知搜-全球专利检索

  1. 登录
  2. 注册

搜索结果

22 条记录 (耗时 0.044 秒)

    System and method for enabling scalable security in a virtual private network
    1.
    发明授权
    System and method for enabling scalable security in a virtual private network 有权
    用于实现虚拟专用网络中的可扩展安全性的系统和方法

    公开(公告)号:US07765581B1

    公开(公告)日:2010-07-27

    申请号:US09457914

    申请日:1999-12-10

    申请人: Germano Caronni Amit Gupta Sandeep Kumar Tom R. Markson Christoph L. Schuba Glenn C. Scott

    发明人: Germano Caronni Amit Gupta Sandeep Kumar Tom R. Markson Christoph L. Schuba Glenn C. Scott

    IPC分类号: H04L9/00

    CPC分类号: H04L63/0272 H04L29/12009 H04L29/12367 H04L29/12396 H04L29/12471 H04L29/12528 H04L61/2514 H04L61/2525 H04L61/2553 H04L61/2575

    摘要: Methods and systems consistent with the present invention provide dynamic security policies that change the granularity of the security at the node level, process level, or socket level. Specifically, a channel number and virtual address are associated with various processes included in a process table. Since a security policy is required for all processes, secure and insecure processes located on the same channel may communicate with one another. Moreover, processes located on different channels may communicate with one another by a gateway that connects both channels. This scalable blanketing security approach provides an institutionalized method for securing any process, node or socket by providing a unique mechanism for policy enforcement at runtime or by changing the security policies.

    摘要翻译: 与本发明一致的方法和系统提供动态安全策略,其改变节点级别,过程级别或套接字级别的安全性的粒度。 具体地,通道号和虚拟地址与包括在处理表中的各种处理相关联。 由于所有进程都需要安全策略,因此位于同一通道上的安全和不安全进程可能会相互通信。 此外,位于不同信道上的进程可以通过连接两个信道的网关彼此通信。 这种可扩展的覆盖安全方法提供了一种制度化的方法,用于通过在运行时或通过更改安全策略提供用于策略实施的唯一机制来保护任何进程,节点或套接字。

    Group admission control apparatus and methods
    2.
    发明授权
    Group admission control apparatus and methods 有权
    集体准入控制装置及方法

    公开(公告)号:US07751569B2

    公开(公告)日:2010-07-06

    申请号:US10299454

    申请日:2002-11-19

    申请人: Germano Caronni Glenn C. Scott

    发明人: Germano Caronni Glenn C. Scott

    IPC分类号: H04L9/00

    CPC分类号: H04L9/0833 H04L9/0891 H04L2209/42 H04L2209/60

    摘要: The present invention uses a group key management scheme for admission control while enabling various conventional approaches toward establishing peer-to-peer security. Various embodiments of the invention can provide peer-to-peer confidentiality and authenticity, such that other parties, such as group members, can not understand communications not intended for them. A group key may be used in combination with known unicast security protocols to establish, implicitly or explicitly, proof of group membership together with bi-lateral secure communication.

    摘要翻译: 本发明使用用于准入控制的组密钥管理方案,同时支持各种常规方法来建立点对点安全性。 本发明的各种实施例可以提供点对点保密性和真实性,使得诸如群组成员之类的其他方不能理解不针对他们的通信。 组密钥可以与已知的单播安全协议组合使用,以便与双向安全通信一起建立,隐式或明确地证明组成员资格。

    Decoupling access control from key management in a network
    3.
    发明授权
    Decoupling access control from key management in a network 有权
    将访问控制从网络中的密钥管理中解耦

    公开(公告)号:US07336790B1

    公开(公告)日:2008-02-26

    申请号:US09458020

    申请日:1999-12-10

    申请人: Germano Caronni Amit Gupta Tom R. Markson Sandeep Kumar Christoph L. Schuba Glenn C. Scott

    发明人: Germano Caronni Amit Gupta Tom R. Markson Sandeep Kumar Christoph L. Schuba Glenn C. Scott

    IPC分类号: H04L9/32

    CPC分类号: H04L63/0272

    摘要: Methods and systems consistent with the present invention provide a Supernet, a private network constructed out of components from a public-network infrastructure. Supernet nodes can be located on virtually any device in the public network (e.g., the Internet), and both their communication and utilization of resources occur in a secure manner. As a result, the users of a Supernet benefit from their network infrastructure being maintained for them as part of the public-network infrastructure, while the level of security they receive is similar to that of a private network. The Supernet has an access control component and a key management component which are decoupled. The access control component implements an access control policy that determines which users are authorized to use the network, and the key management component implements the network's key management policies, which indicate when keys are generated and what encryption algorithm is used. Both access control and key management are separately configurable. Thus, the Supernet provides great flexibility by allowing different key management policies to be used with the same access control component.

    摘要翻译: 与本发明一致的方法和系统提供了一种Supernet,一种由公共网络基础设施的组件构成的私有网络。 超网络节点可以位于公共网络(例如,因特网)中的几乎任何设备上,并且资源的通信和利用都以安全的方式发生。 因此,Supernet的用户受益于其网络基础架构,作为公共网络基础架构的一部分,而其接收的安全级别与私有网络的安全级别相似。 Supernet具有访问控制组件和分离的密钥管理组件。 访问控制组件实现访问控制策略,其确定哪些用户被授权使用网络,并且密钥管理组件实现网络的密钥管理策略,其指示生成密钥以及使用什么加密算法。 访问控制和密钥管理都可以单独配置。 因此,通过允许不同的密钥管理策略与相同的访问控制组件一起使用,Supernet提供了极大的灵活性。

    System and method for forward chaining web-based procedure calls
    4.
    发明授权
    System and method for forward chaining web-based procedure calls 有权
    用于前向链接基于Web的过程调用的系统和方法

    公开(公告)号:US07136895B2

    公开(公告)日:2006-11-14

    申请号:US10205108

    申请日:2002-07-24

    申请人: Robert P. St. Pierre Glenn C. Scott

    发明人: Robert P. St. Pierre Glenn C. Scott

    IPC分类号: G06F15/16

    CPC分类号: G06F9/547 H04L67/02 H04L67/10 H04L67/2804 H04L67/2819 H04L67/2833 H04L69/329

    摘要: A method of chaining together multiple dependent web-based procedure calls into a single request is disclosed. A request containing multiple MIME encoded service requests is transmitted to a first service. The request is parsed and the first service identified and performed. The results of the first service are appended to the remainder of the request which is forwarded to a second service listed in the request. The second service listed in the request may use the output of the first service as input and performs the second service. The process continues until the last service listed in the request is performed. Any output from the performance of the service requests is returned to the requesting device following execution of a MIME encoded callback request, the callback request being embedded in the original request following the last of the listed service requests.

    摘要翻译: 公开了将多个相关的基于web的过程调用链接到单个请求中的方法。 包含多个MIME编码服务请求的请求被发送到第一个服务。 解析请求并识别并执行第一个服务。 第一个服务的结果附加到请求的其余部分,该请求被转发到请求中列出的第二个服务。 请求中列出的第二个服务可以使用第一个服务的输出作为输入,并执行第二个服务。 该过程一直持续到执行请求中列出的最后一个服务。 在执行MIME编码的回调请求之后,执行服务请求的任何输出都将被返回给请求设备,该回调请求被嵌入在最后列出的服务请求之后的原始请求中。

    State feedback for single-valued devices with multiple inputs
    5.
    发明授权
    State feedback for single-valued devices with multiple inputs 有权
    具有多个输入的单值器件的状态反馈

    公开(公告)号:US08787593B1

    公开(公告)日:2014-07-22

    申请号:US10860531

    申请日:2004-06-02

    申请人: Randall B. Smith John C. Tang Glenn C. Scott

    发明人: Randall B. Smith John C. Tang Glenn C. Scott

    IPC分类号: H03G3/00

    CPC分类号: G05B15/02 G05B2219/23043 G05B2219/2642 G06F3/038

    摘要: An apparatus for controlling a target device including a first input device configured to provide a first input to the target device, a second input device configured to provide a second input to the target device, and a control mixer configured to generate an output using a policy, the first input and the second input, wherein the output comprises a feedback and a target device output, wherein the feedback comprises some function of the state of the target device, the policy, and the state of each input device connected to the control mixer.

    摘要翻译: 一种用于控制目标设备的装置,包括被配置为向目标设备提供第一输入的第一输入设备,被配置为向目标设备提供第二输入的第二输入设备以及配置为使用策略生成输出的控制混合器 ,所述第一输入和所述第二输入,其中所述输出包括反馈和目标设备输出,其中所述反馈包括所述目标设备的状态,所述策略以及连接到所述控制混合器的每个输入设备的状态的某些功能 。

    Method for serializer maintenance and coalescing
    6.
    发明授权
    Method for serializer maintenance and coalescing 有权
    串行器维护和聚结方法

    公开(公告)号:US07590632B1

    公开(公告)日:2009-09-15

    申请号:US11045237

    申请日:2005-01-28

    申请人: Germano Caronni Raphael J. Rom Glenn C. Scott

    发明人: Germano Caronni Raphael J. Rom Glenn C. Scott

    IPC分类号: G06F7/00 G06F17/30 G06F17/00 G06F3/00 G06F9/44 G06F9/46 G06F13/00

    CPC分类号: G06F9/52 Y10S707/99944 Y10S707/99953

    摘要: A method for serializer maintenance and coalescing in a distributed object store (DOS) including a first partition and a second partition, involving requesting an update of an object, wherein the object includes an active globally unique identifier (AGUID) object and at least one version globally unique identifier (VGUID) object, wherein the least one VGUID object includes a first generation number and a first serializer name, determining whether a first serializer is located in the first partition using the first serializer name, wherein the first serializer is associated with the first generation number, if the first serializer is not located in the first partition, constructing a second serializer using the first serializer name, assigning a second generation number to the second serializer, obtaining an order of the update to the object using the second serializer, and creating a new VGUID object.

    摘要翻译: 一种在包括请求对象的更新的包括第一分区和第二分区的分布式对象存储(DOS)中的序列化程序维护和合并的方法,其中所述对象包括活动的全局唯一标识符(AGUID)对象和至少一个版本 全球唯一标识符(VGUID)对象,其中所述至少一个VGUID对象包括第一代号和第一串行器名称,使用所述第一串行器名称确定所述第一分区是否位于所述第一分区中,其中所述第一串行器与所述第一序列化器相关联 第一编号,如果第一串行器不位于第一分区中,则使用第一串行器名称构建第二串行器,向第二串行器分配第二代数,使用第二串行器获取更新对象的顺序, 并创建一个新的VGUID对象。

    System for packet filtering of data packets at a computer network interface
    8.
    发明授权
    System for packet filtering of data packets at a computer network interface 失效
    用于在计算机网络接口处对数据分组进行分组过滤的系统

    公开(公告)号:US5878231A

    公开(公告)日:1999-03-02

    申请号:US795374

    申请日:1997-02-04

    申请人: Geoffrey G. Baehr William Danielson Thomas L. Lyon Geoffrey Mulligan Martin Patterson Glenn C. Scott Carolyn Turbyfill

    发明人: Geoffrey G. Baehr William Danielson Thomas L. Lyon Geoffrey Mulligan Martin Patterson Glenn C. Scott Carolyn Turbyfill

    IPC分类号: G06F13/00 H04L29/06 G06F13/38 G06F15/17

    CPC分类号: H04L63/0236

    摘要: A system for screening data packets transmitted between a network to be protected, such as a private network, and another network, such as a public network. The system includes a dedicated computer with multiple (specifically, three) types of network ports: one connected to each of the private and public networks, and one connected to a proxy network that contains a predetermined number of the hosts and services, some of which may mirror a subset of those found on the private network. The proxy network is isolated from the private network, so it cannot be used as a jumping off point for intruders. Packets received at the screen (either into or out of a host in the private network) are filtered based upon their contents, state information and other criteria, including their source and destination, and actions are taken by the screen depending upon the determination of the filtering phase. The packets may be allowed through, with or without alteration of their data, IP (internet protocol) address, etc., or they may be dropped, with or without an error message generated to the sender of the packet. Packets may be sent with or without alteration to a host on the proxy network that performs some or all of the functions of the intended destination host as specified by a given packet. The passing through of packets without the addition of any network address pertaining to the screening system allows the screening system to function without being identifiable by such an address, and therefore it is more difficult to target as an IP entity, e.g. by intruders.

    摘要翻译: 一种用于筛选在诸如专用网络的被保护网络之间传送的数据分组和诸如公共网络的另一网络之间的数据分组的系统。 该系统包括具有多个(具体为三个)类型的网络端口的专用计算机:一个连接到每个私有和公共网络,以及一个连接到代理网络,其包含预定数量的主机和服务,其中一些 可能会反映在专用网络中发现的一个子集。 代理网络与专用网络隔离,因此不能作为入侵者的跳点使用。 根据其内容,状态信息和其他标准(包括其源和目的地),屏幕上接收到的数据包(进入或离开专用网络中的主机)被过滤,并且屏幕采取行动,这取决于 过滤阶段。 可以允许数据包通过或不改变其数据,IP(因特网协议)地址等,或者可以丢弃具有或不发送到分组的发送者的错误消息。 可以向代理网络上的主机发送或不进行分组,该主机执行由给定分组指定的预期目的地主机的一些或全部功能。 通过分组而不添加与筛选系统相关的任何网络地址,允许筛选系统在不被该地址识别的情况下起作用,因此更难以将其定位为IP实体。 由入侵者

    Method and system for creating and using shadow roots
    9.
    发明授权
    Method and system for creating and using shadow roots 有权
    创建和使用阴影根的方法和系统

    公开(公告)号:US07657543B1

    公开(公告)日:2010-02-02

    申请号:US11045961

    申请日:2005-01-28

    申请人: Germano Caronni Raphael J. Rom Glenn C. Scott

    发明人: Germano Caronni Raphael J. Rom Glenn C. Scott

    IPC分类号: G06F17/30

    CPC分类号: G06F9/52 Y10S707/99944 Y10S707/99953

    摘要: A method for storing a first copy of an object, including obtaining the object including a globally unique identifier (GUID), generating a first derived GUID using the GUID of the object, storing the first copy of the object identified by the first derived GUID in a root node of the object, publishing possession of the first copy of the object identified by the first derived GUID by the root node of the object, associating a first shadow root with the first copy of the object, and storing the first copy of the object identified by the GUID in the first shadow root.

    摘要翻译: 一种用于存储对象的第一副本的方法,包括获取包含全局唯一标识符(GUID)的对象,使用对象的GUID生成第一派生GUID,将由第一派生GUID标识的对象的第一副本存储在 所述对象的根节点,通过所述对象的根节点发布由所述第一派生GUID标识的所述对象的第一副本的所有权,将所述第一影子根与所述对象的第一副本相关联,以及存储所述对象的所述第一副本 由GUID在第一个阴影根中标识的对象。