-
41.发明授权Method and apparatus for supporting a virtual private network architecture on a partitioned platform 有权用于在分区平台上支持虚拟专用网络架构的方法和装置公开(公告)号:US08281387B2
公开(公告)日:2012-10-02
申请号:US11479609
申请日:2006-06-30
申请人: Ajay Gupta , Jeong Yoon , Jesse Walker , Kapil Sood , Karanvir Grewal , Hormuzd M. Khosravi
发明人: Ajay Gupta , Jeong Yoon , Jesse Walker , Kapil Sood , Karanvir Grewal , Hormuzd M. Khosravi
IPC分类号: G06F9/00
CPC分类号: H04L63/0272 , G06F21/562
摘要: A computer system includes a service partition, not directly accessible to a user, having a security agent to inspect data entering and exiting the computer system on a virtual private network (VPN) tunnel, and a service partition VPN unit to communicate with a VPN gateway. The computer system also includes a user partition, accessible to a user, having a user partition VPN unit to initiate construction of the VPN tunnel with the VPN gateway. Other embodiments are described and claimed.
摘要翻译: 计算机系统包括不能直接访问用户的服务分区,具有用于检查在虚拟专用网(VPN)隧道上进入和退出计算机系统的数据的安全代理以及与VPN网关通信的服务分区VPN单元 。 计算机系统还包括用户可访问的用户分区,具有用户分区VPN单元以启动与VPN网关的VPN隧道的构建。 描述和要求保护其他实施例。
-
42.发明申请Efficient Key Derivation for End-To-End Network Security with Traffic Visibility 有权针对具有流量可见性的端到端网络安全性的高效关键推导公开(公告)号:US20100135498A1
公开(公告)日:2010-06-03
申请号:US12327137
申请日:2008-12-03
申请人: Men Long , Jesse Walker , Karanvir Grewal
发明人: Men Long , Jesse Walker , Karanvir Grewal
CPC分类号: H04L9/0866 , H04L9/0631 , H04L63/0428 , H04L63/06 , H04L2209/125
摘要: Both end-to-end security and traffic visibility may be achieved by a system using a controller that derives a cryptographic key that is different for each client based on a derivation key and a client identifier that is conveyed in each data packet. The controller distributes the derivation key to information technology monitoring devices and a server to provide traffic visibility. For large key sizes, the key may be derived using a derivation formula as follows: client_key—MSB=AES128(base_key_1, client_ID), (1) client_key—LSB=AES128(base_key_2, client_ID+pad), and (2) client_key=client_key_MSB∥client_key_LSB, where (1) and (2) are executed in parallel. The client key and a client identifier may be used so that end-to-end security may be achieved.
摘要翻译: 端到端安全性和流量可见性可以由使用控制器的系统来实现,所述控制器基于在每个数据分组中传送的导出密钥和客户端标识符来导出每个客户端不同的密码密钥。 控制器将派生密钥分发到信息技术监控设备和服务器,以提供流量可视性。 对于较大的密钥大小,密钥可以使用以下推导公式导出:client_key-MSB = AES128(base_key_1,client_ID),(1)client_key-LSB = AES128(base_key_2,client_ID + pad)和(2)client_key = client_key_MSB‖client_key_LSB,其中(1)和(2)并行执行。 可以使用客户端密钥和客户端标识符,以便可以实现端到端的安全性。
-
43.发明申请Methods, apparatuses, and systems for the dynamic evaluation and delegation of network access control 有权用于动态评估和授权网络访问控制的方法,设备和系统公开(公告)号:US20070006309A1
公开(公告)日:2007-01-04
申请号:US11171593
申请日:2005-06-29
申请人: Howard Herbert , Karanvir Grewal
发明人: Howard Herbert , Karanvir Grewal
IPC分类号: G06F12/14
CPC分类号: H04L63/20 , H04L63/105 , H04L63/1408
摘要: Embodiments of the inventions are generally directed to methods, apparatuses, and systems for the dynamic evaluation and delegation of network access control. In an embodiment, a platform includes a switch to control a network connection and an endpoint enforcement engine coupled with the switch. The endpoint enforcement engine may be capable of dynamically switching among a number of network access control modes responsive to an instruction received from the network connection.
摘要翻译: 本发明的实施例一般涉及用于动态评估和授权网络访问控制的方法,装置和系统。 在一个实施例中,平台包括用于控制网络连接的开关和与开关耦合的端点执行引擎。 端点执行引擎可以响应于从网络连接接收的指令而能够在多个网络访问控制模式之间动态切换。
-
-
搜索结果
43 条记录 (耗时 0.015 秒)
