-
公开(公告)号:US20100318800A1
公开(公告)日:2010-12-16
申请号:US12483095
申请日:2009-06-11
IPC分类号: H04L9/00
CPC分类号: H04L9/0836 , H04L9/0866 , H04L9/0869 , H04L9/3226 , H04L63/0272 , H04L63/0428 , H04L63/064 , H04L63/164
摘要: A hierarchical key generation and distribution mechanism for a computer system in which devices are organized into secure enclaves. The mechanism enables network access to be tailored to approximate minimum needed privileges for each device. At the lowest level of the hierarchy, keys are used to form security associations between devices. Keys at each level of the hierarchy are generated from keys at a higher level of the hierarchy and key derivation information. Key derivation information is readily ascertainable, either from identifiers for devices or from within messages, supporting hardware offload of cryptographic functions. Because keys may be generated based on the enclaves in which the hosts participating in a security association are located, the system includes a mechanism by which devices can discover the enclave in which they are located.
摘要翻译: 用于计算机系统的分层密钥生成和分发机制,其中设备被组织成安全的飞地。 该机制使网络访问能够被定制,以达到每个设备所需的最低权限。 在层次结构的最低层,密钥用于形成设备之间的安全关联。 层次结构的每个级别的密钥都是从层次较高级别的密钥和密钥导出信息生成的。 密钥导出信息可以从设备的标识符或消息内容中确定,从而支持加密功能的硬件卸载。 因为可以基于参与安全关联的主机所在的包围来生成密钥,所以系统包括一种机构,通过该机制,设备可以发现它们所在的飞地。
-
公开(公告)号:US09742560B2
公开(公告)日:2017-08-22
申请号:US12483095
申请日:2009-06-11
CPC分类号: H04L9/0836 , H04L9/0866 , H04L9/0869 , H04L9/3226 , H04L63/0272 , H04L63/0428 , H04L63/064 , H04L63/164
摘要: A hierarchical key generation and distribution mechanism for a computer system in which devices are organized into secure enclaves. The mechanism enables network access to be tailored to approximate minimum needed privileges for each device. At the lowest level of the hierarchy, keys are used to form security associations between devices. Keys at each level of the hierarchy are generated from keys at a higher level of the hierarchy and key derivation information. Key derivation information is readily ascertainable, either from identifiers for devices or from within messages, supporting hardware offload of cryptographic functions. Because keys may be generated based on the enclaves in which the hosts participating in a security association are located, the system includes a mechanism by which devices can discover the enclave in which they are located.
-
公开(公告)号:US08352741B2
公开(公告)日:2013-01-08
申请号:US12483052
申请日:2009-06-11
IPC分类号: H04L9/32
CPC分类号: H04L9/0836 , H04L9/0861 , H04L9/14 , H04L9/32 , H04L63/0272 , H04L63/0281 , H04L63/0464 , H04L63/061 , H04L63/064 , H04L63/164 , H04L2463/061
摘要: A hierarchical key generation and distribution mechanism for a computer system in which devices are organized into secure enclaves. The mechanism enables network access to be tailored to approximate minimum needed privileges for each device. At the lowest level of the hierarchy, keys are used to form security associations between devices. Keys at each level of the hierarchy are generated from keys at a higher level of the hierarchy and key derivation information. Key derivation information is readily ascertainable, either from identifiers for devices or from within messages, supporting hardware offload of cryptographic functions. Because keys may be generated based on the enclaves in which the hosts participating in a security association are located, the system includes a mechanism by which devices can discover the enclave in which they are located.
摘要翻译: 用于计算机系统的分层密钥生成和分发机制,其中设备被组织成安全的飞地。 该机制使网络访问能够被定制,以达到每个设备所需的最低权限。 在层次结构的最低层,密钥用于形成设备之间的安全关联。 层次结构的每个级别的密钥都是从层次较高级别的密钥和密钥导出信息生成的。 密钥导出信息可以从设备的标识符或消息内容中确定,从而支持加密功能的硬件卸载。 因为可以基于参与安全关联的主机所在的包围来生成密钥,所以系统包括一种机构,通过该机制,设备可以发现它们所在的飞地。
-
公开(公告)号:US20100318799A1
公开(公告)日:2010-12-16
申请号:US12483052
申请日:2009-06-11
IPC分类号: H04L9/32
CPC分类号: H04L9/0836 , H04L9/0861 , H04L9/14 , H04L9/32 , H04L63/0272 , H04L63/0281 , H04L63/0464 , H04L63/061 , H04L63/064 , H04L63/164 , H04L2463/061
摘要: A hierarchical key generation and distribution mechanism for a computer system in which devices are organized into secure enclaves. The mechanism enables network access to be tailored to approximate minimum needed privileges for each device. At the lowest level of the hierarchy, keys are used to form security associations between devices. Keys at each level of the hierarchy are generated from keys at a higher level of the hierarchy and key derivation information. Key derivation information is readily ascertainable, either from identifiers for devices or from within messages, supporting hardware offload of cryptographic functions. Because keys may be generated based on the enclaves in which the hosts participating in a security association are located, the system includes a mechanism by which devices can discover the enclave in which they are located.
摘要翻译: 用于计算机系统的分层密钥生成和分发机制,其中设备被组织成安全的飞地。 该机制使网络访问能够被定制,以达到每个设备所需的最低权限。 在层次结构的最低层,密钥用于形成设备之间的安全关联。 层次结构的每个级别的密钥都是从层次较高级别的密钥和密钥导出信息生成的。 密钥导出信息可以从设备的标识符或消息内容中确定,从而支持加密功能的硬件卸载。 因为可以基于参与安全关联的主机所在的包围来生成密钥,所以系统包括一种机构,通过该机制,设备可以发现它们所在的飞地。
-
公开(公告)号:US20100228962A1
公开(公告)日:2010-09-09
申请号:US12400281
申请日:2009-03-09
IPC分类号: H04L9/06
CPC分类号: H04L9/0844 , H04L63/0428 , H04L63/0471 , H04L63/0485 , H04L63/061
摘要: Some embodiments are directed to processing packet data sent according to a security protocol between a first computer and a second computer via a forwarding device. The forwarding device performs a portion of the processing, and forwards the packet data to a third computer, connected to the forwarding device, for other processing. The third computer may support non-standard extensions to the security protocol, such as extensions used in authorizing and establishing a connection over the secure protocol. The packet data may be subject to policies, such as firewall policies or security policies, that may be detected by the third computer. The third computer sends the results of its processing, such as a cryptographic key, or a detected access control policy, to the forwarding device.
摘要翻译: 一些实施例涉及经由转发设备处理根据第一计算机和第二计算机之间的安全协议发送的分组数据。 转发设备执行处理的一部分,并将分组数据转发到连接到转发设备的第三计算机,以进行其他处理。 第三台计算机可能支持安全协议的非标准扩展,例如用于通过安全协议建立和建立连接的扩展。 分组数据可能受到可能由第三计算机检测到的策略,例如防火墙策略或安全策略。 第三台计算机向转发设备发送其处理结果,如加密密钥或检测到的访问控制策略。
-
公开(公告)号:US08301895B2
公开(公告)日:2012-10-30
申请号:US12629059
申请日:2009-12-02
申请人: Brian Swander , Daniel R. Simon , Pascal Menezes
发明人: Brian Swander , Daniel R. Simon , Pascal Menezes
IPC分类号: H04L9/32
CPC分类号: H04L9/3247 , H04L9/3263 , H04L63/0281 , H04L63/0823 , H04L63/123 , H04L67/02 , H04L2209/60
摘要: Enhanced network data transmission security and individualized data transmission processing can be implemented by intermediaries in a communication path between two endpoint peers individually having the capability to identify and authenticate one or both of the endpoint peers. Communication session establishment, endpoint peer identity processing and authentication and data traffic encryption protocols are modified to allow intermediaries to track the communications between endpoint peers for a particular communication session and obtain information to authenticate the endpoint peers and identify data traffic transmitted between them. Intermediaries can use the identities of one or both of the endpoint peers to enforce identity based rules for processing data traffic between the endpoint peers for a communication session.
摘要翻译: 增强的网络数据传输安全性和个性化数据传输处理可以由两个端点对等体之间的通信路径中的中介机构实现,该端点对等体具有识别和认证端点对等体之一或两者的能力。 修改通信会话建立,端点对等体身份处理和认证以及数据流量加密协议,以允许中间人跟踪特定通信会话的端点对等体之间的通信,并获得用于认证端点对等体的信息,并识别它们之间传输的数据流量。 中间人可以使用一个或两个端点对等体的身份来强制基于身份的规则来处理通信会话的端点对等体之间的数据流量。
-
公开(公告)号:US20110131417A1
公开(公告)日:2011-06-02
申请号:US12629059
申请日:2009-12-02
申请人: Brian Swander , Daniel R. Simon , Pascal Menezes
发明人: Brian Swander , Daniel R. Simon , Pascal Menezes
IPC分类号: H04L9/32
CPC分类号: H04L9/3247 , H04L9/3263 , H04L63/0281 , H04L63/0823 , H04L63/123 , H04L67/02 , H04L2209/60
摘要: Enhanced network data transmission security and individualized data transmission processing can be implemented by intermediaries in a communication path between two endpoint peers individually having the capability to identify and authenticate one or both of the endpoint peers. Communication session establishment, endpoint peer identity processing and authentication and data traffic encryption protocols are modified to allow intermediaries to track the communications between endpoint peers for a particular communication session and obtain information to authenticate the endpoint peers and identify data traffic transmitted between them. Intermediaries can use the identities of one or both of the endpoint peers to enforce identity based rules for processing data traffic between the endpoint peers for a communication session.
摘要翻译: 增强的网络数据传输安全性和个性化数据传输处理可以由两个端点对等体之间的通信路径中的中介机构实现,该端点对等体具有识别和认证端点对等体之一或两者的能力。 修改通信会话建立,端点对等体身份处理和认证以及数据流量加密协议,以允许中间人跟踪特定通信会话的端点对等体之间的通信,并获得用于认证端点对等体的信息,并识别它们之间传输的数据流量。 中间人可以使用一个或两个端点对等体的身份来强制基于身份的规则来处理通信会话的端点对等体之间的数据流量。
-
公开(公告)号:US20130067042A1
公开(公告)日:2013-03-14
申请号:US13229215
申请日:2011-09-09
申请人: Pascal Menezes , Wajih Yahyaoui , Kapil Sharma , Warren Barkley
发明人: Pascal Menezes , Wajih Yahyaoui , Kapil Sharma , Warren Barkley
IPC分类号: G06F15/177
CPC分类号: H04L5/0032 , H04L47/70 , H04L63/1408 , H04L65/80 , H04L67/141
摘要: A primary call admission controller (CAC) system receives a request from a client to allocate a network resource such as a network bandwidth. The primary CAC system may determine subordinate CAC to delegate the allocation and transfer the request to the subordinate CAC. Subsequently, the subordinate CAC analyzes the communication session attributes to determine an available network resource for the communication session. Upon a positive determination, the subordinate CAC allocates the network resource and signals the allocation up the network chain to the primary CAC and the client.
摘要翻译: 主要呼叫接纳控制器(CAC)系统接收来自客户端的请求以分配诸如网络带宽的网络资源。 主要的CAC系统可以确定从属CAC来委派分配并将请求转交给下级CAC。 随后,下级CAC分析通信会话属性,以确定通信会话的可用网络资源。 肯定地确定,下级CAC分配网络资源,并将网络链上的分配信号发送给主CAC和客户端。
-
公开(公告)号:US20130254412A1
公开(公告)日:2013-09-26
申请号:US13428883
申请日:2012-03-23
申请人: Pascal Menezes , Wajih Yahyaoui , Kapil Sharma , Warren Barkley
发明人: Pascal Menezes , Wajih Yahyaoui , Kapil Sharma , Warren Barkley
IPC分类号: G06F15/16
CPC分类号: H04L43/026 , H04L41/0893 , H04L43/0852 , H04L47/805 , H04L51/36
摘要: Unified Communication and Collaboration (UC&C) systems are enabled to dynamically enlighten a set of network elements (NEs) and/or network infrastructure with application awareness so that an accurate set of rules or actions can be applied for a given session without needing to lookup the payload of every packet or applying a somewhat ineffective expensive heuristic mechanisms. Taking advantage of typically longer communication session durations and separate control and media planes, a UC&C control point programs a set of NEs for a given UC&C media flow within a scalable and timely manner. Quality of Service (QoS), security, monitoring, and similar functionality may also be programmed into the NEs through the UC&C control point.
摘要翻译: 统一通信和协作(UC&C)系统能够动态地启发一组具有应用程序意识的网络元素(NE)和/或网络基础设施,以便可以为给定的会话应用准确的规则或动作集,而无需查找 每个数据包的有效载荷或应用一些无效的昂贵启发机制。 利用通常较长的通信会话持续时间和单独的控制和媒体平面,UC&C控制点可以以可扩展和及时的方式为给定的UC&C媒体流程编程一组网元。 服务质量(QoS),安全性,监控和类似功能也可以通过UC&C控制点编程到NE中。
-
公开(公告)号:US20120157038A1
公开(公告)日:2012-06-21
申请号:US12972230
申请日:2010-12-17
申请人: Pascal Menezes , Marco Piumatti , Upshur W. Parks , Ravi Rao
发明人: Pascal Menezes , Marco Piumatti , Upshur W. Parks , Ravi Rao
IPC分类号: H04M11/00
CPC分类号: H04L12/1407 , H04L12/1485 , H04M15/72 , H04M15/80 , H04M15/8016 , H04M15/8022 , H04M15/8044 , H04M15/83 , H04M15/85 , H04M15/885 , H04M15/886 , H04W48/02
摘要: A mobile computing device that supports cost-aware application components for operation over a metered network. A current basis for computing usage charges over one or more networks may be made available to the cost-aware application components through an application programming interface supported by an operating system service. That service may receive a policy for charging for data usage over a network and may also obtain information defining data usage for the mobile computing device. Based on this information, the service may determine a current basis for charging for data usage. With this information, the application component can determine a manner for executing network operations that involve data transmission over the network, such as deferring the operation or selecting an alternative network.
摘要翻译: 一种移动计算设备,其支持用于在计量网络上操作的成本感知应用组件。 用于计算一个或多个网络上的使用费用的当前基础可以通过由操作系统服务支持的应用编程接口用于成本感知应用组件。 该服务可以接收用于通过网络的数据使用的计费的策略,并且还可以获得定义用于移动计算设备的数据使用的信息。 基于该信息,服务可以确定用于对数据使用进行计费的当前基础。 利用该信息,应用组件可以确定执行涉及通过网络进行数据传输的网络操作的方式,诸如延迟操作或选择替代网络。
-
-
-
-
-
-
-
-
-
搜索结果
14 条记录 (耗时 0.024 秒)