Network communications security agent

US 7,266,681 B1
Filed: 04/07/2000
Issued: 09/04/2007
Est. Priority Date: 04/07/2000
Status: Expired due to Fees

First Claim

Patent Images

1. A method comprising:

receiving data from a network protocol layer of a receiving client, the data comprising a portion of an event being received at the receiving client;

determining if the data is eligible for a security operation, wherein eligibility is determined by selector data contained in the data;

creating a selector based on the selector data and using said selector to search a receiving client database of security associations for at least one selector/security association pair identifying a security association corresponding to the selector, said receiving client database storing a plurality of selector/security association pairs received from a key server corresponding to different timewise intervals of said event;

applying the security operation to the data if the data is eligible wherein applying the security operation comprises using the security, association on the at least a portion of the data; and

sending the data to which the security operation has been applied to a network application program interface (API) of the receiving client;

wherein, for any particular one of said timewise intervals of said event having a corresponding selector/security association pair, the receiving client receives said corresponding selector/security association pair from said key server and stores said corresponding selector/security association pair in said receiving client database prior to receiving said particular one of said timewise intervals of said event, andwherein determining if the data is eligible for the security operation comprises determining that the data is not eligible for the security operation if the selector cannot be created based on the selector data, and wherein said data is sent to the network API of the receiving client without an applied security operation if it is so determined that the data is not eligible.

View all claims

5 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

One embodiment of an inventive networking environment includes clients called sending clients because they send network content through a network, and clients called receiving clients because they receive the network content from the sending clients through the network. Both sending clients and receiving clients are “clients” in that they rely on a management server to orchestrate the secure transfer of information from sending clients to receiving clients.

Citations

2 Claims

1. A method comprising:
- receiving data from a network protocol layer of a receiving client, the data comprising a portion of an event being received at the receiving client;
  
  determining if the data is eligible for a security operation, wherein eligibility is determined by selector data contained in the data;
  
  creating a selector based on the selector data and using said selector to search a receiving client database of security associations for at least one selector/security association pair identifying a security association corresponding to the selector, said receiving client database storing a plurality of selector/security association pairs received from a key server corresponding to different timewise intervals of said event;
  
  applying the security operation to the data if the data is eligible wherein applying the security operation comprises using the security, association on the at least a portion of the data; and
  
  sending the data to which the security operation has been applied to a network application program interface (API) of the receiving client;
  
  wherein, for any particular one of said timewise intervals of said event having a corresponding selector/security association pair, the receiving client receives said corresponding selector/security association pair from said key server and stores said corresponding selector/security association pair in said receiving client database prior to receiving said particular one of said timewise intervals of said event, andwherein determining if the data is eligible for the security operation comprises determining that the data is not eligible for the security operation if the selector cannot be created based on the selector data, and wherein said data is sent to the network API of the receiving client without an applied security operation if it is so determined that the data is not eligible.

2. A machine readable storage medium having stored thereon machine executable instructions, execution of said machine executable instructions being operable to implement a method comprising:
- receiving data from a network protocol layer of a receiving client, the data comprising a portion of an event being received at the receiving client;
  
  determining if the data is eligible for a security operation, wherein eligibility is determined by selector data contained in the data;
  
  creating a selector based on the selector data and using said selector to search a local receiving client database of security associations for at least one selector/security association pair identifying a security association corresponding to the selector, said receiving client database storing a plurality of selector/security association pairs received from a key server corresponding to a succession of timewise intervals of said event;
  
  applying the security operation to the data if the data is eligible, wherein applying the security operation comprises using a security association on the at least a portion of the data; and
  
  sending the data to which the security operation has been applied to a network application program interface (API) of the receiving client;
  
  wherein, for any particular one of said timewise intervals of said event having a corresponding selector/security association pair, the receiving client receives said corresponding selector/security association pair from said key server and stores said corresponding selector/security association pair in said receiving client database prior to receiving said particular one of said timewise intervals of said event, andwherein determining if the data is eligible for the security operation comprises determining that the data is not eligible for the security operation if a selector cannot be created based on the data, and wherein said data is sent to the network API of the receiving client without an applied security operation if it is so determined that the data is not eligible.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Intertrust Technologies Corporation (Fidelio Acquisition Co LLC)
Original Assignee
Intertrust Technologies Corporation (Fidelio Acquisition Co LLC)
Inventors
Janes, Sherman M.
Primary Examiner(s)
Moazzami; Nasser
Assistant Examiner(s)
Parthasarathy; Pramila

Application Number

US09/544,493
Time in Patent Office

2,706 Days
Field of Search

713/150, 713/151
US Class Current

713/151
CPC Class Codes

H04L 2209/60   Digital content management,...

H04L 63/164   at the network layer

H04L 63/20   for managing network securi...

H04L 9/0891   Revocation or update of sec...

Network communications security agent

First Claim

5 Assignments

0 Petitions

Accused Products

Abstract

Citations

2 Claims

Specification

Solutions

Use Cases

Quick Links

Network communications security agent

First Claim

5 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

2 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links