NETWORK COMMUNICATIONS SECURITY AGENT
2 Assignments
0 Petitions
Accused Products
Abstract
One embodiment of an inventive networking environment includes clients called sending clients because they send network content through a network, and clients called receiving clients because they receive the network content from the sending clients through the network. Both sending clients and receiving clients are “clients” in that they rely on a management server to orchestrate the secure transfer of information from sending clients to receiving clients.
-
Citations
60 Claims
-
1-20. -20. (canceled)
-
21. A computer program product embodied on at least one computer readable medium for use with at least one computer processor for implementing data security in a transfer of an event from a sending client to a receiving client located remotely therefrom across a network, the network further including a key server located remotely from each of the sending and receiving clients, the computer program product comprising:
-
(a) computer code for receiving, at each of the sending and receiving clients, keying information associated with the event from the key server, the keying information including a plurality of selector/security association pairs corresponding to different timewise intervals of the event; (b) computer code for populating, at the sending client, a first database of selector/security association pairs local to the sending client using said keying information received from the key server; (c) computer code for populating, at the receiving client, a second database of selector/security association pairs local to the receiving client using said keying information received from the key server; (d) computer code for receiving, at the sending client, first data from a network application program interface (API) of the sending client, the first data comprising a portion of the event to be sent from the sending client to the receiving client; (e) computer code for determining, at the sending client, whether the first data is eligible for a first security operation, wherein eligibility is determined by first selector data contained in the first data; (f) computer code for creating, at the sending client, a first selector based on the first selector data and using said first selector to search the first database for at least one selector/security association pair identifying a first security association corresponding to the first selector; (g) computer code for applying, at the sending client, the first security operation to the first data if the first data is eligible, wherein said computer code for applying the first security operation comprises computer code for using the first security association on the at least a portion of the first data; (h) computer code for sending, at the sending client, the first data to which the first security operation has been applied to a network protocol layer of the sending client for transfer over the network and reception by a network protocol layer of the receiving client; (i) computer code for receiving, at the receiving client, second data from the network protocol layer of the receiving client, the second data including the first data to which the first security operation has been applied; (j) computer code for determining, at the receiving client, whether said second data is eligible for a second security operation, wherein eligibility is determined by second selector data contained in the second data; (k) computer code for creating, at the receiving client, a second selector based on the second selector data and using said second selector to search the second database for at least one selector/security association pair identifying a second security association corresponding to the second selector; (l) computer code for applying, at the receiving client, the second security operation to the second data if the second data is eligible, wherein said computer code for applying the second security operation comprises computer code for using the second security association on the at least a portion of the second data; and (m) computer code for sending, at the receiving client, the second data to which the second security operation has been applied to a network API of the receiving client. - View Dependent Claims (22, 23, 24, 25, 26, 27, 28)
-
-
29. A computer program product embodied on at least one computer readable medium for use with at least one computer processor at a sending client for implementing data security in a transfer of an event from the sending client to a receiving client located remotely therefrom across a network, the network further including a key server located remotely from each of the sending and receiving clients, the computer program product comprising:
-
computer code for receiving data from a network application program interface (API) of the sending client, the data comprising a portion of the event to be sent from the sending client to the receiving client; computer code for determining if the data is eligible for a security operation, wherein eligibility is determined by selector data contained in the data; computer code for creating a selector based on the selector data and using said selector to search a local sending client database of security associations for at least one selector/security association pair identifying a security association corresponding to the selector, said local sending client database storing a plurality of selector/security association pairs received from the key server corresponding to different timewise intervals of said event; computer code for applying the security operation to the data if the data is eligible, wherein said computer code for applying the security operation comprises computer code for using the security association on the at least a portion of the data; and computer code for sending the data to which the security operation has been applied to a network protocol layer of the sending client. - View Dependent Claims (30, 31, 32)
-
-
33. A computer program product embodied on at least one computer readable medium for use with at least one computer processor at a receiving client for implementing data security in a transfer of an event to the receiving client from a sending client located remotely therefrom across a network, the network further including a key server located remotely from each of the sending and receiving clients, the computer program product comprising:
-
computer code for receiving data from a network protocol layer of the receiving client, the data comprising a portion of the event being received at the receiving client; computer code for determining if the data is eligible for a security operation, wherein eligibility is determined by selector data contained in the data; computer code for creating a selector based on the selector data and using said selector to search a local receiving client database of security associations for at least one selector/security association pair identifying a security association corresponding to the selector, said local receiving client database storing a plurality of selector/security association pairs received from the key server corresponding to different timewise intervals of said event; computer code for applying the security operation to the data if the data is eligible, wherein said computer code for applying the security operation comprises computer code for using the security association on the at least a portion of the data; and computer code for sending the data to which the security operation has been applied to a network API of the receiving client. - View Dependent Claims (34, 35, 36, 37, 38, 39, 40)
-
-
41. A system for implementing data security in a transfer of an event from a sending client to a receiving client located remotely therefrom across a network, the sending client including a first processor and the receiving client including a second processor, the network further including a key server located remotely from each of the sending and receiving clients, the system comprising:
-
a first memory associated with said first processor and storing first instructions that, when executed by said first processor, cause the first processor to perform steps comprising; receiving keying information associated with the event from the key server, the keying information including a plurality of selector/security association pairs corresponding to different timewise intervals of the event; populating a first database of selector/security association pairs local to the sending client using said keying information; receiving first data from a network application program interface (API) of the sending client, the first data comprising a portion of the event to be sent from the sending client to the receiving client; determining whether the first data is eligible for a first security operation, wherein eligibility is determined by first selector data contained in the first data; creating a first selector based on the first selector data and use said first selector to search the first database for at least one selector/security association pair identifying a first security association corresponding to the first selector; applying the first security operation to the first data if the first data is eligible, said applying the first security operation comprising using the first security association on the at least a portion of the first data; and sending the first data to which the first security operation has been applied to a network protocol layer of the sending client for transfer over the network and reception by a network protocol layer of the receiving client; and a second memory associated with said second processor and storing second instructions that, when executed by said second processor, cause the second processor to perform steps comprising; receiving said keying information from said key server; populating a second database of selector/security association pairs local to the receiving client using said keying information; receiving second data from the network protocol layer of the receiving client, the second data including the first data to which the first security operation has been applied; determining whether said second data is eligible for a second security operation, wherein eligibility is determined by second selector data contained in the second data; creating a second selector based on the second selector data and using said second selector to search the second database for at least one selector/security association pair identifying a second security association corresponding to the second selector; applying the second security operation to the second data if the second data is eligible, said applying the second security operation comprising using the second security association on the at least a portion of the second data; and sending the second data to which the second security operation has been applied to a network API of the receiving client. - View Dependent Claims (42, 43, 44, 45, 46, 47, 48)
-
-
49. A system for implementing data security in a transfer of an event from a sending client to a receiving client located remotely therefrom across a network, the sending client including a processor, the network further including a key server located remotely from each of the sending and receiving clients, the system comprising a memory associated with the processor and storing instructions that, when executed by said processor, cause the processor to perform steps comprising:
-
receiving data from a network application program interface (API) of the sending client, the data comprising a portion of the event to be sent from the sending client to the receiving client; determining whether the data is eligible for a security operation, wherein eligibility is determined by selector data contained in the data; creating a selector based on the selector data and using said selector to search a local sending client database of security associations for at least one selector/security association pair identifying a security association corresponding to the selector, said local sending client database storing a plurality of selector/security association pairs received from the key server corresponding to different timewise intervals of said event; applying the security operation to the data if the data is eligible, wherein applying the security operation comprises using the security association on the at least a portion of the data; and sending the data to which the security operation has been applied to a network protocol layer of the sending client. - View Dependent Claims (50, 51, 52)
-
-
53. A system for implementing data security in a transfer of an event from a sending client to a receiving client located remotely therefrom across a network, the receiving client including a processor, the network further including a key server located remotely from each of the sending and receiving clients, the system comprising a memory associated with the processor and storing instructions that, when executed by said processor, cause the processor to perform steps comprising:
-
receiving data from a network protocol layer of the receiving client, the data comprising a portion of the event being received at the receiving client; determining whether the data is eligible for a security operation, wherein eligibility is determined by selector data contained in the data; creating a selector based on the selector data and using said selector to search a local receiving client database of security associations for at least one selector/security association pair identifying a security association corresponding to the selector, said local receiving client database storing a plurality of selector/security association pairs received from the key server corresponding to different timewise intervals of said event; applying the security operation to the data if the data is eligible, wherein said applying the security operation comprises using the security association on the at least a portion of the data; and sending the data to which the security operation has been applied to a network API of the receiving client. - View Dependent Claims (54, 55, 56, 57, 58, 59, 60)
-
Specification