Donald S Mcalister

US Patent:

6500123, Dec 31, 2002

Filed:

Nov 6, 2000

Appl. No.:

09/707238

Inventors:

Richard Holloway - Chapel Hill NC
John J. Stefanski - Raleigh NC
Donald K. McAlister - Apex NC
Olaf von Ramm - Durham NC
David W. Smith - Raleigh NC
Stephen Michael Grenon - Hillborough NC

Assignee:

Volumetrics Medical Imaging - Durham NC

International Classification:

A61B 800

US Classification:

600443

Abstract:

A first ultrasound dataset that represents an object in a first coordinate system can be acquired at a first time. Three landmarks of the object can be located in the first ultrasound dataset to define a second coordinate system. A first transform from the first to the second coordinate system can be determined for the first ultrasound dataset. A second ultrasound dataset that represents the object in the first coordinate system can be acquired at a second time. The same three landmarks in the second ultrasound dataset can be located to define a third coordinate system. A second transform from the first to the third coordinate systems can be determined for the second ultrasound dataset.

US Patent:

7774837, Aug 10, 2010

Filed:

May 25, 2007

Appl. No.:

11/807187

Inventors:

Donald K. McAlister - Apex NC, US

Assignee:

CipherOptics, Inc. - Raleigh NC

International Classification:

G06F 15/16

US Classification:

726 15, 726 1, 726 14

Abstract:

A technique for securing message traffic in a data network using a protocol such as IPsec, and more particularly various methods for distributing security policies among peer entities in a network while minimizing the passing and storage of detailed policy or key information except at the lowest levels of a hierarchy.

US Patent:

8082574, Dec 20, 2011

Filed:

Jul 23, 2007

Appl. No.:

11/880890

Inventors:

Brandon L. Hoff - Greenwood Village CO, US
Ronald B. Willis - Raleigh NC, US
Charles R. Starrett - Cary NC, US
Donald K. McAlister - Apex NC, US

Assignee:

Certes Networks, Inc. - Pittsburgh PA

International Classification:

H04L 29/06

US Classification:

726 1

Abstract:

A technique for securing message traffic in a data network using various methods for distributing security policies and keys, where policy definition is determined in a Management and Policy (MAP) functional layer that is responsible for policy distribution; a separate Key Authority Point (KAP) that is responsible for key generation, key distribution, and policy distribution; and a separate Policy Enforcement Point (PEP) which is responsible for enforcing the policies and applying the keys.

US Patent:

8104082, Jan 24, 2012

Filed:

Sep 29, 2006

Appl. No.:

11/540496

Inventors:

Donald McAlister - Apex NC, US

Assignee:

Certes Networks, Inc. - Pittsburgh PA

International Classification:

H04L 29/02
G06F 9/00
G06F 15/16
G06F 17/00

US Classification:

726 15, 726 13, 726 14, 726 12, 726 3, 713154, 713153, 709238, 709239, 709240, 709241, 709242, 370351

Abstract:

In some networking situations, securing an inner packet of a tunnel packet requires an intermediary networking device knowing a destination address of the secured inner packet. Consequently, an identity of a secured network is known to others and presents a security risk. The provided technique addresses this risk by: i) establishing at a first security interface a first secured network connection between a first and second secured network, the connection established for a first packet addressed to a virtual security interface and destined for the second secured network; and ii) responding to a network condition by establishing at a second security interface at least one second secured network connection between the first and second secured network, the connection established for a second packet addressed to the virtual security interface and destined for the second secured network.

US Patent:

8327437, Dec 4, 2012

Filed:

Aug 10, 2010

Appl. No.:

12/853936

Inventors:

Donald K. McAlister - Apex NC, US

Assignee:

Certes Networks, Inc. - Pittsburgh PA

International Classification:

G06F 15/16

US Classification:

726 15, 726 1, 726 14

Abstract:

A technique for securing message traffic in a data network using a protocol such as IPsec, and more particularly various methods for distributing security policies among peer entities in a network while minimizing the passing and storage of detailed policy or key information except at the lowest levels of a hierarchy.

US Patent:

8046820, Oct 25, 2011

Filed:

Sep 29, 2006

Appl. No.:

11/541387

Inventors:

Donald McAlister - Apex NC, US

Assignee:

Certes Networks, Inc. - Pittsburgh PA

International Classification:

H04L 29/06

US Classification:

726 1

Abstract:

A method for providing network security comprising a step of configuring a remote network to engage network security negotiation with a local network. The method includes a step of configuring a first security policy of a security component within the local network to pass through a network security negotiating communication between the local network and the remote network, and a step of establishing a network security negotiation between the remote network and a security parameter generator via the security component. The security parameter generator can be located within the local network and configured to provide secure communication with the remote network.

US Patent:

20070186281, Aug 9, 2007

Filed:

Jan 3, 2007

Appl. No.:

11/649336

Inventors:

Donald McAlister - Apex NC, US

International Classification:

G06F 15/16
G06F 17/00
G06F 9/00

US Classification:

726014000

Abstract:

A technique for securing message traffic in a data network using a protocol such as IPsec, and more particularly various methods for distributing security keys where key generation, key distribution, policy generation and policy distribution are separated, with inner to outer header replication on packet traffic. The approach permits encrypted messages to travel seamlessly through various otherwise unsecured internetworking devices.

US Patent:

20070214502, Sep 13, 2007

Filed:

Jan 30, 2007

Appl. No.:

11/699765

Inventors:

Donald McAlister - Apex NC, US

International Classification:

G06F 15/16

US Classification:

726015000

Abstract:

A technique for processing secure data packets that are directly and not directly addressed to a policy enforcement point (PEP). The present invention incorporates a dual internal path for the fast path processing of secure data packets at a PEP. A first path is used to process secure data packets addressed to the PEP. A second path is used to process secure data packets not addressed to the PEP. On the first path, secure data packets addressed to the PEP are transferred to the PEP for immediate processing. On the second path, a series of checks are performed to maximize the speed of processing the secure data packets. In addition, policies associated with the secure data packets are retrieved and destination address/mask combinations are used along with destination addresses in the secure data packets to determine if the packets are to be further processed or dropped.