-
公开(公告)号:US08392972B2
公开(公告)日:2013-03-05
申请号:US12369030
申请日:2009-02-11
IPC分类号: H04L29/06 , G06F17/00 , G06F7/04 , G06F15/16 , G06F17/30 , G06F11/00 , G06F12/14 , G06F12/16
CPC分类号: G06F21/57 , G06F21/566 , G06F21/6218 , G06F2221/2141 , H04L63/145 , H04L63/20
摘要: In embodiments of the present invention improved capabilities are described for providing protected computer communications. The present invention may provide for computer communications where in response to a receipt of a communication at a first computing facility from a second computing facility, the first computing facility may be caused to send a request to a compliance center for security compliance information relating to the second computing facility. In response to the request for security compliance information, the first computing facility may receive compliance information related to the second computing facility, which may cause the first computing facility to perform an action regulating further communications from the second computing facility if the second computing facility security compliance information indicates that the second client computing facility is not compliant with a current security policy.
摘要翻译: 在本发明的实施例中,描述了用于提供受保护的计算机通信的改进的能力。 本发明可以提供计算机通信,其中响应于从第二计算设施接收在第一计算设施处的通信,可以使第一计算设备向合规中心发送关于与 第二计算设备。 响应于对安全合规信息的请求,第一计算设备可以接收与第二计算设备相关的合规信息,如果第二计算设备安全性可能导致第一计算设备执行调节来自第二计算设备的进一步通信的动作 合规信息指示第二客户端计算设备不符合当前的安全策略。
-
公开(公告)号:US08286255B2
公开(公告)日:2012-10-09
申请号:US12187794
申请日:2008-08-07
CPC分类号: G06F21/6218 , G06F21/554 , G06F21/6227 , H04L63/0227
摘要: In embodiments of the present invention improved capabilities are described for providing data protection through the detection of tags associated with data or a file. In embodiments the present invention may provide for a step A, where data may be scanned that is intended to be communicated from the client computing facility. In response to step A, at step B, restricted data may be identified by identifying an absence of a tag associated with the data. And finally, in response to step B, at step C, an interruption to the intended communication may be caused.
摘要翻译: 在本发明的实施例中,描述了通过检测与数据或文件相关联的标签来提供数据保护的改进的能力。 在实施例中,本发明可以提供步骤A,其中可以扫描要从客户端计算设备传送的数据。 响应于步骤A,在步骤B,可以通过识别缺少与数据相关联的标签来识别受限数据。 最后,响应于步骤B,在步骤C,可能导致预期通信的中断。
-
公开(公告)号:US07890627B1
公开(公告)日:2011-02-15
申请号:US12552395
申请日:2009-09-02
申请人: Ross G. Thomas
发明人: Ross G. Thomas
IPC分类号: G06F15/16
CPC分类号: G06Q10/107 , H04L51/12 , H04L63/105
摘要: In embodiments of the present invention improved capabilities are described for predicting the reputation of a communication identifier, such as a web address, a domain name, an IP address, host name, email address, IM address, telephone number, VoIP telephony address, and the like. In embodiments, the present invention may receive a communication from a first communication identifier, parse the first communication identifier into its components, and assign the components to a hierarchical tree structure, where the hierarchical tree structure maintains the hierarchical relationship between the components of the communication identifier. The present invention may monitor and keep count of a number of communications from the first communication identifier, wherein the number of communications may be kept for both malicious and/or unwanted communications and non-malicious and/or unwanted communications. Attributes may then be provided to the number of communications for each appropriate component of the hierarchical tree, and a statistical measure may be calculated as related to the number of communications for each component of the hierarchical tree. The present invention may then receive a communication from a second communication identifier, where the second communication identifier may be previously unknown and have a common component with the hierarchical tree. The statistical measure of the common component may then be assigned to the second communication identifier, and utilizing the statistical measure assigned to the second communication identifier, may provide a prediction of reputation of the second communication identifier.
摘要翻译: 在本发明的实施例中,描述了用于预测诸如网址,域名,IP地址,主机名,电子邮件地址,IM地址,电话号码,VoIP电话地址等通信标识符的信誉的改善的能力,以及 类似。 在实施例中,本发明可以从第一通信标识符接收通信,将第一通信标识符解析为其组件,并将组件分配给分层树结构,其中分级树结构维持通信组件之间的分层关系 标识符 本发明可以监视并保持来自第一通信标识符的多个通信的计数,其中可以保持恶意和/或不需要的通信以及非恶意和/或不需要的通信的通信数量。 然后可以将属性提供给分层树的每个适当组件的通信数量,并且可以计算与分层树的每个组件的通信数量相关的统计度量。 然后,本发明可以从第二通信标识符接收通信,其中第二通信标识符可以是先前未知的,并且与分层树具有公共分量。 然后可以将公共组件的统计测量值分配给第二通信标识符,并且利用分配给第二通信标识符的统计量度量可以提供对第二通信标识符的信誉的预测。
-
公开(公告)号:US07840599B2
公开(公告)日:2010-11-23
申请号:US11523882
申请日:2006-09-19
IPC分类号: G06F17/30
CPC分类号: H04L41/0893 , H04L41/22
摘要: User interface and policy loading aspects of a policy-based, outsourced, network management system. In one aspect, a user selects policies using a graphical user interface (GUI) with a two paned window having a tree view of the policies in one pane. In another aspect, the policies are (1) created in the GUI format (e.g., XML), (2) sent over a network (e.g., the internet) to a service center in the same format, and (3) are loaded, manipulated and stored in the same format. In another aspect, the initial loading of the policies is done using a bulk loader in a logic layer. In another aspect, the logic layer also includes a configuration checker which handles changes or additions to policies in a finished network management system. Any aspects of the new or changed policy that are inconsistent with the finished system are parsed and stripped out. In another aspect, where the details of a new policy or change aren't specified, a base configuration creator creates a policy with minimal attributes. In another aspect, the logic layer also contains a device control console, which allows bypassing the policy creating and configuring to allow a user to directly access a device for configuration.
摘要翻译: 基于策略的外包网络管理系统的用户界面和策略加载方面。 在一个方面,用户使用具有在一个窗格中具有策略的树视图的两个平铺窗口的图形用户界面(GUI)来选择策略。 在另一方面,策略是(1)以GUI格式(例如,XML)创建,(2)通过网络(例如,因特网)以相同的格式发送到服务中心,以及(3)被加载, 以相同的格式操纵和存储。 在另一方面,策略的初始加载使用逻辑层中的批量加载器来完成。 在另一方面,逻辑层还包括配置检查器,其处理完成的网络管理系统中的策略的改变或添加。 与完成的系统不一致的新的或改变的政策的任何方面都被解析和剥离。 在另一方面,如果未指定新策略或更改的详细信息,则基本配置创建者将创建具有最小属性的策略。 另一方面,逻辑层还包含一个设备控制控制台,允许绕过策略创建和配置以允许用户直接访问设备进行配置。
-
公开(公告)号:US20080235239A1
公开(公告)日:2008-09-25
申请号:US11690477
申请日:2007-03-23
申请人: Clifford Penton , Tim Kenyon
发明人: Clifford Penton , Tim Kenyon
IPC分类号: G06F17/30
CPC分类号: G06F17/30902
摘要: Certain embodiments of the present invention provide methods and systems for providing access to network content. Certain embodiments provide a proxy system for providing access to network content. The system includes a content retriever for retrieving a first content on a network. The content retriever is configured to pre-fetch additional content linked or connected to the first content. The system also includes a content analyzer for analyzing the first content and the pre-fetched additional content according to a content policy and allowing access to the first content and the pre-fetched additional content in accordance with the content policy. The system further includes a content renderer for rendering allowed content for provision to a user upon user request. The renderer can also modify links to content based on a status of the linked content.
摘要翻译: 本发明的某些实施例提供了用于提供对网络内容的访问的方法和系统。 某些实施例提供用于提供对网络内容的访问的代理系统。 该系统包括用于检索网络上的第一内容的内容检索器。 内容检索器被配置为预先获取链接或连接到第一内容的附加内容。 该系统还包括内容分析器,用于根据内容策略分析第一内容和预取的附加内容,并允许根据内容策略访问第一内容和预取的附加内容。 该系统还包括内容呈现器,用于在用户请求时呈现允许的内容以供给用户。 渲染器还可以基于链接内容的状态来修改对内容的链接。
-
6.发明授权Method and system for detecting restricted content associated with retrieved content 有权用于检测与检索内容相关的受限内容的方法和系统公开(公告)号:US08220050B2
公开(公告)日:2012-07-10
申请号:US12059892
申请日:2008-03-31
申请人: Gurusamy Sarathy
发明人: Gurusamy Sarathy
IPC分类号: H04L29/06
CPC分类号: H04L63/1441 , G06F21/567 , G06F2221/2115 , H04L63/102 , H04L63/12
摘要: In embodiments of the present invention improved capabilities are described for contextual information caused to be attached to data as it passes through a series of computing devices, the contextual information relating to the series of computing devices. The data and the contextual information may then be scanned to determine if the data is a target data. In response to the identification of a target data, the contextual information may be communicated to a central repository. The contextual information may then be analyzed in relation to other information stored in the central repository to determine a target source.
摘要翻译: 在本发明的实施例中,描述了改进的能力,用于在数据通过一系列计算设备时引起附加到数据的上下文信息,所述上下文信息与所述一系列计算设备相关。 然后可以扫描数据和上下文信息以确定数据是否是目标数据。 响应于目标数据的识别,上下文信息可以被传送到中央存储库。 然后可以关于存储在中央存储库中的其他信息来分析上下文信息以确定目标源。
-
公开(公告)号:US08170352B2
公开(公告)日:2012-05-01
申请号:US12054086
申请日:2008-03-24
IPC分类号: G06K9/62
CPC分类号: G06K9/723 , G06K2209/01
摘要: In embodiments of the present invention improved capabilities are described for scanning a data set for the presence of a target string. The data set may be received at a computing facility and cause a scanning program to execute. A first character pair in the data set may be identified where each character making up the first character pair is identified in a vector map. It may then be confirmed that the first character pair matches a positive indicated bitmask in a bitmap matrix, and verify that the position of the first character pair matches a position of a matching character pair in the target string. An action may be caused to be taken as a result of the verification.
摘要翻译: 在本发明的实施例中,描述了用于扫描目标串的存在的数据集的改进的能力。 可以在计算设备处接收数据集,并使扫描程序执行。 可以识别数据集中的第一字符对,其中构成第一字符对的每个字符在矢量图中被识别。 然后可以确认第一字符对与位图矩阵中的正指示位掩码相匹配,并且验证第一字符对的位置与目标字符串中的匹配字符对的位置相匹配。 作为验证的结果,可能会采取行动。
-
公开(公告)号:US08090852B2
公开(公告)日:2012-01-03
申请号:US12132979
申请日:2008-06-04
IPC分类号: G06F15/16
CPC分类号: H04L63/101 , H04L63/102 , H04L63/107
摘要: In embodiments of the present invention improved capabilities are described for the detection of uncategorized web-based proxy sites, where an action may be provided in association with access to restricted network locations. In a step A, a network location access request may be received from a computing facility. In a step B, a URL database may be assessed that contains categorized URLs and it may be determined that a URL associated with the network location access request is previously uncategorized URL. In a step C, it may be determined that the URL associated with the network location access request includes a secondary URL. In a step D, the URL database may be accessed that contains categorized URLs and it may be determined that the client is restricted from accessing the secondary URL. In a step E, the action may be provided in association with the network location access request as a previously uncategorized proxy website when steps B, C, and D are all met.
摘要翻译: 在本发明的实施例中,描述了用于检测未分类的基于web的代理站点的改进的能力,其中可以与对受限网络位置的访问相关联地提供动作。 在步骤A中,可以从计算设备接收网络位置访问请求。 在步骤B中,可以评估URL数据库,其包含分类URL,并且可以确定与网络位置访问请求相关联的URL是先前未分类的URL。 在步骤C中,可以确定与网络位置访问请求相关联的URL包括辅助URL。 在步骤D中,可以访问包含分类URL的URL数据库,并且可以确定客户端被限制访问辅助URL。 在步骤E中,当步骤B,C和D都满足时,可以将与网络位置访问请求相关联的动作提供为先前未分类的代理网站。
-
9.发明授权Dynamic internet address assignment based on user identity and policy compliance 有权基于用户身份和策略合规性的动态互联网地址分配公开(公告)号:US07966650B2
公开(公告)日:2011-06-21
申请号:US12035638
申请日:2008-02-22
CPC分类号: H04L63/102 , H04L41/0893 , H04L61/2015
摘要: In embodiments of the present invention, improved capabilities are described for a method presenting a client, providing client information and requesting an IP address from a DHCP server, where the DHCP server may formulate a first IP assignment and a first multiple DHCP options. A policy management facility may be associated with the interception of the first IP assignment and the first multiple DHCP options, which may result in the first IP assignment and the first multiple DHCP options not being sent to the client. The method may send client information to the policy management facility. The policy management facility may formulate a second multiple DHCP options and may send it to the DHCP server. The DHCP server may change first IP assignment and first multiple DHCP option to a second IP assignment and the second multiple DHCP options. The second IP assignment and the second multiple DHCP options may then be forwarded to the client.
摘要翻译: 在本发明的实施例中,描述了用于呈现客户端的方法,提供客户端信息和从DHCP服务器请求IP地址的改进的能力,其中DHCP服务器可以制定第一IP分配和第一多个DHCP选项。 策略管理设施可能与截取第一个IP分配和第一个多个DHCP选项相关联,这可能导致第一个IP分配和第一个多个DHCP选项未被发送到客户端。 该方法可以将客户端信息发送到策略管理设施。 策略管理工具可以制定第二个多个DHCP选项,并将其发送给DHCP服务器。 DHCP服务器可能会将第一个IP分配和第一个多个DHCP选项更改为第二个IP分配和第二个多个DHCP选项。 然后可以将第二IP分配和第二多个DHCP选项转发给客户端。
-
10.发明申请公开(公告)号:US20080235103A1
公开(公告)日:2008-09-25
申请号:US11689930
申请日:2007-03-22
IPC分类号: G06Q30/00
CPC分类号: G06Q30/06 , G06F17/30864 , G06Q30/0282 , G06Q30/0609 , H04L63/1483
摘要: Certain embodiments of the present invention provide methods and systems for dynamic classification of electronic vendors. Certain embodiments provide a method for dynamic vendor classification. The method includes analyzing a vendor based on a comparison of vendor features; categorizing the vendor based on the analysis; and permitting access to the vendor according to the categorization of the vendor. The categorization may include trusted, not trusted, or unsure, for example. Analysis may include comparing a first outlet of the vendor with a second outlet of the vendor, for example. Analysis may include comparing an outlet of the vendor with an outlet of a second vendor, for example. A vendor may be defined as a particular outlet for a vendor and/or all outlets associated with a vendor (a vendor entity).
摘要翻译: 本发明的某些实施例提供了用于电子供应商的动态分类的方法和系统。 某些实施例提供了用于动态供应商分类的方法。 该方法包括基于供应商特征的比较来分析供应商; 根据分析对供应商进行分类; 并允许根据供应商的分类访问供应商。 例如,分类可以包括受信任的,不可信的或不确定的。 例如,分析可以包括将供应商的第一出口与供应商的第二出口进行比较。 例如,分析可以包括将供应商的出口与第二供应商的出口进行比较。 供应商可以被定义为供应商和/或与供应商(供应商实体)相关联的所有出口的特定插座。
-
-
-
-
-
-
-
-
-
搜索结果
20 条记录 (耗时 0.017 秒)
