公开(公告)号：US09027135B1

公开(公告)日：2015-05-05

申请号：US11709570

申请日：2007-02-21

Applicant: Ashar Aziz

Inventor： Ashar Aziz

IPC: G06F11/00 ,  H04L29/06

CPC classification number: H04L63/1408 ,  G06F9/455 ,  G06F21/554 ,  G06F21/56 ,  H04L63/1441 ,  H04L63/145 ,  H04L63/1491

Abstract: Systems and methods for prospective client identification using malware attack detection are provided. A malware device is identified. The entity with the responsibility for the malware device or a potentially compromised device in communication with the malware device is determined. A message is communicated to the entity based on the determination. In various embodiments, the message comprises an offer for security related products and/or services.

Abstract translation: 提供了使用恶意软件攻击检测进行客户端识别的系统和方法。 识别出恶意软件设备。 确定负责恶意软件设备的实体或与恶意软件设备通信的潜在受损设备。 基于确定将消息传达给实体。 在各种实施例中，消息包括用于安全相关产品和/或服务的提议。

公开(公告)号：US08935779B2

公开(公告)日：2015-01-13

申请号：US13350645

申请日：2012-01-13

Applicant: Jayaraman Manni ,  Ashar Aziz ,  Fengmin Gong ,  Upendran Loganathan ,  Muhammad Amin

Inventor： Jayaraman Manni ,  Ashar Aziz ,  Fengmin Gong ,  Upendran Loganathan ,  Muhammad Amin

IPC: G06F11/00 ,  G06F21/56 ,  H04L29/06

CPC classification number: G06F21/567 ,  G06F21/566 ,  H04L63/1408

Abstract: A system and method are disclosed for network-based file analysis for malware detection. Network content is received from a network tap. A binary packet is identified in the network content. A binary file, including the binary packet, is extracted from the network content. It is determined whether the extracted binary file is detected to be malware.

Abstract translation: 公开了用于恶意软件检测的基于网络的文件分析的系统和方法。 从网络点击接收网络内容。 在网络内容中识别二进制数据包。 从网络内容中提取包含二进制数据包的二进制文件。 确定提取的二进制文件是否被检测为恶意软件。

公开(公告)号：US08689333B2

公开(公告)日：2014-04-01

申请号：US13629387

申请日：2012-09-27

Applicant: Ashar Aziz

Inventor： Ashar Aziz

IPC: G06F7/04

CPC classification number: H04L63/1425 ,  G06F9/45537 ,  G06F9/45558 ,  G06F21/53 ,  G06F21/55 ,  G06F21/554 ,  G06F21/56 ,  G06F21/566 ,  G06F2009/45587 ,  G06F2009/45591 ,  G06F2009/45595 ,  G06F2221/034 ,  H04L63/0227 ,  H04L63/10 ,  H04L63/101 ,  H04L63/1408 ,  H04L63/1416 ,  H04L63/1433 ,  H04L63/145 ,  H04L63/1491 ,  H04L63/20

Abstract: A computer worm defense system comprises multiple containment systems tied together by a management system. Each containment system is deployed on a separate communication network and contains a worm sensor and a blocking system. In various embodiments, the computer worm may be transported from a production network, where the computer worm is not readily identifiable, to an alternate network in the worm sensor where the computer worm may be readily identifiable. Computer worm identifiers generated by a worm sensor of one containment system can be provided not only to the blocking system of the same containment system, but can also be distributed by the management system to blocking systems of other containment systems.

Abstract translation: 计算机蠕虫防御系统包括由管理系统捆绑在一起的多个遏制系统。 每个收容系统部署在单独的通信网络上，并包含蠕虫传感器和阻塞系统。 在各种实施例中，计算机蠕虫可以从计算机蠕虫不易识别的生产网络传输到蠕虫传感器中的可替代网络，其中计算机蠕虫可以容易地被识别。 由一个遏制系统的蠕虫传感器产生的计算机蠕虫标识符不仅可以被提供给相同遏制系统的阻塞系统，而且还可以由管理系统分配给其他遏制系统的阻塞系统。

公开(公告)号：US20110093951A1

公开(公告)日：2011-04-21

申请号：US11152286

申请日：2005-06-13

Applicant: Ashar Aziz

Inventor： Ashar Aziz

IPC: G06F21/00 ,  G06F12/14

CPC classification number: G06F21/568 ,  G06F21/552 ,  G06F21/566 ,  G06F2221/2147 ,  H04L63/145

Abstract: A computer worm defense system comprises multiple containment systems tied together by a management system. Each containment system is deployed on a separate communication network and contains a worm sensor and a blocking system. Computer worm identifiers generated by a worm sensor of one containment system can be provided not only to the blocking system of the same containment system, but can also be distributed by the management system to blocking systems of other containment systems.

公开(公告)号：US07370013B1

公开(公告)日：2008-05-06

申请号：US09911925

申请日：2001-07-23

Applicant: Ashar Aziz ,  Thomas Markson ,  Martin Patterson ,  Mark Gray ,  Christopher J. Conway ,  Patrick A Tickle

Inventor： Ashar Aziz ,  Thomas Markson ,  Martin Patterson ,  Mark Gray ,  Christopher J. Conway ,  Patrick A Tickle

IPC: G06Q40/00

CPC classification number: G06F9/5072 ,  G06F9/5077 ,  G06Q10/02 ,  G06Q20/102 ,  H04L12/4679 ,  H04L49/205 ,  H04L49/351 ,  H04L49/354 ,  H04L49/357 ,  H04L67/10 ,  H04L67/1002 ,  H04L67/1029 ,  H04L67/1031 ,  H04L67/1097

Abstract: A novel approach for determining an amount to be billed to a customer for the use of resources is based upon usage data and value data. The usage data indicates usage, by the customer, of a set of one or more resources during a specified period of time. The set of one or more resources may be dynamically selected and de-selected from a plurality of resources at any time. For example, the set of one or more resources may comprise a VSF as described herein. The value data indicates generally value provided by each resource from the set of one or more resources used during the specified period of time. The value provided by each resource may be expressed in service units per unit time and a charge may be applied for each service unit consumed during a specified period of time. Example billing schemes to which the approach is applicable include, without limitation, basic billing, flex billing, event flex billing and open flex billing.

Abstract translation: 用于确定为客户使用资源而计费的金额的新颖方法是基于使用数据和价值数据。 使用数据表示客户在指定的时间段内使用一组一个或多个资源。 可以在任何时间从多个资源动态地选择和取消选择一个或多个资源的集合。 例如，一个或多个资源的集合可以包括如本文所述的VSF。 值数据一般指示由指定时间段内使用的一个或多个资源的集合中的每个资源提供的值。 每个资源提供的值可以以每单位时间的服务单位表示，并且可以对在指定时间段内消费的每个服务单元应用费用。 该方法适用的示例计费方案包括但不限于基本计费，灵活计费，事件灵活计费和开放灵活计费。

公开(公告)号：USRE39360E1

公开(公告)日：2006-10-17

申请号：US09136954

申请日：1998-08-19

Applicant: Ashar Aziz ,  Geoffrey Mulligan ,  Martin Patterson ,  Glenn Scott

Inventor： Ashar Aziz ,  Geoffrey Mulligan ,  Martin Patterson ,  Glenn Scott

IPC: H04L9/00

CPC classification number: H04L63/0428 ,  H04L12/22 ,  H04L12/4625 ,  H04L63/164 ,  H04L2212/00

Abstract: A system for automatically encrypting and decrypting data packet sent from a source host to a destination host across a public internetwork. A tunnelling bridge is positioned at each network, and intercepts all packets transmitted to or from its associated network. The tunnelling bridge includes tables indicated pairs of hosts or pairs of networks between which packets should be encrypted. When a packet is transmitted from a first host, the tunnelling bridge of that host's network intercepts the packet, and determines from its header information whether packets from that host that are directed to the specified destination host should be encrypted; or, alternatively, whether packets from the source host's network that are directed to the destination host's network should be encrypted. If so, the packet is encrypted, and transmitted to the destination network along with an encapsulation header indicating source and destination information: either source and destination host addresses, or the broadcast addresses of the source and destination networks (in the latter case, concealing by encryption the hosts' respective addresses). An identifier of the source network's tunnelling bridge may also be included in the encapsulation header. At the destination network, the associated tunnelling bridge intercepts the packet, inspects the encapsulation header, from an internal table determines whether the packet was encrypted, and from either the source (host or network) address or the tunnelling bridge identifier determines whether and how the packet was encrypted. If the packet was encrypted, it is now decrypted using a key stored in the destination tunnelling bridge's memory, and is sent on to the destination host. The tunnelling bridge identifier is used particularly in an embodiment where a given network has more than one tunnelling bridge, and hence multiple possible encryption/decryption schemes and keys. In an alternative embodiment, the automatic encryption and decryption may be carried out by the source and destination hosts themselves, without the use of additional tunnelling bridges, in which case the encapsulation header includes the source and destination host addresses.

公开(公告)号：US5822434A

公开(公告)日：1998-10-13

申请号：US665410

申请日：1996-06-18

Applicant: Germano Caronni ,  Rich Skrenta ,  Tom Markson ,  Ashar Aziz

Inventor： Germano Caronni ,  Rich Skrenta ,  Tom Markson ,  Ashar Aziz

IPC: G06F1/00 ,  G06F21/00 ,  H04L29/06 ,  H04L9/00

CPC classification number: G06F21/606 ,  H04L63/04 ,  H04L63/0823 ,  H04L63/101 ,  H04L69/18 ,  G06F2211/007 ,  G06F2211/009

Abstract: An apparatus for allowing communications to a target host on a network to be upgraded from a non-secured session to a secured session. The apparatus including a processor; a memory coupled to the processor and storing an access control list; and a network interface coupled to the processor, the network interface communicating with a target host; wherein the memory is configured to cause the processor to: (1) create an access control entry for the target host in the access control list; (2) exchange security information with the target host; (3) update the entry for the target host to include the security information; and, (4) communicate with said target host using said security information. A method for allowing communications to a target host on a network to be upgraded from a non-secured session to a secured session having the steps of: (1) creating an access control entry for the target host in the access control list; (2) exchanging security information with the target host; (3) updating the entry for the target host to include the security information; and, (4) communicating with the target host using the security information.

Abstract translation: 一种用于允许与网络上的目标主机通信以从非安全会话升级到安全会话的装置。 该装置包括处理器; 存储器，其耦合到所述处理器并存储访问控制列表; 以及耦合到所述处理器的网络接口，所述网络接口与目标主机通信; 其中所述存储器被配置为使所述处理器：（1）在所述访问控制列表中创建所述目标主机的访问控制条目; （2）与目标主机交换安全信息; （3）更新目标主机的条目以包括安全信息; 和（4）使用所述安全信息与所述目标主机进行通信。 一种用于允许与网络上的目标主机进行通信以从非安全会话升级到安全会话的方法，所述方法具有以下步骤：（1）在所述访问控制列表中创建目标主机的访问控制条目; （2）与目标主机交换安全信息; （3）更新目标主机的条目以包括安全信息; 和（4）使用安全信息与目标主机进行通信。

公开(公告)号：US5668877A

公开(公告)日：1997-09-16

申请号：US348725

申请日：1994-12-02

Applicant: Ashar Aziz

Inventor： Ashar Aziz

IPC: H04L9/08 ,  H04L9/32 ,  H04L12/18 ,  H04L12/46 ,  H04L29/06 ,  H04L9/30

CPC classification number: H04L63/0428 ,  H04L12/18 ,  H04L12/4604 ,  H04L29/06 ,  H04L63/0442 ,  H04L63/061 ,  H04L63/0823 ,  H04L9/0844

Abstract: A method and apparatus for generating additional implicit keys from a key [K.sub.ij ].sub.N without the necessity of generating a new Diffie-Helman (DH) certificate or requiring communication between nodes to change implicit master keys is disclosed. A first data processing device (node I) is coupled to a private network which is in turn coupled to the Internet. A second data processing device (node J) is coupled to the same, or to a different network, which is also coupled to the Internet, such that node I communicates with node J using the Internet protocol. Node I is provided with a secret value i and a public value. Data packets (referred to as "datagrams") are encrypted to enhance network security. Each node maintains an internal value of N which is incremented based on time and upon the receipt of a data packet from another node. The key [K.sub.ij ].sub.N.sbsb.i is derived from the appropriate quantity of .alpha..sup.Nij by using high order key-sized bits of the respective quantity. The present invention then utilizes the key [K.sub.ij ].sub.N.sbsb.i to encrypt a transient key which is referred to as K.sub.p. Node I encrypts the IP data in K.sub.p and encrypts K.sub.p in [K.sub.ij ].sub.N.sbsb.i. Node I transmits the encrypted IP datagram packet in the encrypted key K.sub.p to the receiving node J. Node I further includes its current internal value of N.sub.i in the outgoing packet. The present invention also provides for the application of one-way functions to the shared secret to enhance security. Thus, either node I or node J may change the context such that if in the future [K.sub.ij ].sub.N.sbsb.i is compromised, or is not useable by a cracker to either decrypt prior encrypted packets. The present invention discloses methods and apparatus for achieving perfect forward security for closed user groups, and for the application of the SKIP methodology to datagram multicast protocols.

Abstract translation: 公开了一种用于从密钥生成附加隐式密钥的方法和装置，而不需要生成新的Diffie-Helman（DH）证书或需要节点之间的通信来改变隐式主密钥。 第一数据处理设备（节点I）耦合到专用网络，专用网络又耦合到因特网。 第二数据处理设备（节点J）被耦合到同一网络，或耦合到也耦合到因特网的不同网络，使得节点I使用因特网协议与节点J进行通信。 节点I被提供有秘密值i和公共值。 数据包（简称“数据报”）被加密以增强网络安全性。 每个节点保持内部值N，该内部值根据时间和从另一个节点接收到数据包而递增。 密钥[Kij] Ni是通过使用相应数量的高阶密钥大小的比特从适当数量的αNij得出的。 然后，本发明利用密钥[Kij] Ni加密被称为Kp的瞬时密钥。 节点I以Kp加密IP数据，并加密[Kij] Ni中的Kp。 节点I将加密的密钥Kp中的加密的IP数据包分组发送到接收节点J.节点I还包括其在输出分组中的Ni的当前内部值。 本发明还提供将单向功能应用于共享秘密以增强安全性。 因此，节点I或节点J可以改变上下文，使得如果将来[Kij] Ni被破坏，或者破解者无法对先前加密的分组进行解密。 本发明公开了用于实现封闭用户组的完美前向安全的方法和装置，以及将SKIP方法应用于数据报组播协议。

公开(公告)号：US5633933A

公开(公告)日：1997-05-27

申请号：US680438

申请日：1996-07-15

Applicant: Ashar Aziz

Inventor： Ashar Aziz

IPC: H04L9/08 ,  H04L12/18 ,  H04L12/46 ,  H04L29/06 ,  H04L9/30

CPC classification number: H04L63/0272 ,  H04L12/4604 ,  H04L29/06 ,  H04L63/0435 ,  H04L63/0442 ,  H04L63/061 ,  H04L63/0823 ,  H04L9/0841

Abstract: A first data processing device (node I) is coupled to a private network which is in turn coupled to the Internet. A second data processing device (node J) is coupled to the same, or to a different network, which is also coupled to the Internet, such that node I communicates to node J using the Internet protocol. Node I is provided with a secret value i, and a public value .alpha..sup.i mod p. Node J is provided with a secret value j, and a public value .alpha..sup.j mod p. Data packets (referred to as "datagrams") are encrypted using the teachings of the present invention to enhance network security. A source node I obtains a Diffie-Helman (DH) certificate for node J, (either from a local cache, from a directory service, or directly from node J), and obtains node J's public value .alpha..sup.j mod p from the DH certificate. Node I then computes the value of .alpha..sup.ij mod p, and derives a key K.sub.ij from the value .alpha..sup.ij mod p. A transient key K.sub.p is then generated at random, and K.sub.p is used to encrypt the datagram to be sent by node I. K.sub.p is then encrypted with key K.sub.ij. Upon receipt of the encrypted datagram by the receiving node J, the node J obtains a DH certificate for node I, (either from a local cache, from a directory service, or directly from node J), and obtains the public value .alpha..sup.i mod p. Node I then computes the value of .alpha..sup.ij mod p and derives the key K.sub.ij. Node J utilizes the key K.sub.ij to decrypt the transient key K.sub.p, and using the decrypted transient key K.sub.p, node J decrypts the datagram packet, thereby resulting in the original data in unencrypted form.

Abstract translation: 第一数据处理设备（节点I）耦合到专用网络，专用网络又耦合到因特网。 第二数据处理设备（节点J）被耦合到同一网络，或耦合到也耦合到因特网的不同网络，使得节点I使用因特网协议与节点J进行通信。 节点I被提供有秘密值i和公共值αi mod p。 节点J被提供有秘密值j和公共值αj mod p。 使用本发明的教导来加密数据分组（称为“数据报”）以增强网络安全性。 源节点I获得节点J的Diffie-Helman（DH）证书（来自本地高速缓存，目录服务或直接从节点J），并且从DH证书获得节点J的公共值alpha j mod p 。 节点I然后计算alpha ij mod p的值，并从值αij mod p导出密钥Kij。 然后随机产生一个瞬时密钥Kp，Kp用于加密要由节点I发送的数据报。然后使用密钥Kij加密Kp。 在接收节点J接收到加密的数据报后，节点J获得节点I的DH证书（来自本地高速缓存，目录服务，或者直接从节点J），获得公共值αi mod p。 然后，节点I计算alpha ij mod p的值并导出密钥Kij。 节点J利用密钥Kij对瞬时密钥Kp进行解密，并且使用解密的瞬时密钥Kp，节点J对数据包进行解密，从而导致未加密形式的原始数据。

公开(公告)号：US5588060A

公开(公告)日：1996-12-24

申请号：US258272

申请日：1994-06-10

Applicant: Ashar Aziz

Inventor： Ashar Aziz

IPC: H04L9/08 ,  H04L12/18 ,  H04L12/46 ,  H04L29/06 ,  H04L9/30

CPC classification number: H04L63/0272 ,  H04L12/4604 ,  H04L29/06 ,  H04L63/0435 ,  H04L63/0442 ,  H04L63/061 ,  H04L63/0823 ,  H04L9/0841

Abstract: A first data processing device (node I) is coupled to a private network which is in turn coupled to the Internet. A second data processing device (node J) is coupled to the same, or to a different network, which is also coupled to the Internet, such that node I communicates to node J using the Internet protocol. Node I is provided with a secret value i, and a public value .varies..sup.i mod p. Node J is provided with a secret value j, and a public value .varies..sup.j mod p. Data packets (referred to as "datagrams") are encrypted using the teachings of the present invention to enhance network security. A source node I obtains a Diffie-Helman (DH) certificate for node J, (either from a local cache, from a directory service, or directly from node J), and obtains node J's public value .varies..sup.j mod p from the DH certificate. Node I then computes the value of .varies..sup.ij mod p, and derives a key K.sub.ij from the value .varies..sup.ij mod p. A transient key K.sub.p is then generated at random, and K.sub.p is used to encrypt the datagram to be sent by node I. K.sub.p is then encrypted with key K.sub.ij. Upon receipt of the encrypted datagram by the receiving node J, the node J obtains a DH certificate for node I, (either from a local cache, from a directory service, or directly from node J), and obtains the public value .varies..sup.i mod p. Node J then computes the value of .varies..sup.ij mod p and derives the key K.sub.ij. Node J utilizes the key K.sub.ij to decrypt the transient key K.sub.p, and using the decrypted transient key K.sub.p, node J decrypts the datagram packet, thereby resulting in the original data in unencrypted form.

Abstract translation: 第一数据处理设备（节点I）耦合到专用网络，专用网络又耦合到因特网。 第二数据处理设备（节点J）被耦合到同一网络，或耦合到也耦合到因特网的不同网络，使得节点I使用因特网协议与节点J进行通信。 节点I被提供有秘密值i和公共值PROPORTIONAL i mod p。 节点J被提供有秘密值j和公共值PROPORTIONAL j mod p。 使用本发明的教导来加密数据分组（称为“数据报”）以增强网络安全性。 源节点I获得节点J的Diffie-Helman（DH）证书（来自本地缓存，目录服务或直接来自节点J），并从DH证书获得节点J的公共价值PROPORTIONAL j mod p 。 然后，节点I计算PROPORTIONAL ij mod p的值，并从值PROPORTIONAL ij mod p导出密钥Kij。 然后随机产生一个瞬时密钥Kp，Kp用于加密要由节点I发送的数据报。然后使用密钥Kij加密Kp。 在接收节点J接收到加密数据报后，节点J获取节点I的DH证书（从本地缓存，目录服务或直接从节点J获取），并获得公共值PROPORTIONAL i mod p。 节点J然后计算PROPORTIONAL ij mod p的值并导出密钥Kij。 节点J利用密钥Kij对瞬时密钥Kp进行解密，并且使用解密的瞬时密钥Kp，节点J对数据包进行解密，从而导致未加密形式的原始数据。