公开(公告)号：US20070067845A1

公开(公告)日：2007-03-22

申请号：US11232004

申请日：2005-09-22

申请人： Douglas Wiemer ,  Jean-Marc Robert ,  Bradley McFarlane ,  Christophe Gustave ,  Stanley Chow ,  Jian Tang

发明人： Douglas Wiemer ,  Jean-Marc Robert ,  Bradley McFarlane ,  Christophe Gustave ,  Stanley Chow ,  Jian Tang

IPC分类号： G06F11/00

CPC分类号： H04L63/1433 ,  G06F21/577 ,  H04L41/0233 ,  H04L41/12 ,  H04L41/28

摘要： The invention is directed to providing threat and risk analysis for a network that has a high degree of inter-relationships and interdependencies among the assets comprising it, using a “cut set” enumeration method. The identified cut sets are used as the basis to the threat and risk analysis, since each cut set may affect the traffic between two dependent assets in the network, and thereby affect the security state of the dependent assets themselves. The affected security state may be confidentiality, integrity, availability, or other network or security relevant parameter.

摘要翻译： 本发明旨在使用“切割集”枚举方法为包括它的资产之间的高度相互关系和相互依赖性的网络提供威胁和风险分析。 识别的切割集合被用作威胁和风险分析的基础，因为每个切割集可能会影响网络中两个相关资产之间的流量，从而影响从属资产本身的安全状态。 受影响的安全状态可能是机密性，完整性，可用性或其他网络或安全相关参数。

公开(公告)号：US20070067847A1

公开(公告)日：2007-03-22

申请号：US11366101

申请日：2006-03-02

申请人： Douglas Wiemer ,  Christophe Gustave ,  Stanley Chow ,  Bradley McFarlane

发明人： Douglas Wiemer ,  Christophe Gustave ,  Stanley Chow ,  Bradley McFarlane

IPC分类号： G06F11/00

CPC分类号： H04L63/1433 ,  G06F21/577

摘要： Information system service-level security risk analysis systems, methods, and Graphical User Interfaces are disclosed. Assets of an information system that have relationships with a service provided by the information system are identified, and at least one security risk to the service is determined by analyzing security vulnerabilities associated with the identified assets. A consolidated representation of the service is provided, and includes an indication of the determined security risk(s) and an indication of a relationship between the service and at least one of the identified assets. The security risk indication may include indications of multiple security parameters. Security risks may be represented differently depending on whether they arise from a security vulnerability of an asset that has a relationship with the service or a security vulnerability of an asset that has a relationship with the service only through a relationship with an asset that has a relationship with the service.

摘要翻译： 公开了信息系统服务级安全风险分析系统，方法和图形用户界面。 识别与由信息系统提供的服务有关系的信息系统的资产，并且通过分析与所识别的资产相关联的安全漏洞来确定对服务的至少一个安全风险。 提供了该服务的综合表示，并且包括确定的安全风险的指示以及该服务与至少一个所识别的资产之间的关系的指示。 安全风险指示可以包括多个安全参数的指示。 安全风险可能会有所不同，具体取决于它们是否来自与服务关系的资产的安全漏洞或与服务关系的资产的安全漏洞，只能通过与具有关系的资产的关系 与服务。

公开(公告)号：US20070067848A1

公开(公告)日：2007-03-22

申请号：US11366319

申请日：2006-03-02

申请人： Christophe Gustave ,  Stanley Chow ,  Douglas Wiemer

发明人： Christophe Gustave ,  Stanley Chow ,  Douglas Wiemer

IPC分类号： G06F15/18

CPC分类号： H04L63/1433 ,  G06F21/577

摘要： Security vulnerability information aggregation techniques are disclosed. Vulnerability information associated with one or more security vulnerabilities is obtained from multiple sources and aggregated into respective unified vulnerability definitions for the one or more security vulnerabilities. Aggregation may involve format conversion, content aggregation, or both in some embodiments. Unified vulnerability definitions may be distributed to vulnerability information consumers in accordance with consumer-specific policies. Storage of vulnerability information received from the sources may allow the aggregation process to be performed on existing vulnerability information “retro-actively”. Related data structures and Graphical User Interfaces (GUIs) are also disclosed.

摘要翻译： 公开了安全漏洞信息聚合技术。 与一个或多个安全漏洞相关联的漏洞信息是从多个来源获得的，并且被聚合到针对一个或多个安全漏洞的相应的统一漏洞定义中。 在一些实施例中，聚合可以涉及格式转换，内容聚合或两者。 可以根据消费者特定的策略将统一的漏洞定义分发给漏洞信息消费者。 从源接收到的漏洞信息的存储可能允许针对现有漏洞信息“复原”执行聚合过程。 还公开了相关数据结构和图形用户界面（GUI）。

公开(公告)号：US07877784B2

公开(公告)日：2011-01-25

申请号：US11811235

申请日：2007-06-07

申请人： Stanley Chow ,  Jeff Smith ,  Christophe Gustave

发明人： Stanley Chow ,  Jeff Smith ,  Christophe Gustave

IPC分类号： H04L9/32 ,  H04L9/00

CPC分类号： H04L63/0823 ,  H04L63/12 ,  H04L63/168

摘要： A certificate registry system is configured to issue authentication certificates issued to each one of a plurality of information providers and to maintain a root certificate corresponding to all of the authentication certificates. Each one of the authentication certificates links respective authentication information thereof to identification information of a corresponding one of the information providers. Each one of the authentication certificates is devoid of linkage between the corresponding one of the information providers and domain name information thereof. The authentication certificates of the certificate registry are associated in a manner at least partially dependent upon at least one of a particular type of information that the information providers provide, a particular organization that the information providers are associated with, a particular type profession in which the information providers are engaged and a particular geographical region in which the information providers are located.

摘要翻译： 证书注册系统被配置为发出颁发给多个信息提供者中的每一个的认证证书并维护与所有认证证书相对应的根证书。 每个认证证书将其相应的认证信息链接到相应的一个信息提供者的识别信息。 认证证书中的每一个都没有相应的一个信息提供者和其域名信息之间的链接。 证书注册管理机构的认证证书至少部分地取决于信息提供者提供的特定类型的信息，信息提供者所关联的特定组织，特定类型职业中的至少一个，其中 信息提供者参与信息提供者所在的特定地理区域。

公开(公告)号：US20100058479A1

公开(公告)日：2010-03-04

申请号：US12231435

申请日：2008-09-03

申请人： Shu-Lin Chen ,  Stanley Chow ,  Christophe Gustave

发明人： Shu-Lin Chen ,  Stanley Chow ,  Christophe Gustave

IPC分类号： G06F21/00

CPC分类号： G06F21/54 ,  G06F21/83

摘要： A method is carried out by a computer system for combating malicious keystroke-logging activities thereon. An operation is performed for generating a plurality of fake keystroke datasets that are each configured to resemble a keystroke dataset generated by keystrokes made on an input device of the computer system while entering sensitive information of a prescribed configuration. An operation is performed for receiving an instance of the sensitive information instance of the prescribed configuration concurrently with generating the fake keystroke datasets. Receiving the sensitive information instance includes a user of the computer system entering the sensitive information instance by performing keystrokes on the input device of the computer system such that a real keystroke dataset corresponding to the sensitive information instance is generated. An operation is performed for embedding the real keystroke dataset within at least a portion of the fake keystroke datasets after receiving the sensitive information instance.

摘要翻译： 通过计算机系统进行方法来防止其上的恶意击键记录活动。 执行用于产生多个假击键数据集的操作，每个假击键击数据集被配置为类似于在输入规定的配置的敏感信息时在计算机系统的输入设备上进行的按键产生的击键数据集。 执行操作以与生成假击键数据集并发地接收规定配置的敏感信息实例的实例。 接收敏感信息实例包括计算机系统的用户通过在计算机系统的输入设备上执行击键来输入敏感信息实例，从而生成与敏感信息实例相对应的真实击键数据集。 执行操作以在接收到敏感信息实例之后在真实击键数据集的至少一部分内嵌入真实的击键数据集。

公开(公告)号：US20080307513A1

公开(公告)日：2008-12-11

申请号：US11811306

申请日：2007-06-07

申请人： Stanley Chow ,  Jeff Smith ,  Christophe Gustave

发明人： Stanley Chow ,  Jeff Smith ,  Christophe Gustave

IPC分类号： H04L9/32

CPC分类号： H04L51/04 ,  H04L51/12 ,  H04L63/0823 ,  H04L63/126

摘要： A certificate registry system is configured to issue authentication certificates to each one of a plurality of information providers and to maintain a root certificate corresponding to all of the authentication certificates. Each one of the authentication certificates links respective authentication information thereof to identification information of a corresponding one of the information providers. Each one of the authentication certificates includes a respective Instant Messaging (IM) screen name information of the information provider. The authentication certificates of the certificate registry are associated in a manner at least partially dependent upon at least one of a particular type of information that the information providers provide, a particular organization that the information providers are associated with, a particular type profession in which the information providers are engaged and a particular geographical region in which the information providers are located.

摘要翻译： 证书注册系统被配置为向多个信息提供者中的每个信息提供者发送认证证书，并且维护与所有认证证书相对应的根证书。 每个认证证书将其相应的认证信息链接到相应的一个信息提供者的识别信息。 每个认证证书包括信息提供者的相应即时消息（IM）屏幕名称信息。 证书注册管理机构的认证证书至少部分地取决于信息提供者提供的特定类型的信息，信息提供者所关联的特定组织，特定类型职业中的至少一个，其中 信息提供者参与信息提供者所在的特定地理区域。

公开(公告)号：US07975290B2

公开(公告)日：2011-07-05

申请号：US11811306

申请日：2007-06-07

申请人： Stanley Chow ,  Jeff Smith ,  Christophe Gustave

发明人： Stanley Chow ,  Jeff Smith ,  Christophe Gustave

IPC分类号： H04L9/32 ,  H04L9/00

CPC分类号： H04L51/04 ,  H04L51/12 ,  H04L63/0823 ,  H04L63/126

摘要： A certificate registry system is configured to issue authentication certificates to each one of a plurality of information providers and to maintain a root certificate corresponding to all of the authentication certificates. Each one of the authentication certificates links respective authentication information thereof to identification information of a corresponding one of the information providers. Each one of the authentication certificates includes a respective Instant Messaging (IM) screen name information of the information provider. The authentication certificates of the certificate registry are associated in a manner at least partially dependent upon at least one of a particular type of information that the information providers provide, a particular organization that the information providers are associated with, a particular type profession in which the information providers are engaged and a particular geographical region in which the information providers are located.

摘要翻译： 证书注册系统被配置为向多个信息提供者中的每个信息提供者发送认证证书，并且维护与所有认证证书相对应的根证书。 每个认证证书将其相应的认证信息链接到相应的一个信息提供者的识别信息。 每个认证证书包括信息提供者的相应即时消息（IM）屏幕名称信息。 证书注册管理机构的认证证书至少部分地取决于信息提供者提供的特定类型的信息，信息提供者所关联的特定组织，特定类型职业中的至少一个，其中 信息提供者参与信息提供者所在的特定地理区域。

公开(公告)号：US20100054433A1

公开(公告)日：2010-03-04

申请号：US12231430

申请日：2008-09-03

申请人： Christophe Gustave ,  Stanley Chow ,  Shu-Lin Chen

发明人： Christophe Gustave ,  Stanley Chow ,  Shu-Lin Chen

IPC分类号： H04M1/64

CPC分类号： H04M3/533 ,  H04L63/0823

摘要： A method includes receiving an authentication certificate of a voice mail account holder and/or an authentication certificate of a caller wanting to leave a voice mail message the holders' voice mail account. A voice mail apparatus that provides voice mail service for the voice mail account holder performs such receiving. The account holder and/or the caller are authenticated after receiving the authentication certificate of the party being authenticated. Authenticating the account holder and/or the caller is performed using authentication information contained within the respective certificate. After such authentication is successfully performed, a voice mail message record can be created in the account of the account holder. Such creating includes allowing the caller to store the message in the account of the account holder in addition to associating authenticated identification information of the caller with the message and/or providing authenticated identification of the account holder to the caller.

摘要翻译： 一种方法包括：接收语音邮件账户持有人的认证证书和/或想要留下语音邮件消息的呼叫者的认证证书持有人的语音邮件账号。 为语音邮件帐户持有者提供语音邮件服务的语音邮件装置进行这种接收。 收到认证方认证证书后，账号持有人和/或主叫方进行认证。 使用包含在相应证书内的认证信息来执行认证帐户持有人和/或呼叫者。 在成功执行认证之后，可以在帐户持有人的帐户中创建语音邮件消息记录。 这样的创建包括允许呼叫者将消息存储在帐户持有者的帐户中，除了将呼叫者的认证身份信息与消息相关联和/或向呼叫者提供帐户持有人的认证身份。

公开(公告)号：US20080307226A1

公开(公告)日：2008-12-11

申请号：US11811236

申请日：2007-06-07

申请人： Stanley Chow ,  Jeff Smith ,  Christophe Gustave

发明人： Stanley Chow ,  Jeff Smith ,  Christophe Gustave

IPC分类号： H04L9/32 ,  G06F15/16 ,  H04L9/00

CPC分类号： H04L63/126 ,  H04L51/12 ,  H04L63/0823

摘要： A certificate registry system configured to issue authentication certificates to each one of a plurality of information providers and to maintain a root certificate corresponding to all of the authentication certificates, wherein each one of the authentication certificates links respective authentication information thereof to identification information of a corresponding one of the information providers, wherein each one of the authentication certificates is devoid of linkage between the corresponding one of the information providers and e-mail address information thereof, and wherein the authentication certificates of the certificate registry are associated in a manner at least partially dependent upon at least one of a particular type of information that the information providers provide, a particular organization that the information providers are associated with, a particular type profession in which the information providers are engaged and a particular geographical region in which the information providers are located.

摘要翻译： 一种证书注册系统，被配置为向多个信息提供者中的每一个提供认证证书，并维护与所有认证证书相对应的根证书，其中每个认证证书将其相应认证信息链接到对应的认证证书的识别信息 信息提供者之一，其中每个认证证书中没有相应的一个信息提供者和其电子邮件地址信息之间的链接，并且其中证书注册表的认证证书以至少部分的方式相关联 取决于信息提供者提供的特定类型的信息中的至少一种，信息提供者所关联的特定组织，信息提供者所参与的特定类型的职业以及特定的地理区域 信息提供者所在的位置。

公开(公告)号：US20100070771A1

公开(公告)日：2010-03-18

申请号：US12211980

申请日：2008-09-17

申请人： Shu-Lin Chen ,  Stanley Chow ,  Christophe Gustave

发明人： Shu-Lin Chen ,  Stanley Chow ,  Christophe Gustave

IPC分类号： H04L9/32

CPC分类号： H04L9/3263 ,  H04L63/0823 ,  H04L2209/80 ,  H04W12/06 ,  H04W84/12 ,  H04W88/08

摘要： A method is provided for authenticating an identity of an operator (10) of an access point (AP) (52) of a wireless local area network (WLAN) (50) to a client (40) seeking a connection with the AP (52). The method includes: registering the identity of the operator (10) of the AP (52) with a trusted certificate authority (CA) (20), the registering including providing the CA (20) with (i) identification information identifying the operator (10) and (ii) a public key (12) of the operator (10); creating an authentication certificate (30) including the operator's identification information and the operator's public key (12); signing the certificate (30) with a private key (28) of the CA (20); provisioning the AP (52) with the certificate (30) that was signed with the private key (28) of the CA (20); provisioning the client (40) with a public key (24) of the CA (20), the CA's public key (24) being a corresponding counterpart to the CA's private key (28); sending a certificate request from the client (40) to the AP (52); generating a signature with a private key (14) of the operator (10), the operator's private key (14) being a corresponding counterpart for the operator's public key (12); returning a certificate reply from the AP (52) to the client (40) in response to the request, the reply including the certificate (30) with which the AP (52) was provisioned signed by the AP (52) with the generated signature; using the CA's public key (24) with which the client was provisioned to obtain the operator's public key (12) from the certificate (30) received in the reply; and, using the operator's public key (12) obtained from the certificate (30) received in the reply to verify the signature generated with the operator's private key (14) and used by the AP (52) to sign the certificate (30) received in the reply.