-
公开(公告)号:US20230142978A1
公开(公告)日:2023-05-11
申请号:US18094096
申请日:2023-01-06
发明人: Ramkishore Bhattacharyya , Amit J. Mhatre , Ashutosh Thakur , Atulya S. Beheray , Rameez Loladia
CPC分类号: H04L63/0869 , H04L9/14 , H04L9/3013 , H04L9/3247 , H04L63/061
摘要: A network protocol provides mutual authentication of network-connected devices that are parties to a communication channel in environments where the amount of memory and processing power available to the network-connected devices is constrained. When a new device is added to a network, the device contacts a registration service and provides authentication information that proves the authenticity of the device. After verifying the authenticity of the device, the registration service generates a token that can be used to by the device to authenticate with other network entities, and provides the token to the device. The registration service publishes the token using a directory service. When the device connects to another network entity, the device provides the token to the other network entity, and the other network entity authenticates the device by verifying the token using the directory service.
-
公开(公告)号:US10554636B2
公开(公告)日:2020-02-04
申请号:US16186425
申请日:2018-11-09
发明人: Ramkishore Bhattacharyya , Amit J. Mhatre , Ashutosh Thakur , Atulya S. Beheray , Rameez Loladia
摘要: A lightweight network protocol provides mutual authentication and encryption of a communication channel in environments where the amount of computing resources available to the networked devices is constrained. When a new device is added to a network, the device contacts a registration service and provides information that is published via a device directory. The network entity locates the device via information provided by the device directory, and establishes an encrypted network connection with the device. A shared secret is established between the device and the network entity using a key-exchange protocol. Consecutive messages that are sent or received are encrypted or decrypted with a sequence of cryptographic keys generated based at least in part on the shared secret. Key-exchange parameters are added to message exchanges between the device and the network entity to facilitate regenerating the shared secret.
-
公开(公告)号:US10027694B1
公开(公告)日:2018-07-17
申请号:US15083183
申请日:2016-03-28
IPC分类号: H04L29/06
摘要: Systems and methods are described to enable detection of network attacks in communication networks. An attack detection system receives information regarding network traffic occurring at nodes of a communication network, and analyzes the information for anomalous traffic patterns. The attack detection system can use multiple, parallel metric evaluation units programmed to detect specific types of anomalies within traffic patterns. In one instance, a metric evaluation unit is programmed to detect changes in entropy for the traffic, as distributed according to a characteristic such as source address, protocol, or country of origin. Where the entropy of a set of traffic differs from historical averages by a large amount, such as by many standard deviations, the attack detection system may flag the traffic as indicative of an attack, even when the absolute volume of traffic has not changed.
-
公开(公告)号:US20150215331A1
公开(公告)日:2015-07-30
申请号:US14671843
申请日:2015-03-27
IPC分类号: H04L29/06
CPC分类号: H04L63/1416 , G06F21/566 , H04L63/1458
摘要: This disclosure generally relates to the generation of a packet signature for packets determined to correspond to a network attack, such as a denial of service (“DoS”) attack. Specifically, a set of data packets captured during normal system operations can be analyzed to determine a set of baseline attributes. Additional packets captured during an attack can be compared to the baseline attributes, to determine, for individual packets, a probability that the packet forms a part of the attack. A packet signature can then be generated to identify attributes that are characteristic of the attack. That signature can then be used to filter out packets and mitigate the attack.
摘要翻译: 本公开通常涉及为对应于诸如拒绝服务(“DoS”)攻击的网络攻击确定的分组的生成分组签名。 具体地,可以分析在正常系统操作期间捕获的一组数据分组以确定一组基线属性。 在攻击期间捕获的附加数据包可以与基线属性进行比较,以确定各个数据包是数据包构成攻击的一部分的概率。 然后可以生成分组签名以识别作为攻击特征的属性。 然后可以使用该签名来过滤掉数据包并减轻攻击。
-
公开(公告)号:US11552946B2
公开(公告)日:2023-01-10
申请号:US16852220
申请日:2020-04-17
发明人: Ramkishore Bhattacharyya , Amit J. Mhatre , Ashutosh Thakur , Atulya S. Beheray , Rameez Loladia
摘要: A network protocol provides mutual authentication of network-connected devices that are parties to a communication channel in environments where the amount of memory and processing power available to the network-connected devices is constrained. When a new device is added to a network, the device contacts a registration service and provides authentication information that proves the authenticity of the device. After verifying the authenticity of the device, the registration service generates a token that can be used to by the device to authenticate with other network entities, and provides the token to the device. The registration service publishes the token using a directory service. When the device connects to another network entity, the device provides the token to the other network entity, and the other network entity authenticates the device by verifying the token using the directory service.
-
公开(公告)号:US11036702B1
公开(公告)日:2021-06-15
申请号:US15934194
申请日:2018-03-23
发明人: Oleksii Zakharenko , Brian Kai-Yan Luong , Shusha Li , Amit J. Mhatre , Nanda Kishore Enagalur , Dmytro Gayvoronskyy , William Alexander Stevenson
IPC分类号: G06F16/22 , G06F16/245 , G06F16/9537
摘要: Technology is described for generating a search index. Device information associated with a customer may be identified. A device attribute included in the device information may be identified. The device attribute may include an attribute name and an attribute value. Key-value pairs may be formed for device attribute included in the device information. The key-value pairs may include a first key-value pair for the attribute name and a second key-value pair for the attribute value. The search index may be generated to include the key-value pairs for the device attribute included in the device information.
-
公开(公告)号:US20200252396A1
公开(公告)日:2020-08-06
申请号:US16852220
申请日:2020-04-17
发明人: Ramkishore Bhattacharyya , Amit J. Mhatre , Ashutosh Thakur , Atulya S. Beheray , Rameez Loladia
摘要: A network protocol provides mutual authentication of network-connected devices that are parties to a communication channel in environments where the amount of memory and processing power available to the network-connected devices is constrained. When a new device is added to a network, the device contacts a registration service and provides authentication information that proves the authenticity of the device. After verifying the authenticity of the device, the registration service generates a token that can be used to by the device to authenticate with other network entities, and provides the token to the device. The registration service publishes the token using a directory service. When the device connects to another network entity, the device provides the token to the other network entity, and the other network entity authenticates the device by verifying the token using the directory service.
-
公开(公告)号:US20190097982A1
公开(公告)日:2019-03-28
申请号:US16186425
申请日:2018-11-09
发明人: Ramkishore Bhattacharyya , Amit J. Mhatre , Ashutosh Thakur , Atulya S. Beheray , Rameez Loladia
CPC分类号: H04L63/0435 , H04L9/0841 , H04L9/0861 , H04L9/14 , H04L9/321 , H04L63/061 , H04L63/0869 , H04L2463/061
摘要: A lightweight network protocol provides mutual authentication and encryption of a communication channel in environments where the amount of computing resources available to the networked devices is constrained. When a new device is added to a network, the device contacts a registration service and provides information that is published via a device directory. The network entity locates the device via information provided by the device directory, and establishes an encrypted network connection with the device. A shared secret is established between the device and the network entity using a key-exchange protocol. Consecutive messages that are sent or received are encrypted or decrypted with a sequence of cryptographic keys generated based at least in part on the shared secret. Key-exchange parameters are added to message exchanges between the device and the network entity to facilitate regenerating the shared secret.
-
公开(公告)号:US09432387B2
公开(公告)日:2016-08-30
申请号:US14671843
申请日:2015-03-27
CPC分类号: H04L63/1416 , G06F21/566 , H04L63/1458
摘要: This disclosure generally relates to the generation of a packet signature for packets determined to correspond to a network attack, such as a denial of service (“DoS”) attack. Specifically, a set of data packets captured during normal system operations can be analyzed to determine a set of baseline attributes. Additional packets captured during an attack can be compared to the baseline attributes, to determine, for individual packets, a probability that the packet forms a part of the attack. A packet signature can then be generated to identify attributes that are characteristic of the attack. That signature can then be used to filter out packets and mitigate the attack.
摘要翻译: 本公开通常涉及为对应于诸如拒绝服务(“DoS”)攻击的网络攻击确定的分组的生成分组签名。 具体地,可以分析在正常系统操作期间捕获的一组数据分组以确定一组基线属性。 在攻击期间捕获的附加数据包可以与基线属性进行比较,以确定各个数据包是数据包构成攻击的一部分的概率。 然后可以生成分组签名以识别作为攻击特征的属性。 然后可以使用该签名来过滤掉数据包并减轻攻击。
-
-
-
-
-
-
-
-
搜索结果
9 条记录 (耗时 0.202 秒)
