利索-全球专利检索

  1. 登录
  2. 注册

搜索结果

215 条记录 (耗时 0.029 秒)

    System and method for enabling scalable security in a virtual private network
    3.
    发明授权
    System and method for enabling scalable security in a virtual private network 有权
    用于实现虚拟专用网络中的可扩展安全性的系统和方法

    公开(公告)号:US07765581B1

    公开(公告)日:2010-07-27

    申请号:US09457914

    申请日:1999-12-10

    申请人: Germano Caronni Amit Gupta Sandeep Kumar Tom R. Markson Christoph L. Schuba Glenn C. Scott

    发明人: Germano Caronni Amit Gupta Sandeep Kumar Tom R. Markson Christoph L. Schuba Glenn C. Scott

    IPC分类号: H04L9/00

    CPC分类号: H04L63/0272 H04L29/12009 H04L29/12367 H04L29/12396 H04L29/12471 H04L29/12528 H04L61/2514 H04L61/2525 H04L61/2553 H04L61/2575

    摘要: Methods and systems consistent with the present invention provide dynamic security policies that change the granularity of the security at the node level, process level, or socket level. Specifically, a channel number and virtual address are associated with various processes included in a process table. Since a security policy is required for all processes, secure and insecure processes located on the same channel may communicate with one another. Moreover, processes located on different channels may communicate with one another by a gateway that connects both channels. This scalable blanketing security approach provides an institutionalized method for securing any process, node or socket by providing a unique mechanism for policy enforcement at runtime or by changing the security policies.

    摘要翻译: 与本发明一致的方法和系统提供动态安全策略,其改变节点级别,过程级别或套接字级别的安全性的粒度。 具体地,通道号和虚拟地址与包括在处理表中的各种处理相关联。 由于所有进程都需要安全策略,因此位于同一通道上的安全和不安全进程可能会相互通信。 此外,位于不同信道上的进程可以通过连接两个信道的网关彼此通信。 这种可扩展的覆盖安全方法提供了一种制度化的方法,用于通过在运行时或通过更改安全策略提供用于策略实施的唯一机制来保护任何进程,节点或套接字。

    Decoupling access control from key management in a network
    4.
    发明授权
    Decoupling access control from key management in a network 有权
    将访问控制从网络中的密钥管理中解耦

    公开(公告)号:US07336790B1

    公开(公告)日:2008-02-26

    申请号:US09458020

    申请日:1999-12-10

    申请人: Germano Caronni Amit Gupta Tom R. Markson Sandeep Kumar Christoph L. Schuba Glenn C. Scott

    发明人: Germano Caronni Amit Gupta Tom R. Markson Sandeep Kumar Christoph L. Schuba Glenn C. Scott

    IPC分类号: H04L9/32

    CPC分类号: H04L63/0272

    摘要: Methods and systems consistent with the present invention provide a Supernet, a private network constructed out of components from a public-network infrastructure. Supernet nodes can be located on virtually any device in the public network (e.g., the Internet), and both their communication and utilization of resources occur in a secure manner. As a result, the users of a Supernet benefit from their network infrastructure being maintained for them as part of the public-network infrastructure, while the level of security they receive is similar to that of a private network. The Supernet has an access control component and a key management component which are decoupled. The access control component implements an access control policy that determines which users are authorized to use the network, and the key management component implements the network's key management policies, which indicate when keys are generated and what encryption algorithm is used. Both access control and key management are separately configurable. Thus, the Supernet provides great flexibility by allowing different key management policies to be used with the same access control component.

    摘要翻译: 与本发明一致的方法和系统提供了一种Supernet,一种由公共网络基础设施的组件构成的私有网络。 超网络节点可以位于公共网络(例如,因特网)中的几乎任何设备上,并且资源的通信和利用都以安全的方式发生。 因此,Supernet的用户受益于其网络基础架构,作为公共网络基础架构的一部分,而其接收的安全级别与私有网络的安全级别相似。 Supernet具有访问控制组件和分离的密钥管理组件。 访问控制组件实现访问控制策略,其确定哪些用户被授权使用网络,并且密钥管理组件实现网络的密钥管理策略,其指示生成密钥以及使用什么加密算法。 访问控制和密钥管理都可以单独配置。 因此,通过允许不同的密钥管理策略与相同的访问控制组件一起使用,Supernet提供了极大的灵活性。

    Using multicasting to provide ethernet-like communication behavior to selected peers on a network
    5.
    发明授权
    Using multicasting to provide ethernet-like communication behavior to selected peers on a network 有权
    使用组播为网络上的选定对等体提供类似以太网的通信行为

    公开(公告)号:US06870842B1

    公开(公告)日:2005-03-22

    申请号:US09457915

    申请日:1999-12-10

    申请人: Germano Caronni Amit Gupta Tom R. Markson Sandeep Kumar Christoph L. Schuba Glenn C. Scott

    发明人: Germano Caronni Amit Gupta Tom R. Markson Sandeep Kumar Christoph L. Schuba Glenn C. Scott

    IPC分类号: H04L12/18 H04L12/28 H04L12/56

    CPC分类号: H04L12/18

    摘要: Methods and systems consistent with the present invention provide a Supernet, a private network constructed out of components from a public-network infrastructure. Supernet nodes can be located on virtually any device in the public network (e.g., the Internet), and both their communication and utilization of resources occur in a secure manner. The Supernet also uses multicast communication to create Ethernet-like communication between its nodes. In using multicasting, each communication of each node on a channel in the private network is sent to a multicast address which sends it to all of the nodes on the channel. Sending a copy of every communication to all of the other nodes on the channel makes system tasks, like debugging, easy for the nodes on the channel. The multicasting provided by the private network is dynamic in that multicast addresses can be assigned for use by a channel and reclaimed so as to allow sharing of the multicast addresses.

    摘要翻译: 与本发明一致的方法和系统提供了一种Supernet,一种由公共网络基础设施的组件构成的私有网络。 超网络节点可以位于公共网络(例如,因特网)中的几乎任何设备上,并且资源的通信和利用都以安全的方式发生。 Supernet还使用组播通信在其节点之间创建类似以太网的通信。 在使用多播时,专网中信道上的每个节点的每个通信都被发送到多播地址,将其发送到该信道上的所有节点。 将每个通信的副本发送到通道上的所有其他节点,使得系统任务(如调试)对于通道上的节点很容易。 由私有网络提供的多播是动态的,因为多播地址可以被分配给信道使用并被回收以允许多播地址的共享。

    Truly anonymous communications using supernets, with the provision of topology hiding
    7.
    发明授权
    Truly anonymous communications using supernets, with the provision of topology hiding 有权
    真正的匿名通信使用超集,提供拓扑隐藏

    公开(公告)号:US06798782B1

    公开(公告)日:2004-09-28

    申请号:US09457917

    申请日:1999-12-10

    申请人: Germano Caronni Amit Gupta Sandeep Kumar Tom R. Markson Christoph L. Schuba Glenn C. Scott

    发明人: Germano Caronni Amit Gupta Sandeep Kumar Tom R. Markson Christoph L. Schuba Glenn C. Scott

    IPC分类号: H04L1228

    CPC分类号: H04L63/0272 H04L29/12009 H04L29/12433 H04L61/2539 H04L63/0407 H04L63/0414 H04L63/0421 H04L63/08

    摘要: Methods and systems consistent with the present invention provide a Supernet, a private network constructed out of components from a public-network infrastructure. Supernet nodes can be located on virtually any device in the public network (e.g., the Internet), and both their communication and utilization of resources occur in a secure manner by providing for anonymous communications within the network through addressing. As a result, the users of a Supernet benefit from their network infrastructure being maintained for them as part of the public-network infrastructure, while the level of security they receive is similar to that of a private network. Additionally, the nodes of the Supernet are not geographically restricted in that they can be connected to the Supernet from virtually any portal to the Internet in the world.

    摘要翻译: 与本发明一致的方法和系统提供了一种Supernet,一种由公共网络基础设施的组件构成的私有网络。 超级网络节点可以位于公共网络(例如,因特网)中的几乎任何设备上,并且它们的资源的通信和利用都以安全的方式发生,通过寻址来提供网络内的匿名通信。 因此,Supernet的用户受益于其网络基础架构,作为公共网络基础架构的一部分,而其接收的安全级别与私有网络的安全级别相似。 此外,Supernet的节点不受地域限制,因为它们可以从世界上几乎任何门户到互联网连接到Supernet。

    Method and apparatus for providing secure communication with a relay in a network
    9.
    发明授权
    Method and apparatus for providing secure communication with a relay in a network 有权
    用于提供与网络中的中继器的安全通信的方法和装置

    公开(公告)号:US06643701B1

    公开(公告)日:2003-11-04

    申请号:US09441451

    申请日:1999-11-17

    申请人: Ashar Aziz Geoffrey Baehr Germano Caronni Amit Gupta Vipul Gupta Glenn C. Scott

    发明人: Ashar Aziz Geoffrey Baehr Germano Caronni Amit Gupta Vipul Gupta Glenn C. Scott

    IPC分类号: G06F1516

    CPC分类号: H04L63/0442 G06F21/33 G06F21/445 G06Q20/367 G06Q20/382 H04L63/0823 H04L63/166 H04L67/14

    摘要: Methods and systems of the present invention include providing a connection between a first computer and a second computer by receiving, at a third computer, information regarding one of the first and second computers to facilitate establishment of a secure connection between the first computer and the second computer, creating a first end-to-end security link between the first computer and third computer, and creating a second end-to-end security link between the second computer and the third computer to establish the secure connection. The first and second computers could be a client and a server on the Internet, and these methods and systems can, for example, increase the possible number of new secure connections to the server. The third computer also permits processing of information transmitted between the client and server in the third computer. For example, the information could be reformatted or used in testing a process of one of the first and second computers.

    摘要翻译: 本发明的方法和系统包括通过在第三计算机处接收关于第一和第二计算机之一的信息来提供第一计算机和第二计算机之间的连接,以便于建立第一计算机与第二计算机之间的安全连接 计算机,在第一计算机和第三计算机之间创建第一端到端安全链路,以及在第二计算机和第三计算机之间创建第二端到端安全链路以建立安全连接。 第一和第二台计算机可以是因特网上的客户端和服务器,并且这些方法和系统可以例如增加到服务器的可能数量的新的安全连接。 第三计算机还允许在第三计算机中处理在客户端和服务器之间传送的信息。 例如,可以将信息重新格式化或用于测试第一和第二计算机之一的过程。