-
公开(公告)号:US20100180332A1
公开(公告)日:2010-07-15
申请号:US12350974
申请日:2009-01-09
IPC分类号: G06F21/00
CPC分类号: H04L63/0227 , H04L63/102
摘要: Methods, systems, and computer-readable media are disclosed for applying information protection. A particular method includes receiving a data file at a gateway coupled to a network. The data file is to be sent to a destination device that is external to the network. The method also includes selectively applying information protection to the data file at the gateway prior to sending the data file to the destination device. The information protection is selectively applied based on information associated with the destination device, information associated with the data file, and information associated with a user of the destination device.
摘要翻译: 公开了用于应用信息保护的方法,系统和计算机可读介质。 一种特定的方法包括在耦合到网络的网关处接收数据文件。 数据文件将发送到网络外部的目标设备。 该方法还包括在将数据文件发送到目的地设备之前,有选择地将信息保护应用于网关上的数据文件。 基于与目的地设备相关联的信息,与数据文件相关联的信息以及与目的地设备的用户相关联的信息来选择性地应用信息保护。
-
公开(公告)号:US08954897B2
公开(公告)日:2015-02-10
申请号:US12199812
申请日:2008-08-28
申请人: John Neystadt , Noam Ben-Yochanan , Nir Nice
发明人: John Neystadt , Noam Ben-Yochanan , Nir Nice
IPC分类号: G06F17/00
CPC分类号: G06F21/575 , G06F21/57 , G06F2221/2105 , H04L63/14 , H04L63/20
摘要: In a virtualization environment, a host machine on which a guest machine is operable is monitored to determine that it is healthy by being compliant with applicable policies (such as being up to date with the current security patches, running an anti-virus program, certified to run a guest machine, etc.) and free from malicious software or “malware” that could potentially disrupt or compromise the security of the guest machine. If the host machine is found to be non-compliant, then the guest machine is prevented from either booting up on the host machine or connecting to a network to ensure that the entire virtualization environment is compliant and that the guest machine, including its data and applications, etc., is protected against attacks that may be launched against it via malicious code that runs on the unhealthy host machine, or is isolated from the network until the non-compliancy is remediated.
摘要翻译: 在虚拟化环境中,通过遵守适用的策略(例如最新的当前安全补丁,运行防病毒程序,认证的)来监视客户机可操作的主机,以确定它是健康的 运行访客机器等),并且没有恶意软件或“恶意软件”可能会破坏或危及客机的安全性。 如果发现主机不符合要求,则可以防止客机机器在主机上启动或连接到网络,以确保整个虚拟化环境是兼容的,并且客机包括其数据和 应用程序等,可以防止可能通过恶意代码在不健康的主机上运行的攻击,或与网络隔离,直到不合规被修复。
-
公开(公告)号:US20100058432A1
公开(公告)日:2010-03-04
申请号:US12199812
申请日:2008-08-28
申请人: John Neystadt , Noam Ben-Yochanan , Nir Nice
发明人: John Neystadt , Noam Ben-Yochanan , Nir Nice
IPC分类号: G06F21/00 , H04L9/32 , G06F15/177
CPC分类号: G06F21/575 , G06F21/57 , G06F2221/2105 , H04L63/14 , H04L63/20
摘要: In a virtualization environment, a host machine on which a guest machine is operable is monitored to determine that it is healthy by being compliant with applicable policies (such as being up to date with the current security patches, running an anti-virus program, certified to run a guest machine, etc.) and free from malicious software or “malware” that could potentially disrupt or compromise the security of the guest machine. If the host machine is found to be non-compliant, then the guest machine is prevented from either booting up on the host machine or connecting to a network to ensure that the entire virtualization environment is compliant and that the guest machine, including its data and applications, etc., is protected against attacks that may be launched against it via malicious code that runs on the unhealthy host machine, or is isolated from the network until the non-compliancy is remediated.
摘要翻译: 在虚拟化环境中,通过遵守适用的策略(例如最新的当前安全补丁,运行防病毒程序,认证的)来监视客户机可操作的主机,以确定它是健康的 运行访客机器等),并且没有恶意软件或“恶意软件”可能会破坏或危及客机的安全性。 如果发现主机不符合要求,则可以防止客机机器在主机上启动或连接到网络,以确保整个虚拟化环境是兼容的,并且客机包括其数据和 应用程序等,可以防止可能通过恶意代码在不健康的主机上运行的攻击,或与网络隔离,直到不合规被修复。
-
公开(公告)号:US08341720B2
公开(公告)日:2012-12-25
申请号:US12350974
申请日:2009-01-09
IPC分类号: G06F21/00
CPC分类号: H04L63/0227 , H04L63/102
摘要: Methods, systems, and computer-readable media are disclosed for applying information protection. A particular method includes receiving a data file at a gateway coupled to a network. The data file is to be sent to a destination device that is external to the network. The method also includes selectively applying information protection to the data file at the gateway prior to sending the data file to the destination device. The information protection is selectively applied based on information associated with the destination device, information associated with the data file, and information associated with a user of the destination device.
摘要翻译: 公开了用于应用信息保护的方法,系统和计算机可读介质。 一种特定的方法包括在耦合到网络的网关处接收数据文件。 数据文件将发送到网络外部的目标设备。 该方法还包括在将数据文件发送到目的地设备之前,有选择地将信息保护应用于网关上的数据文件。 基于与目的地设备相关联的信息,与数据文件相关联的信息以及与目的地设备的用户相关联的信息来选择性地应用信息保护。
-
公开(公告)号:US08910270B2
公开(公告)日:2014-12-09
申请号:US12356152
申请日:2009-01-20
申请人: Nir Nice , Amit Finkelstein , Dror Kremer , Noam Ben-Yochanan , Shyam Seshadri
发明人: Nir Nice , Amit Finkelstein , Dror Kremer , Noam Ben-Yochanan , Shyam Seshadri
CPC分类号: H04L63/0281 , G06F17/30861 , H04L61/1511 , H04L61/256 , H04L61/3055 , H04L63/164
摘要: In some embodiments of the invention, techniques may make private identifiers for private network resources usable to establish connections to those private network resources from computing devices connected to an outside network. For example, when a computing device is connected to an outside network and attempting to contact a private network resource, DNS may be used to resolve a domain name for the private network resource to an IP address for an edge resource of the private network. Communications may be passed between the computing device and the edge resource according to protocols which embed the identifier originally used to identify the private network resource. The edge resource of the private network may analyze communications over the connection to determine this identifier, and use it to pass the communication to the desired private network resource.
摘要翻译: 在本发明的一些实施例中,技术可以使私有网络资源的专用标识符可用于从连接到外部网络的计算设备建立到那些专用网络资源的连接。 例如,当计算设备连接到外部网络并尝试联系专用网络资源时,可以使用DNS将专用网络资源的域名解析为专用网络的边缘资源的IP地址。 根据最初用于标识专用网络资源的标识符的协议,可以在计算设备和边缘资源之间传递通信。 私有网络的边缘资源可以分析通过连接的通信以确定该标识符,并且使用它来将通信传递到期望的专用网络资源。
-
公开(公告)号:US20100186079A1
公开(公告)日:2010-07-22
申请号:US12356152
申请日:2009-01-20
申请人: Nir Nice , Amit Finkelstein , Dror Kremer , Noam Ben-Yochanan , Shyam Seshadri
发明人: Nir Nice , Amit Finkelstein , Dror Kremer , Noam Ben-Yochanan , Shyam Seshadri
CPC分类号: H04L63/0281 , G06F17/30861 , H04L61/1511 , H04L61/256 , H04L61/3055 , H04L63/164
摘要: In some embodiments of the invention, techniques may make private identifiers for private network resources usable to establish connections to those private network resources from computing devices connected to an outside network. For example, when a computing device is connected to an outside network and attempting to contact a private network resource, DNS may be used to resolve a domain name for the private network resource to an IP address for an edge resource of the private network. Communications may be passed between the computing device and the edge resource according to protocols which embed the identifier originally used to identify the private network resource. The edge resource of the private network may analyze communications over the connection to determine this identifier, and use it to pass the communication to the desired private network resource.
摘要翻译: 在本发明的一些实施例中,技术可以使私有网络资源的专用标识符可用于从连接到外部网络的计算设备建立到那些专用网络资源的连接。 例如,当计算设备连接到外部网络并尝试联系专用网络资源时,可以使用DNS将专用网络资源的域名解析为专用网络的边缘资源的IP地址。 根据最初用于标识专用网络资源的标识符的协议,可以在计算设备和边缘资源之间传递通信。 私有网络的边缘资源可以分析通过连接的通信以确定该标识符,并且使用它来将通信传递到期望的专用网络资源。
-
7.发明授权公开(公告)号:US09055107B2
公开(公告)日:2015-06-09
申请号:US11607720
申请日:2006-12-01
申请人: Gennady Medvinsky , Nir Nice , Tomer Shiran , Alexander Teplitsky , Paul Leach , John Neystadt
发明人: Gennady Medvinsky , Nir Nice , Tomer Shiran , Alexander Teplitsky , Paul Leach , John Neystadt
CPC分类号: H04L63/166 , G06F21/33 , G06F2221/2115 , H04L9/3213 , H04L9/3263 , H04L9/3271 , H04L29/06965 , H04L63/0823 , H04L2209/38
摘要: The method of delegating authentication, within a chain of entities, relies upon a recording of at least a portion of a TLS handshake between a gateway device and user, in which the user needs access to a desired server. The method then relies upon re-verification of cryptographic evidence in the recorded portion of the TLS handshake, which is forwarded either (1) to the server to which access is desired, in which case the server re-verifies the recorded portion to confirm authentication, or, (2) to a third party entity, in which case the third party entity confirms authentication and provides credentials to the gateway server which then uses the credentials to authenticate to the server as the user.
摘要翻译: 在实体链中委托认证的方法依赖于在网关设备和用户之间记录TLS握手的至少一部分,其中用户需要访问期望的服务器。 然后,该方法依赖于在TLS握手的记录部分中重新验证加密证据,TLS握手被转发到(1)到需要访问的服务器,在这种情况下,服务器重新验证记录部分以确认认证 ,或者(2)到第三方实体,在这种情况下,第三方实体确认认证,并向网关服务器提供凭证,然后网关服务器使用凭证作为用户对服务器进行认证。
-
公开(公告)号:US10116580B2
公开(公告)日:2018-10-30
申请号:US12163046
申请日:2008-06-27
IPC分类号: G06F15/16 , H04L12/911 , H04W76/10
摘要: Described is a technology by which a seamless automatic connection to an (e.g., corporate) network is made for a client device. Upon detecting a need for a connection to a network, such as by intercepting a communication directed towards a network destination, a list of available connection methods is automatically obtained based on the device's current location data (e.g., LAN or remote) and policy information. An available connection method from the list is selected, e.g., in order, and an attempt is made to establish a connection via that connection method. If the attempt fails, another attempt is made with a different connection method, and so on, until a connection method succeeds. Additional seamlessness from the user's perspective is provided via a credentials vault, by which stored credentials may be retrieved and used in association with the access method being attempted.
-
公开(公告)号:US08719582B2
公开(公告)日:2014-05-06
申请号:US12396500
申请日:2009-03-03
申请人: John Neystadt , Nir Nice
发明人: John Neystadt , Nir Nice
IPC分类号: G06F21/00 , G06F21/10 , H04L29/06 , G07F7/10 , G06F21/64 , G06F21/34 , G06F21/31 , G06Q20/34
CPC分类号: G06F21/10 , G06F21/6209 , G06F2221/2101 , G06F2221/2137 , G06F2221/2151 , G06Q20/341 , G07F7/1008 , H04L9/3213 , H04L9/3271 , H04L9/3297 , H04L63/0428 , H04L63/083 , H04L2209/603
摘要: Methods, systems, and computer-readable media are disclosed for access control. A particular method receives a resource access identifier associated with a shared computing resource and embeds the resource access identifier into a link to the shared resource. The link to the shared resource is inserted into an information element. An access control scheme is associated with the information element to generate a protected information element, and the protected information element is sent to a destination computing device.
摘要翻译: 公开了用于访问控制的方法,系统和计算机可读介质。 特定方法接收与共享计算资源相关联的资源访问标识符,并将资源访问标识符嵌入到共享资源的链接中。 到共享资源的链接被插入到信息元素中。 访问控制方案与信息元素相关联以生成受保护的信息元素,并且将受保护的信息元素发送到目的地计算设备。
-
公开(公告)号:US20100228989A1
公开(公告)日:2010-09-09
申请号:US12396500
申请日:2009-03-03
申请人: John Neystadt , Nir Nice
发明人: John Neystadt , Nir Nice
IPC分类号: H04L9/32
CPC分类号: G06F21/10 , G06F21/6209 , G06F2221/2101 , G06F2221/2137 , G06F2221/2151 , G06Q20/341 , G07F7/1008 , H04L9/3213 , H04L9/3271 , H04L9/3297 , H04L63/0428 , H04L63/083 , H04L2209/603
摘要: Methods, systems, and computer-readable media are disclosed for access control. A particular method receives a resource access identifier associated with a shared computing resource and embeds the resource access identifier into a link to the shared resource. The link to the shared resource is inserted into an information element. An access control scheme is associated with the information element to generate a protected information element, and the protected information element is sent to a destination computing device.
摘要翻译: 公开了用于访问控制的方法,系统和计算机可读介质。 特定方法接收与共享计算资源相关联的资源访问标识符,并将资源访问标识符嵌入到共享资源的链接中。 到共享资源的链接被插入到信息元素中。 访问控制方案与信息元素相关联以生成受保护的信息元素,并且将受保护的信息元素发送到目的地计算设备。
-
-
-
-
-
-
-
-
-
搜索结果
71 条记录 (耗时 0.024 秒)
