公开(公告)号：US09047444B2

公开(公告)日：2015-06-02

申请号：US12440631

申请日：2007-08-08

Applicant: Gerard Sherlock ,  John D R Pilkington

Inventor： Gerard Sherlock ,  John D R Pilkington

IPC: G06Q99/00 ,  G06F21/10 ,  G06F21/12 ,  H04W4/00 ,  H04W12/06 ,  G06F21/62 ,  G11B20/00 ,  G06F21/00 ,  H04L29/06

CPC classification number: G06F21/10 ,  G06F21/00 ,  G06F21/123 ,  G06F21/6218 ,  G06Q2220/00 ,  G06Q2220/10 ,  G06Q2220/18 ,  G11B20/00086 ,  H04L63/0853 ,  H04W4/00 ,  H04W12/06

Abstract: An application on a mobile terminal in a mobile network is registered with an application server. The mobile terminal includes an identity module. At the application server, a first message is received for registering the application, the first message including a telephone number associated with the identity module. The application server generates a unique identifier and associates the unique identifier with the telephone number. A second message is sent from the application server to the mobile terminal, the second message including the unique identifier. The mobile terminal generates and stores a data block including the unique identifier, a subscriber identity associated with the identity module and a terminal identifier associated with the mobile terminal.

Abstract translation: 在移动网络中的移动终端上的应用被注册到应用服务器。 移动终端包括身份模块。 在所述应用服务器处，接收到用于注册所述应用的第一消息，所述第一消息包括与所述身份模块相关联的电话号码。 应用服务器生成唯一标识符，并将唯一标识符与电话号码相关联。 从应用服务器向移动终端发送第二消息，第二消息包括唯一标识符。 移动终端生成并存储包括唯一标识符的数据块，与身份模块相关联的订户身份以及与移动终端相关联的终端标识符。

公开(公告)号：US08584195B2

公开(公告)日：2013-11-12

申请号：US11854392

申请日：2007-09-12

Applicant: Kieran Gerard Sherlock ,  Geoffrey Howard Cooper ,  John Richard Guzik ,  Derek Patton Pearcy ,  Luis Filipe Pereira Valente

Inventor： Kieran Gerard Sherlock ,  Geoffrey Howard Cooper ,  John Richard Guzik ,  Derek Patton Pearcy ,  Luis Filipe Pereira Valente

IPC: H04L29/06 ,  G06F17/00 ,  G06F7/04 ,  G06F17/30 ,  G06F15/16

CPC classification number: H04L63/1425 ,  G06F21/552

Abstract: User names and user groups serve as the basis of a formal policy in a network. A passive monitor examines network traffic in near real time and indicates: which network traffic is flowing on the network as before; which users or user groups were logged into workstations initiating this network traffic; and which of this traffic conforms to the formal policy definition. In one embodiment of the invention, users and user groups are determined by querying Microsoft® Active Directory and Microsoft® Windows servers, to determine who is logged onto the Microsoft® network. Other sources of identity information are also possible. The identity information is then correlated with the network traffic, so that even traffic that does not bear on the Microsoft® networking scheme is still tagged with identity

Abstract translation: 用户名和用户组作为网络中正式策略的基础。 被动监视器近实时检查网络流量，并指示：网络流量如前所述; 哪些用户或用户组已登录到启动此网络流量的工作站; 哪些流量符合正式的政策定义。 在本发明的一个实施例中，通过查询Microsoft Active Directory和Microsoft Windows服务器来确定用户和用户组，以确定谁登录到Microsoft®网络。 身份信息的其他来源也是可能的。 然后，身份信息与网络流量相关联，因此即使在Microsoft®网络方案上不承担的流量仍然标有身份。

公开(公告)号：US20090328144A1

公开(公告)日：2009-12-31

申请号：US12440631

申请日：2007-08-08

Applicant: Gerard Sherlock ,  John D.R. Pilkington

Inventor： Gerard Sherlock ,  John D.R. Pilkington

IPC: G06F7/04 ,  G06F15/16

CPC classification number: G06F21/10 ,  G06F21/00 ,  G06F21/123 ,  G06F21/6218 ,  G06Q2220/00 ,  G06Q2220/10 ,  G06Q2220/18 ,  G11B20/00086 ,  H04L63/0853 ,  H04W4/00 ,  H04W12/06

Abstract: A method of registering an application on a mobile terminal in a mobile network with an application server, said mobile terminal comprising an identity module, said method comprising the steps of: receiving at the application server a first message for registering the application, said first message comprising a telephone number associated with the identity module; generating by the application server a unique identifier and associating the unique identifier with the telephone number; sending a second message from the application server to the mobile terminal, said second message comprising the unique identifier; and generating and storing at the mobile terminal a data block comprising the unique identifier, a subscriber identity associated with the identity module and a terminal identifier associated with the mobile terminal.

Abstract translation: 一种在应用服务器的移动网络中的移动终端上注册应用的方法，所述移动终端包括身份模块，所述方法包括以下步骤：在应用服务器处接收用于注册应用的第一消息，所述第一消息 包括与所述身份模块相关联的电话号码; 由所述应用服务器生成唯一标识符并将所述唯一标识符与所述电话号码相关联; 从所述应用服务器向所述移动终端发送第二消息，所述第二消息包括唯一标识符; 以及在所述移动终端处生成和存储包括所述唯一标识符的数据块，与所述身份模块相关联的订户身份以及与所述移动终端相关联的终端标识符。

公开(公告)号：US07272646B2

公开(公告)日：2007-09-18

申请号：US10311109

申请日：2001-06-14

Applicant: Geoffrey Cooper ,  Robert Allen Shaw ,  Luis Filipe Pereira Valente ,  Kieran Gerard Sherlock

Inventor： Geoffrey Cooper ,  Robert Allen Shaw ,  Luis Filipe Pereira Valente ,  Kieran Gerard Sherlock

IPC: G06F15/173 ,  G06F11/00 ,  G06F17/00 ,  H03M13/00

CPC classification number: H04L41/5012 ,  H04L41/0604 ,  H04L41/069 ,  H04L41/0893 ,  H04L41/22 ,  H04L43/00 ,  H04L43/06 ,  H04L43/062 ,  H04L43/067 ,  H04L43/0811 ,  H04L43/18 ,  H04L63/0227 ,  H04L63/0263 ,  H04L63/0823 ,  H04L63/083 ,  H04L63/1408 ,  H04L63/1425 ,  H04L63/1433 ,  H04L63/166 ,  H04L69/22

Abstract: A method and apparatus for a network monitor internals mechanism that serves to translate packet data into multiple concurrent streams of network event data is provided. The data translation is accomplished by interpreting both sides of each protocol transaction.

Abstract translation: 提供了一种用于网络监视器内部机制的方法和装置，其用于将分组数据转换为多个并发的网络事件数据流。 数据转换通过解释每个协议交易的双方来实现。

公开(公告)号：US08655337B2

公开(公告)日：2014-02-18

申请号：US13254995

申请日：2010-02-12

Applicant: Gerard Sherlock ,  John D R Pilkington

Inventor： Gerard Sherlock ,  John D R Pilkington

IPC: H04M3/00

CPC classification number: H04L41/08 ,  H04L41/0806 ,  H04L41/0886 ,  H04L67/303 ,  H04L67/34 ,  H04W8/245

Abstract: A determines the model of a mobile device and delivers configuration parameters to the mobile device consistent with the model determined. The application server captures the mobile device's phone number and associates it with a generated unique identifier. The unique identifier is sent to the mobile device as part of a URL. When the mobile device accesses the URL, the request sent to the application server includes the unique identifier as well as a user agent header. The model number of the mobile device can be extracted from the user agent header, and thus the model number can be tied to the mobile device's phone number by way of the unique identifier. The model number and phone number association can be used to correctly configure applications for use on the mobile device.

Abstract translation: A确定移动设备的模型，并将配置参数传递给与确定的模型一致的移动设备。 应用服务器捕获移动设备的电话号码，并将其与生成的唯一标识符相关联。 唯一标识符作为URL的一部分发送到移动设备。 当移动设备访问URL时，发送到应用服务器的请求包括唯一标识符以及用户代理头。 可以从用户代理头部提取移动设备的型号，因此可以通过唯一标识符将型号与移动设备的电话号码相关联。 型号和电话号码关联可用于正确配置移动设备上使用的应用程序。

公开(公告)号：US20100067390A1

公开(公告)日：2010-03-18

申请号：US12454773

申请日：2009-05-21

Applicant: Luis Filipe Pereira Valente ,  Derek Patton Pearcy ,  Geoffrey Howard Cooper ,  Kieran Gerard Sherlock

Inventor： Luis Filipe Pereira Valente ,  Derek Patton Pearcy ,  Geoffrey Howard Cooper ,  Kieran Gerard Sherlock

IPC: H04L12/26 ,  H04L12/28

CPC classification number: H04L63/104 ,  G06F21/554 ,  H04L41/0893 ,  H04L41/22 ,  H04L43/045 ,  H04L63/20

Abstract: A system and method of discovering network entities. Network traffic is monitored, wherein monitoring includes finding network entities in the network traffic. If the network entities are network assets, the system determines if the network entities are critical network assets. If the network entities are network users, the system classifies the network users automatically into user groups. The network traffic is then displayed as a function of the critical network assets and the user groups.

Abstract translation: 发现网络实体的系统和方法。 监视网络流量，其中监视包括在网络流量中查找网络实体。 如果网络实体是网络资产，则系统确定网络实体是否是关键的网络资产。 如果网络实体是网络用户，则系统将网络用户自动分类为用户组。 然后，网络流量将显示为关键网络资产和用户组的功能。

公开(公告)号：US20080109870A1

公开(公告)日：2008-05-08

申请号：US11854392

申请日：2007-09-12

Applicant: Kieran Gerard Sherlock ,  Geoffrey Howard Cooper ,  John Richard Guzik ,  Derek Patton Pearcy ,  Luis Filipe Pereira Valente

Inventor： Kieran Gerard Sherlock ,  Geoffrey Howard Cooper ,  John Richard Guzik ,  Derek Patton Pearcy ,  Luis Filipe Pereira Valente

IPC: G06F21/00

CPC classification number: H04L63/1425 ,  G06F21/552

Abstract: User names and user groups serve as the basis of a formal policy in a network. A passive monitor examines network traffic in near real time and indicates: which network traffic is flowing on the network as before; which users or user groups were logged into workstations initiating this network traffic; and which of this traffic conforms to the formal policy definition. In one embodiment of the invention, users and user groups are determined by querying Microsoft® Active Directory and Microsoft® Windows servers, to determine who is logged onto the Microsoft® network. Other sources of identity information are also possible. The identity information is then correlated with the network traffic, so that even traffic that does not bear on the Microsoft® networking scheme is still tagged with identity

Abstract translation: 用户名和用户组作为网络中正式策略的基础。 被动监视器近实时检查网络流量，并指示：网络流量如前所述; 哪些用户或用户组已登录到启动此网络流量的工作站; 哪些流量符合正式的政策定义。 在本发明的一个实施例中，通过查询Microsoft（R）Active Directory和Microsoft Windows服务器来确定谁登录到Microsoft网络来确定用户和用户组。 身份信息的其他来源也是可能的。 然后，身份信息与网络流量相关联，使得即使不在Microsoft（R）联网方案上的流量仍然被标记为身份。

公开(公告)号：US09471920B2

公开(公告)日：2016-10-18

申请号：US12776784

申请日：2010-05-10

Applicant: Dan Kolkowitz ,  Taher Elgamal ,  Kieran Gerard Sherlock

Inventor： Dan Kolkowitz ,  Taher Elgamal ,  Kieran Gerard Sherlock

IPC: G06Q20/40

CPC classification number: G06Q20/4016 ,  G06Q20/3821 ,  G06Q20/3825 ,  G06Q20/40 ,  G06Q20/401 ,  G06Q20/4014 ,  G06Q20/405 ,  G06Q50/01

Abstract: Systems and methods for assessing and authenticating transactions are disclosed. Some exemplary embodiments may authenticate transactions based at least in part on a comparison of a newly obtained electronic signature associated with a user with a previously obtained electronic signature associated with the user, where a payment instrument presented for use in the transaction is also associated with the user. Exemplary electronic signatures may comprise any information which may identify the user, such as browser fingerprints, computer fingerprints, IP addresses, geographic IP location information, information associated with a payment, and/or a typing patterns.

Abstract translation: 披露了评估和认证交易的系统和方法。 一些示例性实施例可以至少部分地基于新获得的与用户相关联的电子签名与与用户相关联的先前获得的电子签名的比较来认证交易，其中呈现用于交易的支付工具也与 用户。 示例性电子签名可以包括可以标识用户的任何信息，诸如浏览器指纹，计算机指纹，IP地址，地理IP位置信息，与支付相关联的信息和/或打字模式。

公开(公告)号：US20100293094A1

公开(公告)日：2010-11-18

申请号：US12776784

申请日：2010-05-10

Applicant: Dan Kolkowitz ,  Taher Elgamal ,  Kieran Gerard Sherlock

Inventor： Dan Kolkowitz ,  Taher Elgamal ,  Kieran Gerard Sherlock

IPC: G06Q40/00

CPC classification number: G06Q20/4016 ,  G06Q20/3821 ,  G06Q20/3825 ,  G06Q20/40 ,  G06Q20/401 ,  G06Q20/4014 ,  G06Q20/405 ,  G06Q50/01

Abstract: Systems and methods for assessing and authenticating transactions are disclosed. Some exemplary embodiments may authenticate transactions based at least in part on a comparison of a newly obtained electronic signature associated with a user with a previously obtained electronic signature associated with the user, where a payment instrument presented for use in the transaction is also associated with the user. Exemplary electronic signatures may comprise any information which may identify the user, such as browser fingerprints, computer fingerprints, IP addresses, geographic IP location information, information associated with a payment, and/or a typing patterns.

Abstract translation: 披露了评估和认证交易的系统和方法。 一些示例性实施例可以至少部分地基于新获得的与用户相关联的电子签名与与用户相关联的先前获得的电子签名的比较来认证交易，其中呈现用于交易的支付工具也与 用户。 示例性电子签名可以包括可以标识用户的任何信息，诸如浏览器指纹，计算机指纹，IP地址，地理IP位置信息，与支付相关联的信息和/或打字模式。

公开(公告)号：US07478422B2

公开(公告)日：2009-01-13

申请号：US10869172

申请日：2004-06-15

Applicant: Luis Filipe Pereira Valente ,  Geoffrey Howard Cooper ,  Robert Allen Shaw ,  Kieran Gerard Sherlock

Inventor： Luis Filipe Pereira Valente ,  Geoffrey Howard Cooper ,  Robert Allen Shaw ,  Kieran Gerard Sherlock

IPC: H04L29/00

CPC classification number: H04L41/50 ,  H04L41/0609 ,  H04L41/069 ,  H04L41/0893 ,  H04L41/22 ,  H04L63/0442 ,  H04L63/08 ,  H04L63/0823 ,  H04L63/1408 ,  H04L63/1433 ,  H04L63/166 ,  H04L63/20

Abstract: The invention is a declarative language system and comprises a language as a tool for expressing network security policy in a formalized way. It allows the specification of security policy across a wide variety of networking layers and protocols. Using the language, a security administrator assigns a disposition to each and every network event that can occur in a data communications network. The event's disposition determines whether the event is allowed (i.e. conforms to the specified policy) or disallowed and what action, if any, should be taken by a system monitor in response to that event. Possible actions include, for example, logging the information into a database, notifying a human operator, and disrupting the offending network traffic.

Abstract translation: 本发明是一种声明性语言系统，并且包括作为用于以正式方式表达网络安全策略的工具的语言。 它允许通过各种各样的网络层和协议来规范安全策略。 使用该语言，安全管理员将配置分配给可能发生在数据通信网络中的每个网络事件。 事件的处置决定事件是允许的（即符合指定的策略）还是不允许的，并且响应于该事件应该由系统监视器采取什么动作（如果有的话）。 可能的操作包括例如将信息记录到数据库中，通知人类操作者，以及中断违规的网络流量。