-
公开(公告)号:US20200372107A1
公开(公告)日:2020-11-26
申请号:US16549978
申请日:2019-08-23
发明人: Fleming SHI , Joseph Thomas COMEAU
IPC分类号: G06F17/27 , G06F21/56 , G06F16/835 , G06F17/22
摘要: A new approach is proposed that contemplates systems and methods to support scanning through a file of large size without having to load the entire file into memory of single file parser or scanner. The proposed approach is configured to divide a ginormous file to be parsed and scanned into a plurality of sections following a divide and conquer scheme. The plurality sections of the file are then parsed and loaded to a plurality of file scanners each configured to scan its allocated file section of a certain file type. Each of the plurality of file scanners is then configured to extract and evaluate from its allocated section file parts that can be harmful to a user of the file and/or expose sensitive/protected information of the user. The scan results are then collected, analyzed, and report to a user with a final determination on the malicious content and sensitive data.
-
2.发明申请METHOD AND APPARATUS FOR BULK AUTHENTICATION AND LOAD BALANCING OF NETWORKED APPLIANCES 有权网络电器批量认证和负载均衡的方法与装置公开(公告)号:US20160112403A1
公开(公告)日:2016-04-21
申请号:US14858943
申请日:2015-09-18
发明人: Fleming SHI , Luo WANG
IPC分类号: H04L29/06
CPC分类号: H04L9/3263 , H04L9/0643 , H04L9/14 , H04L9/302 , H04L63/0218 , H04L63/0227 , H04L63/0815 , H04L63/0823 , H04L63/105 , H04L63/107 , H04L67/1002 , H04L67/1036
摘要: A new approach is proposed that contemplates systems and methods to support bulk authentication of an appliance associated with a user to all cloud-based services the appliance intends to access in one transaction instead of authenticating the appliance against each of the services individually. First, the appliance generates and transmits to an authentication service cluster an authentication request that includes its identification and authentication credentials in order to access to a plurality of services. Upon receiving the authentication request, the authentication service cluster authenticates the appliance for all of the services to be accessed based on the information in the authentication request. Once the appliance is authenticated, the authentication service cluster then retrieves entitlement information of the services to be accessed by the appliance, and identifies the service clusters/nodes that the appliance will connect to for the services with the fastest response time.
摘要翻译: 提出了一种新的方法,其考虑系统和方法来支持与用户相关联的设备的批量认证到设备打算在一个事务中访问的所有基于云的服务,而不是单独地针对每个服务验证设备。 首先,设备生成并向认证服务集群发送包括其身份验证凭证以便访问多个服务的认证请求。 认证服务集群在接收到认证请求后,根据认证请求中的信息对所有要访问的服务进行认证。 一旦设备被认证,认证服务集群然后检索设备要访问的服务的授权信息,并以最快的响应时间标识设备将为服务连接的服务集群/节点。
-
公开(公告)号:US20190036958A1
公开(公告)日:2019-01-31
申请号:US15920855
申请日:2018-03-14
发明人: Fleming SHI
摘要: A new approach is proposed to support generating and presenting a single composite Cyber Security Threat Index (CSTI) to a user, wherein the CSTI provides the user with an indication of risk of cyber attacks globally and/or in the context of his/her current networking environment. First, various pools of operational data are collected over networks, systems, and/or products, wherein such data includes files being weaponized in the cyber attacks against computer systems and networks, the surfaces and contexts on which the cyber attacks are launched, and influential factors on these data. The data collected from various pools is then synchronized, correlated, and filtered/cleansed so that it can be used to assess risk of the cyber attacks. The CSTI is calculated based on the correlated data on the cyber attacks and interactively presented to the user, who then takes corresponding remediation actions to prevent a cyber attack from happening or spreading.
-
公开(公告)号:US20170237572A1
公开(公告)日:2017-08-17
申请号:US15586213
申请日:2017-05-03
发明人: Fleming SHI , Luo WANG
CPC分类号: H04L9/3263 , H04L9/0643 , H04L9/14 , H04L9/302 , H04L63/0218 , H04L63/0227 , H04L63/0815 , H04L63/0823 , H04L63/105 , H04L63/107 , H04L67/1002 , H04L67/1036
摘要: A new approach is proposed that contemplates systems and methods to support bulk authentication of a device associated with a user to all cloud-based services the device intends to access in one transaction instead of authenticating the device against each of the services individually. First, the device generates and transmits to one or more authentication service clusters an authentication request that includes its identification and authentication credentials in order to access to a plurality of services. Upon receiving the authentication request, the authentication service cluster(s) authenticate the device for all of the services to be accessed based on the information in the authentication request. Once the device is authenticated, the authentication service cluster(s) then retrieve entitlement information of the services to be accessed by the device, and identify the service clusters/nodes that the device will connect to for the services with the fastest response time.
-
公开(公告)号:US20190319983A1
公开(公告)日:2019-10-17
申请号:US16358537
申请日:2019-03-19
发明人: Fleming SHI
摘要: An approach is proposed to support neutralizing real cyber threats to training materials by intercepting, modifying and redistributing active content(s) of an email arrived at a recipient's email account. Specifically, when the recipient triggers an active content such as an URL link embedded in and/or opens an attachment to the email, the triggered active content is synchronously intercepted and examined in real time for potential malicious intent of a phishing attack. If the active content is determined to be malicious, the malicious active content in the email is then disassembled and deactivated while the payload is reconstructed with links and markings for training purposes. The recipient is then provided with an anti-phishing training exercise, wherein content of the training exercise is specifically customized for the recipient based on the reconstructed payload of the received email and/or the recipient's security posture and awareness.
-
公开(公告)号:US20190303123A1
公开(公告)日:2019-10-03
申请号:US16370780
申请日:2019-03-29
发明人: Mathew LEVAC , Fleming SHI
摘要: A new approach is proposed that contemplates systems and methods to support a sandboxed application plug-in distribution framework. An installation package containing a monitoring plug-in, a display plug-in, and/or third part components is received by a first application running on a first computing device. The first application installs the display plug-in and saves the monitoring plug-in to a centralized database. The first application sends an instruction to a second application running on a second computing device to retrieve the monitoring plug-in from the database and install the monitoring plug-in on the second computing device. Upon receiving a user request, the display plug-in of the first application sends a query to the monitor plug-in of the second application. In response to the query, the monitoring plug-in sends the requested monitored data collected by the second application to the display plug-in, which then formats and presents the monitored data to the user.
-
7.发明申请公开(公告)号:US20190318653A1
公开(公告)日:2019-10-17
申请号:US16358503
申请日:2019-03-19
发明人: Fleming SHI
摘要: An approach is proposed to support user-specific real time anti-phishing training of email recipients using real phishing attacks. When a recipient triggers an active content such as an URL link embedded in and/or opens an attachment to an email arrived at the recipient's account, the triggered active content is synchronously intercepted and examined in real time for potential malicious intent of a phishing attack. If the triggered active content is determined to be safe, the recipient is allowed to access the content. If the active content is determined to be malicious, the active content is blocked and the recipient is redirected a safe blocking mechanism. The recipient is then provided with an anti-phishing training exercise, which is specifically customized for the recipient based on the blocked active content in the payload of the email and/or the recipient's security posture and awareness.
-
公开(公告)号:US20180324144A1
公开(公告)日:2018-11-08
申请号:US16031963
申请日:2018-07-10
发明人: Fleming SHI , Gean Han
CPC分类号: H04L63/029 , H04L12/4633 , H04L12/4641 , H04L12/66 , H04L47/825 , H04L63/0263 , H04L63/0272 , H04L63/1408 , H04W84/12
摘要: An approach is proposed that contemplates system and method to configure firewall rules of a VPN gateway of a protected network so that users of devices in the protected network can access Internet securely via a captive network. First, the proposed approach enables the VPN gateway to probe the captive network with an HTTP request to discover a captive portal of the captive network. After the captive portal is discovered, one or more firewall rules of the VPN gateway are added so that network traffic from the devices in the protected network are redirected to the captive portal for authentication. Once the users are authenticated and a VPN tunnel is established between the VPN gateway and a remote VPN tunnel terminal, the firewall rules previously added are removed from the VPN gateway and all network traffic from the devices in the protected network are routed over the VPN tunnel.
-
9.发明申请公开(公告)号:US20190197219A1
公开(公告)日:2019-06-27
申请号:US15993218
申请日:2018-05-30
发明人: Fleming SHI
CPC分类号: G06F21/316 , G06F21/32 , G06F2221/2133
摘要: A new approach is proposed that contemplates systems and methods to support human activity tracking and authenticity verification of human-originated digital assets. First, activities performed by a producer while he/she is constructing a digital asset, e.g., an electronic message, are captured. Information/metadata of the captured activities are then packaged/encapsulated inside the constructed digital asset, wherein such metadata includes but is not limited to mouse and/or keyboard activities, software tools used, and other digital traces of the captured human activities. Once the digital asset is transmitted and received by a consumer, the metadata included in the digital asset is unpacked and analyzed to determine various levels of authenticity of the digital asset with respect to whether the digital asset is originated manually by a human being or automatically by a software program. The consumer may then take actions accordingly based on the level of authenticity of the received digital asset.
-
10.发明申请METHOD AND APPARATUS FOR REAL TIME INTERACTIVE MODERATION OF NETWORK TRAFFIC 审中-公开网络交通实时交互式更新的方法与装置公开(公告)号:US20160127461A1
公开(公告)日:2016-05-05
申请号:US14821583
申请日:2015-08-07
发明人: Zachary LEVOW , Fleming SHI
IPC分类号: H04L29/08
CPC分类号: H04L67/306
摘要: A new approach is proposed that contemplates systems and methods to support interactive moderation of network traffic, where authorization to access certain web media content is approved or denied on a per-content item basis in real time. When a content requester initiates a request for a piece of web media content from a content provider over the Internet, the request is intercepted and either allowed, denied, or marked as requiring further approval based on content access policies and restrictions specific to the content requester. If the content request is marked as requiring further approval, it will be forwarded to a traffic moderator, which will make a decision on the request based on policies related to the content requester and the requested web media content in real time. The requester is then either allowed or denied access to the web media content based on the decision by the traffic moderator.
摘要翻译: 提出了一种新的方法,其中考虑了系统和方法来支持网络流量的交互式审核,其中实时访问某个网络媒体内容的授权或拒绝每个内容项目。 当内容请求者通过因特网从内容提供商发起对一段网络媒体内容的请求时,该请求被拦截,并被允许,被拒绝或被标记为需要基于内容访问策略和特定于内容请求者的限制进一步批准 。 如果内容请求被标记为需要进一步批准,则将被转发给业务主持人,该主管将基于与内容请求者和所请求的网络媒体内容相关的策略实时地作出关于请求的决定。 根据业务主持人的决定,请求者被允许或拒绝访问网络媒体内容。
-
-
-
-
-
-
-
-
-
搜索结果
10 条记录 (耗时 0.012 秒)
