-
1.发明申请PROTECTING AGAINST DENIAL OF SERVICE ATTACKS USING TRUST, QUALITY OF SERVICE, PERSONALIZATION, AND HIDE PORT MESSAGES 失效保护使用信任,服务质量,个性化和隐私港口信息的服务攻击侮辱公开(公告)号:US20100235632A1
公开(公告)日:2010-09-16
申请号:US12757836
申请日:2010-04-09
申请人: Arun K. Iyengar , Mudhakar Srivatsa , Jian Yin
发明人: Arun K. Iyengar , Mudhakar Srivatsa , Jian Yin
CPC分类号: H04L9/3213 , H04L9/3271 , H04L63/0236 , H04L63/126 , H04L63/1458 , H04L2463/102 , H04L2463/141
摘要: According to an embodiment of the invention, a system for processing a plurality of service requests in a client-server system includes a challenge server for: presenting a cryptographic challenge to the client; initializing a trust cookie that encodes a client's initial priority level after the client correctly solves the cryptographic challenge; computing a trust level score for the client based on a service request wherein said trust level score is associated with an amount of resources expended by the server in handling the service request such that a higher trust level score is computed for service requests consuming less system resources; assigning the trust level score to the client based on the computation; and embedding the assigned trust level score in the trust cookie included in all responses sent from the server to the client. The system further includes an application server coupled with a firewall.
摘要翻译: 根据本发明的实施例,用于在客户机 - 服务器系统中处理多个服务请求的系统包括:挑战服务器,用于:向客户端呈现密码挑战; 在客户端正确解决密码挑战之后,初始化编码客户端初始优先级的信任cookie; 基于服务请求计算客户端的信任级别得分,其中所述信任级别得分与服务器在处理服务请求时消耗的资源量相关联,以便为消耗较少系统资源的服务请求计算更高的信任级别得分 ; 基于计算将信任级别分数分配给客户端; 并将分配的信任级别分数嵌入到从服务器发送到客户端的所有响应中包含的信任cookie中。 该系统还包括与防火墙耦合的应用服务器。
-
2.发明授权Method for protecting against denial of service attacks using trust, quality of service, personalization, and hide port messages 失效使用信任,服务质量,个性化和隐藏端口消息来防止拒绝服务攻击的方法公开(公告)号:US07721091B2
公开(公告)日:2010-05-18
申请号:US11433534
申请日:2006-05-12
申请人: Arun K. Iyengar , Mudhakar Srivatsa , Jian Yin
发明人: Arun K. Iyengar , Mudhakar Srivatsa , Jian Yin
CPC分类号: H04L9/3213 , H04L9/3271 , H04L63/0236 , H04L63/126 , H04L63/1458 , H04L2463/102 , H04L2463/141
摘要: According to an embodiment of the invention, a method for processing a plurality of service requests in a client-server system includes server steps of receiving at least one request for service from a client and providing a level of service based on a trust level provided in the at least one request. According to another embodiment, a method of authenticating messages includes steps of: embedding authentication information into a message at the application level; downloading a script from a computer for sending the message; running said script to send said message to a server; and checking said message by said server at the network level.
摘要翻译: 根据本发明的一个实施例,一种在客户机 - 服务器系统中处理多个服务请求的方法包括:服务器步骤,从客户端接收至少一个服务请求,并根据提供的信任级别提供服务级别 至少一个请求。 根据另一个实施例,一种验证消息的方法包括以下步骤:将认证信息嵌入在应用级的消息中; 从计算机下载脚本以发送消息; 运行所述脚本将所述消息发送到服务器; 并在网络级检查所述服务器的所述消息。
-
3.发明授权Protecting against denial of service attacks using trust, quality of service, personalization, and hide port messages 失效使用信任,服务质量,个性化和隐藏端口消息来防止拒绝服务攻击公开(公告)号:US08250631B2
公开(公告)日:2012-08-21
申请号:US12757836
申请日:2010-04-09
申请人: Arun K Iyengar , Mudhakar Srivatsa , Jian Yin
发明人: Arun K Iyengar , Mudhakar Srivatsa , Jian Yin
IPC分类号: H04L29/06
CPC分类号: H04L9/3213 , H04L9/3271 , H04L63/0236 , H04L63/126 , H04L63/1458 , H04L2463/102 , H04L2463/141
摘要: According to an embodiment of the invention, a system for processing a plurality of service requests in a client-server system includes a challenge server for: presenting a cryptographic challenge to the client; initializing a trust cookie that encodes a client's initial priority level after the client correctly solves the cryptographic challenge; computing a trust level score for the client based on a service request wherein said trust level score is associated with an amount of resources expended by the server in handling the service request such that a higher trust level score is computed for service requests consuming less system resources; assigning the trust level score to the client based on the computation; and embedding the assigned trust level score in the trust cookie included in all responses sent from the server to the client. The system further includes an application server coupled with a firewall.
摘要翻译: 根据本发明的实施例,用于在客户机 - 服务器系统中处理多个服务请求的系统包括:挑战服务器,用于:向客户端呈现密码挑战; 在客户端正确解决密码挑战之后,初始化编码客户端初始优先级的信任cookie; 基于服务请求计算客户端的信任级别得分,其中所述信任级别得分与服务器处理服务请求所消耗的资源量相关联,以便为消耗较少系统资源的服务请求计算更高的信任级别得分 ; 基于计算将信任级别分数分配给客户端; 并将分配的信任级别分数嵌入到从服务器发送到客户端的所有响应中包含的信任cookie中。 该系统还包括与防火墙耦合的应用服务器。
-
公开(公告)号:US20120297008A1
公开(公告)日:2012-11-22
申请号:US13112222
申请日:2011-05-20
申请人: Wei Gao , Arun K. Iyengar , Mudhakar Srivatsa
发明人: Wei Gao , Arun K. Iyengar , Mudhakar Srivatsa
IPC分类号: G06F15/167
CPC分类号: H04L67/2842 , G06F15/167 , G06F17/3048
摘要: Techniques are disclosed for caching provenance information. For example, in an information system comprising a first computing device requesting provenance data from at least a second computing device, a method for improving the delivery of provenance data to the first computing device, comprises the following steps. At least one cache is maintained for storing provenance data which the first computing device can access with less overhead than accessing the second computing device. Aggregated provenance data is produced from input provenance data. A decision whether or not to cache input provenance data is made based on a likelihood of the input provenance data being used to produce aggregated provenance data. By way of example, the first computing device may comprise a client and the second computing device may comprise a server.
摘要翻译: 公开了缓存来源信息的技术。 例如,在包括从至少第二计算设备请求原始数据的第一计算设备的信息系统中,提供用于改进来源数据到第一计算设备的传送的方法包括以下步骤。 维持至少一个缓存用于存储来源数据,第一计算设备可以以比访问第二计算设备更少的开销来访问。 汇总来源数据是从输入来源数据生成的。 基于输入来源数据被用于产生汇总来源数据的可能性,决定是否缓存输入来源数据。 作为示例,第一计算设备可以包括客户端,并且第二计算设备可以包括服务器。
-
公开(公告)号:US08577993B2
公开(公告)日:2013-11-05
申请号:US13112222
申请日:2011-05-20
申请人: Wei Gao , Arun K. Iyengar , Mudhakar Srivatsa
发明人: Wei Gao , Arun K. Iyengar , Mudhakar Srivatsa
IPC分类号: G06F15/16
CPC分类号: H04L67/2842 , G06F15/167 , G06F17/3048
摘要: Techniques are disclosed for caching provenance information. For example, in an information system comprising a first computing device requesting provenance data from at least a second computing device, a method for improving the delivery of provenance data to the first computing device, comprises the following steps. At least one cache is maintained for storing provenance data which the first computing device can access with less overhead than accessing the second computing device. Aggregated provenance data is produced from input provenance data. A decision whether or not to cache input provenance data is made based on a likelihood of the input provenance data being used to produce aggregated provenance data. By way of example, the first computing device may comprise a client and the second computing device may comprise a server.
摘要翻译: 公开了缓存来源信息的技术。 例如,在包括从至少第二计算设备请求原始数据的第一计算设备的信息系统中,提供用于改进来源数据到第一计算设备的传送的方法包括以下步骤。 维持至少一个缓存用于存储来源数据,第一计算设备可以以比访问第二计算设备更少的开销来访问。 汇总来源数据是从输入来源数据生成的。 基于输入来源数据被用于产生汇总来源数据的可能性,决定是否缓存输入来源数据。 作为示例,第一计算设备可以包括客户端,并且第二计算设备可以包括服务器。
-
公开(公告)号:US20080256356A1
公开(公告)日:2008-10-16
申请号:US11734315
申请日:2007-04-12
IPC分类号: H04L9/32
CPC分类号: H04L9/0836 , H04L9/0822 , H04L9/32 , H04L2209/601
摘要: Improved key management techniques are disclosed for temporal access control of one or more services in a computer network. For example, a method for providing access control in a client-server system includes the following steps. A client obtains an authorization key for a time interval. A server derives an encryption key corresponding to a given time and uses the encryption key to encrypt a message. The client derives a decryption key corresponding to the given time and decrypts the message.
摘要翻译: 公开了改进的密钥管理技术,用于计算机网络中的一个或多个服务的时间访问控制。 例如,在客户机 - 服务器系统中提供访问控制的方法包括以下步骤。 客户端获取一个时间间隔的授权密钥。 服务器导出与给定时间相对应的加密密钥,并使用加密密钥加密消息。 客户端导出与给定时间相对应的解密密钥,并对消息进行解密。
-
7.发明申请Method and system for protecting against denial of service attacks using trust, quality of service, personalization, and hide port messages 失效使用信任,服务质量,个性化和隐藏端口消息来防止拒绝服务攻击的方法和系统公开(公告)号:US20070266426A1
公开(公告)日:2007-11-15
申请号:US11433534
申请日:2006-05-12
申请人: Arun Iyengar , Mudhakar Srivatsa , Jian Yin
发明人: Arun Iyengar , Mudhakar Srivatsa , Jian Yin
CPC分类号: H04L9/3213 , H04L9/3271 , H04L63/0236 , H04L63/126 , H04L63/1458 , H04L2463/102 , H04L2463/141
摘要: According to an embodiment of the invention, a method for processing a plurality of service requests in a client-server system includes server steps of receiving at least one request for service from a client and providing a level of service based on a trust level provided in the at least one request. According to another embodiment, a method of authenticating messages includes steps of: embedding authentication information into a message at the application level; downloading a script from a computer for sending the message; running said script to send said message to a server; and checking said message by said server at the network level.
摘要翻译: 根据本发明的一个实施例,一种在客户机 - 服务器系统中处理多个服务请求的方法包括:服务器步骤,从客户端接收至少一个服务请求,并根据提供的信任级别提供服务级别 至少一个请求。 根据另一个实施例,一种验证消息的方法包括以下步骤:将认证信息嵌入在应用级的消息中; 从计算机下载脚本以发送消息; 运行所述脚本将所述消息发送到服务器; 并在网络级检查所述服务器的所述消息。
-
公开(公告)号:US08898269B2
公开(公告)日:2014-11-25
申请号:US13047267
申请日:2011-03-14
申请人: Dakshi Agrawal , Matthew Duggan , Vasileios Pappas , Mudhakar Srivatsa , Kristian Jon Stewart , Murtaza Zafer
发明人: Dakshi Agrawal , Matthew Duggan , Vasileios Pappas , Mudhakar Srivatsa , Kristian Jon Stewart , Murtaza Zafer
IPC分类号: G06F15/173 , H04L12/24
CPC分类号: H04L41/12 , H04L41/145
摘要: Network management data is managed by determining that a first version and a second version of a set of network management data have been created. The set of network management data is associated with a plurality of managed entities in a network. First and second network graphs are created based on the first version and second version of the set of network management data, respectively. The first and second network graphs include a first and second set of entities in the plurality of managed entities, respectively. A similarity metric is assigned between at least one or more entities in the first and second set of entities. At least a first entity in the first set of entities and at least a second entity in the second set of entities are determined to be identical entities based on the similarity metric being one of equal to and above a first given threshold.
摘要翻译: 通过确定网络管理数据集合的第一版本和第二版本已被创建来管理网络管理数据。 该组网络管理数据与网络中的多个被管理实体相关联。 分别基于网络管理数据集的第一版本和第二版本来创建第一和第二网络图。 第一和第二网络图分别包括多个被管实体中的第一和第二组实体。 在第一和第二组实体中的至少一个或多个实体之间分配相似性度量。 第一组实体中的至少第一实体和第二组实体中的至少第二实体基于相似性度量被确定为相同的实体,其等于和高于第一给定阈值。
-
公开(公告)号:US08856445B2
公开(公告)日:2014-10-07
申请号:US13479507
申请日:2012-05-24
IPC分类号: G06F12/08
CPC分类号: G06F17/30902 , H04L67/2842
摘要: Methods and apparatus are provided for performing byte caching using a chunk size based on the object type of the object being cached. Byte caching is performed by receiving at least one data packet from at least one network node; extracting at least one data object from the at least one data packet; identifying an object type associated with the at least one data packet; determining a chunk size associated with the object type; and storing at least a portion of the at least one data packet in a byte cache based on the determined chunk size. The chunk size of the object type can be determined, for example, by evaluating one or more additional criteria, such as network conditions and object size. The object type may be, for example, an image object type; an audio object type; a video object type; and a text object type.
摘要翻译: 提供方法和装置,用于使用基于被缓存的对象的对象类型的块大小执行字节高速缓存。 通过从至少一个网络节点接收至少一个数据分组来执行字节高速缓存; 从所述至少一个数据分组提取至少一个数据对象; 识别与所述至少一个数据分组相关联的对象类型; 确定与对象类型相关联的块大小; 以及基于所确定的块大小将所述至少一个数据分组的至少一部分存储在字节高速缓存中。 可以例如通过评估一个或多个附加标准(例如网络条件和对象大小)来确定对象类型的块大小。 对象类型可以是例如图像对象类型; 音频对象类型; 视频对象类型; 和一个文本对象类型。
-
公开(公告)号:US20130208888A1
公开(公告)日:2013-08-15
申请号:US13370935
申请日:2012-02-10
CPC分类号: H04L67/1021 , G06F12/0806 , G06F17/30209 , G06F17/30902 , H04B7/18584 , H04L67/1002 , H04L67/1014 , H04L67/104 , H04L67/1095 , H04L67/18 , H04L67/2842 , H04L67/2857 , H04L67/288 , H04L67/289 , H04L2029/06054 , H04W4/02
摘要: A method, system and computer program product for managing content distribution in a mobile communications environment. The communications environment includes a core network and a multitude of end-user devices. In one embodiment, the method comprises downloading content from the core network to the end-user devices; and maintaining a map between the end-user devices, the content downloaded to the end-user devices, and the locations of the end-user devices. When a first of the end-user devices requests a specified content, this map and one or more rules are used to identify a second of the end-user devices having the specified content. The first of the end-user devices fetches the specified content from this identified second of the end-user devices. In one embodiment, object location descriptors embedded in the content are rewritten when the content is downloaded to the end-user devices.
摘要翻译: 一种用于管理移动通信环境中的内容分发的方法,系统和计算机程序产品。 通信环境包括核心网络和许多最终用户设备。 在一个实施例中,该方法包括将内容从核心网络下载到最终用户设备; 以及维护终端用户设备之间的映射,下载到最终用户设备的内容以及最终用户设备的位置。 当第一个最终用户设备请求指定的内容时,该映射和一个或多个规则用于识别具有指定内容的第二个终端用户设备。 最终用户设备中的第一个从该标识的第二个最终用户设备中获取指定的内容。 在一个实施例中,当将内容下载到最终用户设备时,嵌入在内容中的对象位置描述符被重写。
-
-
-
-
-
-
-
-
-
搜索结果
40 条记录 (耗时 0.02 秒)
