-
公开(公告)号:US20090183249A1
公开(公告)日:2009-07-16
申请号:US11972620
申请日:2008-01-11
IPC分类号: G06F21/00
CPC分类号: G06F21/79 , G06F2221/2153
摘要: A storage token has a display and a keyboard, or other input device, that allows a user to view a request to access a memory location and enter a response to the request. The display allows presentation of details of the request, such as a pathname to a requested memory location, metadata describing a cryptographic key for use in a transaction confirmation, and/or transaction details which are awaiting verification by a credential stored on the token. The storage token may also include a cryptographic engine and a secure memory allowing signing data returned in response to the request.
摘要翻译: 存储令牌具有显示器和键盘或其他输入设备,其允许用户查看访问存储器位置的请求并输入对该请求的响应。 显示器允许呈现请求的细节,例如所请求的存储器位置的路径名,描述用于事务确认的加密密钥的元数据和/或等待由存储在令牌上的凭证进行验证的事务细节。 存储令牌还可以包括密码引擎和允许响应于该请求而返回的签名数据的安全存储器。
-
公开(公告)号:US20130067236A1
公开(公告)日:2013-03-14
申请号:US13230401
申请日:2011-09-12
申请人: Thomas Russo , David Abzarian , Nidhi S. Sanghai , Pak Kiu Chung
发明人: Thomas Russo , David Abzarian , Nidhi S. Sanghai , Pak Kiu Chung
IPC分类号: G06F21/00
摘要: A computing environment in which devices interoperate with a plurality of hardware components. Inconsistencies in user experience when operating devices that may use different components are avoided by generating a signature for the components. The signature may be computed as a function of a first key and one or more parameter values obtainable from the component. The signature and parameter values may be stored in the component's memory, and may be obtainable while the component is in operation as part of the computing device. The device may validate the component by performing at least one function based on the signature, the one or more parameter values obtainable from the component, and a second key, which may or may not be identical to the first key. The device may change its interaction with the component, depending on whether the component was successfully validated.
摘要翻译: 设备与多个硬件组件互操作的计算环境。 通过生成组件的签名来避免操作可能使用不同组件的设备时用户体验的不一致。 签名可以作为第一密钥和从该组件获得的一个或多个参数值的函数来计算。 签名和参数值可以存储在组件的存储器中,并且可以在组件作为计算设备的一部分运行时获得。 设备可以通过基于签名执行至少一个功能来验证组件,该功能可从该组件获得的一个或多个参数值以及与第一个键可能不同的第二个键。 该设备可能会更改其与组件的交互,具体取决于组件是否已成功验证。
-
公开(公告)号:US08201234B2
公开(公告)日:2012-06-12
申请号:US11746478
申请日:2007-05-09
IPC分类号: H04L29/06
CPC分类号: H04L63/20 , H04L63/0428 , H04L63/08
摘要: Computer-readable medium having a data structure stored thereon for defining a schema for expressing a network security policy. The data structure includes a first data field including data defining a parameter to be applied based on the network security policy. The network security policy defines at least one of the following: a firewall rule and a connection security rule. The data structure also includes a second data field having data specifying restrictions of the parameter included in the first data field. The parameter in the first data field and the restrictions in the second data field form the schema for expressing the network security policy to be processed. The network security policy manages communications between a computing device and at least one other computing device.
摘要翻译: 计算机可读介质,其上存储有用于定义表示网络安全策略的模式的数据结构。 数据结构包括第一数据字段,包括基于网络安全策略定义要应用的参数的数据。 网络安全策略定义以下至少一个:防火墙规则和连接安全规则。 数据结构还包括具有指定包含在第一数据字段中的参数的限制的数据的第二数据字段。 第一数据字段中的参数和第二数据字段中的限制形成用于表示要处理的网络安全策略的模式。 网络安全策略管理计算设备与至少一个其他计算设备之间的通信。
-
公开(公告)号:US08099774B2
公开(公告)日:2012-01-17
申请号:US11589513
申请日:2006-10-30
申请人: David Abzarian , Gerardo Diaz Cuellar , Eran Yariv
发明人: David Abzarian , Gerardo Diaz Cuellar , Eran Yariv
CPC分类号: H04L63/0263
摘要: The dynamic updating of firewall parameters is described. One exemplary embodiment includes receiving a policy rule that includes a reference to a predefined container that specifies a permissible value range of at least one firewall parameter allowable under the policy rule, receiving a firewall parameter value, and populating the predefined container with the firewall parameter value if the firewall parameter value is within the permissible value range, thereby updating the policy rule.
摘要翻译: 描述了防火墙参数的动态更新。 一个示例性实施例包括接收包括对预定义容器的引用的策略规则,其指定策略规则允许的至少一个防火墙参数的允许值范围,接收防火墙参数值,以及使用防火墙参数值填充预定义容器 如果防火墙参数值在允许的值范围内,则更新策略规则。
-
公开(公告)号:US07707294B2
公开(公告)日:2010-04-27
申请号:US11823029
申请日:2007-06-26
IPC分类号: G06F15/16 , G06F15/177 , G06F15/173
CPC分类号: H04L63/029 , H04L69/16
摘要: A system maintains a dormant state in the host, in which no beacons (or “bubbles”) are transmitted from the host when no application or service (collectively, “processes”) of the host is accepting unsolicited traffic via the edge traversal service. When at least one application or service begins to accept unsolicited traffic via the edge traversal service, the host enters a qualified state and begins transmitting the beacons. As each additional application or service begins to accept such traffic, the number of accepting applications and services is maintained. As applications and services terminate acceptance of such traffic, the number of accepting applications and services is decremented. When the last application or service terminates acceptance of unsolicited traffic via the edge traversal service, the host re-enters the dormant state and ceases transmission of its beacons.
摘要翻译: 当主机的应用程序或服务(统称为“进程”)通过边缘遍历服务接受未经请求的流量时,系统将在主机中维护休眠状态,在主机中不发送信标(或“气泡”)。 当至少一个应用程序或服务通过边缘遍历服务开始接受未经请求的流量时,主机进入合格状态并开始发送信标。 随着每个附加应用程序或服务开始接受这种流量,维护接受的应用程序和服务的数量。 随着应用程序和服务终止这种流量的接受,接受申请和服务的数量减少了。 当最后一个应用程序或服务通过边缘遍历服务终止接受未经请求的流量时,主机重新进入休眠状态并停止其信标的传输。
-
公开(公告)号:US07698548B2
公开(公告)日:2010-04-13
申请号:US11297717
申请日:2005-12-08
申请人: Art Shelest , Eran Yariv , David Abzarian
发明人: Art Shelest , Eran Yariv , David Abzarian
IPC分类号: H04L29/06
CPC分类号: H04L63/1408 , H04L63/1441
摘要: Technology for applying a communications traffic security policy in which a distinct communications traffic flow is segregated based upon a security value; whereby the communications traffic security policy include one or both of a detection and an enforcement policy. The detection policy may include determining whether the segregated communications traffic flow involves malware; and, the enforcement policy may include a malware policy.
摘要翻译: 基于安全值分配不同通信业务流的通信业务安全策略的应用技术; 由此通信交通安全策略包括检测和执行策略中的一个或两个。 检测策略可以包括确定分离的通信业务流是否涉及恶意软件; 并且执法政策可能包括恶意软件策略。
-
公开(公告)号:US20090006847A1
公开(公告)日:2009-01-01
申请号:US11823861
申请日:2007-06-28
CPC分类号: H04L63/10 , G06F21/74 , H04L63/02 , H04L63/0227 , H04L63/0263 , H04L63/04 , H04L63/0428 , H04L63/20
摘要: Some embodiments of the invention are directed to techniques for determining whether a process on a computer system that is sending or receiving data, or is attempting to send or receive data, with another computer system is executing in kernel mode or user mode and providing an indicator of this determination to a security engine. In some embodiments, such an indication is provided to a security engine (e.g., a firewall) that implements a security policy based at least in part on whether the sending or receiving process is in kernel mode or user mode, and filter communications based on a process' operating mode. This enables a security engine to maintain security policies of greater specificity and thus improve security of a computer system.
摘要翻译: 本发明的一些实施例涉及用于确定计算机系统上正在发送或接收数据或正试图与另一计算机系统发送或接收数据的过程在内核模式或用户模式下执行的技术,并提供指示符 对安全引擎的这种决定。 在一些实施例中,这样的指示被提供给至少部分地基于发送或接收进程是处于内核模式还是用户模式来实现安全策略的安全引擎(例如,防火墙),以及基于 过程“操作模式。 这使安全引擎能够保持更高特异性的安全策略,从而提高计算机系统的安全性。
-
公开(公告)号:US20080282336A1
公开(公告)日:2008-11-13
申请号:US11891379
申请日:2007-08-10
IPC分类号: G06F9/00
CPC分类号: H04L63/0263 , H04L63/20
摘要: A networked computer with a software firewall that may be configured for any of a number of network contexts may be quickly configured with an appropriate set of rules for a current network context. The computer has multiple profiles, each containing rules applicable to a different network context. When a change in network context is detected, a difference between the profile for the current context and the profile with which the firewall was previously configured is determined. These differences are applied to quickly reconfigure the firewall without blocking, even temporarily, communications that are allowed in the previously configured and current profiles. Additionally, when the networked computer is connected to multiple networks simultaneously, an appropriate profile may be selected.
摘要翻译: 具有软件防火墙的联网计算机可以被配置用于许多网络环境中的任何一个,可以用当前网络上下文的适当的规则集来快速配置。 计算机具有多个配置文件,每个配置文件包含适用于不同网络环境的规则。 当检测到网络上下文的变化时,确定当前上下文的配置文件与先前配置了防火墙的配置文件之间的区别。 这些差异适用于快速重新配置防火墙,而不会阻塞(甚至暂时的)先前配置的和当前配置文件中允许的通信。 此外,当联网计算机同时连接到多个网络时,可以选择适当的配置文件。
-
公开(公告)号:US20080028457A1
公开(公告)日:2008-01-31
申请号:US11495412
申请日:2006-07-28
申请人: Gerardo Diaz-Cuellar , Eran Yariv , David Abzarian
发明人: Gerardo Diaz-Cuellar , Eran Yariv , David Abzarian
IPC分类号: G06F15/16
CPC分类号: H04L63/1441 , H04L63/08
摘要: A proxy service receives requests from a remote caller to configure a main service. The proxy service authenticates the caller and validates the request. The proxy service then passes the request along to the main service if the caller can be authenticated and if the request can be validated. The proxy service runs at a non-privileged level, but when the proxy service passes the request to the main service, the proxy service impersonates the caller so that the request to the main service is made at the original caller's level of privilege. The main service can block all inbound network traffic, since network requests to configure the main service are received by the proxy, which is a local object from the perspective of the main service. Additionally, the proxy can block inbound traffic other than a certain class of requests (e.g., Remote Procedure Calls).
摘要翻译: 代理服务从远程主叫方接收请求以配置主服务。 代理服务认证呼叫者并验证请求。 代理服务然后将请求传递到主服务,如果呼叫者可以被认证,并且请求可以被验证。 代理服务以非特权级别运行,但是当代理服务将请求传递给主服务时,代理服务模拟主叫方,使得对主服务的请求是在原始呼叫者的权限级别进行的。 主服务可以阻止所有入站网络流量,因为从主服务的角度看,代理服务器接收到配置主服务的网络请求,这是一个本地对象。 此外,代理可以阻止除特定类别的请求之外的入站流量(例如,远程过程调用)。
-
公开(公告)号:US08838807B2
公开(公告)日:2014-09-16
申请号:US13211009
申请日:2011-08-16
CPC分类号: H04L63/029 , H04L69/16
摘要: A system maintains a dormant state in the host, in which no beacons (or “bubbles”) are transmitted from the host when no application or service (collectively, “processes”) of the host is accepting unsolicited traffic via the edge traversal service. When at least one application or service begins to accept unsolicited traffic via the edge traversal service, the host enters a qualified state and begins transmitting the beacons. As each additional application or service begins to accept such traffic, the number of accepting applications and services is maintained. As applications and services terminate acceptance of such traffic, the number of accepting applications and services is decremented. When the last application or service terminates acceptance of unsolicited traffic via the edge traversal service, the host re-enters the dormant state and ceases transmission of its beacons.
摘要翻译: 当主机的应用程序或服务(统称为“进程”)通过边缘遍历服务接受未经请求的流量时,系统将在主机中维护休眠状态,在主机中不发送信标(或“气泡”)。 当至少一个应用程序或服务通过边缘遍历服务开始接受未经请求的流量时,主机进入合格状态并开始发送信标。 随着每个附加应用程序或服务开始接受这种流量,维护接受的应用程序和服务的数量。 随着应用程序和服务终止这种流量的接受,接受申请和服务的数量减少了。 当最后一个应用程序或服务通过边缘遍历服务终止接受未经请求的流量时,主机重新进入休眠状态并停止其信标的传输。
-
-
-
-
-
-
-
-
-
搜索结果
82 条记录 (耗时 0.03 秒)
