-
公开(公告)号:US09203865B2
公开(公告)日:2015-12-01
申请号:US13784476
申请日:2013-03-04
发明人: Thomas Linden , James Huang , Jeff Hsu , Ming-Jeng Lee
CPC分类号: H04L43/0876 , G06F11/181 , G06F11/182 , G06F11/2028 , G06F11/203 , G06F11/2035 , G06F15/177 , H04L41/0659 , H04L41/0869 , H04L41/0893 , H04L43/0817 , H04L63/0218 , H04L63/029 , H04L63/20 , H04L67/1095 , H04L67/142
摘要: A computing device may be joined to a cluster by discovering the device, determining whether the device is eligible to join the cluster, configuring the device, and assigning the device a cluster role. A device may be assigned to act as a cluster master, backup master, active device, standby device, or another role. The cluster master may be configured to assign tasks, such as network flow processing to the cluster devices. The cluster master and backup master may maintain global, run-time synchronization data pertaining to each of the network flows, shared resources, cluster configuration, and the like. The devices within the cluster may monitor one another. Monitoring may include transmitting status messages comprising indicators of device health to the other devices in the cluster. In the event a device satisfies failover conditions, a failover operation to replace the device with another standby device, may be performed.
摘要翻译: 计算设备可以通过发现设备,确定设备是否有资格加入集群,配置设备以及为设备分配集群角色而与集群相连。 可以将设备分配为集群主控,备份主控,主动设备,备用设备或其他角色。 集群主机可以被配置为向集群设备分配诸如网络流处理的任务。 集群主备份主机可以维护与每个网络流,共享资源,集群配置等相关的全局运行时同步数据。 群集中的设备可能会相互监视。 监视可以包括将包括设备运行状况的指示符的状态消息发送到集群中的其他设备。 在设备满足故障切换条件的情况下,可以执行将设备替换为另一备用设备的故障转移操作。
-
2.发明申请REPUTATION-BASED METHOD AND SYSTEM FOR DETERMINING A LIKELIHOOD THAT A MESSAGE IS UNDESIRED 审中-公开基于信誉的方法和系统,用于确定信息不受影响的利益相关者公开(公告)号:US20130347108A1
公开(公告)日:2013-12-26
申请号:US14015925
申请日:2013-08-30
IPC分类号: H04L29/06
CPC分类号: H04L63/1408 , G06Q10/107 , H04L51/12
摘要: A system and method for providing a reputation service for use in messaging environments employs a reputation of compiled statistics, representing whether SPAM messages have previously been received from respective a selected set of identifiers for the origin of the message, in a decision making process for newly received messages. In a preferred embodiment, the set of identifiers includes the IP address, a tuple of the domain and IP address and a tuple of the user and IP address and the set of identifiers allows for a relatively fine grained set of reputation metrics to be compiled and used when making a determination of a likelihood as to whether a received message is undesired in accordance with the invention.
摘要翻译: 用于提供在消息传递环境中使用的信誉服务的系统和方法采用编译统计信息,表示在新的决策过程中,是否先前已经从相应的所选择的消息的来源标识符中收到了SPAM消息 收到消息 在优选实施例中,标识符集合包括IP地址,域和IP地址的元组以及用户和IP地址的元组以及标识符集合允许编译相对较细粒度的信誉度量集合, 在根据本发明确定接收到的消息是否是不期望的可能性时使用。
-
公开(公告)号:US11863984B2
公开(公告)日:2024-01-02
申请号:US17861073
申请日:2022-07-08
发明人: Scott Elliott , Jay Lindenauer
CPC分类号: H04W12/08 , H04L9/0643 , H04W12/12
摘要: Methods and apparatus for detecting and handling evil twin access points (APs). The method and apparatus employ trusted beacons including security tokens that are broadcast by trusted APs. An Evil twin AP masquerades as a trusted AP by broadcasting beacons having the same SSID as the trusted AP, as well as other header field and information elements IE in the beacon frame body containing identical information. A sniffer on the trusted AP or in another AP that is part of a Trusted Wireless Environment (TWE) receives the beacons broadcasts by other APs in the TWE including potential evil twin APs. The content in the header and one or more IEs in received beacons are examined to determine whether a beacon is being broadcast by an evil twin. Detection of the evil twin are made by one of more of differences in MAC addresses of trusted and untrusted beacons, time jitter measurements and replay detection using timestamps in the beacons, detection of missing security tokens in untrusted beacons and detection that a security token that is mimicked by an evil twin is invalid. In one aspect, the security token is stored in a vendor-specific IE in trusted beacons that is generated by employing a secret key using a cryptographic operation operating on data in the beacon prior to the vendor-specific IE.
-
公开(公告)号:US08977746B2
公开(公告)日:2015-03-10
申请号:US13871896
申请日:2013-04-26
发明人: Mark D. Hughes , Eivind Naess
IPC分类号: G06F15/173 , H04L12/26 , G06F21/52 , H04L29/06
CPC分类号: H04L43/0882 , G06F21/52 , H04L43/026 , H04L43/028 , H04L43/045 , H04L43/0876 , H04L63/02 , H04L63/0227 , Y02D50/30
摘要: A network security device may gather a large amount of metadata pertaining to the connections being managed thereby. A refinement module may filter and/or aggregate the connection metadata. The metadata may be refined on the network security device. The refined metadata may be provided for display on a terminal. The refined metadata may include a subset of the larger connection metadata, which may reduce the overhead required to display and/or transmit monitoring information to the terminal device. The refined metadata may comprise connection groups, which may be formed based on aggregation criteria, such as connection source, destination, application, security policy, protocol, port, and/or the like. The connection groups may be ranked in accordance with ranking criteria.
摘要翻译: 网络安全设备可以收集与正被管理的连接有关的大量元数据。 细化模块可以过滤和/或聚合连接元数据。 可以在网络安全设备上改进元数据。 精致的元数据可以被提供用于在终端上显示。 精细化元数据可以包括较大连接元数据的子集,这可以减少向终端设备显示和/或发送监控信息所需的开销。 精细元数据可以包括可以基于聚合标准形成的连接组,诸如连接源,目的地,应用,安全策略,协议,端口等。 可以根据排序标准对连接组进行排名。
-
公开(公告)号:US20140289847A1
公开(公告)日:2014-09-25
申请号:US13972752
申请日:2013-08-21
发明人: Mark D. Hughes , Eivind Naess
IPC分类号: G06F21/52
CPC分类号: H04L43/0882 , G06F21/52 , H04L43/026 , H04L43/028 , H04L43/045 , H04L43/0876 , H04L63/02 , H04L63/0227 , Y02D50/30
摘要: A network security device may gather a large amount of metadata pertaining to the connections being managed thereby. A refinement module may filter and/or aggregate the connection metadata. The metadata may be refined on the network security device. The refined metadata may be provided for display on a terminal. The refined metadata may include a subset of the larger connection metadata, which may reduce the overhead required to display and/or transmit monitoring information to the terminal device. The refined metadata may comprise connection groups, which may be formed based on aggregation criteria, such as connection source, destination, application, security policy, protocol, port, and/or the like. The connection groups may be ranked in accordance with ranking criteria.
-
公开(公告)号:US20130173766A1
公开(公告)日:2013-07-04
申请号:US13682259
申请日:2012-11-20
发明人: Thomas Linden , James Huang , Jeff Hsu , Ming-Jeng Lee
IPC分类号: G06F15/177
CPC分类号: H04L43/0876 , G06F11/181 , G06F11/182 , G06F11/2028 , G06F11/203 , G06F11/2035 , G06F15/177 , H04L41/0659 , H04L41/0869 , H04L41/0893 , H04L43/0817 , H04L63/0218 , H04L63/029 , H04L63/20 , H04L67/1095 , H04L67/142
摘要: A computing device may be joined to a cluster by discovering the device, determining whether the device is eligible to join the cluster, configuring the device, and assigning the device a cluster role. A device may be assigned to act as a cluster master, backup master, active device, standby device, or another role. The cluster master may be configured to assign tasks, such as network flow processing to the cluster devices. The cluster master and backup master may maintain global, run-time synchronization data pertaining to each of the network flows, shared resources, cluster configuration, and the like. The devices within the cluster may monitor one another. Monitoring may include transmitting status messages comprising indicators of device health to the other devices in the cluster. In the event a device satisfies failover conditions, a failover operation to replace the device with another standby device, may be performed.
摘要翻译: 计算设备可以通过发现设备,确定设备是否有资格加入集群,配置设备以及为设备分配集群角色而与集群相连。 可以将设备分配为集群主控,备份主控,主动设备,备用设备或其他角色。 集群主机可以被配置为向集群设备分配诸如网络流处理的任务。 集群主备份主机可以维护与每个网络流,共享资源,集群配置等相关的全局运行时同步数据。 群集中的设备可能会相互监视。 监视可以包括将包括设备运行状况的指示符的状态消息发送到集群中的其他设备。 在设备满足故障切换条件的情况下,可以执行将设备替换为另一备用设备的故障转移操作。
-
公开(公告)号:US11863985B2
公开(公告)日:2024-01-02
申请号:US17861075
申请日:2022-07-08
发明人: Scott Elliott , Jay Lindenauer
CPC分类号: H04W12/08 , H04L9/0643 , H04W12/12
摘要: Methods and apparatus for detecting and handling evil twin access points (APs). The method and apparatus employ trusted beacons including security tokens that are broadcast by trusted APs. An Evil twin AP masquerades as a trusted AP by broadcasting beacons having the same SSID as the trusted AP, as well as other header field and information elements IE in the beacon frame body containing identical information. A sniffer on the trusted AP or in another AP that is part of a Trusted Wireless Environment (TWE) receives the beacons broadcasts by other APs in the TWE including potential evil twin APs. The content in the header and one or more IEs in received beacons are examined to determine whether a beacon is being broadcast by an evil twin. Detection of the evil twin are made by one of more of differences in MAC addresses of trusted and untrusted beacons, time jitter measurements and replay detection using timestamps in the beacons, detection of missing security tokens in untrusted beacons and detection that a security token that is mimicked by an evil twin is invalid. In one aspect, the security token is stored in a vendor-specific IE in trusted beacons that is generated by employing a secret key using a cryptographic operation operating on data in the beacon prior to the vendor-specific IE.
-
公开(公告)号:US20130191881A1
公开(公告)日:2013-07-25
申请号:US13784476
申请日:2013-03-04
发明人: Thomas Linden , James Huang , Jeff Hsu , Ming-Jeng Lee
IPC分类号: H04L29/06
CPC分类号: H04L43/0876 , G06F11/181 , G06F11/182 , G06F11/2028 , G06F11/203 , G06F11/2035 , G06F15/177 , H04L41/0659 , H04L41/0869 , H04L41/0893 , H04L43/0817 , H04L63/0218 , H04L63/029 , H04L63/20 , H04L67/1095 , H04L67/142
摘要: A computing device may be joined to a cluster by discovering the device, determining whether the device is eligible to join the cluster, configuring the device, and assigning the device a cluster role. A device may be assigned to act as a cluster master, backup master, active device, standby device, or another role. The cluster master may be configured to assign tasks, such as network flow processing to the cluster devices. The cluster master and backup master may maintain global, run-time synchronization data pertaining to each of the network flows, shared resources, cluster configuration, and the like. The devices within the cluster may monitor one another. Monitoring may include transmitting status messages comprising indicators of device health to the other devices in the cluster. In the event a device satisfies failover conditions, a failover operation to replace the device with another standby device, may be performed.
摘要翻译: 计算设备可以通过发现设备,确定设备是否有资格加入集群,配置设备以及为设备分配集群角色而与集群相连。 可以将设备分配为集群主控,备份主控,主动设备,备用设备或其他角色。 集群主机可以被配置为向集群设备分配诸如网络流处理的任务。 集群主备份主机可以维护与每个网络流,共享资源,集群配置等相关的全局运行时同步数据。 群集中的设备可能会相互监视。 监视可以包括将包括设备运行状况的指示符的状态消息发送到集群中的其他设备。 在设备满足故障切换条件的情况下,可以执行将设备替换为另一备用设备的故障转移操作。
-
公开(公告)号:US20220353686A1
公开(公告)日:2022-11-03
申请号:US17861075
申请日:2022-07-08
发明人: Scott Elliott , Jay Lindenauer
摘要: Methods and apparatus for detecting and handling evil twin access points (APs). The method and apparatus employ trusted beacons including security tokens that are broadcast by trusted APs. An Evil twin AP masquerades as a trusted AP by broadcasting beacons having the same SSID as the trusted AP, as well as other header field and information elements IE in the beacon frame body containing identical information. A sniffer on the trusted AP or in another AP that is part of a Trusted Wireless Environment (TWE) receives the beacons broadcasts by other APs in the TWE including potential evil twin APs. The content in the header and one or more IEs in received beacons are examined to determine whether a beacon is being broadcast by an evil twin. Detection of the evil twin are made by one of more of differences in MAC addresses of trusted and untrusted beacons, time jitter measurements and replay detection using timestamps in the beacons, detection of missing security tokens in untrusted beacons and detection that a security token that is mimicked by an evil twin is invalid. In one aspect, the security token is stored in a vendor-specific IE in trusted beacons that is generated by employing a secret key using a cryptographic operation operating on data in the beacon prior to the vendor-specific IE.
-
公开(公告)号:US20210345112A1
公开(公告)日:2021-11-04
申请号:US16866477
申请日:2020-05-04
发明人: Scott Elliott , Jay Lindenauer
摘要: Methods and apparatus for detecting and handling evil twin access points (APs). The method and apparatus employ trusted beacons including security tokens that are broadcast by trusted APs. An Evil twin AP masquerades as a trusted AP by broadcasting beacons having the same SSID as the trusted AP, as well as other header field and information elements IE in the beacon frame body containing identical information. A sniffer on the trusted AP or in another AP that is part of a Trusted Wireless Environment (TWE) receives the beacons broadcasts by other APs in the TWE including potential evil twin APs. The content in the header and one or more IEs in received beacons are examined to determine whether a beacon is being broadcast by an evil twin. Detection of the evil twin are made by one of more of differences in MAC addresses of trusted and untrusted beacons, time jitter measurements and replay detection using timestamps in the beacons, detection of missing security tokens in untrusted beacons and detection that a security token that is mimicked by an evil twin is invalid. In one aspect, the security token is stored in a vendor-specific IE in trusted beacons that is generated by employing a secret key using a cryptographic operation operating on data in the beacon prior to the vendor-specific IE.
-
-
-
-
-
-
-
-
-
搜索结果
20 条记录 (耗时 0.018 秒)
