公开(公告)号：US08908708B2

公开(公告)日：2014-12-09

申请号：US11262434

申请日：2005-10-28

申请人： Amit Raikar

发明人： Amit Raikar

IPC分类号： H04L12/28 ,  H04L29/06 ,  H04L12/46

CPC分类号： H04L63/0272 ,  H04L12/467

摘要： Embodiments of the invention provide a secure method for enabling the provisioning of a shared service in a utility computing environment. One embodiment establishes an account primary virtual local area network (VLAN) for at least one account in a utility computing environment. Then, a request is received from a service provider to provide a shared service to the at least one account. An isolated VLAN is established for each shared service being provisioned in the context of the account primary VLAN and a promiscuous port is provided for the service provider. A selection option is then provided to allow the at least one server to utilize the shared service provided by the service provider. An isolated port is then configured for the at least one server on an isolated VLAN between the at least one server that chooses to utilize the shared service, and the shared service.

摘要翻译： 本发明的实施例提供了一种用于在公用计算环境中实现共享服务的供应的安全方法。 一个实施例为公用计算环境中的至少一个帐户建立帐户主虚拟局域网（VLAN）。 然后，从服务提供商接收到向至少一个帐户提供共享服务的请求。 为在帐户主VLAN的上下文中提供的每个共享服务建立隔离VLAN，并为服务提供商提供混杂端口。 然后提供选择选项以允许至少一个服务器利用由服务提供商提供的共享服务。 然后，为选择使用共享服务的至少一个服务器和共享服务之间的隔离VLAN上的至少一个服务器配置隔离端口。

公开(公告)号：US08533828B2

公开(公告)日：2013-09-10

申请号：US10349385

申请日：2003-01-21

申请人： John Mendonca ,  Amit Raikar ,  Bryan Stephenson

发明人： John Mendonca ,  Amit Raikar ,  Bryan Stephenson

IPC分类号： H04L29/06

CPC分类号： H04L63/0272 ,  H04L63/0218 ,  H04L63/1416

摘要： Disclosed is a system for protecting security of a provisionable network, comprising: a network server, a network client communicatively coupled with the server, a pool of resources coupled with the server for employment by the client, a resource management system for managing the resources, and an intrusion detection system enabled to detect and respond to an intrusion in said network.

摘要翻译： 公开了一种用于保护可配置网络的安全性的系统，包括：网络服务器，与服务器通信地耦合的网络客户端，与服务器耦合的资源池，供客户使用;资源管理系统，用于管理资源; 以及能够检测和响应所述网络中的入侵的入侵检测系统。

公开(公告)号：US08065368B2

公开(公告)日：2011-11-22

申请号：US10632446

申请日：2003-07-31

申请人： Amit Raikar ,  Guruprasad Ramarao

发明人： Amit Raikar ,  Guruprasad Ramarao

IPC分类号： G06F15/16

CPC分类号： H04L41/0843 ,  H04L41/0213 ,  H04L63/20

摘要： Methods and Systems for configuring secure templates for an application and network management system to provide network security. A template for an application and network management system is configured with first information for determining whether at least one message received by the template should or should not be processed by the template. The template is configured with second information for processing data associated with at least one received message. The template is configured with third information for preventing the communication of at least one received message to other templates for the application and network management system.

摘要翻译： 为应用程序和网络管理系统配置安全模板以提供网络安全性的方法和系统。 用于应用和网络管理系统的模板配置有用于确定模板接收到的至少一个消息是否应该被模板处理的第一信息。 模板配置有用于处理与至少一个接收到的消息相关联的数据的第二信息。 该模板配置有用于防止至少一个接收的消息与用于应用和网络管理系统的其他模板的通信的第三信息。

公开(公告)号：US07890999B2

公开(公告)日：2011-02-15

申请号：US10637172

申请日：2003-08-07

申请人： Guruprasad Ramarao ,  Amit Raikar

发明人： Guruprasad Ramarao ,  Amit Raikar

IPC分类号： G08B23/00

CPC分类号： H04L63/123

摘要： A method for verifying port integrity in a network, comprising: accessing port binding information in a port authorization file in the network, querying a port mapper in the network for a mapped port assignment, comparing the port assignment to the port binding, and initiating a response based on the results of the comparing.

摘要翻译： 一种用于验证网络中的端口完整性的方法，包括：访问网络中的端口授权文件中的端口绑定信息，在网络中查询映射端口分配的端口映射器，将端口分配与端口绑定进行比较，以及启动端口绑定 基于比较结果的反应。

公开(公告)号：US07712133B2

公开(公告)日：2010-05-04

申请号：US10600113

申请日：2003-06-20

申请人： Amit Raikar ,  Bryan Stephenson ,  John Mendonca

发明人： Amit Raikar ,  Bryan Stephenson ,  John Mendonca

IPC分类号： G06F11/00 ,  G06F12/14 ,  G06F12/16 ,  G08B23/00

CPC分类号： G06F21/554

摘要： A present invention integrated intrusion detection method integrates intrusion detection information. In one embodiment, intrusion detection information is gathered from a plurality of different types of intrusion detection sensors. The information is processed in a manner that provides a consolidated correlation of the information. A response is assigned to the information and the response is implemented.

摘要翻译： 本发明综合入侵检测方法集入入侵检测信息。 在一个实施例中，从多个不同类型的入侵检测传感器收集入侵检测信息。 以提供信息的综合相关性的方式处理信息。 响应被分配给信息，并且响应被实现。

公开(公告)号：US20060285693A1

公开(公告)日：2006-12-21

申请号：US11154798

申请日：2005-06-16

申请人： Amit Raikar

发明人： Amit Raikar

IPC分类号： H04L9/00

CPC分类号： H04L63/062 ,  H04L63/08

摘要： Embodiments of the invention provide a method and an apparatus for automatic, secure, and confidential distribution of a symmetric key security credential in a utility computing environment. In one method embodiment, the present invention establishes a symmetric key at a management server, the symmetric key automatically associated with a logical device identifier of a provisionable resource. Additionally, an isolated virtual network is established between the management server and the provisionable resource for providing the symmetric key to the provisionable resource. Then, after the symmetric key is provided to the provisionable resource the isolated virtual network between the management server and the provisionable resource is dissolved.

摘要翻译： 本发明的实施例提供了一种用于在公用计算环境中自动，安全和机密地分发对称密钥安全凭证的方法和装置。 在一个方法实施例中，本发明在管理服务器上建立对称密钥，对称密钥与可供应资源的逻辑设备标识符自动相关联。 此外，在管理服务器和可供应资源之间建立隔离的虚拟网络，用于向可供应资源提供对称密钥。 然后，在将对称密钥提供给可供应资源之后，解除管理服务器和可供应资源之间的隔离虚拟网络。

公开(公告)号：US08577044B2

公开(公告)日：2013-11-05

申请号：US11262131

申请日：2005-10-28

申请人： Amit Raikar

发明人： Amit Raikar

IPC分类号： H04L9/08

CPC分类号： H04L9/083 ,  H04L9/0891 ,  H04L9/32 ,  H04L63/0272 ,  H04L63/062

摘要： Embodiments of the invention provide a method and an apparatus for automatic, secure, and confidential distribution of an asymmetric key security credential in a utility computing environment. In one method embodiment, the present invention provides an asymmetric key at a management server, the asymmetric key automatically associated with a logical device identifier of a provisionable resource. Additionally, an isolated virtual network is established between the management server and the provisionable resource for providing the asymmetric key to the provisionable resource. Then, after the asymmetric key is provided to the provisionable resource the isolated virtual network between the management server and the provisionable resource is dissolved.

摘要翻译： 本发明的实施例提供了一种用于在公用计算环境中自动，安全和保密地分发非对称密钥安全凭证的方法和装置。 在一个方法实施例中，本发明在管理服务器提供非对称密钥，该非对称密钥与可供应资源的逻辑设备标识符自动相关联。 此外，在管理服务器和可供应资源之间建立隔离的虚拟网络，用于向可供应资源提供非对称密钥。 然后，在向可供应资源提供非对称密钥之后，管理服务器和可配置资源之间的隔离虚拟网络被解散。

公开(公告)号：US07228564B2

公开(公告)日：2007-06-05

申请号：US10627374

申请日：2003-07-24

申请人： Amit Raikar ,  Guruprasad Ramarao

发明人： Amit Raikar ,  Guruprasad Ramarao

IPC分类号： G06F11/00

CPC分类号： H04L63/1408

摘要： Disclosed is a method for configuring an intrusion detection system in a network which comprises determining a location in the network for a deployed intrusion detection sensor of the intrusion detection system, deploying the intrusion detection sensor in the determined location, enabling the intrusion detection sensor to monitor communication in a portion of the network, tuning the intrusion detection sensor to an appropriate level of awareness of the content in the communication in the network, prioritizing responses generated by the intrusion detection sensor to achieve an appropriate response to a detected intrusion in the network, configuring intrusion response mechanisms in the network to achieve an appropriate response by the mechanisms; and re-tuning the intrusion detection sensor in response to a prior intrusion detection.

摘要翻译： 公开了一种在网络中配置入侵检测系统的方法，包括：确定入侵检测系统的部署入侵检测传感器在网络中的位置，将入侵检测传感器部署在确定的位置，使入侵检测传感器能够监视 在网络的一部分中进行通信，将入侵检测传感器调整到对网络中的通信中的内容的适当级别的感知，优先考虑由入侵检测传感器生成的响应以实现对网络中检测到的入侵的适当响应， 配置网络中的入侵响应机制，实现机制的适当响应; 并且响应于先前的入侵检测重新调整入侵检测传感器。

公开(公告)号：US20050111668A1

公开(公告)日：2005-05-26

申请号：US10722822

申请日：2003-11-25

申请人： Amit Raikar

发明人： Amit Raikar

IPC分类号： H04L9/00 ,  H04L9/08

CPC分类号： H04L9/16 ,  H04L9/0833 ,  H04L9/0891

摘要： Embodiments of the present invention include a method for establishing secure group-based communication comprising: distributing a first set of keys to a plurality of hosts for encrypting communication and for source authentication of group-based communication between the plurality of hosts. The method further includes distributing a second set of keys to the plurality of hosts for dynamically modifying the first set of keys as also any other keys used (encryption keys or seed variables) when required (viz. for periodic re-keying or for adjusting to a change in group membership).

摘要翻译： 本发明的实施例包括一种用于建立安全的基于群组的通信的方法，包括：将第一组密钥分发到多个主机，用于加密通信，以及用于多个主机之间的基于群组的通信的源认证。 所述方法还包括将第二组密钥分发到所述多个主机，用于在需要时（也就是周期性重新键入或用于调整到 组成员变更）。

公开(公告)号：US20050039047A1

公开(公告)日：2005-02-17

申请号：US10627374

申请日：2003-07-24

申请人： Amit Raikar ,  Guruprasad Ramarao

发明人： Amit Raikar ,  Guruprasad Ramarao

IPC分类号： H04L9/00 ,  H04L29/06

CPC分类号： H04L63/1408

摘要： Disclosed is a method for configuring an intrusion detection system in a network which comprises determining a location in the network for a deployed intrusion detection sensor of the intrusion detection system, deploying the intrusion detection sensor in the determined location, enabling the intrusion detection sensor to monitor communication in a portion of the network, tuning the intrusion detection sensor to an appropriate level of awareness of the content in the communication in the network, prioritizing responses generated by the intrusion detection sensor to achieve an appropriate response to a detected intrusion in the network, configuring intrusion response mechanisms in the network to achieve an appropriate response by the mechanisms; and re-tuning the intrusion detection sensor in response to a prior intrusion detection.

摘要翻译： 公开了一种在网络中配置入侵检测系统的方法，包括：确定入侵检测系统的部署入侵检测传感器在网络中的位置，将入侵检测传感器部署在确定的位置，使入侵检测传感器能够监视 在网络的一部分中进行通信，将入侵检测传感器调整到对网络中的通信中的内容的适当级别的感知，优先考虑由入侵检测传感器生成的响应以实现对网络中检测到的入侵的适当响应， 配置网络中的入侵响应机制，实现机制的适当响应; 并且响应于先前的入侵检测重新调整入侵检测传感器。