公开(公告)号：US06957276B1

公开(公告)日：2005-10-18

申请号：US09694153

申请日：2000-10-23

申请人： Pradeep Bahl

发明人： Pradeep Bahl

IPC分类号： G06F15/16 ,  H04L29/12

CPC分类号： H04L61/2015

摘要： Presented is a system and method for providing centralized address management of static IP addresses through the dynamic host control protocol. Static or permanent IP addresses are those addresses assigned by DHCP having an infinite lease time. The assignment of such static IP addresses follows the conventional DHCP mechanism for the assignment of other IP addresses. However, the centralized reclamation of a statically or permanently assigned IP address by a network administrator through the DHCP server presents novel aspects of the invention heretofore unknown. Specifically, through the system and method of the present invention, the DHCP server is capable of reclaiming at any point in time, a statically or permanently assigned IP address by transmitting a DHCP RECLAIM command to the DHCP client, or through its relay agent. In the normal situation, the DHCP client acknowledges the RECLAIM command, allowing the IP address to be placed in the FREE state. If, however, the DHCP client does not respond or the responses are not received by the DHCP server, the DHCP server marks the state of the IP address as DEPRECATED. The state of the IP address will be changed from DEPRECATED to FREE once a number of retries of the RECLAIM process has been completed, or a maximum period of time has passed. Security mechanisms to prevent a malicious attacker from reclaiming static IP address from DHCP clients are also presented.

摘要翻译： 提出了一种通过动态主机控制协议提供静态IP地址的集中地址管理的系统和方法。 静态或永久IP地址是由DHCP分配的具有无限租期的地址。 这种静态IP地址的分配遵循传统的DHCP机制来分配其他IP地址。 然而，由网络管理员通过DHCP服务器集中回收静态或永久分配的IP地址提供了迄今未知的本发明的新颖方面。 具体来说，通过本发明的系统和方法，DHCP服务器能够通过向DHCP客户端发送DHCP RECLAIM命令或通​​过其中继代理，在任何时间点回收静态或永久分配的IP地址。 在正常情况下，DHCP客户端确认RECLAIM命令，允许IP地址置于FREE状态。 但是，如果DHCP客户端没有响应或DHCP服务器没有收到响应，则DHCP服务器将IP地址的状态标记为DEPRECATED。 一旦RECLAIM进程的一些重试已经完成或最长时间过去，IP地址的状态将从DEPRECATED更改为FREE。 还介绍了防止恶意攻击者从DHCP客户端回收静态IP地址的安全机制。

公开(公告)号：US06687755B1

公开(公告)日：2004-02-03

申请号：US09605034

申请日：2000-06-27

申请人： Peter S. Ford ,  Pradeep Bahl ,  Jawad (Mohamed J.) Khaki ,  Greg Burns ,  Frank Beeson

发明人： Peter S. Ford ,  Pradeep Bahl ,  Jawad (Mohamed J.) Khaki ,  Greg Burns ,  Frank Beeson

IPC分类号： G06F1516

CPC分类号： H04L61/2046 ,  H04L29/12216 ,  H04L29/12264 ,  H04L29/1232 ,  H04L29/12801 ,  H04L61/2007 ,  H04L61/2092 ,  H04L61/6004 ,  Y10S707/99932

摘要： The utilization is described of an automatically generated Internet protocol (“IP”) address in a networked environment. An IP address is automatically generated and used while an IP address server is unavailable or unreliable. The system used either the automatically generated IP address or the assigned address depending on certain circumstances. For example, if the IP address server repeatedly assigns conflicting IP address, the system continues to use the generated IP address despite having received an assigned IP address from the IP address server. Also, if the communication is within a common local area network, the generated IP address is used so as to avoid encryption of the communication in accordance with TCP/IP protocol.

摘要翻译： 在网络环境中描述了自动生成的Internet协议（“IP”）地址的使用。 当IP地址服务器不可用或不可靠时，会自动生成并使用IP地址。 系统根据某些情况使用自动生成的IP地址或分配的地址。 例如，如果IP地址服务器反复分配冲突的IP地址，则系统会继续使用生成的IP地址，尽管从IP地址服务器接收到分配的IP地址。 此外，如果通信在公共局域网内，则使用生成的IP地址，以避免根据TCP / IP协议的通信加密。

公开(公告)号：US5729689A

公开(公告)日：1998-03-17

申请号：US428582

申请日：1995-04-25

申请人： James E. Allard ,  James Stewart ,  Pradeep Bahl ,  David M. Thompson

发明人： James E. Allard ,  James Stewart ,  Pradeep Bahl ,  David M. Thompson

IPC分类号： H04L29/12 ,  H04L12/00

CPC分类号： H04L61/1552 ,  H04L29/12132 ,  H04L29/12811 ,  H04L29/1282 ,  H04L61/6009 ,  H04L61/6013

摘要： A method and apparatus are described for enabling a first node, which utilizes a first naming protocol, to obtain an network address of another node from a naming service that does not provide addresses in accordance with the first naming protocol. A network embodying the present invention includes a naming proxy agent. A first node in the network obtains network addresses corresponding to node names according to a first naming protocol, and a second node conducts network naming operations according to a second naming protocol that is incompatible with the first naming protocol. As a result, the first node cannot by itself obtain the address of the second node by means of a node name query under the first naming protocol. However, the naming proxy agent receives a first naming query transmitted by the first node according to the first naming protocol that includes the name of the second node. The naming proxy agent converts the first naming query into a second naming query that also includes the registered name. The naming proxy agent transmits the second naming query according to the second naming protocol.

摘要翻译： 描述了一种使得能够使用第一命名协议的第一节点从不根据第一命名协议提供地址的命名服务获得另一节点的网络地址的方法和装置。 体现本发明的网络包括命名代理代理。 网络中的第一节点根据第一命名协议获得与节点名对应的网络地址，第二节点根据与第一命名协议不兼容的第二命名协议进行网络命名操作。 结果，第一节点本身不能通过在第一命名协议下的节点名称查询获得第二节点的地址。 然而，命名代理代理接收根据包括第二节点的名称的第一命名协议由第一节点发送的第一命名查询。 命名代理代理将第一个命名查询转换为第二个命名查询，还包括注册的名称。 命名代理代理根据第二个命名协议传输第二个命名查询。

公开(公告)号：US08516583B2

公开(公告)日：2013-08-20

申请号：US11096490

申请日：2005-03-31

申请人： Anil Francis Thomas ,  Michael Kramer ,  Mihai Costea ,  Efim Hudis ,  Pradeep Bahl ,  Rajesh K Dadhia ,  Yigal Edery

发明人： Anil Francis Thomas ,  Michael Kramer ,  Mihai Costea ,  Efim Hudis ,  Pradeep Bahl ,  Rajesh K Dadhia ,  Yigal Edery

IPC分类号： G06F21/00

CPC分类号： G06F21/56 ,  G06F21/562 ,  G06F21/577

摘要： In accordance with the present invention, a system, method, and computer-readable medium for aggregating the knowledge base of a plurality of security services or other event collection systems to protect a computer from malware is provided. One aspect of the present invention is a method that proactively protects a computer from malware by using anti-malware services or other event collection systems to observe suspicious events that are potentially indicative of malware; determining if the suspicious events satisfy a predetermined threshold; and if the suspicious events satisfy the predetermined threshold, implementing a restrictive security policy designed to prevent the spread of malware.

摘要翻译： 根据本发明，提供了一种用于聚合多个安全服务或其他事件收集系统的知识库以保护计算机免受恶意软件的系统，方法和计算机可读介质。 本发明的一个方面是通过使用反恶意软件服务或其他事件收集系统来观察潜在地指示恶意软件的可疑事件来主动地保护计算机免受恶意软件的影响; 确定可疑事件是否满足预定阈值; 并且如果可疑事件满足预定阈值，则实施旨在防止恶意软件传播的限制性安全策略。

公开(公告)号：US20120066381A1

公开(公告)日：2012-03-15

申请号：US13300743

申请日：2011-11-21

申请人： Pradeep Bahl ,  Christopher J. Corbett ,  Mohamed Jawad Khaki

发明人： Pradeep Bahl ,  Christopher J. Corbett ,  Mohamed Jawad Khaki

IPC分类号： G06F15/173

CPC分类号： H04L43/08 ,  H04L41/00 ,  H04L41/0233 ,  H04L41/0803 ,  H04L41/0853 ,  H04L41/12 ,  H04L41/14 ,  H04L41/145 ,  H04L41/28 ,  H04L63/20

摘要： Network DNA may be determined for a computer network that taxonomically classifies the computer network. Network DNA may include derived network DNA components and raw network DNA components. Raw network DNA components may be acquired from local or remote sources. Derived network DNA components may be generated according to derived network DNA component specifications. Derived network DNA component specifications may reference raw network DNA components. Network DNA determined for the computer network may include a network species component capable of indicating network species classifications for computer networks. Network species classifications may include enterprise network, home network and public place network. Network species classifications may be determined as a function of network security, network management and network addressing. One or more network DNA stores may be configured to store network DNA for computer networks. Network DNA stores may store network DNA history as well as current network DNA.

摘要翻译： 可以为对计算机网络进行分类分类的计算机网络确定网络DNA。 网络DNA可以包括衍生的网络DNA组分和原始网络DNA组分。 原始网络DNA组件可以从本地或远程来源获取。 衍生网络DNA组分可以根据衍生网络DNA组分规格生成。 衍生网络DNA组件规范可以参考原始网络DNA组件。 为计算机网络确定的网络DNA可以包括能够指示计算机网络的网络物种分类的网络物种组件。 网络物种分类可能包括企业网络，家庭网络和公共场所网络。 网络物种分类可以根据网络安全，网络管理和网络寻址来确定。 一个或多个网络DNA存储可以被配置为存储用于计算机网络的网络DNA。 网络DNA存储可以存储网络DNA历史以及当前的网络DNA。

公开(公告)号：US07979865B2

公开(公告)日：2011-07-12

申请号：US11266506

申请日：2005-11-03

申请人： Narasimha Rao S. S. Nagampalli ,  Pradeep Bahl ,  Ramesh Chinta

发明人： Narasimha Rao S. S. Nagampalli ,  Pradeep Bahl ,  Ramesh Chinta

IPC分类号： G06F9/46

CPC分类号： G06F9/4843 ,  G06F9/5027 ,  G06F2209/5018

摘要： A computer-readable medium bearing computer-executable instructions which, when executed on a computer, carry out a method for handling a request for an operating system service is presented. The method comprises receiving a request for execution of an operating system service. The corresponding operating system service is then identified. A unique service identifier that corresponds to the requested operating system service is obtained. A service thread is generated, the thread being associated with an executing process. Storage associated with the service thread is initialized with the unique service identifier. Thereafter, the execution of the service thread is initiated.

摘要翻译： 一种具有计算机可执行指令的计算机可读介质，其在计算机上执行时执行用于处理对操作系统服务的请求的方法。 该方法包括接收执行操作系统服务的请求。 然后识别相应的操作系统服务。 获得与所请求的操作系统服务相对应的唯一服务标识符。 生成服务线程，线程与执行进程相关联。 与服务线程相关联的存储将使用唯一的服务标识符初始化。 此后，启动服务线程的执行。

公开(公告)号：US07552349B2

公开(公告)日：2009-06-23

申请号：US11073901

申请日：2005-03-07

申请人： Amer A. Hassan ,  Pradeep Bahl ,  Paramvir Bahl ,  Thomas W. Kuehnel

发明人： Amer A. Hassan ,  Pradeep Bahl ,  Paramvir Bahl ,  Thomas W. Kuehnel

IPC分类号： G06F1/26 ,  G06F1/32 ,  G06F11/30

CPC分类号： G06F1/3203 ,  G06F1/3265 ,  G09G3/2003 ,  G09G2330/021 ,  G09G2340/04 ,  G09G2340/0407 ,  G09G2340/0428 ,  Y02D10/153

摘要： A novel system and method increase battery life for portable computing devices through intelligent display management. A user interface allows a user to input threshold values and parameters such that power management actions are taken should battery power fall below the thresholds. Such actions include the reduction of size to the projected display, disabling of network activity, and management of intensive CPU processes.

摘要翻译： 一种新颖的系统和方法通过智能显示管理增加便携式计算设备的电池寿命。 用户界面允许用户输入阈值和参数，以便在电池电量低于阈值时采取电源管理动作。 此类操作包括将大小减小到预计显示，禁用网络活动以及管理强大的CPU进程。

公开(公告)号：US07512081B2

公开(公告)日：2009-03-31

申请号：US11236777

申请日：2005-09-27

申请人： Arun Ayyagari ,  Sachin C. Sheth ,  Krishna Ganugapati ,  Timothy M. Moore ,  Pradeep Bahl ,  Mihai S. Peicu ,  Florin Teodorescu

发明人： Arun Ayyagari ,  Sachin C. Sheth ,  Krishna Ganugapati ,  Timothy M. Moore ,  Pradeep Bahl ,  Mihai S. Peicu ,  Florin Teodorescu

IPC分类号： H04L12/28 ,  H04Q7/24

CPC分类号： H04L63/08 ,  H04W8/005 ,  H04W12/06 ,  H04W28/18 ,  H04W48/18 ,  H04W84/18

摘要： A system and method for enabling a zero configuration nomadic wireless and wired computing environment presenting a just works experience is presented. The system examines predefined user preference or profile settings to determine to which of a competing number of wireless networks available it should connect, and what type of authentication should be used for such connection. Nomadic wireless computing between infrastructure wireless networks and ad hoc wireless networks may be accomplished without further user intervention required in an auto mode. Also, both infrastructure only and ad hoc only modes are available through the system of the invention. Further, the user may set a preference for infrastructure or ad hoc modes in the auto mode. With an infrastructure mode preference set, the system will automatically detect and transfer connectivity to a newly available infrastructure wireless network if the user was previously operating off-line or in ad hoc mode.

摘要翻译： 提出了一种能够实现零配置游牧无线和有线计算环境呈现刚刚工作经验的系统和方法。 该系统检查预定义的用户偏好或配置文件设置，以确定应连接哪个竞争数量的无线网络可用，哪种类型的认证应用于此类连接。 基础设施无线网络和自组织无线网络之间的游牧无线计算可以在自动模式下不需要进一步的用户干预的情况下完成。 而且，仅通过基础设施和仅专有模式可通过本发明的系统获得。 此外，用户可以在自动模式中设置对基础设施或自组织模式的偏好。 通过设置基础设施模式，系统将自动检测并传输连接到新近可用的基础设施无线网络，如果用户以前在离线或自组织模式下运行。

公开(公告)号：US20080189788A1

公开(公告)日：2008-08-07

申请号：US11702974

申请日：2007-02-06

申请人： Pradeep Bahl

发明人： Pradeep Bahl

IPC分类号： G06F21/00

CPC分类号： G06F21/577 ,  H04L41/28 ,  H04L63/1416

摘要： A dynamic risk management system for operating systems that provides monitoring, detection, assessment, and follow-up action to reduce the risk whenever it rises. The system enables an operating system to protect itself automatically in dynamic environments. The risk management system monitors a diverse set of attributes of the system which determines the security state of the system and is indicative of the risk the system is under. Based on a specification of risk levels for the various attributes and for their combinations, the risk management system determines whether one or more actions are required to alleviate the overall risk to the system.

摘要翻译： 操作系统的动态风险管理系统，提供监控，检测，评估和后续行动，以便在风险上升时降低风险。 该系统使操作系统能够在动态环境中自动保护自身。 风险管理系统监视系统的各种属性集，该属性决定系统的安全状态，并指示系统所处的风险。 基于各种属性及其组合的风险级别规范，风险管理系统确定是否需要一个或多个动作来减轻系统的整体风险。

公开(公告)号：US20080109890A1

公开(公告)日：2008-05-08

申请号：US11592778

申请日：2006-11-03

申请人： Pradeep Bahl ,  Gerardo Diaz Cuellar ,  Rajesh Dadhia

发明人： Pradeep Bahl ,  Gerardo Diaz Cuellar ,  Rajesh Dadhia

IPC分类号： G06F17/00

CPC分类号： H04L63/0263 ,  H04L63/1416

摘要： Management of security firewall settings in a networked computing environment is described. One example embodiment includes applying security settings and exceptions to the security settings based on network class for network communication, and upon detection of an event, revoking at least one exception for at least one network in a specified class.

摘要翻译： 描述了网络计算环境中的安全防火墙设置的管理。 一个示例性实施例包括基于用于网络通信的网络类别对安全设置应用安全设置和异常，并且在检测到事件时，撤销指定类中的至少一个网络的至少一个异常。