-
公开(公告)号:US10248442B2
公开(公告)日:2019-04-02
申请号:US13547148
申请日:2012-07-12
申请人: David S Dodgson , Ralph Farina , James A Fontana , Robert A Johnson , David Maw , Anthony Narisi
发明人: David S Dodgson , Ralph Farina , James A Fontana , Robert A Johnson , David Maw , Anthony Narisi
摘要: Virtual machines in a network may be isolated by encrypting transmissions between the virtual machines with keys possessed only by an intended recipient. Within a network, the virtual machines may be logically organized into a number of community-of-interest (COI) groups. Each COI may use an encryption key to secure communications within the COI, such that only other virtual machines in the COI may decrypt the message. Virtual machines may be automatically provisioned with configuration information, such as the encryption keys, when the virtual machine is started. The provisioning information may be created based on a template stored on a configuration server.
-
公开(公告)号:US10454931B2
公开(公告)日:2019-10-22
申请号:US15001354
申请日:2016-01-20
申请人: Ted Hinaman , Steven J Rajcan , Matthew Mohr , William Gunn , Sarah K Inforzato , Robert A Johnson , Gregory J Small , David S Dodgson
发明人: Ted Hinaman , Steven J Rajcan , Matthew Mohr , William Gunn , Sarah K Inforzato , Robert A Johnson , Gregory J Small , David S Dodgson
摘要: Methods and systems for securing communications with an enterprise from a remote computing system are disclosed. One method includes initiating a secured connection with a VPN appliance associated with an enterprise using service credentials maintained in a secure applet installed on a remote computing device, and initiating communication with an authentication server within an enterprise via the secured connection. The method also includes receiving specific credentials from the authentication server, terminating the secured connection with the VPN appliance, and initiating a second secured connection with the VPN appliance using the specific credentials, the specific credentials providing access to one or more computing devices within the enterprise being within a same community of interest as the remote computing device and obfuscating one or more other computing systems within the enterprise excluded from the community of interest. The method also includes initiating communications with at least one of the one or more computing devices included in the community of interest.
-
公开(公告)号:US20150381597A1
公开(公告)日:2015-12-31
申请号:US14688348
申请日:2015-04-16
CPC分类号: H04L63/08 , G06F21/604 , H04L41/0843 , H04L63/20 , H04L67/02 , H04L67/30
摘要: Methods and systems for managing a secure enterprise are disclosed. One method includes initiating a management service at a server within the secure enterprise, the management service including a web interface providing administrative access to configuration settings associated with the secure enterprise, the management service initializing a secure communications protocol and managing access to a credential store, the credential store including a plurality of credentials defining communities of interest within the secure enterprise, each of the communities of interest defining a collection of authenticated endpoints having common access and usage rights. The method includes initiating an object management service at the server defining an interface to a configuration database, and accessing the configuration database to obtain data defining a configuration of the enterprise according to a configuration profile. The method includes applying configuration settings to the secure enterprise based on the data defining the configuration of the secure enterprise.
摘要翻译: 公开了用于管理安全企业的方法和系统。 一种方法包括在安全企业内的服务器上启动管理服务,管理服务包括提供对与安全企业相关联的配置设置的管理访问的web界面,初始化安全通信协议的管理服务以及管理对凭证存储的访问, 证书存储包括在安全企业内定义感兴趣社区的多个凭证,感兴趣的社区每个定义具有共同访问权限和使用权限的认证端点的集合。 该方法包括在定义与配置数据库的接口的服务器上启动对象管理服务,以及根据配置简档访问配置数据库以获取定义企业配置的数据。 该方法包括基于定义安全企业的配置的数据将配置设置应用于安全企业。
-
公开(公告)号:US20210266289A1
公开(公告)日:2021-08-26
申请号:US16797756
申请日:2020-02-21
申请人: David Maw , Robert A Johnson , Alex Dorrell , Arthur J Nilson
发明人: David Maw , Robert A Johnson , Alex Dorrell , Arthur J Nilson
摘要: A method of securing containers within clusters is disclosed. The method includes configuring service access points within clusters as secure endpoints; associating services within clusters with secure identities to constrain which communities-of-interest can reach which services; and wherein each cluster is cryptographically isolated such that no information will leak in or out of the cluster through an associated network.
-
公开(公告)号:US20150381568A1
公开(公告)日:2015-12-31
申请号:US14474459
申请日:2014-09-02
CPC分类号: H04L63/0272 , G06F9/45533 , G06F21/105 , G06Q10/10 , H04L63/0209 , H04L63/029 , H04L63/04 , H04L63/0485 , H04L63/08 , H04L63/164
摘要: A system and method of managing secure integration of a cloud-based computing resource with a private domain are disclosed. One system includes a hybrid cloud arrangement including a plurality of virtual machines, the plurality of virtual machines including at least a first virtual machine within the private domain and a second virtual machine within a public cloud. The system also includes a virtual data relay within the private domain and associated with the second virtual machine. The virtual data relay includes a private domain interface used to establish a secure communication link according to a first security protocol with each virtual machine within the private domain that is a member of a community of interest, the virtual data relay assigned a community of interest key used by the private domain interface and defining the community of interest of which the second virtual machine is a member. The virtual data relay also includes a public cloud interface used to establish a secure communication link with the second virtual machine, the public cloud interface using a second security protocol different from the first security protocol.
摘要翻译: 公开了一种管理基于云的计算资源与私有域的安全集成的系统和方法。 一个系统包括包括多个虚拟机的混合云布置,所述多个虚拟机至少包括私有域内的第一虚拟机和公共云内的第二虚拟机。 该系统还包括私有域内的虚拟数据中继并与第二虚拟机相关联。 虚拟数据中继包括用于根据第一安全协议建立安全通信链路的专用域接口,私有域内的每个虚拟机是感兴趣社区的成员,虚拟数据中继器被分配了感兴趣的密钥 由私有域接口使用,并定义第二个虚拟机所属的兴趣社区。 虚拟数据中继还包括用于与第二虚拟机建立安全通信链路的公共云接口,公共云接口使用不同于第一安全协议的第二安全协议。
-
6.发明授权公开(公告)号:US11729004B2
公开(公告)日:2023-08-15
申请号:US17475397
申请日:2021-09-15
申请人: Sanket Panchamia , Kanupriya Pandey , Mehdi Entezari , Sachin B Patil , Amith Kk , Robert A Johnson
发明人: Sanket Panchamia , Kanupriya Pandey , Mehdi Entezari , Sachin B Patil , Amith Kk , Robert A Johnson
CPC分类号: H04L9/3268 , H04L9/083 , H04L9/0891 , H04L9/3215 , H04L9/50
摘要: Methods and systems for remote dynamic isolation of IoT devices are provided. One system includes a first IoT device and a second IoT device configured with an active communication channel with the first IoT device and a role certificate. An operator device is configured to interact with a distributed ledger to issue and revoke role certificates for a plurality of devices including the first IoT device and the second IoT device. The first IoT device periodically validates a role certificate proof received from the second IoT device with an entry of the role certificate proof recorded on the distributed ledger.
-
公开(公告)号:US10158674B2
公开(公告)日:2018-12-18
申请号:US15494869
申请日:2017-04-24
摘要: Methods and systems for assigning security settings to one or more nodes within an enterprise network are disclosed. One method includes receiving network concordance data at an enterprise security management configuration tool from a plurality of nodes within an enterprise network, and receiving, in a configuration user interface, a selection of an affinitization level selected from a plurality of discrete affinitization levels, each of the discrete affinitization levels corresponding to a different extent to which nodes within an enterprise are grouped into profiles. The method also includes automatically grouping each of the plurality of nodes identified in the network concordance data into a plurality of profiles based on the selected affinitization level, and applying a common security policy to each of the nodes included in one of the plurality of profiles.
-
公开(公告)号:US09794225B2
公开(公告)日:2017-10-17
申请号:US14753146
申请日:2015-06-29
CPC分类号: H04L63/0272 , H04L63/08 , H04L63/104 , H04W88/16
摘要: Methods and systems of communicating with secure endpoints included within a secured network from a mobile device external to the secured network is disclosed. The method includes initiating a VPN-based secure connection to a VPN appliance, and initializing a stealth-based service on the mobile device. The method further includes transmitting user credential information from the mobile device to a VDR broker via the VPN appliance, and receiving status information from the VDR broker identifying a VDR associated with the mobile device and providing a connected status. The method also includes communicating with one or more secure endpoints within the secured network via a VPN connection to the VDR via the VPN appliance and through the VDR to the one or more secure endpoints within a community of interest based on the user credential information transmitted to the VDR broker.
-
公开(公告)号:US09716589B2
公开(公告)日:2017-07-25
申请号:US14042182
申请日:2013-09-30
CPC分类号: H04L63/02 , G06F21/00 , G06F21/53 , H04L9/0838 , H04L9/0841 , H04L63/0227 , H04L63/0236 , H04L63/0485 , H04L63/061 , H04L63/164 , H04L63/166 , H04L63/205 , H04L69/18
摘要: A secure communications arrangement including an endpoint is disclosed. The endpoint includes a computing system. The computing system includes a user level services component and a kernel level callout driver interfaced to the user level services component and configured to establish an IPsec tunnel with a remote endpoint. The computing system also includes a filter engine storing one or more filters defining endpoints authorized to communicate with the endpoint via the IPsec tunnel. The computing system also includes a second kernel level driver configured to establish a secure tunnel using a second security protocol different from IPsec.
-
公开(公告)号:US09596077B2
公开(公告)日:2017-03-14
申请号:US14042212
申请日:2013-09-30
CPC分类号: H04L63/02 , G06F21/00 , G06F21/53 , H04L9/0838 , H04L9/0841 , H04L63/0227 , H04L63/0236 , H04L63/0485 , H04L63/061 , H04L63/164 , H04L63/166 , H04L63/205 , H04L69/18
摘要: A method and system for establishing secure communications between endpoints includes transmitting a first message including a token having one or more entries each corresponding to a community of interest associated with a user of the first endpoint and including an encryption key and a validation key associated with the first endpoint. The method includes receiving a second message including a second authorization token including one or more entries, each entry corresponding to a community of interest associated with a second user and including an encryption key and a validation key associated with the second endpoint. The method includes, for each community of interest associated with both users, decrypting an associated entry in the second authorization token to obtain the encryption key and validation key associated with the second endpoint. The method also includes generating a shared secret based on the key pair, transmitting a third message including the created key pair to the second endpoint, and initializing tunnel using the shared secret to derive encryption keys used for IPsec-secured communications between the endpoints.
摘要翻译: 一种用于在端点之间建立安全通信的方法和系统包括:发送包括令牌的第一消息,所述令牌具有一个或多个条目,每个条目对应于与所述第一端点的用户相关联的感兴趣社区,并且包括与所述第一端点相关联的加密密钥和验证密钥 第一个端点。 该方法包括接收第二消息,其包括包括一个或多个条目的第二授权令牌,每个条目对应于与第二用户相关联的感兴趣社区,并且包括加密密钥和与第二端点相关联的验证密钥。 对于与两个用户相关联的每个感兴趣社区,该方法包括在第二授权令牌中解密相关联的条目以获得与第二端点相关联的加密密钥和验证密钥。 该方法还包括基于密钥对生成共享密钥,将包括所创建的密钥对的第三消息发送到第二端点,以及使用共享密钥初始化隧道以导出用于端点之间的IPsec安全通信的加密密钥。
-
-
-
-
-
-
-
-
-
搜索结果
19 条记录 (耗时 0.029 秒)
