Craig R Watkins

US Patent:

7305450, Dec 4, 2007

Filed:

Mar 7, 2002

Appl. No.:

10/091479

Inventors:

Eric Rescorla - Palo Alto CA, US
Adam Cain - Madison WI, US
Brian Korver - San Francisco CA, US
Tom Kroeger - Santa Cruz CA, US
David Kashtan - La Selva Beach CA, US
Craig Watkins - State College PA, US

Assignee:

Nokia Corporation - Espoo

International Classification:

G06F 15/16

US Classification:

709208, 709203, 709227, 709228, 709234, 709235, 709242

Abstract:

Method and apparatus for clustered Secure Sockets Layer (SSL) acceleration where two or more SSL relays are connected in a cluster. Information is transferred between a first node (typically, the client) and one of the SSL relays where the transferred information is related to communication between the first node and a second node (typically, the server). The state information of an SSL connection between the first node and the one SSL relay is clustered. The clustering includes sharing the state information between the one SSL relay and each of the one or more SSL relays. Any of the SSL relays can take over all connections of another of the clustered SSL relays therefore, providing no interruption in the communication should any of the SSL relays fail.

US Patent:

7321970, Jan 22, 2008

Filed:

Dec 30, 2003

Appl. No.:

10/748760

Inventors:

Craig R. Watkins - State College PA, US
Jeremey Barrett - Sugar Land TX, US
Adam Cain - Madison WI, US

Assignee:

Nokia Siemens Networks Oy - Espoo

International Classification:

H04L 9/32

US Classification:

713156, 713175

Abstract:

Methods and systems are directed to authenticating a client over a network. The client generates a certificate and sends it to a server through a trusted mechanism. The server is configured to store the received certificate. When the client requests authentication over the network, it provides the certificate again, along with a parameter associated with a secure session. The server verifies the parameter associated with the secure session and determines if the certificate is substantially the same as the stored certificate. The server authenticates the client over the network, if the certificate is determined to be stored. In another embodiment, the client transmits the certificate that is generated by a third party Certificate Authority (CA) based, in part, on the client's public key.

US Patent:

7454614, Nov 18, 2008

Filed:

Mar 25, 2002

Appl. No.:

10/103774

Inventors:

Thomas Kroeger - Santa Cruz CA, US
David Kashtan - La Selva Beach CA, US
Adam Cain - Madison WI, US
Craig Watkins - State College PA, US

Assignee:

Microsoft Corporation - Redmond WA

International Classification:

H04L 9/00
G06F 11/07

US Classification:

713168, 713150, 714 2, 714 3, 714 4, 714 15, 726 22, 726 26

Abstract:

Method and apparatus for fault tolerant TCP handshaking that includes a first node and a second node both connected in a network where the second node is one of at least two nodes in a cluster of nodes. The second node receives a first message from the first node where the first message includes a sequence number. The second node generates a fingerprint and replaces a portion of the sequence number with the fingerprint to form a cryptographic sequence number. The cryptographic sequence number is sent from the second node to the first node. A second message that includes the cryptographic sequence number is received from the first node at the second node. Any node in the cluster can verify that the cryptographic sequence number sent by the first node was created by one of the nodes in the cluster thereby providing fault tolerant TCP handshaking.

US Patent:

7591017, Sep 15, 2009

Filed:

Jun 24, 2003

Appl. No.:

10/606346

Inventors:

Craig R. Watkins - State College PA, US
Jeremey Barrett - Sugar Land TX, US
Adam Cain - Madison WI, US
Brian Lichtenwalter - Santa Cruz CA, US
Daniel Myers - Fremont CA, US
Steven Schall - Ben Lomond CA, US

Assignee:

Nokia Inc. - Irving TX

International Classification:

G06F 21/00

US Classification:

726 24, 726 27

Abstract:

Apparatus, system, method and computer program product for verifying the integrity of remote network devices that request access to network services and resources. Unintended computer programs such as viruses, worms, or Trojan horses, may compromise remote devices. The invention involves downloading verification software over the web into the web browser of a client for the purpose of performing checks to verify the integrity and security of the client's device or system. The results of such checks are returned over the web to be used in security decisions involving authentication and the grant of authorization to access services and resources.

US Patent:

7650409, Jan 19, 2010

Filed:

Apr 12, 2004

Appl. No.:

10/823378

Inventors:

Adam Cain - Madison WI, US
Craig R. Watkins - State College PA, US
Jeremey Barrett - Sugar Land TX, US

Assignee:

Nokia Siemens Networks Oy - Espoo

International Classification:

G06F 15/173

US Classification:

709225, 709229, 713150, 713161, 340 58, 340 585, 340 586

Abstract:

Methods and devices are directed to authorizing a network device to a resource over a network. An access server determines based, in part, on an attribute of the network device associated with the attribute certificate, whether the network device may be authorized access to the resource over the network. The attribute may be associated with a capability granted to the network device, a condition to be satisfied for the attribute to be valid, and the like. The attribute may belong to a group of network devices, or one or more users accessing the network through the network device. In one embodiment, the attribute certificate may be provided based on an automated security scan of the network device. In another embodiment, the access server may make the attribute available to a network resource associated with the access server.

US Patent:

20050160161, Jul 21, 2005

Filed:

Dec 29, 2003

Appl. No.:

10/748845

Inventors:

Jeremey Barrett - Sugar Land TX, US
Craig Watkins - State College PA, US
Adam Cain - Madison WI, US

Assignee:

Nokia, Inc. - Irving TX

International Classification:

G06F015/173

US Classification:

709223000

Abstract:

Methods, devices, and systems are directed to managing a proxy request over a secure network using inherited security attributes. Proxy traffic, such as HTTP proxy traffic, is tunneled through a secure tunnel such that the proxy request inherits security attributes of the secure tunnel. The secure attributes may be employed to enable proxy access to a server, thereby extending a security property of the secure tunnel to the proxy connection tunneled through it. A secure tunnel service receives a proxy request from a client and modifies the proxy request to include the security attribute. In one embodiment, the security attribute is an identifier that enables a proxy service may employ to determine another security attribute. The proxy service is enabled to employ the security attribute, and the security attribute to determine if the client is authorized access to the server.

US Patent:

20060005032, Jan 5, 2006

Filed:

Jun 15, 2004

Appl. No.:

10/868390

Inventors:

Adam Cain - Madison WI, US
Craig Watkins - State College PA, US
Jeremey Barrett - Sugar Land TX, US

International Classification:

H04K 1/00

US Classification:

713182000

Abstract:

Method and devices are directed to managing access to a resource over a network. Upon receiving a request for access to the resource over the network, a resource controller determines a parameter associated with the request based on a query of the user and a scan of a client device associated with the request. The controller then applies an access control rule based, in part, on the parameter to determine a level of trust. Depending on the type of request, the resource controller may negotiate access to the resource with a resource server on behalf of the user and act as proxy in establishing the connection, if the request is permitted. A level of access to the resource may be determined based on the level of trust.