公开(公告)号：US07966643B2

公开(公告)日：2011-06-21

申请号：US11039654

申请日：2005-01-19

申请人： Narasimha Rao Nagampalli ,  Sachin C. Sheth ,  Shirish Koti ,  Yun Lin

发明人： Narasimha Rao Nagampalli ,  Sachin C. Sheth ,  Shirish Koti ,  Yun Lin

IPC分类号： G06F17/00 ,  H04L29/06

CPC分类号： H04L63/1408 ,  G06F21/6218 ,  H04L63/0227

摘要： A method and system for controlling access to files in a remote file system is provided. In one embodiment, a firewall system at a client computer system intercepts requests originating from the client computer system and sent to the remote file system for accessing remote files, that is, files stored on a server computer system. Upon intercepting a remote file access request (e.g., to open a remote file), the firewall system determines whether the file access request should be allowed based on access control criteria.

摘要翻译： 提供了用于控制对远程文件系统中的文件的访问的方法和系统。 在一个实施例中，客户端计算机系统上的防火墙系统拦截源自客户端计算机系统的请求，并发送到远程文件系统以访问远程文件，即存储在服务器计算机系统上的文件。 在拦截远程文件访问请求（例如，打开远程文件）时，防火墙系统基于访问控制标准确定是否应该允许文件访问请求。

公开(公告)号：US07831826B2

公开(公告)日：2010-11-09

申请号：US12402448

申请日：2009-03-11

申请人： Shirish Koti ,  Narasimha Rao S. S. Nagampalli ,  Maxim Alexandrovich Ivanov ,  Sachin C. Sheth ,  Emanuel Paleologu ,  Yun Lin ,  Eric Erwin Youngblut

发明人： Shirish Koti ,  Narasimha Rao S. S. Nagampalli ,  Maxim Alexandrovich Ivanov ,  Sachin C. Sheth ,  Emanuel Paleologu ,  Yun Lin ,  Eric Erwin Youngblut

IPC分类号： G06F9/00 ,  H04L9/00

CPC分类号： H04L63/0218 ,  H04L63/0263 ,  H04L63/20

摘要： A method and system for distributing and enforcing security policies is provided. A firewall agent executing at a host computer system that is to be protected receives security policies for the enforcement engines responsible for enforcing the security policies on the host computer system. A security policy has rules that each provide a condition and action to be performed when the condition is satisfied. A rule also has a rule type that is used by the distribution system to identify the security components that are responsible for enforcing the rules. To distribute the security policies that have been received at a host computer system, the firewall agent identifies to which enforcement engine a rule applies based in part on rule type. The firewall agent then distributes the rule to the identified enforcement engine, which then enforces the rule.

摘要翻译： 提供了分发和执行安全策略的方法和系统。 在要被保护的主机计算机系统上执行的防火墙代理接收负责执行主机计算机系统上的安全策略的执行引擎的安全策略。 安全策略具有规则，每个条件在条件满足时提供要执行的条件和操作。 规则还具有由分发系统用于识别负责执行规则的安全组件的规则类型。 为了分发在主机计算机系统上接收到的安全策略，防火墙代理将部分基于规则类型标识适用于哪个执行引擎。 防火墙代理然后将规则分发到所识别的强制引擎，然后执行该规则。

公开(公告)号：US07509493B2

公开(公告)日：2009-03-24

申请号：US10993688

申请日：2004-11-19

申请人： Shirish Koti ,  Narasimha Rao S. S. Nagampalli ,  Maxim Alexandrovich Ivanov ,  Sachin C. Sheth ,  Emanuel Paleologu ,  Yun Lin ,  Eric Erwin Youngblut

发明人： Shirish Koti ,  Narasimha Rao S. S. Nagampalli ,  Maxim Alexandrovich Ivanov ,  Sachin C. Sheth ,  Emanuel Paleologu ,  Yun Lin ,  Eric Erwin Youngblut

IPC分类号： G06F9/00 ,  H04L9/00

CPC分类号： H04L63/0218 ,  H04L63/0263 ,  H04L63/20

摘要： A method and system for distributing and enforcing security policies is provided. A firewall agent executing at a host computer system that is to be protected receives security policies for the enforcement engines responsible for enforcing the security policies on the host computer system. A security policy has rules that each provide a condition and action to be performed when the condition is satisfied. A rule also has a rule type that is used by the distribution system to identify the security components that are responsible for enforcing the rules. To distribute the security policies that have been received at a host computer system, the firewall agent identifies to which enforcement engine a rule applies based in part on rule type. The firewall agent then distributes the rule to the identified enforcement engine, which then enforces the rule.

摘要翻译： 提供了分发和执行安全策略的方法和系统。 在要被保护的主机计算机系统上执行的防火墙代理接收负责执行主机系统上的安全策略的执行引擎的安全策略。 安全策略具有规则，每个条件在条件满足时提供要执行的条件和操作。 规则还具有由分发系统用于识别负责执行规则的安全组件的规则类型。 为了分发在主机计算机系统上接收到的安全策略，防火墙代理将部分基于规则类型标识适用于哪个执行引擎。 防火墙代理然后将规则分发到所识别的强制引擎，然后执行该规则。

公开(公告)号：US07536542B2

公开(公告)日：2009-05-19

申请号：US11040164

申请日：2005-01-19

申请人： Sachin C. Sheth ,  Shirish Koti ,  Vadim Eydelman ,  Nelamangala Krishnaswamy Srinivas

发明人： Sachin C. Sheth ,  Shirish Koti ,  Vadim Eydelman ,  Nelamangala Krishnaswamy Srinivas

IPC分类号： H04L9/00

CPC分类号： G06F9/4486 ,  G06F2209/542

摘要： A method and system for intercepting communications between a transport client and a transport provider is provided. An interceptor system registers to intercept calls made by the transport client to functions of the transport provider. The interceptor system also replaces callbacks of the transport client so that calls from the transport provider intended for the transport client can be intercepted. When the interceptor system intercepts the call, it provides an indication of the call to a processing component. The processing component may analyze the call and determine whether the call should be allowed or denied. The interceptor system then proceeds to process the call in accordance with the indication of the processing component.

摘要翻译： 提供了一种用于拦截传输客户端和传输提供者之间的通信的方法和系统。 拦截器系统注册以拦截由传输客户端对传输提供者的功能所做的呼叫。 拦截器系统还替换传输客户端的回调，以便可以拦截来自传输提供者的用于传输客户端的呼叫。 当拦截器系统拦截呼叫时，它提供对处理组件的呼叫的指示。 处理组件可以分析呼叫并确定呼叫是否应被允许或被拒绝。 拦截器系统然后根据处理组件的指示继续处理呼叫。

公开(公告)号：US20090172774A1

公开(公告)日：2009-07-02

申请号：US12402448

申请日：2009-03-11

申请人： Shirish R. Koti ,  Narasimha Rao S.S. Nagampalli ,  Maxim A. Ivanov ,  Sachin C. Sheth ,  Emanuel Paleologu ,  Yun Lin ,  Eric E. Youngblut

发明人： Shirish R. Koti ,  Narasimha Rao S.S. Nagampalli ,  Maxim A. Ivanov ,  Sachin C. Sheth ,  Emanuel Paleologu ,  Yun Lin ,  Eric E. Youngblut

IPC分类号： G06F21/00

CPC分类号： H04L63/0218 ,  H04L63/0263 ,  H04L63/20

摘要： A method and system for distributing and enforcing security policies is provided. A firewall agent executing at a host computer system that is to be protected receives security policies for the enforcement engines responsible for enforcing the security policies on the host computer system. A security policy has rules that each provide a condition and action to be performed when the condition is satisfied. A rule also has a rule type that is used by the distribution system to identify the security components that are responsible for enforcing the rules. To distribute the security policies that have been received at a host computer system, the firewall agent identifies to which enforcement engine a rule applies based in part on rule type. The firewall agent then distributes the rule to the identified enforcement engine, which then enforces the rule.

摘要翻译： 提供了分发和执行安全策略的方法和系统。 在要被保护的主机计算机系统上执行的防火墙代理接收负责执行主机计算机系统上的安全策略的执行引擎的安全策略。 安全策略具有规则，每个条件在条件满足时提供要执行的条件和操作。 规则还具有由分发系统用于识别负责执行规则的安全组件的规则类型。 为了分发在主机计算机系统上接收到的安全策略，防火墙代理将部分基于规则类型标识适用于哪个执行引擎。 防火墙代理然后将规则分发到所识别的强制引擎，然后执行该规则。

公开(公告)号：US07353381B2

公开(公告)日：2008-04-01

申请号：US10453089

申请日：2003-06-03

申请人： Sachin C. Sheth ,  Mohammad Shabbir Alam ,  Arun Ayyagari ,  Abhishek Abhishek

发明人： Sachin C. Sheth ,  Mohammad Shabbir Alam ,  Arun Ayyagari ,  Abhishek Abhishek

IPC分类号： H04L9/00

CPC分类号： H04L63/08

摘要： A supplicant on a first computing system authenticating the first computing system to an authenticator on a second computing system in a manner that is independent of the underlying data link and physical layer protocols. The first computing system establishes a data link layer connection with the second computing system using specific data link and physical layer protocols. The supplicant on the first computing system and the authenticator on the second computing system then receive an indication that the data link layer connection has been established. The supplicant determines that authentication is to occur with the authenticator, and vice versa. The supplicant (and the authenticator) then instructs that authentication is to occur in a manner that is independent of the underlying data link and physical layer protocols used to establish the connection.

摘要翻译： 第一计算系统上的请求者以独立于底层数据链路和物理层协议的方式将第一计算系统认证到第二计算系统上的认证器。 第一计算系统使用特定数据链路和物理层协议与第二计算系统建立数据链路层连接。 第一计算系统上的请求者和第二计算系统上的认证器接收到已建立数据链路层连接的指示。 请求者确定认证是与认证者一起发生的，反之亦然。 请求者（和认证者）然后指示认证将以独立于用于建立连接的底层数据链路和物理层协议的方式进行。

公开(公告)号：US07120129B2

公开(公告)日：2006-10-10

申请号：US09805500

申请日：2001-03-13

申请人： Arun Ayyagari ,  Sachin C. Sheth ,  Krishna Ganugapati ,  Timothy M. Moore ,  Pradeep Bahl ,  Mihai S. Peicu ,  Florin Teodorescu

发明人： Arun Ayyagari ,  Sachin C. Sheth ,  Krishna Ganugapati ,  Timothy M. Moore ,  Pradeep Bahl ,  Mihai S. Peicu ,  Florin Teodorescu

IPC分类号： H04L12/28 ,  H04Q7/20

CPC分类号： H04L63/08 ,  H04W8/005 ,  H04W12/06 ,  H04W28/18 ,  H04W48/18 ,  H04W84/18

摘要： A system and method for enabling a zero configuration nomadic wireless and wired computing environment presenting a just works experience is presented. The system examines predefined user preference or profile settings to determine to which of a competing number of wireless networks available it should connect, and what type of authentication should be used for such connection. Nomadic wireless computing between infrastructure wireless networks and ad hoc wireless networks may be accomplished without further user intervention required in an auto mode. Also, both infrastructure only and ad hoc only modes are available through the system of the invention. Further, the user may set a preference for infrastructure or ad hoc modes in the auto mode. With an infrastructure mode preference set, the system will automatically detect and transfer connectivity to a newly available infrastructure wireless network if the user was previously operating off-line or in ad hoc mode.

公开(公告)号：US08135741B2

公开(公告)日：2012-03-13

申请号：US11231352

申请日：2005-09-20

申请人： Bhupinder S. Sethi ,  Sachin C. Sheth

发明人： Bhupinder S. Sethi ,  Sachin C. Sheth

IPC分类号： G06F7/00 ,  G06F17/30

CPC分类号： G06F17/30106 ,  G06F9/54 ,  G06F2209/542

摘要： A method and system for tracking context information of a service provider and interceptors of service provider requests is provided. An interceptor modifies a portion of service provider context information to reference interceptor context information associated with a client. When the client requests a service of the service provider, the client provides the modified service provider context information along with the request. The interceptor uses the reference of the modified portion of the service provider context information to retrieve its context information. The interceptor then restores the modified portion of the service provider context information to the original unmodified portion, which the interceptor retained as part of its context information. The interceptor then forwards the request along with the original service provider context information to the service provider.

摘要翻译： 提供了一种用于跟踪服务提供商的上下文信息和服务提供商请求的拦截器的方法和系统。 拦截器修改服务提供者上下文信息的一部分，以引用与客户端相关联的拦截器上下文信息。 当客户端请求服务提供商的服务时，客户端提供经修改的服务提供商上下文信息以及请求。 拦截器使用服务提供者上下文信息的修改部分的引用来检索其上下文信息。 拦截器然后将服务提供者上下文信息的修改部分恢复到原始未修改部分，拦截器作为其上下文信息的一部分保留。 拦截器然后将请求与原始服务提供者上下文信息一起转发给服务提供商。

公开(公告)号：US20120166527A1

公开(公告)日：2012-06-28

申请号：US13412325

申请日：2012-03-05

申请人： Bhupinder S. Sethi ,  Sachin C. Sheth

发明人： Bhupinder S. Sethi ,  Sachin C. Sheth

IPC分类号： G06F15/16

CPC分类号： G06F9/54 ,  G06F16/148 ,  G06F2209/542

摘要： A method and system for tracking context information of a service provider and interceptors of service provider requests is provided. An interceptor modifies a portion of service provider context information to reference interceptor context information associated with a client. When the client requests a service of the service provider, the client provides the modified service provider context information along with the request. The interceptor uses the reference of the modified portion of the service provider context information to retrieve its context information. The interceptor then restores the modified portion of the service provider context information to the original unmodified portion, which the interceptor retained as part of its context information. The interceptor then forwards the request along with the original service provider context information to the service provider.

公开(公告)号：US07257836B1

公开(公告)日：2007-08-14

申请号：US09694514

申请日：2000-10-23

申请人： Timothy M. Moore ,  Arun Ayyagari ,  Sachin C. Sheth ,  Pradeep Bahl

发明人： Timothy M. Moore ,  Arun Ayyagari ,  Sachin C. Sheth ,  Pradeep Bahl

IPC分类号： G06F7/04 ,  G06F15/16 ,  H04K1/00 ,  H04L9/00

CPC分类号： H04L63/0823 ,  G06F21/33 ,  G06F2221/2129 ,  G06F2221/2149 ,  H04L63/162 ,  H04L63/166 ,  H04W12/06 ,  H04W88/02

摘要： A method for setting up and managing secure data/audio/video links with secure key exchanges, authentication and authorization is described. An embodiment of the invention enables establishment of a secure link with limited privileges using the machine identifier of a trusted machine. This is particularly useful if the user of the machine does not have a user identifying information suitable for authentication. Furthermore, the presentation of a default user identifying information by a user advantageously initiates intervention by a system administrator instead of a blanket denial. This decentralized procedure allows new users access to the network without having to physically access a centralized facility to present their credentials. Another embodiment of the invention enables a remote user to connect to a secure network with limited privileges.

摘要翻译： 描述了通过安全密钥交换，认证和授权建立和管理安全数据/音频/视频链路的方法。 本发明的实施例使得能够使用受信任机器的机器标识符来建立具有有限权限的安全链路。 如果机器的用户没有适合于认证的用户识别信息，这是特别有用的。 此外，由用户识别信息的默认用户的呈现有利地启动系统管理员的干预，而不是一致拒绝。 这种分散式过程允许新用户访问网络，而无需物理访问集中式设施来呈现其凭据。 本发明的另一实施例使得远程用户能够以有限的权限连接到安全网络。