-
1.发明授权公开(公告)号:US07555773B2
公开(公告)日:2009-06-30
申请号:US10726436
申请日:2003-12-03
申请人: Ajay Garg , Pankaj Parmar
发明人: Ajay Garg , Pankaj Parmar
CPC分类号: H04L63/02
摘要: Methods and apparatus to provide a platform-level network security framework are described herein. In an example method, a packet associated with a processor system is identified. A platform-level network security protocol associated with an extensible firmware interface is identified. Based on the platform-level network security protocol, the packet is identified with a network security condition.
摘要翻译: 本文描述了提供平台级网络安全框架的方法和装置。 在示例性方法中,识别与处理器系统相关联的分组。 识别与可扩展固件接口相关联的平台级网络安全协议。 基于平台级网络安全协议,该分组被识别为网络安全条件。
-
2.发明申请Mechanism for extensible binary mappings for adaptable hardware/software interfaces 审中-公开用于适应性硬件/软件接口的可扩展二进制映射机制公开(公告)号:US20050114549A1
公开(公告)日:2005-05-26
申请号:US10723052
申请日:2003-11-26
申请人: David Durham , Pankaj Parmar
发明人: David Durham , Pankaj Parmar
IPC分类号: G06F15/16
摘要: An extensible definition of data exchanged between logical layered components of different platform hardware interfaces for management, configuration, and alerts and systems and methods for using same is disclosed. One embodiment is a mechanism for self-describing hardware and firmware components. An embodiment of the present invention is a system and method relating to a binary data definition and generic parser mechanism which allows efficient and runtime extensible definition of data exchanged between logical layered components of different platform hardware interfaces for management/configuration/alerting as well as providing generic basic input-output system (“BIOS”) and firmware data formats.
摘要翻译: 公开了用于管理,配置和警报的不同平台硬件接口的逻辑分层组件之间交换的数据的可扩展定义以及用于其的系统和方法。 一个实施例是用于自描述硬件和固件组件的机制。 本发明的一个实施例是涉及二进制数据定义和通用解析器机制的系统和方法,其允许在不同平台硬件接口的逻辑分层组件之间交换的数据的高效和运行时可扩展定义用于管理/配置/警报,以及提供 通用基本输入输出系统(“BIOS”)和固件数据格式。
-
3.发明申请Programmable context aware firewall with integrated intrusion detection system 审中-公开具有集成入侵检测系统的可编程上下文感知防火墙公开(公告)号:US20050229246A1
公开(公告)日:2005-10-13
申请号:US10815539
申请日:2004-03-31
申请人: Priya Rajagopal , Ravi Sahita , Pankaj Parmar
发明人: Priya Rajagopal , Ravi Sahita , Pankaj Parmar
CPC分类号: H04L63/0236 , H04L63/1441
摘要: A context-aware firewall and intrusion detection system receives a definition of a Protocol State Machine (PSM) that defines the expected behavior of any protocol (FTP, HTTP, etc.). The PSM provides rules for detecting flows that deviate from the defined protocol behavior and taking appropriate actions. PSMs are comprised of rule groups define behavior of a protocol. The rules include conditions and actions that may be executed if the conditions are satisfied, The actions include dynamically adding filters to be applied to the network flow, saving results for use in later executed rules, and activating and deactivating rules. Thus, these firewalls are capable of selective and intelligent Processing based on flow state information and control payload.
摘要翻译: 上下文感知防火墙和入侵检测系统接收定义任何协议(FTP,HTTP等)的预期行为的协议状态机(PSM)的定义。 PSM提供了检测与定义的协议行为偏离的流量并采取适当措施的规则。 PSM由定义协议行为的规则组组成。 规则包括条件满足时可执行的条件和操作。动作包括动态添加要应用于网络流的过滤器,保存结果以供以后执行的规则使用,以及激活和停用规则。 因此,这些防火墙能够基于流状态信息和控制有效载荷进行选择性和智能化处理。
-
公开(公告)号:US20050135351A1
公开(公告)日:2005-06-23
申请号:US10740647
申请日:2003-12-18
申请人: Pankaj Parmar , David Durham
发明人: Pankaj Parmar , David Durham
CPC分类号: H04L69/161 , H04L45/742 , H04L47/10 , H04L47/2441 , H04L49/205 , H04L69/22
摘要: An apparatus and method includes grouping filters to form a tree according to a bitmask. The bitmask includes entries indicating whether a value is assigned to an element of a filter. The method also includes receiving a packet that includes a particular bitmask, searching the tree to determine filters associated with the particular bitmask and the associated values, and returning a set of filters that are an intersection of the filters indicated by the associated values.
摘要翻译: 一种装置和方法包括根据位掩码对滤波器进行分组以形成树。 位掩码包括指示是否将值分配给过滤器的元素的条目。 该方法还包括接收包括特定位掩码的分组,搜索该树以确定与特定位掩码和相关联的值相关联的过滤器,以及返回一组滤波器,该滤波器是由相关联的值指示的滤波器的相交。
-
5.发明申请Mechanism to protect extensible firmware interface runtime services utilizing virtualization technology 审中-公开利用虚拟化技术保护可扩展固件接口运行时服务的机制公开(公告)号:US20050204357A1
公开(公告)日:2005-09-15
申请号:US10801392
申请日:2004-03-15
申请人: Ajay Garg , Pankaj Parmar
发明人: Ajay Garg , Pankaj Parmar
IPC分类号: G06F9/455
CPC分类号: G06F9/45558 , G06F9/4486 , G06F2009/45583
摘要: A system and method is disclosed for protecting extensible firmware interface (EFI) runtime services utilizing virtualization technology. The runtime services used by an operating system (OS) are executed by a runtime services monitor (RSM) rather than the operating system itself. When the OS accesses a runtime service, the processor mode automatically switches context to the RSM, which then executes the runtime service and puts the results back in a shared memory location. Virtualization technology is used to effect the automatic context switching. Other embodiments as described and claimed above are disclosed.
摘要翻译: 公开了一种利用虚拟化技术来保护可扩展固件接口(EFI)运行时间服务的系统和方法。 操作系统(OS)使用的运行时服务由运行时服务监视器(RSM)而不是操作系统本身执行。 当操作系统访问运行时服务时,处理器模式自动将上下文切换到RSM,然后RSM执行运行时服务并将结果放回共享内存位置。 虚拟化技术用于实现自动上下文切换。 公开了如上所述和所要求保护的其它实施例。
-
6.发明申请公开(公告)号:US20050125691A1
公开(公告)日:2005-06-09
申请号:US10726436
申请日:2003-12-03
申请人: Ajay Garg , Pankaj Parmar
发明人: Ajay Garg , Pankaj Parmar
IPC分类号: G06F11/30
CPC分类号: H04L63/02
摘要: Methods and apparatus to provide a platform-level network security framework are described herein. In an example method, a packet associated with a processor system is identified. A platform-level network security protocol associated with an extensible firmware interface is identified. Based on the platform-level network security protocol, the packet is identified with a network security condition.
摘要翻译: 本文描述了提供平台级网络安全框架的方法和装置。 在示例性方法中,识别与处理器系统相关联的分组。 识别与可扩展固件接口相关联的平台级网络安全协议。 基于平台级网络安全协议,该分组被识别为网络安全条件。
-
7.发明申请System and method for implementing network security using a sequestered partition 审中-公开使用隔离分区实现网络安全的系统和方法公开(公告)号:US20060156399A1
公开(公告)日:2006-07-13
申请号:US11027253
申请日:2004-12-30
申请人: Pankaj Parmar , Saul Lewites , Ulhas Warrier
发明人: Pankaj Parmar , Saul Lewites , Ulhas Warrier
IPC分类号: G06F12/14
CPC分类号: G06F21/57
摘要: A system and method are implemented within a computing system to perform tamper-resistant network security operations. For example, a method of one embodiment comprises: sequestering a partition on the computing system, the partition including a region of memory and a logical or physical processing element; forwarding incoming and/or outgoing data traffic through the sequestered portion, the incoming data traffic being received by the computing system from a network and the outgoing data traffic being transmitted from the computing system over the network; performing one or more security operations on the data traffic within the sequestered partition.
摘要翻译: 在计算系统内实现一种系统和方法来执行防篡改网络安全操作。 例如,一个实施例的方法包括:隔离计算系统上的分区,所述分区包括存储器区域和逻辑或物理处理元件; 通过隔离部分转发传入和/或输出的数据流量,计算系统从网络接收的输入数据流量和从计算系统通过网络发送的输出数据流量; 对隔离分区中的数据业务执行一个或多个安全操作。
-
-
-
-
-
-
搜索结果
7 条记录 (耗时 0.022 秒)
