公开(公告)号：US20070107052A1

公开(公告)日：2007-05-10

申请号：US10582848

申请日：2003-12-17

申请人： Gianluca Cangini ,  Gerardo Lamastra ,  Francesco Coda Zabetta ,  Paolo Abeni ,  Madalina Baltatu ,  Rosalia D'Alessandro ,  Stefano Brusotti ,  Sebastiano Di Paola ,  Manuel Leone ,  Federico Frosali

发明人： Gianluca Cangini ,  Gerardo Lamastra ,  Francesco Coda Zabetta ,  Paolo Abeni ,  Madalina Baltatu ,  Rosalia D'Alessandro ,  Stefano Brusotti ,  Sebastiano Di Paola ,  Manuel Leone ,  Federico Frosali

IPC分类号： G06F12/14

CPC分类号： G06F21/554 ,  G06F21/55

摘要： Apparatus for monitoring operation of a processing system includes a set of modules for monitoring operation of a set of system primitives that allocate or release the system resources and are used by different processes running on the system. Preferably, the modules include at least one application knowledge module tracking the processes running on the system and monitoring the resources used thereby, a network knowledge module monitoring connections by the processes running on the system, a file-system analysis module monitoring the file-related operations performed within the system, and a device monitoring module monitoring operation of commonly used modules with the system. A preferred field of application is in host-based intrusion detection systems.

摘要翻译： 用于监视处理系统的操作的装置包括一组模块，用于监视分配或释放系统资源并被系统上运行的不同进程使用的一组系统原语的操作。 优选地，所述模块包括至少一个应用知识模块，其跟踪在系统上运行的进程并监视由此使用的资源，网络知识模块通过系统上运行的进程来监视连接，文件系统分析模块监视文件相关 在系统内执行的操作，以及设备监控模块，监视系统中常用模块的操作。 优选的应用领域是基于主机的入侵检测系统。

公开(公告)号：US20100058442A1

公开(公告)日：2010-03-04

申请号：US12448637

申请日：2006-12-26

申请人： Luciana Costa ,  Giorgio Freguglia ,  Federico Frosali

发明人： Luciana Costa ,  Giorgio Freguglia ,  Federico Frosali

IPC分类号： H04L29/06

CPC分类号： H04L63/20 ,  H04W12/06 ,  H04W12/08 ,  H04W12/12 ,  H04W40/24 ,  H04W84/18

摘要： A method of enforcing security policies in a mobile ad-hoc network, includes: entrusting at least one first network node along a data traffic route from a data traffic origin node to a data traffic destination node, with the enforcing of predefined security policies on the data traffic; and entrusting at least one second network node, distinct from said first network node, with the control of the enforcement of the security policies by the first network node.

摘要翻译： 一种在移动自组织网络中实施安全策略的方法包括：在数据业务源节点到数据业务目的地节点之间，沿着数据业务路由委托至少一个第一网络节点，同时在 数据流量 以及委托与所述第一网络节点不同的至少一个第二网络节点与所述第一网络节点对所述安全策略的强制的控制。

公开(公告)号：US08621201B2

公开(公告)日：2013-12-31

申请号：US11922781

申请日：2005-06-29

申请人： Luciana Costa ,  Giorgio Freguglia ,  Federico Frosali ,  Romano Fantacci ,  Leonardo Maccari ,  Tommaso Pecorella

发明人： Luciana Costa ,  Giorgio Freguglia ,  Federico Frosali ,  Romano Fantacci ,  Leonardo Maccari ,  Tommaso Pecorella

IPC分类号： H04M1/68

CPC分类号： H04L63/08 ,  H04L63/0807 ,  H04L63/162 ,  H04W12/04 ,  H04W12/06 ,  H04W84/12

摘要： In a wireless communications network including at least one authenticator and at least one authentication server, wherein the authenticator is adapted to interact with the authentication server for authenticating supplicants in order to conditionally grant thereto access to the wireless communications network, a short authentication method for authenticating a supplicant, the method including: providing a shared secret, shared by and available at the supplicant and the authentication server; having the supplicant provide to the authenticator an authentication token, wherein the authentication token is based on the shared secret available thereat; having the authenticator forward the authentication token to the authentication server; having the authentication server ascertain an authenticity of the received authentication token based on the shared secret available thereat; in case the authenticity of the authentication token is ascertained, having the authentication server generate a first authentication key based on the shared secret available thereat, and provide the generated authentication key to the authenticator; having the supplicant generate a second authentication key based on the shared secret; and having the supplicant and the authenticator exploit the generated first and the second keys for communicating with each other. The short authentication method is particularly useful in situations of handoff of the supplicant from an authenticator to another.

摘要翻译： 在包括至少一个认证器和至少一个认证服务器的无线通信网络中，其中所述认证器适于与所述认证服务器交互以认证请求者，以有条件地向其授予对所述无线通信网络的访问，用于认证的短认证方法 一种请求方，该方法包括：提供在请求方和认证服务器共享和可用的共享密钥; 请求者向认证者提供认证令牌，其中认证令牌基于可用的共享秘密; 使认证者将认证令牌转发到认证服务器; 使认证服务器基于可用的共享秘密来确定接收到的认证令牌的真实性; 在确定认证令牌的真实性的情况下，使认证服务器基于可用的共享秘密生成第一认证密钥，并将所生成的认证密钥提供给认证者; 使请求者基于共享密钥生成第二认证密钥; 并且让请求者和认证者利用生成的第一和第二密钥进行通信。 短认证方法在请求方从认证方切换到另一方的情况下特别有用。

公开(公告)号：US20080043686A1

公开(公告)日：2008-02-21

申请号：US11794249

申请日：2004-12-30

申请人： Luigi Sperti ,  Maria Mollo ,  Federico Frosali ,  Giorgio Freguglia

发明人： Luigi Sperti ,  Maria Mollo ,  Federico Frosali ,  Giorgio Freguglia

IPC分类号： H04Q7/24

CPC分类号： H04W12/12 ,  G06F21/55 ,  H04L63/1408 ,  H04L63/1458 ,  H04W12/00 ,  H04W24/00

摘要： A method of detecting attacks in a wireless data communications network, includes: monitoring wireless traffic over the wireless data communications network; deriving a first network state from the monitored wireless traffic; acquiring trusted information indicative of a wireless network state from at least one apparatus of a network infrastructure; establishing a second network state based on the acquired trusted information; comparing the derived first network state with the second network state, and determining a wireless network attack in case of incoherence between the derived first network state compared to the second network state.

摘要翻译： 一种检测无线数据通信网络中的攻击的方法，包括：监测无线数据通信网络上的无线流量; 从所监视的无线业务导出第一网络状态; 从网络基础设施的至少一个设备获取指示无线网络状态的可信信息; 基于所获取的可信信息建立第二网络状态; 将导出的第一网络状态与第二网络状态进行比较，以及在与所述第二网络状态相比所导出的第一网络状态之间的不一致的情况下确定无线网络攻击。

公开(公告)号：US09015473B2

公开(公告)日：2015-04-21

申请号：US12085768

申请日：2005-11-30

申请人： Luciana Costa ,  Paolo De Lutiis ,  Federico Frosali

发明人： Luciana Costa ,  Paolo De Lutiis ,  Federico Frosali

IPC分类号： H04L29/00 ,  H04L29/06

CPC分类号： H04L63/0442 ,  H04L63/062 ,  H04L63/0823 ,  H04L63/10

摘要： In a communications network including at least one authentication entity adapted to authenticating a network access requestor in order to conditionally grant thereto access to the communications network, wherein the authenticating is based on public key cryptography, a method for automatically provisioning the network access requestor with service access credentials for accessing an on-line service offered by an on-line service provider accessible through the communications network. The method includes: during the authenticating the network access requestor, having an authentication entity request to the on-line service provider the generation of the service access credentials; at the on-line service provider, generating the service access credentials, encrypting the service access credentials by exploiting a public encryption key of the network access requestor and providing the encrypted service access credentials to the authentication entity; and having the authentication entity cause the network access requestor to be provided with the encrypted service access credentials.

摘要翻译： 在包括适于认证网络访问请求者的至少一个认证实体的通信网络中，以有条件地向其通知对通信网络的访问，其中所述认证是基于公开密钥密码术的方法，用于使用服务自动地配置网络接入请求者的方法 用于访问通过通信网络访问的在线服务提供商提供的在线服务的访问凭证。 该方法包括：在认证网络接入请求者期间，向在线服务提供商发送认证实体请求产生业务接入证书; 在在线服务提供商处，生成服务访问凭证，通过利用网络访问请求者的公共加密密钥来加密服务访问凭证，并将加密的服务访问凭证提供给认证实体; 并且使认证实体使网络访问请求者被提供加密的服务访问凭证。

公开(公告)号：US20090158032A1

公开(公告)日：2009-06-18

申请号：US12085768

申请日：2005-11-30

申请人： Luciana Costa ,  Paolo De Lutiis ,  Federico Frosali

发明人： Luciana Costa ,  Paolo De Lutiis ,  Federico Frosali

IPC分类号： H04L9/00 ,  H04L29/06 ,  H04K1/00

CPC分类号： H04L63/0442 ,  H04L63/062 ,  H04L63/0823 ,  H04L63/10

摘要： In a communications network including at least one authentication entity adapted to authenticating a network access requestor in order to conditionally grant thereto access to the communications network, wherein the authenticating is based on public key cryptography, a method for automatically provisioning the network access requestor with service access credentials for accessing an on-line service offered by an on-line service provider accessible through the communications network. The method includes: during the authenticating the network access requestor, having an authentication entity request to the on-line service provider the generation of the service access credentials; at the on-line service provider, generating the service access credentials, encrypting the service access credentials by exploiting a public encryption key of the network access requestor and providing the encrypted service access credentials to the authentication entity; and having the authentication entity cause the network access requestor to be provided with the encrypted service access credentials.

摘要翻译： 在包括适于认证网络访问请求者的至少一个认证实体的通信网络中，以有条件地向其通知对通信网络的访问，其中所述认证是基于公开密钥密码术的方法，用于使用服务自动地配置网络接入请求者的方法 用于访问通过通信网络访问的在线服务提供商提供的在线服务的访问凭证。 该方法包括：在认证网络接入请求者期间，向在线服务提供商发送认证实体请求产生业务接入证书; 在在线服务提供商处，生成服务访问凭证，通过利用网络访问请求者的公共加密密钥来加密服务访问凭证，并将加密的服务访问凭证提供给认证实体; 并且使认证实体使网络访问请求者被提供加密的服务访问凭证。

公开(公告)号：US08370894B2

公开(公告)日：2013-02-05

申请号：US12448637

申请日：2006-12-29

申请人： Luciana Costa ,  Giorgio Freguglia ,  Federico Frosali

发明人： Luciana Costa ,  Giorgio Freguglia ,  Federico Frosali

IPC分类号： H04L29/06 ,  G06F17/00 ,  G06F15/16

CPC分类号： H04L63/20 ,  H04W12/06 ,  H04W12/08 ,  H04W12/12 ,  H04W40/24 ,  H04W84/18

摘要： A method of enforcing security policies in a mobile ad-hoc network, includes: entrusting at least one first network node along a data traffic route from a data traffic origin node to a data traffic destination node, with the enforcing of predefined security policies on the data traffic; and entrusting at least one second network node, distinct from said first network node, with the control of the enforcement of the security policies by the first network node.

摘要翻译： 一种在移动自组织网络中实施安全策略的方法包括：在数据业务源节点到数据业务目的地节点之间，沿着数据业务路由委托至少一个第一网络节点，同时在 数据流量 以及委托与所述第一网络节点不同的至少一个第二网络节点与所述第一网络节点对所述安全策略的强制的控制。

公开(公告)号：US08369830B2

公开(公告)日：2013-02-05

申请号：US11794249

申请日：2004-12-30

申请人： Luigi Sperti ,  Maria José Mollo ,  Federico Frosali ,  Giorgio Freguglia

发明人： Luigi Sperti ,  Maria José Mollo ,  Federico Frosali ,  Giorgio Freguglia

IPC分类号： H04M1/66

CPC分类号： H04W12/12 ,  G06F21/55 ,  H04L63/1408 ,  H04L63/1458 ,  H04W12/00 ,  H04W24/00

摘要： A method of detecting attacks in a wireless data communications network, includes: monitoring wireless traffic over the wireless data communications network; deriving a first network state from the monitored wireless traffic; acquiring trusted information indicative of a wireless network state from at least one apparatus of a network infrastructure; establishing a second network state based on the acquired trusted information; comparing the derived first network state with the second network state, and determining a wireless network attack in case of incoherence between the derived first network state compared to the second network state.

摘要翻译： 一种检测无线数据通信网络中的攻击的方法，包括：监测无线数据通信网络上的无线流量; 从所监视的无线业务导出第一网络状态; 从网络基础设施的至少一个设备获取指示无线网络状态的可信信息; 基于所获取的可信信息建立第二网络状态; 将导出的第一网络状态与第二网络状态进行比较，以及在与所述第二网络状态相比所得到的第一网络状态之间的不相干的情况下确定无线网络攻击。

公开(公告)号：US20090217033A1

公开(公告)日：2009-08-27

申请号：US11922781

申请日：2005-06-29

申请人： Luciana Costa ,  Giorgio Freguglia ,  Federico Frosali ,  Romano Fantacci ,  Leonardo Maccari ,  Tommaso Pecorella

发明人： Luciana Costa ,  Giorgio Freguglia ,  Federico Frosali ,  Romano Fantacci ,  Leonardo Maccari ,  Tommaso Pecorella

IPC分类号： H04L29/06 ,  H04L9/00 ,  G06F15/16 ,  H04K1/00

CPC分类号： H04L63/08 ,  H04L63/0807 ,  H04L63/162 ,  H04W12/04 ,  H04W12/06 ,  H04W84/12

摘要： In a wireless communications network including at least one authenticator and at least one authentication server, wherein the authenticator is adapted to interact with the authentication server for authenticating supplicants in order to conditionally grant thereto access to the wireless communications network, a short authentication method for authenticating a supplicant, the method including: providing a shared secret, shared by and available at the supplicant and the authentication server; having the supplicant provide to the authenticator an authentication token, wherein the authentication token is based on the shared secret available thereat; having the authenticator forward the authentication token to the authentication server; having the authentication server ascertain an authenticity of the received authentication token based on the shared secret available thereat; in case the authenticity of the authentication token is ascertained, having the authentication server generate a first authentication key based on the shared secret available thereat, and provide the generated authentication key to the authenticator; having the supplicant generate a second authentication key based on the shared secret; and having the supplicant and the authenticator exploit the generated first and the second keys for communicating with each other. The short authentication method is particularly useful in situations of handoff of the supplicant from an authenticator to another.

摘要翻译： 在包括至少一个认证器和至少一个认证服务器的无线通信网络中，其中所述认证器适于与所述认证服务器交互以认证请求者，以有条件地向其授予对所述无线通信网络的访问，用于认证的短认证方法 一种请求方，该方法包括：提供在请求方和认证服务器共享和可用的共享密钥; 请求者向认证者提供认证令牌，其中认证令牌基于可用的共享秘密; 使认证者将认证令牌转发到认证服务器; 使认证服务器基于可用的共享秘密来确定接收到的认证令牌的真实性; 在确定认证令牌的真实性的情况下，使认证服务器基于可用的共享秘密生成第一认证密钥，并将所生成的认证密钥提供给认证者; 使请求者基于共享密钥生成第二认证密钥; 并且让请求者和认证者利用生成的第一和第二密钥进行通信。 短认证方法在请求方从认证方切换到另一方的情况下特别有用。