-website shopping cart system to implement the above method.

The invention presents a network data security system and a protecting method applied in network data transmission. Meanwhile the network data security system includes a client, an authentication dispatching server and a number of distributed servers. The authentication dispatching server includes a first determination device and a user certificate generator; and each distributed server includes a second determination device, a second user certificate generator and a processor. The method for protecting data of the present invention introduces the authentication dispatching server providing the client with a user certificate in a valid period of time and further introduces an updated certificate mechanism for preventing the user certificate from being stolen and further preventing network data from being let out.

A method and system for configuring security devices on a security network. A mobile computing device reads spatially-encoded optical machine-readable indicia, decodes the indicia, and extracts encoded configuration information for the security devices. The configuration information from the indicia is then transmitted to a monitoring station, which uses the configuration information to configure communication with the security devices on the security network.

A secure connection between the main unit of a portable information device and a peripheral device via a wireless network is ensured by using an electronic seal that makes it possible to transmit an encryption key to the portable information terminal and the peripheral device thereof by an operation which is analogous to “seal affixing” by a user confirmed as an authorized user. For example, user confirmation is performed by an authentication technology using biometric information, such as “fingerprint authentication”. After the portable information terminal and the peripheral device thereof perform mutual recognition, they can perform secure mutual communication via a wireless network, etc., by using the encryption key provided via the electronic seal.

Aspects of a method and system for protected MAC sequence numbers, as well as secure block acknowledgment (block ACK) with protected MAC sequence number are presented. In one aspect of the system a communicating station (STA) may protect the sequence number (SN) field portion of transmitted protocol data units (PDUs), for example data MAC layer PDUs (MPDUs), or frames. In another aspect of the system, starting sequence number (SSN) information communicated via control frames, such as block acknowledgment request (BAR) and block acknowledgment (BA) frames, may be protected. In another aspect of the system, communicating STAs may exchange management frames to enable the protection of SN information in data MPDUs and/or the protection of SSN values in control MPDUs.