公开(公告)号：US09246935B2

公开(公告)日：2016-01-26

申请号：US14052971

申请日：2013-10-14

申请人： Intuit Inc.

发明人： M. Shannon Lietz ,  Luis Felipe Cabrera ,  Barry J. Nisly ,  Ted R. Neher, III ,  Javier Godinez ,  Ankur Jain

IPC分类号： H04L29/06

CPC分类号： H04L63/20 ,  G06F21/554 ,  G06F21/563 ,  G06F21/568 ,  G06F21/577 ,  G06F2221/2115 ,  H04L63/1433 ,  H04L63/1441 ,  H04L67/10 ,  H04L67/34

摘要： One or more relevant scanners used to identify asset vulnerabilities are identified, obtained, and logically arranged for deployment on an asset in accordance with a vulnerability management policy and a scanner deployment policy such that the relevant scanners are deployed at, or before, a determined ideal time to minimize the resources necessary to correct the vulnerabilities, if found. The relevant scanners are then automatically deployed in accordance with the scanner deployment policy and, if a vulnerability is identified, one or more associated remedies or remedy procedures are applied to the asset. At least one of the one or more relevant scanners are then re-deployed on the asset to determine if the identified vulnerability has been corrected and, if the vulnerability is not corrected at, or before, a defined time, protective measures are automatically taken.

公开(公告)号：US20150347773A1

公开(公告)日：2015-12-03

申请号：US14289817

申请日：2014-05-29

申请人： Intuit Inc.

发明人： William Q. Bonney ,  Brad A. Rambur ,  Luis Felipe Cabrera ,  M. Shannon Lietz

IPC分类号： G06F21/62 ,  G06F17/30

CPC分类号： G06F21/6218 ,  G06F16/285

摘要： Access to a database is obtained, the database containing data that is potentially of one or more data types and/or data security classifications. The data in the database is scanned to determine the types and/or data security classifications of the data in the database. Then based, at least in part, on the determined types and/or data security classifications of the data in the database a database security classification is associated with the entire database and used to select one or more security measures to be applied to the entire database, at the database level, in accordance with defined data security policies.

摘要翻译： 获得对数据库的访问，数据库包含潜在的一个或多个数据类型和/或数据安全性分类的数据。 扫描数据库中的数据以确定数据库中数据的类型和/或数据安全性分类。 然后，至少部分地基于数据库中数据的确定的类型和/或数据安全性分类，数据库安全性分类与整个数据库相关联，并用于选择一个或多个应用于整个数据库的安全措施 ，在数据库级别，根据定义的数据安全策略。

公开(公告)号：US20150319192A1

公开(公告)日：2015-11-05

申请号：US14265930

申请日：2014-04-30

申请人： INTUIT INC.

发明人： Luis Felipe Cabrera ,  M. Shannon Lietz

IPC分类号： H04L29/06

CPC分类号： H04L63/20 ,  H04L63/10 ,  H04L63/108 ,  H04L63/205

摘要： A service provider computing environment includes a service provider secrets policy. A service provider computing device receives tenant secrets policies from tenants. The tenants are tenants of multi-tenant assets of a service provider. The service provider computing environment determines of the tenant secrets policies satisfy the requirements of the service provider secrets policy. If the tenant secrets policies satisfy the requirements of the service provider secrets policy, the service provider computing environment allows the tenant secrets policies to be applied to tenant data or information in the multi-tenant assets.

摘要翻译： 服务提供商计算环境包括服务提供商秘密策略。 服务提供商计算设备从租户接收租户的秘密策略。 租户是服务提供商的多租户资产租户。 服务提供商计算环境确定租户机密策略满足服务提供商秘密策略的要求。 如果租户的秘密策略符合服务提供商秘密策略的要求，则服务提供商计算环境允许将租户的秘密策略应用于多租户资产中的租户数据或信息。

公开(公告)号：US20150288708A1

公开(公告)日：2015-10-08

申请号：US14247131

申请日：2014-04-07

申请人： INTUIT INC.

发明人： M. Shannon Lietz ,  Luis Felipe Cabrera

IPC分类号： H04L29/06

CPC分类号： H04L63/1416 ,  G06F21/554 ,  G06F21/568 ,  H04L47/803 ,  H04L63/1408 ,  H04L63/1466

摘要： Instructions for monitoring and detecting one or more trigger events in assets used to implement an application are generated. Instructions for implementing at least one responsive action associated with each of the one or more trigger events is generated. At least part of instructions for monitoring and detecting the one or more trigger events is provided to an asset used to implement the application. The at least part of the instructions for monitoring and detecting the one or more trigger events are used by the asset to detect a trigger event. The instructions for implementing the at least one responsive action associated with each of the one or more trigger events is then used to automatically implement the at least one responsive action associated with the detected trigger event.

摘要翻译： 生成用于监视和检测用于实现应用程序的资产中的一个或多个触发事件的说明。 生成用于实现与一个或多个触发事件中的每一个相关联的至少一个响应动作的指令。 用于监视和检测一个或多个触发事件的指令的至少一部分被提供给用于实现应用的资产。 用于监视和检测一个或多个触发事件的指令的至少一部分由资产用于检测触发事件。 用于实现与一个或多个触发事件中的每一个相关联的至少一个响应动作的指令随后用于自动实现与检测到的触发事件相关联的至少一个响应动作。

公开(公告)号：US20150263859A1

公开(公告)日：2015-09-17

申请号：US14215432

申请日：2014-03-17

申请人： Intuit Inc.

发明人： M. Shannon Lietz ,  Luis Felipe Cabrera

IPC分类号： H04L9/32

CPC分类号： H04L9/14 ,  H04L63/0281 ,  H04L63/105 ,  H04L67/1002 ,  H04L69/18 ,  H04L2209/76

摘要： A communications protocol is selected to be used to transfer message data between a source computing entity and a destination computing entity. Encryption code data identifying the selected communications protocol is generated and associated with the message data. One or more communications endpoint proxy systems are provided that include an encryption code identification module and a communications protocol processing module for obtaining communications protocol processing data associated with first communications protocol identified by encryption code data. The message data is transferred to the communications endpoint proxy and the communications protocol processing data associated with communications protocol identified by encryption code data is obtained and used to process the message data which is then transferred to the destination computing entity.

摘要翻译： 通信协议被选择用于在源计算实体和目的地计算实体之间传送消息数据。 识别所选择的通信协议的加密码数据被生成并与消息数据相关联。 提供了一个或多个通信端点代理系统，其包括加密代码识别模块和通信协议处理模块，用于获得与由加密代码数据标识的第一通信协议相关联的通信协议处理数据。 消息数据被传送到通信端点代理，并且获得与由加密代码数据标识的通信协议相关联的通信协议处理数据，并用于处理然后传送到目的地计算实体的消息数据。

公开(公告)号：US20150215327A1

公开(公告)日：2015-07-30

申请号：US14166116

申请日：2014-01-28

申请人： Intuit Inc.

发明人： Luis Felipe Cabrera ,  Eric Jason Hlutke ,  Bond Masuda ,  Jacob Brunetto ,  Jeff Seifers ,  M. Shannon Lietz

IPC分类号： H04L29/06

CPC分类号： H04L63/1408 ,  H04L63/1416

摘要： An analysis trigger monitoring system is provided in a network communications device associated with a cloud computing environment. One or more analysis trigger parameters are defined and analysis trigger data representing the analysis trigger parameters is generated. The analysis trigger data is then provided to the analysis trigger monitoring system and the analysis trigger monitoring system is used to monitor at least a portion of the message traffic sent to, or sent from, virtual assets in the cloud computing environment and relayed by the network communications device through a network communication channel to detect any message including one or more of the one or more analysis trigger parameters. A copy of at least a portion of any detected message including one or more of the one or more analysis trigger parameters is then transferred to one or more analysis systems for further analysis using a second communication channel that is separate from the network communication channel.

摘要翻译： 在与云计算环境相关联的网络通信设备中提供分析触发器监控系统。 定义一个或多个分析触发参数，并生成表示分析触发参数的分析触发数据。 然后将分析触发数据提供给分析触发器监视系统，并且分析触发器监视系统用于监视发送到或从云计算环境中的虚拟资产发送或从网络中继的消息流量的至少一部分 通信设备通过网络通信信道来检测包括所述一个或多个分析触发参数中的一个或多个的任何消息。 然后，使用与网络通信信道分离的第二通信信道，将包括一个或多个分析触发参数中的一个或多个的任何检测到的消息的至少一部分的副本传送到一个或多个分析系统用于进一步分析。

公开(公告)号：US20150135305A1

公开(公告)日：2015-05-14

申请号：US14078715

申请日：2013-11-13

申请人： Intuit Inc.

发明人： Luis Felipe Cabrera ,  M. Shannon Lietz ,  Brad A. Rambur ,  Christian Price

IPC分类号： G06F21/31

CPC分类号： G06F21/62 ,  G06F2221/2141 ,  H04L63/102

摘要： Employment role data, trust data, and special permissions data, associated with a party is automatically obtained and/or monitored. The employment role data associated with the party, the trust data associated with the party, and the special permissions data associated with the party, is then analyzed to determine a set of allowed access permissions data to be associated with the party, the set of allowed access permissions data providing the party access to one or more resources. It is then either recommended that the set of allowed access permissions data be provided to the party, or the set of allowed access permissions data is automatically provided to the party.

摘要翻译： 自动获取和/或监视与一方相关联的就业角色数据，信任数据和特殊许可数据。 然后分析与该方相关联的就业角色数据，与该方相关联的信任数据以及与该方相关联的特殊许可数据，以确定与该方相关联的一组允许的访问许可数据，该组允许 访问权限数据提供方访问一个或多个资源。 因此，建议将一组允许的访问权限数据提供给该方，或者一组允许的访问权限数据自动提供给该方。

公开(公告)号：US09894069B2

公开(公告)日：2018-02-13

申请号：US14069921

申请日：2013-11-01

申请人： Intuit Inc.

发明人： Brett Weaver ,  Sabu Kuruvila Philip ,  Troy Otillio ,  Jinglei Whitehouse, III ,  Oleg Gryb ,  Jeffrey M. Wolfe ,  Ankur Jain ,  M. Shannon Lietz ,  Luis Felipe Cabrera

IPC分类号： H04L9/08 ,  H04L29/06 ,  G06F21/10

CPC分类号： H04L63/10 ,  G06F21/10 ,  G06F21/6218 ,  H04L9/0838 ,  H04L63/0457 ,  H04L63/0815 ,  H04L2209/76

摘要： Secret application and maintenance policy data is generated for different classes of data. The class of data to be protected is determined and the secret application and maintenance policy data for the determined class of the data to be protected is identified and obtained. Required secrets data representing one or more secrets to be applied to the data to be protected is obtained and then automatically scheduled for application to the data to be protected in accordance with the secret application and maintenance policy data for the determined class of the data to be protected. Maintenance of the one or more secrets is also automatically scheduled in accordance with the secret application and maintenance policy data for the determined class of the data to be protected.

公开(公告)号：US20180007048A1

公开(公告)日：2018-01-04

申请号：US14069921

申请日：2013-11-01

申请人： Intuit Inc.

发明人： Brett Weaver ,  Sabu Kuruvila Philip ,  Troy Otillio ,  Jinglei Whitehouse ,  Oleg Gryb ,  Jeffrey M. Wolfe ,  Ankur Jain ,  M. Shannon Lietz ,  Luis Felipe Cabrera

IPC分类号： H04L29/06 ,  H04L9/08 ,  G06F21/10

CPC分类号： H04L63/10 ,  G06F21/10 ,  G06F21/6218 ,  H04L9/0838 ,  H04L63/0457 ,  H04L63/0815 ,  H04L2209/76

摘要： Secret application and maintenance policy data is generated for different classes of data. The class of data to be protected is determined and the secret application and maintenance policy data for the determined class of the data to be protected is identified and obtained. Required secrets data representing one or more secrets to be applied to the data to be protected is obtained and then automatically scheduled for application to the data to be protected in accordance with the secret application and maintenance policy data for the determined class of the data to be protected. Maintenance of the one or more secrets is also automatically scheduled in accordance with the secret application and maintenance policy data for the determined class of the data to be protected.

公开(公告)号：US09742794B2

公开(公告)日：2017-08-22

申请号：US15086330

申请日：2016-03-31

申请人： Intuit Inc.

发明人： Luis Felipe Cabrera ,  M. Shannon Lietz ,  Javier Godinez

IPC分类号： H04L29/06 ,  G06F21/57

CPC分类号： H04L63/1433 ,  G06F21/577 ,  H04L63/1425

摘要： A method and system for automating threat model generation and pattern identification for an application includes identifying components of an application, and receiving security information that identifies whether security measures were implemented within the application to secure the application against security threats. The method further receives an identification of external events, and receiving first patterns from one or more first virtual assets. A database is populated with the first patterns and the external events and then second patterns are received and compared to the first patterns. The method and system include distributing the identification of the one of the external events to the one or more second virtual assets, if the second patterns are similar to the first patterns, according to one embodiment.