-
公开(公告)号:US08839345B2
公开(公告)日:2014-09-16
申请号:US12049629
申请日:2008-03-17
CPC分类号: G06F21/629 , G06F21/53 , G06F21/55 , G06F21/552 , G06F21/577 , G06F21/604 , H04L63/102 , H04L63/1408 , H04L63/20 , H04L67/00 , H04L67/10 , H04W12/08
摘要: Techniques for mapping at least one physical system and at least one virtual system into at least two separate execution environments are provided. The techniques include discovering an implicitly enforced security policy in an environment comprising at least one physical system and at least one virtual system, using the discovered policy to create an enforceable isolation policy, and using the isolation policy to map the at least one physical system and at least one virtual system into at least two separate execution environments. Techniques are also provided for generating a database of one or more isolation policies.
摘要翻译: 提供了用于将至少一个物理系统和至少一个虚拟系统映射到至少两个单独的执行环境中的技术。 所述技术包括在包括至少一个物理系统和至少一个虚拟系统的环境中发现隐含强制执行的安全策略,使用所发现的策略来创建可强制执行的隔离策略,以及使用所述隔离策略来映射所述至少一个物理系统和 至少一个虚拟系统进入至少两个独立的执行环境。 还提供了用于生成一个或多个隔离策略的数据库的技术。
-
公开(公告)号:US20090235324A1
公开(公告)日:2009-09-17
申请号:US12049629
申请日:2008-03-17
IPC分类号: G06F17/00
CPC分类号: G06F21/629 , G06F21/53 , G06F21/55 , G06F21/552 , G06F21/577 , G06F21/604 , H04L63/102 , H04L63/1408 , H04L63/20 , H04L67/00 , H04L67/10 , H04W12/08
摘要: Techniques for mapping at least one physical system and at least one virtual system into at least two separate execution environments are provided. The techniques include discovering an implicitly enforced security policy in an environment comprising at least one physical system and at least one virtual system, using the discovered policy to create an enforceable isolation policy, and using the isolation policy to map the at least one physical system and at least one virtual system into at least two separate execution environments. Techniques are also provided for generating a database of one or more isolation policies.
摘要翻译: 提供了用于将至少一个物理系统和至少一个虚拟系统映射到至少两个单独的执行环境中的技术。 所述技术包括在包括至少一个物理系统和至少一个虚拟系统的环境中发现隐含强制执行的安全策略,使用所发现的策略来创建可强制执行的隔离策略,以及使用所述隔离策略来映射所述至少一个物理系统和 至少一个虚拟系统进入至少两个独立的执行环境。 还提供了用于生成一个或多个隔离策略的数据库的技术。
-
23.发明申请METHOD AND APPARATUS FOR DELEGATING RESPONSES TO CONDITIONS IN COMPUTING SYSTEMS 审中-公开将计算机系统中的条件反应的方法和装置公开(公告)号:US20080263203A1
公开(公告)日:2008-10-23
申请号:US12163503
申请日:2008-06-27
申请人: JAMES RYAN GILES , Reiner Sailer
发明人: JAMES RYAN GILES , Reiner Sailer
IPC分类号: G06F15/173
CPC分类号: H04L63/1441
摘要: METHOD AND APPARATUS FOR DELEGATING RESPONSES TO CONDITIONS IN COMPUTING SYSTEMS ABSTRACT One embodiment of the present method and apparatus for delegating responses to conditions in computing systems includes acknowledging (e.g., at a systems management component in the computing system) a condition, and delegating responsibility for a strategy for a response to the condition to another component. In further embodiments, the present method and apparatus for delegating responses to conditions in computing systems includes receiving (e.g., at a computing system component) an assignment from another computing system component (e.g., a systems management component), where the assignment assigns responsibility for a strategy for a response to a condition, and determining whether and how to respond to the condition.
摘要翻译: 用于将计算系统中的条件解决的方法和装置摘要本发明的方法和装置用于委托对计算系统中的条件的响应包括确认(例如,在计算系统中的系统管理组件)条件,以及委托 将条件应答到另一个组件的策略。 在另外的实施例中,用于委托对计算系统中的条件的响应的本方法和装置包括从另一个计算系统组件(例如,系统管理组件)接收(例如,在计算系统组件处)从其分配给 对条件作出反应的策略,以及确定是否以及如何对条件作出反应。
-
公开(公告)号:US20050081044A1
公开(公告)日:2005-04-14
申请号:US10685846
申请日:2003-10-14
申请人: James Giles , Reiner Sailer
发明人: James Giles , Reiner Sailer
CPC分类号: H04L63/08 , H04L63/0428 , H04L63/126
摘要: Methods and apparatus for enabling a Pervasive Authentication Domain. A Pervasive Authentication Domain allows many registered Pervasive Devices to obtain authentication credentials from a single Personal Authentication Gateway and to use these credentials on behalf of users to enable additional capabilities for the devices. It provides an arrangement for a user to store credentials in one device (the Personal Authentication Gateway), and then make use of those credentials from many authorized Pervasive Devices without re-entering the credentials. It provides a convenient way for a user to share credentials among many devices, particularly when it is not convenient to enter credentials as in a smart wristwatch environment. It further provides an arrangement for disabling access to credentials to devices that appear to be far from the Personal Authentication Gateway as measured by metrics such as communications signal strengths.
摘要翻译: 实现普遍认证域的方法和设备。 普遍认证域允许许多注册的Pervasive设备从单个个人认证网关获取认证凭证,并代表用户使用这些凭据来启用设备的其他功能。 它提供了一种用于在一个设备(个人认证网关)中存储凭证的安排,然后使用来自许多授权的普及设备的这些凭证而不重新输入凭证。 它为用户在许多设备之间共享凭据提供了便利的方式,特别是当不方便进入智能手表环境中的凭据时。 它进一步提供了一种安排,用于禁止对看起来远离个人认证网关的设备访问凭证,如通过诸如通信信号强度的度量来衡量的。
-
公开(公告)号:US09003025B2
公开(公告)日:2015-04-07
申请号:US13542422
申请日:2012-07-05
IPC分类号: G06F15/173 , G06F21/32
CPC分类号: G06F21/32 , G06F2221/2101 , G06F2221/2117 , H04L41/5058 , H04L41/5096 , H04L67/22 , H04L67/306
摘要: A method for identifying an unknown user according to a plurality of facets of user activity in a plurality of contexts includes receiving a plurality of priors for the facets with respect to the contexts, receiving a plurality of footprints of known users, aggregating the footprints of the users to determine an ensemble prior, receiving a plurality of network traces relevant to an unknown user in a computer environment, matching the network traces against each of the footprints to determine a plurality of matches, aggregating the matches using the ensemble prior according to the facets and the contexts, and outputting a probable user identity for the unknown user.
摘要翻译: 根据多个上下文中的用户活动的多个方面来识别未知用户的方法包括:针对所述上下文接收所述方面的多个先验,接收已知用户的多个覆盖区, 用户在先前确定集合,在计算机环境中接收与未知用户相关的多个网络迹线,将网络跟踪与每个足迹匹配以确定多个匹配,以根据小平面先前使用集合聚合匹配 和上下文,并为未知用户输出可能的用户身份。
-
26.发明授权Method and apparatus for detecting unauthorized bulk forwarding of sensitive data over a network 有权用于检测通过网络的敏感数据的未经批准转发的方法和装置公开(公告)号:US08938511B2
公开(公告)日:2015-01-20
申请号:US13494101
申请日:2012-06-12
CPC分类号: H04L51/32 , G06Q10/107 , H04L51/12
摘要: Methods and apparatus are provided for detecting unauthorized bulk forwarding of sensitive data over a network. A bulk forwarding of email from a first network environment is automatically detected by determining an arrival rate for internal emails received from within the first network environment into one or more user accounts; determining a sending rate for external emails sent from the one or more user accounts to a second network environment; and detecting the bulk forwarding of email from a given user account by comparing the arrival rate for internal emails and the sending rate for external emails. The bulk forwarding of email from a given user account can be detected by determining whether statistical models of the arrival rate for internal emails and of the sending rate for external emails are correlated in time.
摘要翻译: 提供了用于检测通过网络的敏感数据的未授权批量转发的方法和装置。 通过确定从第一网络环境中接收的内部电子邮件的到达率到一个或多个用户帐户,自动检测来自第一网络环境的电子邮件的批量转发; 确定从所述一个或多个用户帐户发送到第二网络环境的外部电子邮件的发送速率; 并通过比较内部电子邮件的到达率和外部电子邮件的发送速率来检测来自给定用户帐户的电子邮件的批量转发。 通过确定内部电子邮件到达率的统计模型和外部电子邮件的发送速率是否及时相关,可以检测到来自给定用户帐户的电子邮件的批量转发。
-
公开(公告)号:US08103871B2
公开(公告)日:2012-01-24
申请号:US11932918
申请日:2007-10-31
申请人: James R. Giles , Reiner Sailer
发明人: James R. Giles , Reiner Sailer
IPC分类号: H04W12/06
CPC分类号: H04L63/08 , H04L63/0428 , H04L63/126
摘要: Methods and apparatus for enabling a Pervasive Authentication Domain. A Pervasive Authentication Domain allows many registered Pervasive Devices to obtain authentication credentials from a single Personal Authentication Gateway and to use these credentials on behalf of users to enable additional capabilities for the devices. It provides an arrangement for a user to store credentials in one device (the Personal Authentication Gateway), and then make use of those credentials from many authorized Pervasive Devices without re-entering the credentials. It provides a convenient way for a user to share credentials among many devices, particularly when it is not convenient to enter credentials as in a smart wristwatch environment. It further provides an arrangement for disabling access to credentials to devices that appear to be far from the Personal Authentication Gateway as measured by metrics such as communications signal strengths.
摘要翻译: 实现普遍认证域的方法和设备。 普遍认证域允许许多注册的Pervasive设备从单个个人认证网关获取认证凭证,并代表用户使用这些凭据来启用设备的其他功能。 它提供了一种用于在一个设备(个人认证网关)中存储凭证的安排,然后使用来自许多授权的普及设备的这些凭证而不重新输入凭证。 它为用户在许多设备之间共享凭据提供了便利的方式,特别是当不方便进入智能手表环境中的凭据时。 它进一步提供了一种安排,用于禁止对看起来远离个人认证网关的设备访问凭证,如通过诸如通信信号强度的度量来衡量的。
-
公开(公告)号:US07953976B2
公开(公告)日:2011-05-31
申请号:US11932804
申请日:2007-10-31
申请人: James R. Giles , Reiner Sailer
发明人: James R. Giles , Reiner Sailer
IPC分类号: H04W12/06
CPC分类号: H04L63/08 , H04L63/0428 , H04L63/126
摘要: Methods and apparatus for enabling a Pervasive Authentication Domain. A Pervasive Authentication Domain allows many registered Pervasive Devices to obtain authentication credentials from a single Personal Authentication Gateway and to use these credentials on behalf of users to enable additional capabilities for the devices. It provides an arrangement for a user to store credentials in one device (the Personal Authentication Gateway), and then make use of those credentials from many authorized Pervasive Devices without re-entering the credentials. It provides a convenient way for a user to share credentials among many devices, particularly when it is not convenient to enter credentials as in a smart wristwatch environment. It further provides an arrangement for disabling access to credentials to devices that appear to be far from the Personal Authentication Gateway as measured by metrics such as communications signal strengths.
摘要翻译: 实现普遍认证域的方法和设备。 普遍认证域允许许多注册的Pervasive设备从单个个人认证网关获取认证凭证,并代表用户使用这些凭据来启用设备的其他功能。 它提供了一种用于在一个设备(个人认证网关)中存储凭证的安排,然后使用来自许多授权的普及设备的这些凭证而不重新输入凭证。 它为用户在许多设备之间共享凭据提供了便利的方式,特别是当不方便进入智能手表环境中的凭据时。 它进一步提供了一种安排,用于禁止对看起来远离个人认证网关的设备访问凭证,如通过诸如通信信号强度的度量来衡量的。
-
公开(公告)号:US06829709B1
公开(公告)日:2004-12-07
申请号:US09580769
申请日:2000-05-30
申请人: Arup Acharya , Mandis Beigi , Raymond Byars Jennings, III , Reiner Sailer , Dinesh Chandra Verma
发明人: Arup Acharya , Mandis Beigi , Raymond Byars Jennings, III , Reiner Sailer , Dinesh Chandra Verma
IPC分类号: G06F124
CPC分类号: H04L63/164 , H04L63/08
摘要: This invention provides methods and apparatus for validating that transformations that are expected to occur in an IP network are indeed occurring as expected. Generally, these transformations establish logical communication tunnels within an IP network between the devices that perform the transformation and the devices that perform the reverse transformation. The invention is useful to validate the configuration of devices that support a variety of IP transformation methods, including IP-security protocols using the standard Encrypted Secure Payload protocol and Authenticated Header protocols as defined by the IETF. The invention is particularly useful to validate cases in which transformations occur on the full path of a packet traversing between two machines in an IP network, or when the transformations only occur on part of this path.
摘要翻译: 本发明提供了用于验证期望在IP网络中发生的转换确实按预期发生的方法和装置。 通常,这些转换在执行转换的设备和执行逆向转换的设备之间的IP网络内建立逻辑通信隧道。 本发明有助于验证支持各种IP变换方法的设备的配置,包括使用IETF定义的标准加密安全有效载荷协议和经认证的报头协议的IP安全协议。 本发明特别有用于验证在IP网络中的两台机器之间穿过的分组的完整路径上发生转换的情况,或者当该转换仅在该路径的一部分上发生时。
-
30.发明授权Method, system and program product for remotely verifying integrity of a system 失效用于远程验证系统完整性的方法,系统和程序产品公开(公告)号:US08434147B2
公开(公告)日:2013-04-30
申请号:US11268220
申请日:2005-11-07
IPC分类号: H04L29/06
CPC分类号: G06F21/57
摘要: The present invention provides a computer-implemented method system and program product for remotely verifying (e.g., analytic) integrity of a system. Specifically, at startup of the system an access control policy that sets forth information flows within the system is read and a set of trusted subjects that interact with a target application in the system is determined. Based on the access information flows and the set of trusted subjects, an information flow graph of the system is constructed. At runtime of the target application, runtime information and program code loaded into the set of trusted subjects are measured. Measuring the program code that is loaded allows the remote party to verify that the program code is “expected” program code for the set of trusted subjects.
摘要翻译: 本发明提供了一种用于远程验证(例如,分析)系统完整性的计算机实现的方法系统和程序产品。 特别地,在系统启动时,读取在系统内设置信息流的访问控制策略,并且确定与系统中的目标应用交互的一组可信对象。 基于访问信息流和可信任对象的集合,构建系统的信息流图。 在目标应用程序的运行时间,测量加载到可信任对象集合中的运行时信息和程序代码。 测量加载的程序代码允许远程方验证程序代码是可信任对象集合的“预期”程序代码。
-
-
-
-
-
-
-
-
-
搜索结果
50 条记录 (耗时 0.032 秒)