-
公开(公告)号:US20070157308A1
公开(公告)日:2007-07-05
申请号:US11324868
申请日:2006-01-03
IPC分类号: G06F15/16
摘要: An authenticator is configured with intelligence for the purpose of providing a “failsafe” mode for port-based authentication (802.1x). This failsafe mode enables end users to access a network when communication between the authenticator and the authentication server has temporarily failed, but keeps security measures in place so that unauthorized users cannot gain network access. An 802.1x access control point (e.g., a switch) is enabled to continue to authenticate certain users onto the network during periods of temporary communication failure with the authentication server, by locally storing alternative authentication information limited to historical authentication information of clients that have previously accessed the network via the authentication server. Subsequent revalidation of specific users using the primary authentication information follows restoration of communication with the authentication server.
摘要翻译: 认证器配置有智能,目的是为基于端口的认证(802.1x)提供“故障安全”模式。 这种故障安全模式使最终用户能够在认证器和认证服务器之间的通信暂时失败时访问网络,但保持安全措施,使得未经授权的用户无法获得网络访问。 802.1x访问控制点(例如,交换机)能够通过本地存储限于先前已经存在的客户端的历史认证信息的替代认证信息,在认证服务器发生临时通信故障期间,继续将特定用户认证到网络上 通过认证服务器访问网络。 使用主认证信息对特定用户的后续重新验证与恢复与认证服务器的通信恢复。
-
2.发明申请Control of port based authentication protocols and process to support transfer of connection information 失效控制基于端口的认证协议和流程来支持传输连接信息公开(公告)号:US20070038866A1
公开(公告)日:2007-02-15
申请号:US11200762
申请日:2005-08-09
IPC分类号: H04L9/00
CPC分类号: H04L63/0272 , H04L63/08 , H04L63/0892
摘要: Method, system, and program product for port based authentication protocols where addresses are dynamically assigned within a network environment, and more particularly to port based authentication in the network environment, where connection information is captured and stored. This facilitates administrator access to information created as a result of protocol exchanges involved in dynamic address assignment, authentication, and connection.
摘要翻译: 用于基于端口的认证协议的方法,系统和程序产品,其中在网络环境内动态地分配地址,更具体地,涉及在网络环境中基于端口的认证,其中捕获并存储连接信息。 这有助于管理员访问由于动态地址分配,认证和连接所涉及的协议交换而创建的信息。
-
公开(公告)号:US20080077989A1
公开(公告)日:2008-03-27
申请号:US11841214
申请日:2007-08-20
IPC分类号: G06F21/00
CPC分类号: H04L63/1408 , G06F21/55 , G06F2221/2101 , H04L63/1458
摘要: A method of operating an intrusion detection system. The system determines occurrence of a signature event indicative of a denial of service intrusion on a protected device. A value of a signature event counter is increased. The value of the signature event counter is adjusted to not include a count of signature events past a sliding window. The value of the signature event counter is determined to exceed a signature threshold quantity, followed by generation of an alert at a time subsequently recorded in a log. The log is cleared of entries past a permissible age. A present alert generation rate is determined as a ratio of the total number of timestamps in the log to the permissible age. The present alert generation rate is ascertained to exceed an alert generation rate threshold. A selected element of the signature set is altered to decrease the alert generation rate.
摘要翻译: 一种操作入侵检测系统的方法。 该系统确定在被保护设备上指示拒绝服务入侵的签名事件的发生。 签名事件计数器的值增加。 签名事件计数器的值被调整为不包括通过滑动窗口的签名事件的计数。 签名事件计数器的值被确定为超过签名阈值量,随后在随后记录在日志中的时间生成警报。 日志清除超过许可年龄的条目。 当前的警报生成速率被确定为日志中的时间戳的总数与允许的年龄之间的比率。 确定当前警报生成速率超过警报生成速率阈值。 更改签名集的选定元素以降低警报生成速率。
-
公开(公告)号:US20060156408A1
公开(公告)日:2006-07-13
申请号:US11033436
申请日:2005-01-11
IPC分类号: H04L9/32 , G06F15/16 , G06F11/00 , G06F17/00 , G06F11/22 , G06F17/30 , G06F9/00 , G06F11/30 , G06F7/04 , G06F11/32 , G06F7/58 , G06F11/34 , G06K19/00 , G06F11/36 , G06K9/00 , G06F12/14 , G06F12/16 , G06F15/18 , G08B23/00
CPC分类号: G06F21/552 , G06F21/577 , G06Q40/08 , G08B21/22
摘要: A method, apparatus, and computer instructions for providing a current and complete security compliance view of an enterprise system. The present invention provides the ability to gain a real-time security posture and security compliance view of an enterprise and to assess the risk impact of known threats and attacks to continued business operations at various levels is provided. Responsive to a change to an enterprise environment, a request, or an external threat, an administrator loads or updates at least one of a Critical Application Operations database, a Historical database, an Access Control database, a Connectivity database, and a Threat database. Based on a comparison of information in the databases against similar security data elements from company or external policies, the administrator may generate a Security Compliance view of the enterprise. A Security Posture view may also be generated by comparing the Security Compliance view against data in the Threat database.
摘要翻译: 一种用于提供企业系统的当前和完整的安全合规性视图的方法,装置和计算机指令。 本发明提供获得企业的实时安全状态和安全合规性视图的能力,并且评估已知威胁和攻击对于各个级别的持续业务操作的风险影响。 响应企业环境,请求或外部威胁的更改,管理员加载或更新关键应用程序操作数据库,历史数据库,访问控制数据库,连接数据库和威胁数据库中的至少一个。 基于数据库中的信息与公司或外部策略中类似的安全数据元素的比较,管理员可以生成企业的安全合规性视图。 通过将安全合规性视图与威胁数据库中的数据进行比较,也可以生成安全性状态视图。
-
5.发明申请System, method and program product for reporting status of contract performance or a process 审中-公开用于报告合同履约情况或流程的系统,方法和程序产品公开(公告)号:US20070016456A1
公开(公告)日:2007-01-18
申请号:US11179429
申请日:2005-07-12
IPC分类号: G06F9/44
CPC分类号: G06Q10/06 , G06Q10/103
摘要: System, method and program product for reporting status of a process. A flow chart illustrates steps of the process and an order for performance of the steps. Then, a determination is made whether any of the steps has been performed. In response to a determination that any of the steps has been performed, graphically representing on the flow chart that the step has been performed. The graphical representation can be color-coding of the step. The determination that a step has been performed can be made based on user input that the step has been performed, or automatically by a program checking a record indicating that the step has been performed. Also, a program can automatically determine that a deadline for performing one of the steps has passed without performance of the one step. In response, the program initiates a graphical representation on the one step in the flowchart that the deadline has passed without performance of the one step. A program can also automatically determine that a problem has occurred in performing one of the steps, and in response, graphically represent on the one step in the flowchart that a problem has occurred with the one step.
摘要翻译: 用于报告进程状态的系统,方法和程序产品。 流程图说明了该过程的步骤和步骤的执行顺序。 然后,确定是否执行了任何步骤。 响应于已经执行了任何步骤的确定,在流程图上以图形方式表示步骤已被执行。 图形表示可以是步骤的颜色编码。 已经执行步骤的确定可以基于已经执行步骤的用户输入,或者通过程序自动检查指示已经执行了步骤的记录。 此外,程序可以自动确定执行其中一个步骤的最后期限已经过去,而不执行一个步骤。 作为响应,程序在流程图的一个步骤中启动图形表示,即截止日期已经过去,而不执行一个步骤。 程序还可以自动确定在执行其中一个步骤中出现问题,并且作为响应,在流程图的一个步骤中以图形方式表示在该步骤中出现问题。
-
公开(公告)号:US20080046211A1
公开(公告)日:2008-02-21
申请号:US11854290
申请日:2007-09-12
申请人: Nathaniel Kim , Charles Lingafelt
发明人: Nathaniel Kim , Charles Lingafelt
CPC分类号: G05B19/4184 , G05B2219/31034 , H04L41/0816 , H04L41/0889 , H04L41/12 , Y02P90/04 , Y02P90/10 , Y02P90/14 , Y02P90/18 , Y04S40/162 , Y04S40/164
摘要: In general, the present invention provides a method and system for calibrating an electrical device that utilizes a data networking protocol (e.g., 802.1X) over a power delivery network. Specifically, the present invention leverages information gathered and stored during the authentication and operation of the electrical device to determine whether the electrical device should be calibrated. In general, the present invention makes this determination based on time elapsed since a previous calibration and/or cumulative usage of the device.
摘要翻译: 通常,本发明提供了一种用于校准在功率传递网络上利用数据网络协议(例如,802.1X)的电气设备的方法和系统。 具体地,本发明利用在电气设备的认证和操作期间收集和存储的信息来确定电气设备是否应被校准。 通常,本发明基于从先前的校准和/或设备的累积使用起经过的时间来进行该确定。
-
公开(公告)号:US20060048218A1
公开(公告)日:2006-03-02
申请号:US10933624
申请日:2004-09-02
申请人: Charles Lingafelt , Phuong Nguyen , Chien Vu
发明人: Charles Lingafelt , Phuong Nguyen , Chien Vu
CPC分类号: H04L63/0227 , H04L67/303
摘要: A system and method for an end user to change the operation of a data flow filter mechanism, such as a firewall, that operates to control data flows between a plurality of protected computing devices and one or more non-protected computing devices. With the system and method, an administrator of a sub-network of computing devices may set a client computing device's scope of rules/policies that may be changed by a user of the client computing device, with regard to a data flow filter mechanism. The user of the client computing device, or the client computing device itself, may then log onto the data flow filter mechanism and modify the operation of the data flow filter mechanism within the limits established by the administrator.
-
8.发明申请PROTECTING A DATA PROCESSING SYSTEM FROM ATTACK BY A VANDAL WHO USES A VULNERABILITY SERVER 失效保护数据处理系统免受攻击者威胁使用易受攻击的服务器公开(公告)号:US20070245421A1
公开(公告)日:2007-10-18
申请号:US11759040
申请日:2007-06-06
申请人: Charles Lingafelt , Nigel Yell
发明人: Charles Lingafelt , Nigel Yell
IPC分类号: G08B23/00
CPC分类号: H04L63/1433
摘要: Method and apparatus for protecting a data processing system such as an Internet server from attack by a vandal who uses an offensive vulnerability scanner to find an externally visible vulnerability of the data processing system. The method includes determining an externally visible vulnerability using a defensive vulnerability scanner, configuring an intrusion detection system to detect a network flow associated with the vulnerability, and blocking that flow by a firewall or a router. The apparatus includes a defensive vulnerability scanner that finds an externally visible vulnerability and provides a description of the vulnerability, an intrusion detection system that detects a network flow that satisfies the description, and a firewall or a router that blocks the flow responsive to detection of the flow by the intrusion detection system.
摘要翻译: 用于保护诸如因特网服务器之类的数据处理系统的方法和装置不被遭到攻击性漏洞扫描器的破坏者的攻击,以发现数据处理系统的外部可见漏洞。 该方法包括使用防御性漏洞扫描器来确定外部可见的漏洞,配置入侵检测系统以检测与该漏洞相关联的网络流,以及由防火墙或路由器阻止该流。 该装置包括防御性漏洞扫描器,其发现外部可见的漏洞并提供该漏洞的描述,入侵检测系统检测满足描述的网络流;以及防火墙或路由器,其响应于对 流入入侵检测系统。
-
公开(公告)号:US20060041504A1
公开(公告)日:2006-02-23
申请号:US10919720
申请日:2004-08-17
IPC分类号: G06Q40/00
CPC分类号: G06Q40/08 , G06Q20/04 , G06Q20/12 , G06Q20/4016 , G06Q20/403 , G06Q40/025
摘要: Under the present invention, a credit account can be associated with a locational restriction and a corresponding monetary restriction. The locational restriction sets forth a specific merchant or type of merchant at which a credit account can be used. The monetary restriction sets forth a maximum monetary amount that can be charged to that account by the specified merchant or type of merchant. When a request to approve a purchase using the credit account is received from a merchant, it will be determined whether the locational and monetary restrictions are met. If so, the request is approved. However, if either restriction is not met, the request will be denied.
摘要翻译: 根据本发明,信用账户可以与位置限制和相应的货币限制相关联。 位置限制规定了可以使用信用账户的特定商家或商家类型。 货币限制规定了指定的商家或商家类型可以向该帐户收取的最大金额。 当从商家收到使用信用账户批准购买的请求时,将确定是否满足位置和货币限制。 如果是,请求被批准。 但是,如果不符合限制,则该请求将被拒绝。
-
公开(公告)号:US20070230507A1
公开(公告)日:2007-10-04
申请号:US11761545
申请日:2007-06-12
申请人: Charles Lingafelt , Phuong Nguyen
发明人: Charles Lingafelt , Phuong Nguyen
IPC分类号: H04L12/56
CPC分类号: H04L45/00 , H04L12/4633 , H04L45/245 , Y02D50/30
摘要: A system and method in which network packets sharing a common destination are bundled into one or more larger packets. In one embodiment, an originating server, gateway, or other network device recognizes the presence of multiple, small IP packets having a common IP address. The network device according to the present invention is configured to concatenate or bundle two or more such small packets. The bundled packet as a whole is then given a new header, the bundle header, that includes the network destination address and information that informs the receiving protocol processing device that the packet is a bundled packet. The receiving device can then strip off the bundle header and process the component packets individually according to an existing protocol.
摘要翻译: 将共享公共目的地的网络分组捆绑成一个或多个较大分组的系统和方法。 在一个实施例中,始发服务器,网关或其他网络设备识别具有公共IP地址的多个小型IP分组的存在。 根据本发明的网络设备被配置为连接或捆绑两个或更多个这样的小分组。 然后,捆绑的分组作为整体被给予新的报头,包头,其包括网络目的地址和通知接收协议处理设备该分组是捆绑分组的信息。 然后,接收设备可以剥离束报头,并根据现有协议单独处理组件包。
-
-
-
-
-
-
-
-
-
搜索结果
13 条记录 (耗时 0.019 秒)
