931 results about "Handshake" patented technology

An interface cable is configured to connect a host instrument to a physiological sensor. The interface cable has an ID signal input from the sensor and a LED drive signal input from the host instrument sensor port. The interface cable also has a data signal output to the host instrument sensor port. The LED drive signal and the data signal provide an encrypted handshake to and from the host instrument. The handshake is responsive to the ID signal so as to enable normal operation of the host instrument and the sensor.

A system for providing continuous connection between a client and a network during a session. The system comprises of a connection utility, which monitors a network session for an occurrence of a pre-defined event and/or condition. The system is particularly advantageous in scenarios where a session's connection is lost and the session has to be reconnected to the network. The system also finds applicability with several other types of events/conditions, including a connection break, a slow or congested connection or a change in the type of data being transmitted. When any one of the pre-defined events/conditions occur, the session is automatically routed from the present connection route to another connection route, and is completed on the other connection route. In order to complete the re-routing of the sessions, session information is cached on the client and the server. The session data is tagged with the original session ID. On the server, a special Client Key is stored for later retrieval, and on the client a special Server Key is stored. During the reconnect, the server uses its previously stored session data associated with the client key and previous session ID to regain a new session connection. The client uses its previously stored session data to regain its side of the connection and to pass the proper request over the wire to the server. This special "handshake" occurs at session reconnect time and allows the special session re-connection to occur. The re-routing of the session is completed with no noticeable loss in connection or session information. Thus, a substantially seamless switching of the session from the first connection route to the second connection route is implemented.

A method for authentication of an external storage device (16) operatively connected to a port of a host computer (10) where the host computer (10) conducts a handshake with the external storage device (16) seeking an authentication key from the external storage device. The host computer (10) electrically disconnects the external storage device (16) from the host computer (10) if the authentication key is incorrect or not provided within a predetermined period. The host computer (10) allows access to the host computer (10) by the external storage device (16) if the authentication key is correct and provided within the predetermined period. Corresponding apparatus and systems are also disclosed.

When a SET receives a positioning service from a V-SLP by performing a roaming from a H-SLP to the V-SLP in a SUPL-based positioning system, only a new TLS connection is generated using an abbreviated handshake protocol without generating anew TLS session after the roaming. That is, when opening a TLS session for ensuring security in a SUPL-based positioning method, in particular, when opening a new TLS session between the V-SLP (V-SPC) and the SET after opening the TLS session between the H-SLP and the SET, the key information having used in the previous TLS session is provided to the V-SLP to set a new TLS connection, thereby reducing a load of an entire system.

Methods, apparatuses and systems directed to the classification of encrypted network traffic. In one implementation, the present invention facilitates the classification of network traffic that has been encrypted according to a dynamically-created encryption mechanism involving a handshake between two end-systems, such as the SSL and TLS protocols. In one implementation, the present invention observes and analyzes attributes of the handshake between two nodes to enhance the classification of network traffic. In one embodiment, the enhanced classification mechanisms described herein operate seamlessly with other Layer 7 traffic classification mechanisms that operate on attributes of the packets themselves. Implementations of the present invention can be incorporated into a variety of network devices, such as traffic monitoring devices, packet capture devices, firewalls, and bandwidth management devices.

A dual-mode Universal-Serial-Bus (USB) switch can operate in a normal hub mode to buffer transactions from a host to multiple USB flash storage blocks that are USB endpoints. When operating in a single-endpoint mode, the dual-mode USB switch intercepts packets from the host and responds to the host as a single USB endpoint. The USB switch aggregates all downstream USB flash storage blocks and reports a single pool of memory to the host as a single virtual USB memory. Adjacent transactions can be overlapped by packet re-ordering. A token packet that starts a following transaction is re-ordered to be sent to the USB flash storage blocks before the data and handshake packets that end a first transaction, allowing the second transaction to begin accessing the flash memory earlier. Data can be mirrored or striped across several USB flash storage blocks and parity can be added for error recovery.

A system, method and computer program for enforcing network cluster proximity requirements using a proxy is useful in preventing unauthorized devices from receiving encrypted broadcast content intended for only authorized users within a network cluster. The current art allows users to remotely establish trust via a cryptographic handshake. This results in encrypted broadcast content being delivered to unauthorized devices. The present invention assures that encrypted broadcast content is delivered to only authorized devices, allowing authorized remote devices to receive encrypted broadcast content while preventing unauthorized remote devices from doing so. The present invention enforces network proximity requirements to authorized devices within a defined area by timing the cryptographic handshaking, and by authorizing device proxies within a geographic area for retransmitting to authorized remote devices outside said geographic area.

A wireless authentication protocol. Access to a network is managed by providing a challenge-handshake protocol within the Extensible Authentication Protocol for authentication between a client and the network.

A method for authenticating communication traffic includes intercepting a request directed over a network from a source address to open a connection to a target computer in accordance with a handshake procedure specified by a predetermined communication protocol. A reply to the request that deviates from the specified handshake procedure is sent to the source address. A response from the source address to the reply is analyzed in order to make an assessment of legitimacy of the source address. Upon determining, based on the assessment, that the source address is legitimate, the target computer is permitted to complete the handshake procedure so as to open the connection with the source address.

Architecture for controlling access by a Light Extensible Authentication Protocol (LEAP)-compatible wireless client to a network that utilizes a challenge/handshake authentication protocol (CHAP). A proxy service is hosted on a network server disposed on the network, and accessed in response to receiving access information from the client. The access information is processed with the proxy service into CHAP-compatible access information, and forwarded to a CHAP-based access control server disposed on the network to determine whether to grant network access to the client.

A personal alarm system includes a monitoring base station and one or more remote sensing units in two-way radio communication. An electronic handshake between the base station and each remote unit is used to assure system reliability. The remote units transmit at selectable power levels. In the absence of an emergency, a remote unit transmits at a power-conserving low power level. Received field strength is measured to determine whether a remote unit has moved beyond a predetermined distance from the base station. If the distance is exceeded, the remote unit transmits at a higher power level. The remote unit includes sensors for common hazards including water emersion, smoke, excessive heat, excessive carbon monoxide concentration, and electrical shock. The base station periodically polls the remote units and displays the status of the environmental sensors. The system is useful in child monitoring, for use with invalids, and with employees involved in activities which expose them to environmental risk. Alternative embodiments include a panic button on the remote unit for summoning help, and an audible beacon on the remote unit which can be activated from the base station and useful for locating strayed children. In another embodiment, the remote unit includes a Global Positioning System receiver providing location information for display by the base station.

An information processing system for protecting against denial of service attacks comprises an interface (310) to receive and send packets, wherein the packets comprise at least one synchronization packet that is part of a handshake process for establishing the connection between the source client computer (118) and the target server computer (102); a crypto engine (306) adapted to create a unique sequence number for inclusion in a packet to be sent to a client (118) requesting establishment of a connection between a client (118) and server (102), wherein the crypto engine (306) is further adapted to validate unique sequence numbers in received synchronization packets that are part of a handshake process for establishing the connection between the source client (118) and the protected server (102); and a lookup table (304) for storing information defining established connections between the server (102) and clients so that arriving packets that purport to be part of an established connection can be validated by comparing information in the packet with entries in the table.

An embodiment of the invention provides a method for providing power to a USB client device and polling for a correct protocol. A USB host device provides power and a first part of a first handshake determined by a first protocol. The host then monitors the client for a second part of the first handshake. When the second part of the first handshake is detected by the host, the client recognizes that power may be applied according to the first protocol. When the second part of the first handshake is not presented by the client device, the host provides a first part of a second handshake according to a second protocol. When the second part of the second handshake is provided by the client, the host the client recognizes that power may be applied according to the second protocol.

A data collection method for collecting data describing at least one encounter of a mobile wireless device with at least one other wireless device, said method comprising: conducting a digital handshake between said mobile wireless device and said at least one other wireless device over a wireless link; and communicating a record of said encounter between said mobile wireless device and said other wireless device to a recording device.

Embodiments are directed towards establishing an encrypted session between a client device and a target server device when the client device initiates network connections through a proxy device. In one embodiment, the client device initiates an encrypted session with the proxy device. Once the encrypted session is established, the client device communicates the address of the target server device to the proxy device. Then, the proxy device sends an encrypted session renegotiation message to the client device. The client device responds to the encrypted session renegotiation message by transmitting an encrypted session handshake message to the proxy device. The proxy device forwards the encrypted session handshake message to the target server device, and continues to forward handshake messages between the client device and the target server device, enabling the client device and the target server device to establish an encrypted session

The application provides an Internet of Vehicles safety communication method, a vehicle-mounted terminal, a server and a system. The Internet of Vehicles safety communication method is characterized by comprising the following steps: the vehicle-mounted terminal sends a handshake authentication request to a server after determining that the transmission control protocol connection with the server has been finished, wherein the handshake authentication request comprises an identifier of the vehicle-mounted terminal and a first Hash value encrypted by use of a symmetrical encryption algorithm same as that adopted by the server; the vehicle-mounted terminal receives an authentication response message returned by the server, wherein the authentication response message is returned by the server after determining that the vehicle-mounted terminal is legal; and the vehicle-mounted terminal establishes a safety authentication transmission protocol connection with the server according to the authentication response message. A lightweight safety authentication transmission protocol is established between the vehicle-mounted terminal and the server by use of less resource, and the security of the data transmission between the vehicle-mounted terminal and the server is improved.

An alert messaging system and method to securely transmit and receive alert messages via secure connection among one or more messaging servers and at least one client user station using a token-based, one-way handshake mechanism.

A traffic management device (TMD), system, and processor-readable storage medium are directed to monitoring an encrypted session between a client and a server, determining that the session identifier is unknown, and requesting a renegotiation of the session to acquire a session identifier for the renegotiated session. Determination that the session identifier is unknown may be based on interception and analysis of handshake messages sent by the client and/or the server. Following such determination, a renegotiation of the encrypted session may be triggered by sending a renegotiation request to the client, and a session identifier for the renegotiated session may be determined based on information extracted from subsequent handshake messages exchanged between the client and server during the renegotiation. Determination of the session identifier may enable decryption, encryption and modification of subsequent communications traffic, for example insertion of third party content into traffic sent to the client.

Technology is described for transferring one or more mobile tags using a light based communication protocol. A mobile device, for example a smart phone, with an image sensor and an illuminator, like a camera flash, initiates transfer of data formatted in a mobile tag displayed by another device by automatically controlling the illuminator to generate sequences of light representing data transfer messages. The other device, for example a user wearable computer device with sensors capturing biometric and health related data, has a photodetector unit for capturing the sequences of light and converting them into digital data. A processor of the other device identifies the data transfer messages and causes a display of one or more mobile tags responsive to the messages. In this way, a number of mobile tags may be used to transfer several kilobytes of biometric data, for example 4-7 KBs, using low power for the wearable device.

The invention provides a reliable data transmission method and a device thereof. The method comprises the following steps: a data transmitting end divides a file to be transmitted into a data packets with serial numbers; according to a preset buffer data packet format, the data packets are packaged into data packets to be transmitted, and then are added to a transmission buffer area: the data packets to be transmitted in the transmission buffer area are transmitted in sequence; the data packets confirmed at a data receiving end in the transmission buffer area are deleted; whether the stoppingtime of the data packets in the transmission buffer area is over a preset time threshold or not is judged, and if so, the data packets are reset to be the data packets to be transmitted; and the transmission process is repeated. In the scheme of the invention, as only the data format and the transmission process at the transmitting end and the receiving of the data packets are controlled, no special data packets are needed to be transmitted between the transmitting end and the receiving end to carry out handshake connection operation, and under the condition that the system expense is less and the data transmission efficiency is high, the problem that the existing UDP (User Datagram Protocol) can not reliably transmit the data can be solved.

The invention provides a method of data reliable transmission with a user datagram protocol (UDP) in a communication network. The method comprises that firstly, connecting handshake is carried out between a data packet sending end and a data packet receiving end, a communication layer of the data packet sending end informs an application layer that a reliable transmission channel is built; in a data packet transmission process, the communication layer of the data packet sending end detects a channel state of the transmission channel through a heartbeat mechanism, and if the channel state changes, the application layer is informed. The method has strong adaptability and can be used for the communication network which is large in transmission delay difference. A mutual-informing mode is used between the application layer and the communication layer of the sending end, the application layer and the communication layer are in mutual independence and also a unified whole, data reliable transmission is achieved, and meanwhile the problem that when the transmission channel is in fault, the uninformed application layer sends data to the communication layer continuously and resources are consumed is avoided. According to the method, the communication layer of the receiving end transmits a data packet to the application layer directly according to protocol header information to activate task scheduling, and the method has more advantages than a polling scheduling strategy and a callback scheduling strategy.

A portable encrypted storage device with biometric identification includes a host interface connected to a terminal host, a controller connected to the host interface, a memory module, a fingerprint sensor, an encryption/decryption chip and a portable large-capacity storage unit connected to the controller. The controller communicates with the host by handshakes and enables the host to automatically run a fingerprint identification driver and application program from the memory module to the host. The host receives an instruction from the user through the driver and program, and informs the controller to control the fingerprint sensor to read to-be-recognized fingerprint data of the user. The host judges whether or not the to-be-recognized fingerprint data substantially matches with a fingerprint template stored in the memory module. If a match occurs, the host can recognize and access the hidden portable large-capacity storage unit through the encryption/decryption chip.

An asynchronous and delay-insensitive data processor comprises a plurality of components communicating with each other and synchronizing their activities by communication actions on channels and buses. Each component consists of a control part and a data part. All control parts are implemented with a lazy-active-passive handshake protocol and a sequencing means called a left/right buffer that provides the minimal sequencing constraints on the signals involved. The data parts comprise novel asynchronous ALU, buses, and registers. The control parts and data parts are connected together in an asynchronous and delay-insensitive manner.

A system and method for monitoring and controlling the total number of SSL port resources that are allowed to be tied up by a malicious or inept client making multiple requests from a single IP address. Smart SSL handshake timeout detection is used to track and deny service to any SSL clients that do denial of service (DOS) attacks.

A family of medium-access (MAC) collision-avoidance receiver-initiated channel-hopping (RICH) protocols which do not rely on carrier-sensing, or unique codes to each node within the network. The RICH protocol requires that each network nodes adhere to a common channel-hopping sequence, and that nodes that are not in a state of sending or receiving data will listen on the common channel hop. To send data nodes enter into a receiver-initiated dialogue over the channel-hop at the time at which a data transmission is needed. Nodes which succeed in performing the collision-avoidance handshake remain in the same channel-hop for the remainder of the data transfer, while the remaining nodes continue with the common channel hopping sequence. The described RICH protocols are capable of providing collision-free operation even in the presence of hidden terminals.

Embodiments of the present invention address deficiencies of the art in respect to security enforcement point operability in a TLS secured communications path and provide a novel and non-obvious method, system and computer program product for the secure sharing of TLS session keys with trusted enforcement points. In one embodiment of the invention, a method for securely sharing TLS session keys with trusted enforcement points can be provided. The method can include conducting a TLS handshake with a TLS client to extract and decrypt a session key for a TLS session with the TLS client traversing at least one security enforcement point. The method further can include providing the session key to a communicatively coupled key server for distribution to the at least one security enforcement point. Finally, the method can include engaging in secure communications with the TLS client over the TLS session.

The invention provides a charging method, a mobile terminal and an adapter, wherein the charging method comprises the following steps: after a charging adaptation signal is detected at the charging interface of the mobile terminal by the mobile terminal, a handshake mark signal is set at the charging interface; the mobile terminal is indicated by the charging adaptation signal, and the adapter accessed at the charging interface is adapted to the mobile terminal; the handshake mark signal is used for indicating the adapter, the mobile terminal is adapted to the adapter, and a preset adaptation charging environment is provided for the mobile terminal after the handshake mark signal is recognized by the adapter; and the mobile terminal utilizes the charging interface to charge under the adaptation charging environment provided by the adapter. Through the technical scheme provided by the invention, the charging time of a large volume battery can be efficiently shortened, and the user experience is improved.

A method for a secure handshake protocol between A and B, connected by a slow channel is provided in which A sends a first message indicating a set of cipher suites with parameters, and its identifier and B selects a cipher suite, obtains A's certificate over a fast connection, verifies A's certificate and obtains A's public key. Next B sends a second message comprising B's certificate, and an indication that B has verified A's certificate, and an indication about the selected cipher suite. A begins to use the selected cipher suite, verifies B's certificate and obtains B's public key. Next A sends a third message indicating that A has verified B's certificate.

A wireless station prepares to roam by pre-authenticating itself with a neighboring access point. The wireless station sends a rekey request, which can include an incremented rekey number. The wireless station receives a rekey response. The rekey response can include the incremented rekey number. Because the wireless station is pre-authenticated, after it roams it only needs to perform a two-way handshake with a new access point to establish secure communications with the new access point. The two-way handshake starts by the wireless station sending a reassociation request to the neighboring access point, the reassociation request comprising the incremented rekey number established during pre-authentication. The wireless station receives a reassociation response from the neighboring access point. To protect against replay attacks, the neighboring access point can verify the rekey number sent in the reassociation request matches the rekey number sent in the rekey response.

The invention discloses a proxy method for improving SSL (security socket layer) algorithm intensity of a browser, and belongs to the technical field of network security. The method comprises the steps of 1, intercepting an SSL data package initiated by the browser, 2, simulating a remote SSL server to accomplish a low-intensity SSL handshake with the browser, and 3, adopting a higher-intensity algorithm to accomplish formal certification and handshake with the remote SSL server. With the adoption of the method, an algorithm support of the available browser can be expanded effectively, particularly a support for a national standard encryption algorithm can be expanded; complete transparence to a user is achieved; and the user is not required to change a using habit.