Apparatus and method for securely submitting and processing a request
    1.
    发明授权
    Apparatus and method for securely submitting and processing a request 有权
    用于安全地提交和处理请求的装置和方法

    公开(公告)号:US08386784B2

    公开(公告)日:2013-02-26

    申请号:US12473559

    申请日:2009-05-28

    IPC分类号: H04L9/32

    CPC分类号: H04L63/068 H04L63/1441

    摘要: An apparatus and a method for securely submitting a request and an apparatus and a method for securely processing a request. The apparatus for securely submitting a request includes a request pre-submitting component and a request confirmation component. The request pre-submitting component sends a request with a unique identifier to a server and sends an alarm message containing the unique identifier and a request description to the request confirmation component. The request confirmation component contains a key inaccessible to other components in a client. It pops up a request confirmation window, on which the request description is displayed, in response to the alarm message and generates a request confirmation message associated with the request by using the key and the unique identifier.

    摘要翻译: 用于安全地提交请求的装置和方法,以及用于安全地处理请求的装置和方法。 用于安全地提交请求的装置包括请求提交组件和请求确认组件。 请求预提交组件向服务器发送具有唯一标识符的请求,并向请求确认组件发送包含唯一标识符和请求描述的警报消息。 请求确认组件包含客户机中其他组件无法访问的密钥。 它响应于该报警消息弹出显示请求描述的请求确认窗口,并通过使用密钥和唯一标识符生成与该请求相关联的请求确认消息。

    METHOD AND SYSTEM FOR RECONSTRUCTING ERROR RESPONSE MESSAGES UNDER WEB APPLICATION ENVIRONMENT
    2.
    发明申请
    METHOD AND SYSTEM FOR RECONSTRUCTING ERROR RESPONSE MESSAGES UNDER WEB APPLICATION ENVIRONMENT 有权
    在WEB应用环境下重新构建错误响应消息的方法和系统

    公开(公告)号:US20100281311A1

    公开(公告)日:2010-11-04

    申请号:US12769845

    申请日:2010-04-29

    IPC分类号: G06F11/14 G06F15/16

    CPC分类号: H04L63/168 H04L63/1441

    摘要: A computer-implemented method and system for reconstructing a response message to an improper accessing request in a web application environment. The method includes: obtaining the URL of a web application to be accessed by the improper accessing request and the error parameter information of the improper accessing request; obtaining a response template based on the obtained URL of the web application to be accessed; and merging the obtained error parameter information of the improper accessing request with the obtained response template to generate a reconstructed response message for the improper accessing request. The system includes: a message obtaining device; a response message template obtaining device; and a response message merging device.

    摘要翻译: 一种计算机实现的方法和系统,用于在Web应用环境中重建响应消息到不正确的访问请求。 该方法包括:获取由不正当访问请求访问的Web应用的URL和不正当访问请求的错误参数信息; 基于所获取的要访问的web应用的URL获取响应模板; 将获得的不正当访问请求的错误参数信息与所获得的响应模板合并,生成用于不正当访问请求的重构响应消息。 该系统包括:消息获取装置; 响应消息模板获取装置; 和响应消息合并设备。

    Method and system for reconstructing error response messages under web application environment
    3.
    发明授权
    Method and system for reconstructing error response messages under web application environment 有权
    在Web应用环境下重建错误响应消息的方法和系统

    公开(公告)号:US08543869B2

    公开(公告)日:2013-09-24

    申请号:US12769845

    申请日:2010-04-29

    IPC分类号: G06F11/00

    CPC分类号: H04L63/168 H04L63/1441

    摘要: A computer-implemented method and system for reconstructing a response message to an improper accessing request in a web application environment. The method includes: obtaining the URL of a web application to be accessed by the improper accessing request and the error parameter information of the improper accessing request; obtaining a response template based on the obtained URL of the web application to be accessed; and merging the obtained error parameter information of the improper accessing request with the obtained response template to generate a reconstructed response message for the improper accessing request. The system includes: a message obtaining device; a response message template obtaining device; and a response message merging device.

    摘要翻译: 一种计算机实现的方法和系统,用于在Web应用环境中重建响应消息到不正确的访问请求。 该方法包括:获取由不正当访问请求访问的Web应用的URL和不正当访问请求的错误参数信息; 基于所获取的要访问的web应用的URL获取响应模板; 将获得的不正当访问请求的错误参数信息与所获得的响应模板合并,生成用于不正当访问请求的重构响应消息。 该系统包括:消息获取装置; 响应消息模板获取装置; 和响应消息合并设备。

    APPARATUS AND METHOD FOR SECURELY SUBMITTING AND PROCESSING A REQUEST
    4.
    发明申请
    APPARATUS AND METHOD FOR SECURELY SUBMITTING AND PROCESSING A REQUEST 有权
    用于安全提交和处理请求的装置和方法

    公开(公告)号:US20090300359A1

    公开(公告)日:2009-12-03

    申请号:US12473559

    申请日:2009-05-28

    IPC分类号: G06F21/00 H04L9/32

    CPC分类号: H04L63/068 H04L63/1441

    摘要: An apparatus and a method for securely submitting a request and an apparatus and a method for securely processing a request. The apparatus for securely submitting a request includes a request pre-submitting component and a request confirmation component. The request pre-submitting component sends a request with a unique identifier to a server and sends an alarm message containing the unique identifier and a request description to the request confirmation component. The request confirmation component contains a key inaccessible to other components in a client. It pops up a request confirmation window, on which the request description is displayed, in response to the alarm message and generates a request confirmation message associated with the request by using the key and the unique identifier.

    摘要翻译: 用于安全地提交请求的装置和方法,以及用于安全地处理请求的装置和方法。 用于安全地提交请求的装置包括请求提交组件和请求确认组件。 请求预提交组件向服务器发送具有唯一标识符的请求,并向请求确认组件发送包含唯一标识符和请求描述的警报消息。 请求确认组件包含客户机中其他组件无法访问的密钥。 它响应于该报警消息弹出显示请求描述的请求确认窗口,并通过使用密钥和唯一标识符生成与该请求相关联的请求确认消息。

    INTERACTIVE VIRTUAL PATCHING USING A WEB APPLICATION SERVER FIREWALL
    5.
    发明申请
    INTERACTIVE VIRTUAL PATCHING USING A WEB APPLICATION SERVER FIREWALL 审中-公开
    使用WEB应用程序服务器防火墙进行互动式虚拟打包

    公开(公告)号:US20130019314A1

    公开(公告)日:2013-01-17

    申请号:US13182724

    申请日:2011-07-14

    IPC分类号: G06F21/20

    摘要: A plurality of templates for web application server firewall rules are generated. A vulnerability report for the web application is obtained. At least one web application server firewall rule is generated, using the vulnerability report and at least one of the plurality of templates. The at least one web application server firewall rule is tested. The at least one web application server firewall rule is deployed to run on the web application server firewall.

    摘要翻译: 生成用于Web应用服务器防火墙规则的多个模板。 获取了Web应用程序的漏洞报告。 生成至少一个Web应用服务器防火墙规则,使用该漏洞报告和多个模板中的至少一个。 测试了至少一个Web应用服务器防火墙规则。 部署至少一个Web应用程序服务器防火墙规则以在Web应用程序服务器防火墙上运行。

    HIERARCHICAL RULE DEVELOPMENT AND BINDING FOR WEB APPLICATION SERVER FIREWALL
    6.
    发明申请
    HIERARCHICAL RULE DEVELOPMENT AND BINDING FOR WEB APPLICATION SERVER FIREWALL 有权
    WEB应用服务器防火墙的分层规则开发与绑定

    公开(公告)号:US20120304275A1

    公开(公告)日:2012-11-29

    申请号:US13114315

    申请日:2011-05-24

    IPC分类号: G06F21/00

    摘要: At least one of an HTTP request message and an HTTP response message is intercepted. A corresponding HTTP message model is identified. The HTTP message model includes a plurality of message model sections. Additional steps include parsing a representation of the at least one of an HTTP request message and an HTTP response message into message sections in accordance with the message model sections of the HTTP message model; and binding a plurality of security rules to the message model sections. The plurality of security rules each specify at least one action to be taken in response to a given condition. The given condition is based, at least in part, on a corresponding given one of the message sections. A further step includes processing the at least one of an HTTP request message and an HTTP response message in accordance with the plurality of security rules. Techniques for developing rules for a web application server firewall are also provided.

    摘要翻译: HTTP请求消息和HTTP响应消息中的至少一个被拦截。 识别出相应的HTTP消息模型。 HTTP消息模型包括多个消息模型部分。 附加步骤包括根据HTTP消息模型的消息模型部分将HTTP请求消息和HTTP响应消息中的至少一个的表示解析成消息部分; 并将多个安全规则绑定到消息模型部分。 多个安全规则每个指定响应于给定条件要采取的至少一个动作。 给定条件至少部分地基于相应给定的一个消息部分。 另一步骤包括根据多个安全规则处理HTTP请求消息和HTTP响应消息中的至少一个。 还提供了开发Web应用服务器防火墙规则的技术。

    Hierarchical rule development and binding for web application server firewall
    7.
    发明授权
    Hierarchical rule development and binding for web application server firewall 有权
    Web应用服务器防火墙的层次规则开发和绑定

    公开(公告)号:US08627442B2

    公开(公告)日:2014-01-07

    申请号:US13114315

    申请日:2011-05-24

    摘要: At least one of an HTTP request message and an HTTP response message is intercepted. A corresponding HTTP message model is identified. The HTTP message model includes a plurality of message model sections. Additional steps include parsing a representation of the at least one of an HTTP request message and an HTTP response message into message sections in accordance with the message model sections of the HTTP message model; and binding a plurality of security rules to the message model sections. The plurality of security rules each specify at least one action to be taken in response to a given condition. The given condition is based, at least in part, on a corresponding given one of the message sections. A further step includes processing the at least one of an HTTP request message and an HTTP response message in accordance with the plurality of security rules. Techniques for developing rules for a web application server firewall are also provided.

    摘要翻译: HTTP请求消息和HTTP响应消息中的至少一个被拦截。 识别出相应的HTTP消息模型。 HTTP消息模型包括多个消息模型部分。 附加步骤包括根据HTTP消息模型的消息模型部分将HTTP请求消息和HTTP响应消息中的至少一个的表示解析成消息部分; 并将多个安全规则绑定到消息模型部分。 多个安全规则每个指定响应于给定条件要采取的至少一个动作。 给定条件至少部分地基于相应给定的一个消息部分。 另一步骤包括根据多个安全规则处理HTTP请求消息和HTTP响应消息中的至少一个。 还提供了开发Web应用服务器防火墙规则的技术。

    METHOD AND APPARATUS FOR SECURITY VALIDATION
    8.
    发明申请
    METHOD AND APPARATUS FOR SECURITY VALIDATION 有权
    用于安全验证的方法和装置

    公开(公告)号:US20120304249A1

    公开(公告)日:2012-11-29

    申请号:US13512642

    申请日:2010-11-05

    IPC分类号: G06F21/00

    摘要: A computer-implemented method, apparatus, and article of manufacture for security validation of a user input in a computer network application. The method includes: providing a subset of security rules of a server-side protection means to a pre-validation component deployed at a client side, so as to enable security validation of a user input on the client side by the pre-validation component; validating the user input based on at least one of the security rules; determining, in response to detecting a user input violation and that a violated security rule has not been provided to the pre-validation component, the user as a first class of users; determining, in response to detecting the user input violation and that the violated security rule has been provided to the pre-validation component, the user as a second class of users; and performing different security protection actions to the first and second class of users.

    摘要翻译: 用于计算机网络应用中的用户输入的安全验证的计算机实现的方法,装置和制品。 该方法包括:将服务器侧保护装置的安全规则的子集提供给部署在客户机侧的预验证组件,以便通过预验证组件实现客户端侧的用户输入的安全验证; 基于所述安全规则中的至少一个验证所述用户输入; 确定响应于检测到用户输入违例并且未将所述违反的安全规则提供给所述预验证组件,所述用户作为第一类用户; 响应于检测到所述用户输入违例并且所述违反的安全规则已经被提供给所述预验证部件,所述用户作为第二类用户; 并对第一类和第二类用户执行不同的安全保护动作。

    Method and apparatus for security validation of user input
    9.
    发明授权
    Method and apparatus for security validation of user input 有权
    用户输入安全验证的方法和装置

    公开(公告)号:US08826421B2

    公开(公告)日:2014-09-02

    申请号:US13512642

    申请日:2010-11-05

    IPC分类号: G06F21/00 G06F21/55

    摘要: According to embodiments of the present invention, a computing device provides a security rules subset of a server-side protection element to a pre-validation component deployed at a client side. The computing device validates the user input based on the security rules. The computing device determines, in response to detecting a user input violation and that a violated security rule has/or has not been provided to the pre-validation component, the user as a first or second class of users. The computing device performs different security protection actions to the first and second class of users. The computing device asynchronously performs a dynamic update to the security rule subset provided to the pre-validation component. The security rule subset is screened from the security rules of the server-side protection means. A policy for screening the security rule subset is selected.

    摘要翻译: 根据本发明的实施例,计算设备向部署在客户端的预验证组件提供服务器侧保护元件的安全规则子集。 计算设备根据安全规则验证用户输入。 计算设备响应于检测到用户输入违规而确定已经/尚未向预验证组件提供违反的安全规则,该用户作为第一或第二类用户。 计算设备对第一类用户和第二类用户执行不同的安全保护动作。 计算设备异步地对提供给预验证组件的安全规则子集进行动态更新。 从服务器端保护装置的安全规则中筛选出安全规则子集。 选择筛选安全规则子集的策略。

    Secure apparatus and method for protecting integrity of software system and system thereof
    10.
    发明授权
    Secure apparatus and method for protecting integrity of software system and system thereof 失效
    用于保护软件系统完整性的安全装置和方法及其系统

    公开(公告)号:US08407481B2

    公开(公告)日:2013-03-26

    申请号:US12163797

    申请日:2008-06-27

    CPC分类号: G06F21/125

    摘要: Provided is a secure apparatus for protecting the integrity of a software system and a method thereof. The apparatus comprises: a template repository for storing templates required for generating an agent module; a template generator for randomly selecting one template from said template repository and generating a new agent module according to the selected template; and a transceiver for sending said new agent module to an external apparatus communicating with said secure apparatus to update a current agent module which is running in said external apparatus, wherein said current agent module is used to verify the integrity of said software system running in said external apparatus. The secure apparatus can protect software in an insecure environment with a high software protection level to prevent the software from being tampered or bypassed.

    摘要翻译: 提供一种用于保护软件系统的完整性的安全装置及其方法。 该装置包括:用于存储生成代理模块所需的模板的模板存储库; 模板生成器,用于从所述模板存储库中随机选择一个模板,并根据所选模板生成新的代理模块; 以及收发器,用于将所述新代理模块发送到与所述安全装置通信的外部设备,以更新在所述外部设备中运行的当前代理模块,其中所述当前代理模块用于验证在所述外部设备中运行的所述软件系统的完整性 外部设备 安全设备可以在具有高软件保护级别的不安全环境中保护软件,以防止软件被篡改或绕过。