-
公开(公告)号:US20080152151A1
公开(公告)日:2008-06-26
申请号:US11615364
申请日:2006-12-22
申请人: Makan Pourzandi , Andras Mehes
发明人: Makan Pourzandi , Andras Mehes
CPC分类号: G06F21/53 , G06F11/203 , G06F11/2038 , G06F21/57 , G06F21/602 , G06F21/72 , G06F21/79 , G06F21/805 , H04L9/0897
摘要: A system and method for managing trusted platform module (TPM) keys utilized in a cluster of computing nodes. A cluster-level management unit communicates with a local TPM agent in each node in the cluster. The cluster-level management unit has access to a database of protection groups, wherein each protection group comprises one active node which creates a TPM key and at least one standby node which stores a backup copy of the TPM key for the active node. The local TPM agent in the active node automatically initiates a migration process for automatically migrating the backup copy of the TPM key to the at least one standby node. The system maintains coherency of the TPM keys by also deleting the backup copy of the TPM key in the standby node when the key is deleted by the active node.
摘要翻译: 一种用于管理在一组计算节点中使用的可信平台模块(TPM)密钥的系统和方法。 集群级管理单元与集群中每个节点中的本地TPM代理进行通信。 集群级管理单元可以访问保护组的数据库,其中每个保护组包括一个创建TPM密钥的活动节点和存储活动节点的TPM密钥的备份副本的至少一个备用节点。 主动节点中的本地TPM代理自动启动迁移过程,以便将TPM密钥的备份副本自动迁移到至少一个备用节点。 当主动节点删除密钥时,系统还通过删除备用节点中TPM密钥的备份副本来维护TPM密钥的一致性。
-
公开(公告)号:US20100150006A1
公开(公告)日:2010-06-17
申请号:US12337254
申请日:2008-12-17
IPC分类号: G06F11/30
CPC分类号: H04L63/1408 , H04L43/16 , H04L63/1441
摘要: A method for detecting a particular data traffic in a communication network having a plurality of nodes comprises: maintaining a list of detecting scans to be applied to an incoming data traffic; receiving the incoming data traffic; and applying a subset of the detecting scans in the list to the incoming data traffic. A network node for detecting a particular traffic in a communication network having a plurality of nodes comprises: a list of detecting scans to be applied to an incoming data traffic; an input for receiving the incoming data traffic; and an inspection chain, which applies a subset of detecting scans in the list to the incoming data traffic.
摘要翻译: 一种用于检测具有多个节点的通信网络中的特定数据业务的方法,包括:维护要应用于输入数据业务的检测扫描的列表; 接收传入数据流量; 以及将列表中的检测扫描的子集应用于输入数据业务。 用于检测具有多个节点的通信网络中的特定业务的网络节点包括:要应用于输入数据业务的检测扫描的列表; 用于接收输入数据流量的输入; 以及检查链,其将列表中的检测扫描的子集应用于输入数据流量。
-
公开(公告)号:US20130117824A1
公开(公告)日:2013-05-09
申请号:US13806119
申请日:2010-06-22
申请人: Mats Naslund , Tereza Cristina Carvalho , Cristina Dominicini , Makan Pourzandi , Rony Sakuragui , Marcos Antonio Simplicio Junior
发明人: Mats Naslund , Tereza Cristina Carvalho , Cristina Dominicini , Makan Pourzandi , Rony Sakuragui , Marcos Antonio Simplicio Junior
CPC分类号: H04L63/08 , H04L9/0841 , H04L9/321 , H04L63/0407 , H04L63/062 , H04L63/0815 , H04L2209/80 , H04W12/02 , H04W12/04
摘要: A method for preserving privacy during authorisation in pervasive environments is described. The method includes an authorisation phase in which the user is provided with a reusable credential associated with verifiable constraints, and an operation phase where the service provider verifies the reusable credential before authorising the user. Third parties cannot link plural uses of the credential to each other, and the service provider cannot link plural uses of said credential to each other.
摘要翻译: 描述了在普及环境中授权期间保护隐私的方法。 该方法包括向用户提供与可验证约束相关联的可重用证书的授权阶段,以及服务提供商在授权用户之前验证可重用凭证的操作阶段。 第三方不能将凭证的复用用途彼此链接,并且服务提供者不能将所述证书的复数用法彼此链接起来。
-
公开(公告)号:US20110191859A1
公开(公告)日:2011-08-04
申请号:US13122687
申请日:2008-10-06
申请人: Mats Naslund , Tereza Cristina Melo de Brito Carvalho , Diego Sanchez Gallo , Makan Pourzandi , Marcos Antonio Simplicio Junior , Yeda Regina Venturini
发明人: Mats Naslund , Tereza Cristina Melo de Brito Carvalho , Diego Sanchez Gallo , Makan Pourzandi , Marcos Antonio Simplicio Junior , Yeda Regina Venturini
IPC分类号: G06F21/24
CPC分类号: H04N21/63345 , G06F21/10 , G06F2221/0706 , G06F2221/2149 , H04N21/2541 , H04N21/43615 , H04N21/64322 , H04N21/8355
摘要: A method of controlling access to content comprises receiving, at a domain gateway (3) of a domain (4), a request from a device (5) in the domain for access to the content. It is determined at the domain gateway whether the number of devices in the domain currently accessing the content is equal to a specified maximum number of devices that may simultaneously access the content. The maximum number of devices that may simultaneously access the content is independent of the number of devices in the domain. If the determination is that the number of devices in the domain currently accessing the content is less than the specified maximum number the request is allowed, otherwise it is refused.
摘要翻译: 控制对内容的访问的方法包括在域的域网关(3)处接收来自域中的用于访问内容的设备(5)的请求。 在域网关确定当前正在访问内容的域中的设备的数量是否等于可以同时访问内容的指定的最大数量的设备。 可以同时访问内容的最大设备数量与域中的设备数量无关。 如果确定当前正在访问内容的域中的设备数量小于指定的最大数量,则允许该请求,否则将被拒绝。
-
公开(公告)号:US09275004B2
公开(公告)日:2016-03-01
申请号:US13710642
申请日:2012-12-11
申请人: Zhongwen Zhu , Makan Pourzandi
发明人: Zhongwen Zhu , Makan Pourzandi
IPC分类号: G06F15/173 , G06F15/177 , G06F9/455 , G06F9/50 , H04L29/06 , G06F21/53
CPC分类号: G06F15/177 , G06F9/45558 , G06F9/5077 , G06F9/5083 , G06F21/53 , G06F2009/45587 , H04L63/0227
摘要: A system and method for managing a hybrid firewall solution, employing both hardware and software firewall components, for a cloud computing data center is provided. A virtual application is hosted by a first plurality of application virtual machines and a second plurality of firewall virtual machines provides firewalling services for traffic associated with the virtual application. A cloud management entity determines that the virtual application requires an increased number of application virtual machines. A security profile for the virtual application is verified to determine if an increased number of firewall virtual machines is required by the increased number of application virtual machines. The cloud management entity can instantiate additional application virtual machines and firewall virtual machines as required.
摘要翻译: 提供了一种用于管理云计算数据中心的混合防火墙解决方案(采用硬件和软件防火墙组件)的系统和方法。 虚拟应用由第一多个应用虚拟机托管,并且第二多个防火墙虚拟机为与虚拟应用相关联的流量提供防火墙服务。 云管理实体确定虚拟应用程序需要更多数量的应用程序虚拟机。 验证虚拟应用程序的安全配置文件,以确定增加数量的应用程序虚拟机是否需要增加数量的防火墙虚拟机。 云管理实体可以根据需要实例化其他应用程序虚拟机和防火墙虚拟机。
-
公开(公告)号:US08887246B2
公开(公告)日:2014-11-11
申请号:US13806119
申请日:2010-06-22
申请人: Mats Naslund , Tereza Cristina Carvalho , Cristina Dominicini , Makan Pourzandi , Rony Sakuragui , Marcos Antonio Simplicio Junior
发明人: Mats Naslund , Tereza Cristina Carvalho , Cristina Dominicini , Makan Pourzandi , Rony Sakuragui , Marcos Antonio Simplicio Junior
CPC分类号: H04L63/08 , H04L9/0841 , H04L9/321 , H04L63/0407 , H04L63/062 , H04L63/0815 , H04L2209/80 , H04W12/02 , H04W12/04
摘要: A method for preserving privacy during authorization in pervasive environments is described. The method includes an authorization phase in which the user is provided with a reusable credential associated with verifiable constraints, and an operation phase where the service provider verifies the reusable credential before authorizing the user. Third parties cannot link plural uses of the credential to each other, and the service provider cannot link plural uses of said credential to each other.
摘要翻译: 描述了在普及环境中授权期间保护隐私的方法。 该方法包括向用户提供与可验证约束相关联的可重用证书的授权阶段,以及服务提供商在授权用户之前验证可重用凭证的操作阶段。 第三方不能将凭证的复用用途彼此链接,并且服务提供者不能将所述证书的复数用法彼此链接起来。
-
公开(公告)号:US08515064B2
公开(公告)日:2013-08-20
申请号:US13127079
申请日:2008-10-30
申请人: Tereza Cristina Melo de Brito Carvalho , Vlad Constantin Coroama , Mats Näslund , Makan Pourzandi , Marcos Antonio Simplicio, Jr. , Yeda Regina Venturini
发明人: Tereza Cristina Melo de Brito Carvalho , Vlad Constantin Coroama , Mats Näslund , Makan Pourzandi , Marcos Antonio Simplicio, Jr. , Yeda Regina Venturini
CPC分类号: H04L63/065 , H04L9/0833 , H04L63/10 , H04L65/4076 , H04L2209/60 , H04L2209/80 , H04N7/162 , H04N21/26613 , H04N21/4383 , H04N21/63345 , H04N21/6405
摘要: A method of key management in a communication network that includes a plurality of groups with each group including one or several members authorized to have access to key-protected services is provided by an apparatus. The method includes determining when a member starts a switching action from one service to another. A time dependent quantity starting from the switching action is determined. The method includes determining that the member is a member of a switching group when the quantity is less than a threshold value is made, and when the quantity is larger than the threshold, determining that the member has decided to join a new group, and changing the appropriate access key(s).
摘要翻译: 一种通信网络中的密钥管理方法,包括多个组,每个组包括被授权访问密钥保护业务的一个或多个成员。 该方法包括确定成员何时从一个服务开始切换动作到另一个服务。 确定从切换动作开始的时间相关量。 该方法包括当数量小于阈值时确定该成员是交换组的成员,并且当该数量大于该阈值时,确定该成员已经决定加入一个新组,并且改变 适当的访问密钥。
-
公开(公告)号:US20130097296A1
公开(公告)日:2013-04-18
申请号:US13275722
申请日:2011-10-18
IPC分类号: G06F15/173
CPC分类号: G06F9/4856
摘要: A virtual machine (VM) system is provided. The system includes a target physical server (PS) that has a resource configuration. The system includes a source PS that runs a virtual machine (VM). The source PS is in communication with the target PS. The source PS includes a memory that stores a migration policy file. The migration policy file includes at least one trust criteria in which the at least one trust criteria indicates a minimum resource configuration. The source PS includes a receiver that receives target PS resource configuration and a processor in communication with the memory and receiver. The processor determines whether the target PS resource configuration meets the at least one trust criteria. The processor initiates VM migration to the target PS based at least in part on whether the target PS resource configuration meets the at least one trust criteria.
摘要翻译: 提供虚拟机(VM)系统。 该系统包括具有资源配置的目标物理服务器(PS)。 该系统包括运行虚拟机(VM)的源PS。 源PS与目标PS通信。 源PS包括存储迁移策略文件的存储器。 所述迁移策略文件包括至少一个信任标准,其中所述至少一个信任标准指示最小资源配置。 源PS包括接收目标PS资源配置的接收器和与存储器和接收器通信的处理器。 处理器确定目标PS资源配置是否满足至少一个信任标准。 所述处理器至少部分地基于所述目标PS资源配置是否满足所述至少一个信任标准来启动到所述目标PS的迁移。
-
9.发明申请SYSTEMS AND METHOD FOR PROVIDING TRUSTED SYSTEM FUNCTIONALITIES IN A CLUSTER BASED SYSTEM 审中-公开在基于群集的系统中提供信用系统功能的系统和方法公开(公告)号:US20110138475A1
公开(公告)日:2011-06-09
申请号:US13056750
申请日:2008-07-30
申请人: David Gordon , András Méhes , Makan Pourzandi
发明人: David Gordon , András Méhes , Makan Pourzandi
IPC分类号: G06F21/00
CPC分类号: H04L9/085 , G06F11/2023 , H04L9/0897
摘要: A framework for providing cluster-wide cryptographic operations, including: signing, sealing, binding, unsealing, and unbinding. The framework includes an interface module (a.k.a., HAT agent) on each of a plurality of nodes in the cluster. Each HAT agent is configured to respond to an application's request for a cluster crypto operation by communication with other HAT agents in the cluster and utilizing a trusted platform module local to the node where the HAT agent resides.
摘要翻译: 提供集群范围的加密操作的框架,包括:签名,密封,绑定,开封和取消绑定。 该框架包括集群中的多个节点中的每一个上的接口模块(a.k.a.,HAT代理)。 每个HAT代理被配置为通过与群集中的其他HAT代理的通信并利用HAT代理驻留的节点本地的可信平台模块来响应应用程序对群集加密操作的请求。
-
公开(公告)号:US10367906B2
公开(公告)日:2019-07-30
申请号:US15544779
申请日:2015-02-02
申请人: Zhongwen Zhu , Makan Pourzandi
发明人: Zhongwen Zhu , Makan Pourzandi
摘要: According to one aspect, the teachings herein disclose a method and apparatus for a providing content over a secure connection to a subscriber device, where the content is advantageously securely delivered from a cache local to the telecommunication network. Such operation is based on intercepting a secure connection request from the subscriber device and establishing a corresponding secure session between the subscriber device and a local network data center, rather than the remote content provider targeted by the request.
-
-
-
-
-
-
-
-
-
搜索结果
30 条记录 (耗时 0.02 秒)
