利索-全球专利检索

  1. 登录
  2. 注册

搜索结果

43 条记录 (耗时 0.02 秒)

    Detection of network environment for network access control
    15.
    发明授权
    Detection of network environment for network access control 有权
    网络访问控制网络环境检测

    公开(公告)号:US07814531B2

    公开(公告)日:2010-10-12

    申请号:US11478987

    申请日:2006-06-30

    申请人: Hormuzd Khosravi Karanvir Grewal Ahuva Kroiser Avigdor Eldar

    发明人: Hormuzd Khosravi Karanvir Grewal Ahuva Kroiser Avigdor Eldar

    IPC分类号: H04L9/00 H04L12/22

    CPC分类号: H04L63/102 H04L61/2015 H04L63/0227 H04L63/101 H04L63/12

    摘要: A method and apparatus for detection of network environment to aid policy selection for network access control. An embodiment of a method includes receiving a request to connect a device to a network and, if a security policy is received for the connection of the device, applying the policy for the device. If a security policy for the connection of the device is not received, the domain of the device is determined by determining whether the device is in an enterprise domain and determining whether the device is in a network access control domain, which allows selection of an appropriate domain/environment specific policy.

    摘要翻译: 一种检测网络环境以帮助网络访问控制的策略选择的方法和装置。 一种方法的实施例包括接收将设备连接到网络的请求,并且如果接收到用于设备的连接的安全策略,则应用所述设备的策略。 如果没有接收到用于连接设备的安全策略,则通过确定设备是否在企业域中并确定设备是否在网络访问控制域中来确定设备的域,这允许选择适当的 域/环境特定策略。

    Hierarchical Trust Based Posture Reporting and Policy Enforcement
    16.
    发明申请
    Hierarchical Trust Based Posture Reporting and Policy Enforcement 有权
    基于层次信任的姿势报告和策略执行

    公开(公告)号:US20100162356A1

    公开(公告)日:2010-06-24

    申请号:US12714979

    申请日:2010-03-01

    申请人: Hormuzd Khosravi David Durham Karanvir Grewal

    发明人: Hormuzd Khosravi David Durham Karanvir Grewal

    IPC分类号: G06F17/30

    CPC分类号: H04L63/0227

    摘要: A method that includes initiating a network access request from an access requester on a platform that couples to a network, the network access request made to a policy decision point for the network. The method also includes establishing a secure communication channel over a communication link between the policy decision point and a policy enforcement point on the platform. Another secure communication channel is established over another communication link. The other communication link is between at least the policy enforcement point and a manageability engine resident on the platform. The manageability engine forwards posture information associated with the access requester via the other secure communication channel. The posture information is then forwarded to the policy decision point via the secure communication channel between the policy enforcement point and the policy decision point. The policy decision point indicates what access the access requester can obtain to the network based on a comparison of the posture information to one or more network administrative policies.

    摘要翻译: 一种方法,其包括从耦合到网络的平台上的访问请求者发起网络访问请求,所述网络访问请求发送到网络的策略决策点。 该方法还包括在策略决策点和平台上的策略执行点之间的通信链路上建立安全通信信道。 通过另一个通信链路建立另一个安全通信信道。 另一个通信链路至少在平台上驻留的策略执行点和可管理引擎之间。 可管理性引擎经由另一个安全通信信道转发与访问请求者相关联的姿势信息。 然后,姿势信息经由策略执行点和策略决策点之间的安全通信信道被转发到策略决策点。 策略决策点基于姿势信息与一个或多个网络管理策略的比较来指示访问请求者可以获得哪些访问到网络。

    Techniques for authenticated posture reporting and associated enforcement of network access
    17.
    发明申请
    Techniques for authenticated posture reporting and associated enforcement of network access 有权
    用于认证状态报告和网络访问相关实施的技术

    公开(公告)号:US20100107224A1

    公开(公告)日:2010-04-29

    申请号:US12655024

    申请日:2009-12-22

    申请人: David Durham Ravi Sahita Karanvir Grewal Ned Smith Kapil Sood

    发明人: David Durham Ravi Sahita Karanvir Grewal Ned Smith Kapil Sood

    IPC分类号: G06F17/00

    CPC分类号: H04L63/10 G06F2221/2141 H04L9/3234 H04L9/3247 H04L9/3263 H04L63/0209 H04L63/08 H04L63/20

    摘要: Architectures and techniques that allow a firmware agent to operate as a tamper-resistant agent on a host platform that may be used as a trusted policy enforcement point (PEP) on the host platform to enforce policies even when the host operating system is compromised. The PEP may be used to open access control and/or remediation channels on the host platform. The firmware agent may also act as a local policy decision point (PDP) on the host platform in accordance with an authorized enterprise PDP entity by providing policies if a host trust agent is non-responsive and may function as a passive agent when the host trust agent is functional.

    摘要翻译: 允许固件代理在主机平台上作为防篡改代理操作的体系结构和技术,可在主机平台上用作受信任的策略执行点(PEP),即使主机操作系统受到威胁也可执行策略。 PEP可用于在主机平台上打开访问控制和/或修复通道。 固件代理还可以根据授权的企业PDP实体在主机平台上作为本地策略决策点(PDP),通过在主机信任代理不响应时提供策略,并且当主机信任时可以用作被动代理 代理功能。

    Authenticity of communications traffic
    18.
    发明授权
    Authenticity of communications traffic 有权
    通信流量的真实性

    公开(公告)号:US07483423B2

    公开(公告)日:2009-01-27

    申请号:US11096843

    申请日:2005-03-30

    申请人: Karanvir Grewal David M. Durham

    发明人: Karanvir Grewal David M. Durham

    IPC分类号: H04L12/56

    CPC分类号: H04L63/123

    摘要: Provided are a techniques for storing information in a packet. A data integrity operation is performed over one portion of the packet to calculate an integrity check value using a secret key. The data transformation operation is performed over another selectable portion of the packet to store the integrity check value in the other portion of the packet, without increasing a size of the packet.Other embodiments are described and claimed.

    摘要翻译: 提供了用于在信息包中存储信息的技术。 在分组的一部分上执行数据完整性操作,以使用密钥来计算完整性校验值。 在分组的另一可选部分上执行数据变换操作,以将完整性校验值存储在分组的其他部分中,而不增加分组的大小。 描述和要求保护其他实施例。

    METHODS AND APPARATUS TO OFFLOAD CRYPTOGRAPHIC PROCESSES
    19.
    发明申请
    METHODS AND APPARATUS TO OFFLOAD CRYPTOGRAPHIC PROCESSES 审中-公开
    卸载胶印工艺的方法和装置

    公开(公告)号:US20080022124A1

    公开(公告)日:2008-01-24

    申请号:US11425897

    申请日:2006-06-22

    申请人: Vincent J. Zimmer Michael A. Rothman Karanvir Grewal Gundrala D. Goud

    发明人: Vincent J. Zimmer Michael A. Rothman Karanvir Grewal Gundrala D. Goud

    IPC分类号: G06F12/14

    CPC分类号: G06F21/602 G06F21/72

    摘要: Methods and apparatus to off-load cryptographic processes are disclosed. An example method includes receiving a request to perform a cryptographic process at a first component of a processor system, transmitting the request over a data bus to a second component of a processor system, receiving the request at the second component, and performing the cryptographic process on the second component. For example, the first component may be a processor and the second component may be a management agent. Other embodiments are described and claimed.

    摘要翻译: 公开了卸载加密过程的方法和装置。 一种示例性方法包括接收在处理器系统的第一组件处执行密码处理的请求,通过数据总线将请求发送到处理器系统的第二组件,在第二组件处接收请求,以及执行密码处理 在第二个组件上。 例如,第一组件可以是处理器,第二组件可以是管理代理。 描述和要求保护其他实施例。

    Authenticity of communications traffic
    20.
    发明申请
    Authenticity of communications traffic 有权

    公开(公告)号:US20060227773A1

    公开(公告)日:2006-10-12

    申请号:US11096843

    申请日:2005-03-30

    申请人: Karanvir Grewal David Durham

    发明人: Karanvir Grewal David Durham

    IPC分类号: H04L9/00 H04L12/56

    CPC分类号: H04L63/123

    摘要: Provided are a techniques for storing information in a packet. A data integrity operation is performed over one portion of the packet to calculate an integrity check value using a secret key. The data transformation operation is performed over another selectable portion of the packet to store the integrity check value in the other portion of the packet, without increasing a size of the packet. Other embodiments are described and claimed.