-
1.发明授权Secure sharing of transport layer security session keys with trusted enforcement points 失效传输层安全会话密钥与可信执行点的安全共享公开(公告)号:US07992200B2
公开(公告)日:2011-08-02
申请号:US11778396
申请日:2007-07-16
CPC分类号: H04L63/166
摘要: Embodiments of the present invention address deficiencies of the art in respect to security enforcement point operability in a TLS secured communications path and provide a novel and non-obvious method, system and computer program product for the secure sharing of TLS session keys with trusted enforcement points. In one embodiment of the invention, a method for securely sharing TLS session keys with trusted enforcement points can be provided. The method can include conducting a TLS handshake with a TLS client to extract and decrypt a session key for a TLS session with the TLS client traversing at least one security enforcement point. The method further can include providing the session key to a communicatively coupled key server for distribution to the at least one security enforcement point. Finally, the method can include engaging in secure communications with the TLS client over the TLS session.
摘要翻译: 本发明的实施例解决了在TLS安全通信路径中的安全执行点可操作性方面本领域的缺陷,并提供了一种新颖且不显眼的方法,系统和计算机程序产品,用于与可信执行点安全共享TLS会话密钥 。 在本发明的一个实施例中,可以提供一种用可靠执行点安全地共享TLS会话密钥的方法。 该方法可以包括与TLS客户端进行TLS握手,以提取和解密与TLS客户端穿过至少一个安全执行点的TLS会话的会话密钥。 该方法还可以包括将会话密钥提供给通信耦合的密钥服务器以分发给至少一个安全执行点。 最后,该方法可以包括通过TLS会话与TLS客户端进行安全通信。
-
2.发明授权Secure sharing of transport layer security session keys with trusted enforcement points 有权传输层安全会话密钥与可信执行点的安全共享公开(公告)号:US08752162B2
公开(公告)日:2014-06-10
申请号:US13158388
申请日:2011-06-11
IPC分类号: G06F9/00
CPC分类号: H04L63/166
摘要: Embodiments of the present invention address deficiencies of the art in respect to security enforcement point operability in a TLS secured communications path and provide a novel and non-obvious method, system and computer program product for the secure sharing of TLS session keys with trusted enforcement points. In one embodiment of the invention, a method for securely sharing TLS session keys with trusted enforcement points can be provided. The method can include conducting a TLS handshake with a TLS client to extract and decrypt a session key for a TLS session with the TLS client traversing at least one security enforcement point. The method further can include providing the session key to a communicatively coupled key server for distribution to the at least one security enforcement point. Finally, the method can include engaging in secure communications with the TLS client over the TLS session.
摘要翻译: 本发明的实施例解决了在TLS安全通信路径中关于安全执行点可操作性的本领域的缺陷,并提供了一种新颖且非显而易见的方法,系统和计算机程序产品,用于与可信执行点安全共享TLS会话密钥 。 在本发明的一个实施例中,可以提供一种用可靠执行点安全地共享TLS会话密钥的方法。 该方法可以包括与TLS客户端进行TLS握手,以提取和解密与TLS客户端穿过至少一个安全执行点的TLS会话的会话密钥。 该方法还可以包括将会话密钥提供给通信耦合的密钥服务器以分发给至少一个安全执行点。 最后,该方法可以包括通过TLS会话与TLS客户端进行安全通信。
-
公开(公告)号:US09954821B2
公开(公告)日:2018-04-24
申请号:US13547603
申请日:2012-07-12
IPC分类号: H04L29/06
CPC分类号: H04L63/0236 , H04L63/0263 , H04L63/164
摘要: Embodiments of the present invention address deficiencies of the art in respect to secure communications for multiple hosts in an address translation environment and provide a method, system and computer program product for IPsec SA management for multiple clients sharing a single network address. In one embodiment, a computer implemented method for IPsec SA management for multiple hosts sharing a single network address can include receiving a packet for IPsec processing for a specified client among the multiple clients sharing the single network address. A dynamic SA can be located among multiple dynamic SAs for the specified client using client identifying information exclusive of a 5-tuple produced for the dynamic SA. Finally, IPsec processing can be performed for the packet.
-
公开(公告)号:US09781162B2
公开(公告)日:2017-10-03
申请号:US11354360
申请日:2006-02-15
CPC分类号: H04L63/20 , H04L63/164
摘要: A method, system and computer program product for predictively configuring a security services protocol implementation can be provided. The method can include providing a set of network topology descriptions and determining a selection of one of the network topology descriptions. The method further can include identifying configuration settings corresponding to the selection and applying the configuration settings to the security services protocol implementation. For instance, applying the configuration settings to the security services protocol implementation can include selecting encapsulation mode and routing settings for the security services protocol implementation.
-
5.发明授权Internet protocol security (IPSEC) packet processing for multiple clients sharing a single network address 有权互联网协议安全(IPSEC)数据包处理为多个客户端共享单个网络地址公开(公告)号:US08250229B2
公开(公告)日:2012-08-21
申请号:US11238613
申请日:2005-09-29
IPC分类号: G06F15/16
CPC分类号: H04L63/0236 , H04L63/0263 , H04L63/164
摘要: Embodiments of the present invention address deficiencies of the art in respect to secure communications for multiple hosts in an address translation environment and provide a method, system and computer program product for IPsec SA management for multiple clients sharing a single network address. In one embodiment, a computer implemented method for IPsec SA management for multiple hosts sharing a single network address can include receiving a packet for IPsec processing for a specified client among the multiple clients sharing the single network address. A dynamic SA can be located among multiple dynamic SAs for the specified client using client identifying information exclusive of a 5-tuple produced for the dynamic SA. Finally, IPsec processing can be performed for the packet.
摘要翻译: 本发明的实施例解决了关于地址转换环境中的多个主机的安全通信的本领域的缺陷,并且提供了用于共享单个网络地址的多个客户机的IPsec SA管理的方法,系统和计算机程序产品。 在一个实施例中,用于对共享单个网络地址的多个主机进行IPsec SA管理的计算机实现方法可以包括在共享单个网络地址的多个客户端之间接收用于指定客户端的IPsec处理的分组。 动态SA可以在指定客户机的多个动态SA之间使用除了为动态SA生成的5元组之外的客户端标识信息。 最后,可以对数据包执行IPsec处理。
-
公开(公告)号:US09715401B2
公开(公告)日:2017-07-25
申请号:US12210249
申请日:2008-09-15
申请人: Wesley M. Devine , Sivaram Gottimukkala , Lap T. Huynh , Dinakaran Joseph , Michael S. Law , Linwood H. Overby, Jr.
发明人: Wesley M. Devine , Sivaram Gottimukkala , Lap T. Huynh , Dinakaran Joseph , Michael S. Law , Linwood H. Overby, Jr.
IPC分类号: G06F9/455
CPC分类号: G06F9/45558 , G06F9/4856 , G06F2009/4557
摘要: In an embodiment of the invention, a method for secure live migration of a virtual machine (VM) in a virtualized computing environment can include selecting a VM in a secure virtualized computing environment for live migration to a different virtualized computing environment and blocking data communications with the selected VM and other VMs in the secure virtualized computing environment. The selected VM can be live migrated to the different virtualized computing environment and the VM can be restarted in the different virtualized computing environment. Notably, a secure communicative link can be established between the restarted VM and at least one other of the VMs in the secure virtualized computing environment. Finally, data communications between the restarted VM and the at least one other of the VMs can be enabled over the secure communicative link.
-
7.发明授权公开(公告)号:US09137203B2
公开(公告)日:2015-09-15
申请号:US11626513
申请日:2007-01-24
CPC分类号: H04L63/0209 , H04L63/04 , H04L63/0485 , H04L63/0823 , H04L63/1408 , H04L2209/76
摘要: Embodiments of the present invention address deficiencies of the art in respect to network security and provide a method, system and computer program product for centralized secure offload of key exchange services for distributed security enforcement points. In one embodiment, a data processing system for centralized secure offload of key exchange services for distributed security enforcement points can be provided. The system can include a security enforcement point controlling communication flows between devices in different less trusted zones of protection, and a security server communicatively coupled to the security enforcement point and hosting key exchange services disposed in a more trusted zone of protection. The security enforcement point can include an interface to the key exchange services and program code enabled to offload at least one portion of a key exchange through the interface to the key exchange services disposed in the more trusted zone of protection.
摘要翻译: 本发明的实施例解决了本领域在网络安全方面的缺陷,并且提供了一种用于分布式安全执行点的密钥交换服务的集中安全卸载的方法,系统和计算机程序产品。 在一个实施例中,可以提供用于分布式安全执行点的密钥交换服务的集中安全卸载的数据处理系统。 该系统可以包括控制不同不太信任的保护区域中的设备之间的通信流的安全执行点,以及通信地耦合到安全执行点并承载设置在更受信任的保护区域中的密钥交换服务的安全服务器。 安全执行点可以包括密钥交换服务的接口和能够通过接口将密钥交换的至少一部分卸载到设置在更受信任的保护区域中的密钥交换服务的密码交换服务和程序代码。
-
8.发明授权Security enforcement point inspection of encrypted data in an encrypted end-to end communications path 有权在加密的端到端通信路径中对加密数据进行安全执行点检查公开(公告)号:US09021250B2
公开(公告)日:2015-04-28
申请号:US11738500
申请日:2007-04-22
IPC分类号: H04L29/06
CPC分类号: H04L63/0428 , H04L63/062 , H04L63/168 , H04L63/30 , H04L63/306
摘要: Embodiments of the present invention address deficiencies of the art in respect to security function processing of encrypted data in a security enforcement point and provide a method, system and computer program product for security enforcement point inspection of a traversing encrypted data in a secure, end-to-end communications path. In an embodiment of the invention, a method for security enforcement point inspection of encrypted data in a secure, end-to-end communications path can be provided. The method can include establishing a persistent secure session with a key server holding an SA for an end-to-end secure communications path between endpoints, receiving the SA for the end-to-end secure communications path over the persistent secure session, decrypting an encrypted payload for the end-to-end secure communications path using session key data in the SA, and performing a security function on the decrypted payload.
摘要翻译: 本发明的实施例解决了在安全执行点中关于加密数据的安全功能处理方面的技术缺陷,并且提供了一种用于安全执行点检查安全执行点检测的方法,系统和计算机程序产品, 端到端通信路径。 在本发明的实施例中,可以提供一种用于在安全的端到端通信路径中对加密数据进行安全执行点检查的方法。 该方法可以包括与端点之间的端对端安全通信路径保持SA的密钥服务器建立持久的安全会话,通过持久安全会话接收端到端安全通信路径的SA,解密 使用SA中的会话密钥数据进行端到端安全通信路径的加密有效载荷,并对解密的有效载荷执行安全功能。
-
公开(公告)号:US08925081B2
公开(公告)日:2014-12-30
申请号:US13469357
申请日:2012-05-11
CPC分类号: G06F21/554
摘要: Intrusion detection is performed by communicating an initialization request from an intrusion detection system enabled application to an intrusion module to begin intrusion detection. Also, a request is communicated to a policy transfer agent to provide an intrusion detection system policy specifically configured for the application. The application identifies where in the application code the intrusion detection system policy is to be checked against an incoming or outgoing communication. Information obtained by the application program is selectively evaluated against information in the intrusion detection system policy. A conditional response is made based upon information in the intrusion detection system policy if an intrusion associated with the application program is detected.
摘要翻译: 通过将初始化请求从入侵检测系统启用的应用程序传送到入侵模块以开始入侵检测来执行入侵检测。 而且,请求被传送给策略传输代理,以提供专门为应用配置的入侵检测系统策略。 该应用程序在应用程序代码中识别入侵检测系统策略要根据传入或传出通信进行检查。 根据入侵检测系统策略中的信息选择性地评估由应用程序获得的信息。 如果检测到与应用程序相关联的入侵,则基于入侵检测系统策略中的信息进行条件响应。
-
公开(公告)号:US08891550B2
公开(公告)日:2014-11-18
申请号:US11355023
申请日:2006-02-15
CPC分类号: H04L63/105 , H04L63/166
摘要: Embodiments of the present invention address deficiencies of the art in respect to network services protocol implementation configuration and provide a method, system and computer program product for platform independent configuration of multiple network services protocol implementations. In one embodiment of the invention, a method for configuring a network services protocol implementation can include configuring a platform independent configuration for a network services protocol implementation. Thereafter, a target node can be selected to receive a deployment of the network services protocol implementation and the configured platform independent configuration can be transformed into a platform specific configuration for the target node. Finally, the transformed platform specific configuration can be deployed onto the target node.
摘要翻译: 本发明的实施例解决了关于网络服务协议实现配置的本领域的缺陷,并提供了用于多个网络服务协议实现的用于独立于平台的配置的方法,系统和计算机程序产品。 在本发明的一个实施例中,用于配置网络服务协议实现的方法可以包括为网络服务协议实现配置与平台无关的配置。 此后,可以选择目标节点以接收网络服务协议实现的部署,并且将配置的平台无关配置转换为目标节点的平台特定配置。 最后,转换的平台特定配置可以部署到目标节点上。
-
-
-
-
-
-
-
-
-
搜索结果
30 条记录 (耗时 0.02 秒)
