Techniques for non repudiation of storage in cloud or shared storage environments
    41.
    发明授权
    Techniques for non repudiation of storage in cloud or shared storage environments 有权
    在云或共享存储环境中不可否认存储的技术

    公开(公告)号:US08544070B2

    公开(公告)日:2013-09-24

    申请号:US13108094

    申请日:2011-05-16

    IPC分类号: G06F7/04

    摘要: Techniques for non-repudiation of storage in cloud or shared storage environments are provided. A unique signature is generated within a cloud or shared storage environment for each file of the storage tenant that accesses the cloud or shared storage environment. Each signature is stored as part of the file system and every time a file is accessed that signature is verified. When a file is updated, the signature is updated as well to reflect the file update.

    摘要翻译: 提供了在云或共享存储环境中不可否认存储的技术。 在云或共享存储环境中为访问云或共享存储环境的存储租户的每个文件生成唯一的签名。 每个签名作为文件系统的一部分存储,并且每次访问该文件时,签名都被验证。 更新文件时,还会更新签名以反映文件更新。

    Dynamic service access
    42.
    发明授权
    Dynamic service access 失效
    动态服务访问

    公开(公告)号:US08474009B2

    公开(公告)日:2013-06-25

    申请号:US12787727

    申请日:2010-05-26

    IPC分类号: H04L29/06

    摘要: Apparatus, systems, and methods may operate to authenticate a desktop client to an identity service (IS), to receive a request, from an application, at the IS via the desktop client for a virtual service internet protocol (IP) address associated with a service. The IS may operate to build a routing token that includes an original physical IP address associated with the service when a policy associated with the IS permits access to the service by a user identity associated with the desktop client. After the routing token is validated, the application may be connected to the service via the desktop client. The application may comprise an e-mail application or a remote control application, such as a virtual network computing (VNC) application. Additional apparatus, systems, and methods are disclosed.

    摘要翻译: 装置,系统和方法可以操作以将身份服务(IS)的桌面客户端认证为从IS应用程序经由桌面客户端接收与一个虚拟服务网际协议(IP)地址相关联的虚拟服务网际协议(IP)地址的请求 服务。 当与IS相关联的策略允许通过与桌面客户端相关联的用户身份访问服务时,IS可以操作以构建包括与服务相关联的原始物理IP地址的路由令牌。 在验证路由令牌之后,应用程序可能通过桌面客户端连接到服务。 应用可以包括电子邮件应用或诸如虚拟网络计算(VNC)应用的远程控制应用。 公开了附加装置,系统和方法。

    TECHNIQUES FOR SECURE NETWORK COMMUNICATION
    43.
    发明申请
    TECHNIQUES FOR SECURE NETWORK COMMUNICATION 有权
    安全网络通信技术

    公开(公告)号:US20090319776A1

    公开(公告)日:2009-12-24

    申请号:US12121843

    申请日:2008-05-16

    IPC分类号: H04L9/32

    摘要: Techniques for secure network communication are provided. Credentials for a user along with a transparently generated secret are sent to a resource that the user desires to establish a secure communication session with. After successful authentication of the user, an initial sequence number for a first transaction of the session is set on a client of the user. Thereafter, with each transaction of the session the client supplies a new and unique sequence number to a server of the resource and uses the secret to encode and validate that transaction. The server of the resource does not permit any transaction that includes an invalid or previously used sequence number.

    摘要翻译: 提供了用于安全网络通信的技术。 将用户的凭证以及透明生成的秘密发送到用户希望与之建立安全通信会话的资源。 在用户成功认证之后,在用户的客户端上设置用于会话的第一事务的初始序列号。 此后,对于会话的每个事务,客户端向资源的服务器提供新的和唯一的序列号,并使用秘密对该事务进行编码和验证。 资源的服务器不允许包含无效或先前使用的序列号的任何事务。

    TECHNIQUES FOR NON REPUDIATION OF STORAGE IN CLOUD OR SHARED STORAGE ENVIRONMENTS
    44.
    发明申请
    TECHNIQUES FOR NON REPUDIATION OF STORAGE IN CLOUD OR SHARED STORAGE ENVIRONMENTS 有权
    无法在云存储或共享存储环境中存储的技术

    公开(公告)号:US20120297183A1

    公开(公告)日:2012-11-22

    申请号:US13108094

    申请日:2011-05-16

    IPC分类号: H04L9/32

    摘要: Techniques for non-repudiation of storage in cloud or shared storage environments are provided. A unique signature is generated within a cloud or shared storage environment for each file of the storage tenant that accesses the cloud or shared storage environment. Each signature is stored as part of the file system and every time a file is accessed that signature is verified. When a file is updated, the signature is updated as well to reflect the file update.

    摘要翻译: 提供了在云或共享存储环境中不可否认存储的技术。 在云或共享存储环境中为访问云或共享存储环境的存储租户的每个文件生成唯一的签名。 每个签名作为文件系统的一部分存储,并且每次访问该文件时,签名都被验证。 更新文件时,还会更新签名以反映文件更新。

    Techniques for secure network communication
    45.
    发明授权
    Techniques for secure network communication 有权
    安全网络通信技术

    公开(公告)号:US08301876B2

    公开(公告)日:2012-10-30

    申请号:US12121843

    申请日:2008-05-16

    IPC分类号: H04L29/06

    摘要: Techniques for secure network communication are provided. Credentials for a user along with a transparently generated secret are sent to a resource that the user desires to establish a secure communication session with. After successful authentication of the user, an initial sequence number for a first transaction of the session is set on a client of the user. Thereafter, with each transaction of the session the client supplies a new and unique sequence number to a server of the resource and uses the secret to encode and validate that transaction. The server of the resource does not permit any transaction that includes an invalid or previously used sequence number.

    摘要翻译: 提供了用于安全网络通信的技术。 将用户的凭证以及透明生成的秘密发送到用户希望与之建立安全通信会话的资源。 在用户成功认证之后,在用户的客户端上设置用于会话的第一事务的初始序列号。 此后,对于会话的每个事务,客户端向资源的服务器提供新的和唯一的序列号,并使用秘密对该事务进行编码和验证。 资源的服务器不允许包含无效或先前使用的序列号的任何事务。

    Techniques for secure access management in virtual environments
    46.
    发明授权
    Techniques for secure access management in virtual environments 有权
    在虚拟环境中进行安全访问管理的技术

    公开(公告)号:US08984621B2

    公开(公告)日:2015-03-17

    申请号:US12714452

    申请日:2010-02-27

    摘要: Techniques for secure access management to virtual environments are provided. A user authenticates to a portal for purposes of establishing a virtual machine (VM). The portal interacts with a cloud server and an identity server to authenticate the user, to acquire an Internet Protocol (IP) address and port number for the VM, and to obtain a secure token. The user then interacts with a secure socket layer virtual private network (SSL VPN) server to establish a SSL VPN session with the VM. The SSL VPN server also authenticates the token through the identity server and acquires dynamic policies to enforce during the SSL VPN session between the user and the VM (the VM managed by the cloud server).

    摘要翻译: 提供了对虚拟环境进行安全访问管理的技术。 为了建立虚拟机(VM),用户认证到门户。 门户与云服务器和身份服务器进行交互以验证用户,获取虚拟机的互联网协议(IP)地址和端口号,并获取安全令牌。 然后,用户与安全套接字层虚拟专用网(SSL VPN)服务器交互,以与VM建立SSL VPN会话。 SSL VPN服务器还通过身份服务器对令牌进行身份验证,并获取动态策略,以在用户与VM(由云端服务器管理的虚拟机)之间的SSL VPN会话期间执行。

    MULTIPLE ACCESS AUTHENTICATION
    47.
    发明申请
    MULTIPLE ACCESS AUTHENTICATION 有权
    多次访问认证

    公开(公告)号:US20110296504A1

    公开(公告)日:2011-12-01

    申请号:US12786540

    申请日:2010-05-25

    IPC分类号: H04L29/06 H04L9/32

    CPC分类号: H04L63/0815

    摘要: Apparatus, systems, and methods may operate to receive, at a generating identity provider (IDP), original user credentials sufficient to authenticate a user directly from a user machine, or indirectly from an initial identity provider. Additional activities may include generating, by the generating IDP, generated user credentials having the lifetime of a login session associated with the user, the lifetime initiated approximately when the original user credentials or a token associated with the user are/is validated at the generating IDP. Still further activities may include receiving a request associated with the user during the login session to access an application protected by an agent, and transmitting at least part of the generated user credentials from the generating IDP to the application to authenticate the user to the generating IDP while the login session is not terminated or expired. Additional apparatus, systems, and methods are disclosed.

    摘要翻译: 设备,系统和方法可以操作以在生成身份提供者(IDP)处接收足以直接从用户机器或直接从初始身份提供者认证用户的原始用户凭证。 附加活动可以包括通过生成IDP生成具有与用户相关联的登录会话的生命周期的生成的用户凭证,大约在原始用户凭证或与该用户相关联的令牌在生成的IDP被验证时生效的生命周期 。 进一步的活动可以包括在登录会话期间接收与用户相关联的请求以访问由代理保护的应用,以及将生成的用户凭证的至少一部分从生成的IDP发送到应用以将用户认证为生成IDP 而登录会话未终止或过期。 公开了附加装置,系统和方法。

    DYNAMIC SERVICE ACCESS
    48.
    发明申请
    DYNAMIC SERVICE ACCESS 失效
    动态服务访问

    公开(公告)号:US20110296486A1

    公开(公告)日:2011-12-01

    申请号:US12787727

    申请日:2010-05-26

    IPC分类号: G06F21/00 G06F11/00 G06F15/16

    摘要: Apparatus, systems, and methods may operate to authenticate a desktop client to an identity service (IS), to receive a request, from an application, at the IS via the desktop client for a virtual service internet protocol (IP) address associated with a service. The IS may operate to build a routing token that includes an original physical IP address associated with the service when a policy associated with the IS permits access to the service by a user identity associated with the desktop client. After the routing token is validated, the application may be connected to the service via the desktop client. The application may comprise an e-mail application or a remote control application, such as a virtual network computing (VNC) application. Additional apparatus, systems, and methods are disclosed.

    摘要翻译: 装置,系统和方法可以操作以将身份服务(IS)的桌面客户端认证为从IS应用程序经由桌面客户端接收与一个虚拟服务网际协议(IP)地址相关联的虚拟服务网际协议(IP)地址的请求 服务。 当与IS相关联的策略允许通过与桌面客户端相关联的用户身份访问服务时,IS可以操作以构建包括与服务相关联的原始物理IP地址的路由令牌。 在验证路由令牌之后,应用程序可能通过桌面客户端连接到服务。 应用可以包括电子邮件应用或诸如虚拟网络计算(VNC)应用的远程控制应用。 公开了附加装置,系统和方法。

    Techniques for distributed testing
    49.
    发明授权
    Techniques for distributed testing 有权
    分布式测试技术

    公开(公告)号:US08560273B2

    公开(公告)日:2013-10-15

    申请号:US13399714

    申请日:2012-02-17

    IPC分类号: G06F12/00

    摘要: Techniques for distributed testing are provided. Resources are identified for performing tests over a network. The tests and policies are sent to the resources and a proxy. The proxy delivers data for the tests to the resources and enforces the policies during the tests. The proxy also gathers statistics and results from the resources, which are executing the tests, and the proxy reports the statistics and results to one or more third-party services for subsequent manipulation and analysis.

    摘要翻译: 提供分布式测试技术。 确定资源用于通过网络执行测试。 测试和策略被发送到资源和代理。 代理将测试的数据提供给资源,并在测试期间执行策略。 代理还收集来自执行测试的资源的统计数据和结果,代理将统计信息和结果报告给一个或多个第三方服务,以便后续的操作和分析。

    Identity based network mapping
    50.
    发明授权
    Identity based network mapping 有权
    基于身份的网络映射

    公开(公告)号:US08091119B2

    公开(公告)日:2012-01-03

    申请号:US11843008

    申请日:2007-08-22

    摘要: Techniques for identity-based network mapping are provided. A principal is associated with a resource identifier via a mapping. Conditions of a network are dynamically evaluated in response to policy and actions taken against a resource associated with the resource identifier of the mapping. The principal and the hardware resource of a machine are associated with two different types of resources and the mapping is used to manage security and maintenance associated with a network for shutting down the principal from accessing the network when an issue is detected with the hardware resource and the hardware resource is shut down when the issue is with the principal.

    摘要翻译: 提供了基于身份的网络映射技术。 主体通过映射与资源标识符相关联。 响应于针对与映射的资源标识符相关联的资源采取的策略和动作来动态地评估网络的条件。 机器的主体和硬件资源与两种不同类型的资源相关联,并且映射用于管理与网络相关联的安全性和维护,以便在用硬件资源检测到问题时关闭主体访问网络; 硬件资源在问题出现时与主体关闭。