-
公开(公告)号:US20110173699A1
公开(公告)日:2011-07-14
申请号:US12686959
申请日:2010-01-13
申请人: Igal Figlin , Arthur Zavalkovsky , Lior Arzi , Efim Hudis , Jennifer R. LeMond , Robert Eric Fitzgerald , Khaja E. Ahmed , Jeffrey S. Williams , Edward W. Hardy
发明人: Igal Figlin , Arthur Zavalkovsky , Lior Arzi , Efim Hudis , Jennifer R. LeMond , Robert Eric Fitzgerald , Khaja E. Ahmed , Jeffrey S. Williams , Edward W. Hardy
IPC分类号: G06F11/00
CPC分类号: H04L63/1441 , H04L63/1408 , H04L63/1433 , H04L63/205
摘要: A network security system employing multiple levels of processing to identify security threats. Multiple host machines may each contain an agent that detects possibilities of security threats based on raw data sensed locally at that host. The hosts may share information obtained from local analysis and each host may use information generated at one or more other hosts, in combination with information generated locally, to identify a security concern, indicating with greater certainty that a security threat exists. Based on security concerns generated by multiple hosts, a security threat may be indicated and protective action may be taken.
摘要翻译: 一种采用多级处理的网络安全系统来识别安全威胁。 多台主机可能每个都包含一个代理,该代理可以根据在该主机本地感测到的原始数据来检测安全威胁的可能性。 主机可以共享从本地分析获得的信息,并且每个主机可以使用在一个或多个其他主机上生成的信息以及本地生成的信息来识别安全性关注,更确定地指出存在安全威胁。 基于多个主机产生的安全问题,可能会指出安全威胁,并可采取保护措施。
-
公开(公告)号:US08516576B2
公开(公告)日:2013-08-20
申请号:US12686959
申请日:2010-01-13
申请人: Igal Figlin , Arthur Zavalkovsky , Lior Arzi , Efim Hudis , Jennifer R. LeMond , Robert Eric Fitzgerald , Khaja E. Ahmed , Jeffrey S. Williams , Edward W. Hardy
发明人: Igal Figlin , Arthur Zavalkovsky , Lior Arzi , Efim Hudis , Jennifer R. LeMond , Robert Eric Fitzgerald , Khaja E. Ahmed , Jeffrey S. Williams , Edward W. Hardy
IPC分类号: H04L29/06
CPC分类号: H04L63/1441 , H04L63/1408 , H04L63/1433 , H04L63/205
摘要: A network security system employing multiple levels of processing to identify security threats. Multiple host machines may each contain an agent that detects possibilities of security threats based on raw data sensed locally at that host. The hosts may share information obtained from local analysis and each host may use information generated at one or more other hosts, in combination with information generated locally, to identify a security concern, indicating with greater certainty that a security threat exists. Based on security concerns generated by multiple hosts, a security threat may be indicated and protective action may be taken.
摘要翻译: 一种采用多级处理的网络安全系统来识别安全威胁。 多台主机可能每个都包含一个代理,该代理可以根据在该主机本地感测到的原始数据来检测安全威胁的可能性。 主机可以共享从本地分析获得的信息,并且每个主机可以使用在一个或多个其他主机上生成的信息以及本地生成的信息来识别安全性关注,更确定地指出存在安全威胁。 基于多个主机产生的安全问题,可能会指出安全威胁,并可采取保护措施。
-
公开(公告)号:US09344432B2
公开(公告)日:2016-05-17
申请号:US12822724
申请日:2010-06-24
申请人: Yair Tor , Daniel Rose , Eugene (John) Neystadt , Patrik Schnell , Moshe Sapir , Oleg Ananiev , Arthur Zavalkovsky , Anat Eyal
发明人: Yair Tor , Daniel Rose , Eugene (John) Neystadt , Patrik Schnell , Moshe Sapir , Oleg Ananiev , Arthur Zavalkovsky , Anat Eyal
CPC分类号: H04L63/102 , G06F21/33 , G06F21/41 , H04L63/0807 , H04L63/0823 , H04L63/10 , H04L63/107 , H04L63/164
摘要: Embodiments of the invention provide techniques for basing access control decisions at the network layer at least in part on information provided in claims, which may describe attributes of a computer requesting access, one or more resources to which access is requested, the user, the circumstances surrounding the requested access, and/or other information. The information may be evaluated based on one or more access control policies, which may be pre-set or dynamically generated, and used in making a decision whether to grant or deny the computer access to the specified resource(s).
摘要翻译: 本发明的实施例提供了至少部分地基于在权利要求中提供的信息来在网络层基础访问控制决策的技术,其可以描述请求访问的计算机的属性,请求访问的一个或多个资源,用户,情况 围绕所请求的访问,和/或其他信息。 可以基于可以被预先设置或动态生成的一个或多个访问控制策略来评估信息,并且用于做出是否授予或拒绝计算机对指定资源的访问的决定。
-
4.发明申请METHOD AND APPARATUS FOR VERIFYING REVOCATION STATUS OF A DIGITAL CERTIFICATE 有权用于验证数字证书的撤销状态的方法和装置公开(公告)号:US20090132812A1
公开(公告)日:2009-05-21
申请号:US12356777
申请日:2009-01-21
申请人: Alexey Kobozev , Arthur Zavalkovsky , Ilan Frenkel
发明人: Alexey Kobozev , Arthur Zavalkovsky , Ilan Frenkel
IPC分类号: H04L9/00
CPC分类号: H04L9/3263 , H04L2209/805
摘要: Verifying revocation status of a digital certificate is provided in part by a receiver verifying a security certificate for a sender. In an embodiment, an approach comprises receiving a first security certificate associated with the sender and storing the security certificate in a location accessible to the receiver; updating the first security certificate in the location accessible to the receiver if the first security certificate is changed or revoked; receiving a second security certificate from the sender when identity of the sender needs to be verified; comparing the second security certificate to the first security certificate; and confirming the sender's identity only if the second security certificate matches the first security certificate for the sender.
摘要翻译: 验证数字证书的撤销状态部分由验证发件人的安全证书的接收方提供。 在一个实施例中,一种方法包括接收与发送者相关联的第一安全证书,并将安全证书存储在接收者可访问的位置; 如果第一安全证书被更改或撤销,则在接收者可访问的位置更新第一安全证书; 当发送方的身份需要被验证时,从发送方接收第二个安全证书; 将第二安全证书与第一安全证书进行比较; 并且仅当第二安全证书与发送者的第一安全证书匹配时才确认发件人的身份。
-
5.发明授权公开(公告)号:US07500100B1
公开(公告)日:2009-03-03
申请号:US10660413
申请日:2003-09-10
申请人: Alexey Kobozev , Arthur Zavalkovsky , Ilan Frenkel
发明人: Alexey Kobozev , Arthur Zavalkovsky , Ilan Frenkel
IPC分类号: H04L9/00
CPC分类号: H04L9/3263 , H04L2209/805
摘要: A method and apparatus for verifying revocation status of a digital certificate is provided. The invention operates in part by a receiver verifying a security certificate for a sender. In various embodiments the steps to accomplish this include receiving a first security certificate associated with the sender and storing the security certificate in a location accessible to the receiver; updating the first security certificate in the location accessible to the receiver if the first security certificate is changed or revoked; receiving a second security certificate from the sender when identity of the sender needs to be verified; comparing the second security certificate to the first security certificate; and confirming the sender's identity only if the second security certificate matches the first security certificate for the sender.
摘要翻译: 提供一种用于验证数字证书的撤销状态的方法和装置。 本发明部分地由验证发送者的安全证书的接收者进行操作。 在各种实施例中,完成这一步骤的步骤包括:接收与发送者相关联的第一安全证书,并将安全证书存储在接收者可访问的位置; 如果第一安全证书被更改或撤销,则更新接收者可访问的位置中的第一安全证书; 当发送方的身份需要被验证时,从发送方接收第二个安全证书; 将第二安全证书与第一安全证书进行比较; 并且仅当第二安全证书与发送者的第一安全证书匹配时才确认发件人的身份。
-
6.发明授权Method and apparatus for balancing wireless access based on centralized information 有权基于集中式信息平衡无线接入的方法和装置公开(公告)号:US07336960B2
公开(公告)日:2008-02-26
申请号:US10974418
申请日:2004-10-26
IPC分类号: H04Q7/20
摘要: A method and apparatus for managing and balancing wireless access based on centralized information is provided. A request to provide service to a wireless client is received from a first access node in a plurality of access node. An access policy, applicable to the first access node, is selected from a plurality of stored policies. The stored policies may include a variety of rules, such as how many or which wireless clients may be serviced by an access node. A centralized manager, such as an AAA server, may perform the selection of the access policy. A determination is made as to whether to allow the first access node to provide service to the wireless client based on the selected access policy. A message that instructs the first access node whether to provide or deny service to the wireless client is transmitted to the first access node.
摘要翻译: 提供了一种基于集中式信息管理和平衡无线接入的方法和装置。 从多个接入节点中的第一接入节点接收向无线客户端提供业务的请求。 从多个存储的策略中选择适用于第一接入节点的接入策略。 存储的策略可以包括各种规则,诸如可以由接入节点服务多少个或哪些无线客户端。 诸如AAA服务器的集中管理器可以执行访问策略的选择。 确定是否允许第一接入节点基于所选择的接入策略向无线客户端提供服务。 指示第一接入节点是否向无线客户端提供或拒绝服务的消息被发送到第一接入节点。
-
7.发明授权Method and apparatus for maintaining consistent per-hop forwarding behavior in a network using network-wide per-hop behavior definitions 有权使用网络范围的每跳行为定义在网络中维护一致的每跳转发行为的方法和装置公开(公告)号:US07027410B2
公开(公告)日:2006-04-11
申请号:US10938242
申请日:2004-09-09
申请人: Arthur Zavalkovsky , Nitsan Elfassy , Ron Cohen
发明人: Arthur Zavalkovsky , Nitsan Elfassy , Ron Cohen
IPC分类号: G01R31/08
CPC分类号: H04L47/10 , H04L41/0893 , H04L47/17 , H04L47/20 , H04L47/2408 , H04L47/2458 , H04L47/30 , H04L47/36
摘要: A method, apparatus, and computer-readable medium configured for maintaining consistent per-hop packet forwarding behavior among a plurality of network devices in a network within a Differentiated Services (DS) domain are disclosed. In one aspect, a method involves creating and storing a network-wide PHB definition that associates a PHB with a DS code point (DSCP) value, and with a set of parameters that define the bandwidth and buffer resources allocated to the PHBs on all interfaces of network devices within the DS domain. A mapping of each of the PHBs in the network-wide PHB definition to one or more queues of the network devices is determined. Drain size and queue size values are determined for each of the queues to which PHBs are mapped. A mapping of each of the PHBs to a threshold value associated with the queues is determined. Parameters of fragmentation and interleave mechanisms are determined. Network device configuration parameter values based on the mappings, the drain size, and the queue size, etc. are sent to each of the network devices within the DS domain. As a result, consistent PHB is achieved throughout a network using abstract definitions of PHBs.
摘要翻译: 公开了一种配置用于在区分服务(DS)域内的网络中的多个网络设备之间维持一致的每跳包转发行为的方法,装置和计算机可读介质。 在一个方面,一种方法涉及创建和存储将PHB与DS代码点(DSCP)值相关联的全网PHB定义,以及定义在所有接口上分配给PHB的带宽和缓冲器资源的一组参数 的DS域内的网络设备。 确定网络范围PHB定义中的每个PHB与网络设备的一个或多个队列的映射。 为PHB映射到的每个队列确定排水大小和排队大小值。 确定每个PHB到与队列相关联的阈值的映射。 确定碎片和交织机制的参数。 基于映射,排水大小和队列大小等的网络设备配置参数值被发送到DS域内的每个网络设备。 因此,使用PHB的抽象定义,在整个网络中实现了一致的PHB。
-
8.发明授权Method and apparatus for maintaining consistent per-hop forwarding behavior in a network using network-wide per-hop behavior definitions 有权使用网络范围的每跳行为定义在网络中维护一致的每跳转发行为的方法和装置公开(公告)号:US06839327B1
公开(公告)日:2005-01-04
申请号:US09753034
申请日:2000-12-28
申请人: Arthur Zavalkovsky , Nitsan Elfassy , Ron Cohen
发明人: Arthur Zavalkovsky , Nitsan Elfassy , Ron Cohen
CPC分类号: H04L47/10 , H04L41/0893 , H04L47/17 , H04L47/20 , H04L47/2408 , H04L47/2458 , H04L47/30 , H04L47/36
摘要: A method, apparatus, and computer-readable medium configured for maintaining consistent per-hop packet forwarding behavior among a plurality of network devices in a network within a Differentiated Services (DS) domain are disclosed. In one aspect, a method involves creating and storing a network-wide PHB definition that associates a PHB with a DS code point (DSCP) value, and with a set of parameters that define the bandwidth and buffer resources allocated to the PHBs on all interfaces of network devices within the DS domain. A mapping of each of the PHBs in the network-wide PHB definition to one or more queues of the network devices is determined. Drain size and queue size values are determined for each of the queues to which PHBs are mapped. A mapping of each of the PHBs to a threshold value associated with the queues is determined. Parameters of fragmentation and interleave mechanisms are determined. Network device configuration parameter values based on the mappings, the drain size, and the queue size, etc. are sent to each of the network devices within the DS domain. As a result, consistent PHB is achieved throughout a network using abstract definitions of PHBs.
-
公开(公告)号:US08918856B2
公开(公告)日:2014-12-23
申请号:US12822745
申请日:2010-06-24
申请人: Yair Tor , Eugene (John) Neystadt , Patrik Schnell , Oleg Ananiev , Arthur Zavalkovsky , Daniel Rose
发明人: Yair Tor , Eugene (John) Neystadt , Patrik Schnell , Oleg Ananiev , Arthur Zavalkovsky , Daniel Rose
CPC分类号: H04L63/102 , H04L63/164
摘要: Embodiments of the invention provide a trusted intermediary for use in a system in which access control decisions may be based at least in part on information provided in claims. The intermediary may request claims on behalf of a network resource to which access is requested, and submit the claims for a decision whether to grant or deny access. The decision may be based at least in part on one or more access control policies, which may be pre-set or dynamically generated. Because the intermediary requests the claims and submits the claims for an access control decision, the network resource (e.g., a server application) need not be configured to process claims information.
摘要翻译: 本发明的实施例提供了一种在系统中使用的可信中介,其中访问控制决定可以至少部分地基于权利要求中提供的信息。 中介人可以代表要求访问的网络资源请求索赔,并提交索赔以作决定是否授予或拒绝访问。 该决定可以至少部分地基于可以被预先设置或动态生成的一个或多个访问控制策略。 因为中介请求权并提交用于访问控制决定的权利要求,所以不需要将网络资源(例如,服务器应用)配置为处理权利要求信息。
-
公开(公告)号:US20110321152A1
公开(公告)日:2011-12-29
申请号:US12822745
申请日:2010-06-24
申请人: Yair Tor , Eugene (John) Neystadt , Patrik Schnell , Oleg Ananiev , Arthur Zavalkovsky , Daniel Rose
发明人: Yair Tor , Eugene (John) Neystadt , Patrik Schnell , Oleg Ananiev , Arthur Zavalkovsky , Daniel Rose
CPC分类号: H04L63/102 , H04L63/164
摘要: Embodiments of the invention provide a trusted intermediary for use in a system in which access control decisions may be based at least in part on information provided in claims. The intermediary may request claims on behalf of a network resource to which access is requested, and submit the claims for a decision whether to grant or deny access. The decision may be based at least in part on one or more access control policies, which may be pre-set or dynamically generated. Because the intermediary requests the claims and submits the claims for an access control decision, the network resource (e.g., a server application) need not be configured to process claims information.
摘要翻译: 本发明的实施例提供了一种在系统中使用的可信中介,其中访问控制决定可以至少部分地基于权利要求中提供的信息。 中介人可以代表要求访问的网络资源请求索赔,并提交索赔以作决定是否授予或拒绝访问。 该决定可以至少部分地基于可以被预先设置或动态生成的一个或多个访问控制策略。 因为中介请求权并提交用于访问控制决定的权利要求,所以不需要将网络资源(例如,服务器应用)配置为处理权利要求信息。
-
-
-
-
-
-
-
-
-
搜索结果
36 条记录 (耗时 0.045 秒)