-
1.发明授权公开(公告)号:US09443084B2
公开(公告)日:2016-09-13
申请号:US12338268
申请日:2008-12-18
CPC分类号: G06F21/577 , G06F21/31 , G06F21/33 , G06F2221/2129 , H04L63/08 , H04L63/1441
摘要: A network with authentication implemented using a client health enforcement framework. The framework is adapted to receive plug-ins on clients that generate health information. Corresponding plug-ins on a server validate that health information. Based on the results of validation, the server may instruct the client to remediate or may authorize an underlying access enforcement mechanism to allow access. A client plug-in that generates authentication information formatted as a statement of health may be incorporated into such a framework. Similarly, on the server, a validator to determine, based on the authentication information, whether the client should be granted network access can be incorporated into the framework. Authentication can be simply applied or modified by changing the plug-ins, while relying on the framework to interface with an enforcement mechanism. Functions of the health enforcement framework can be leveraged to provide authentication-based functionality, such as revoking authorized access after a period of user inactivity or in response to a user command.
摘要翻译: 使用客户端健康执行框架实施认证的网络。 该框架适用于在生成健康信息的客户端上接收插件。 服务器上的相应插件验证该健康信息。 基于验证的结果,服务器可以指示客户端修复或者可以授权底层访问执行机制以允许访问。 生成格式为健康声明的认证信息的客户端插件可以并入到这样的框架中。 类似地,在服务器上,验证器根据认证信息来确定客户端是否被授予网络访问可以并入到框架中。 可以通过更改插件来简单地应用或修改身份验证,同时依靠框架与强制机制进行交互。 可以利用健康执行框架的功能来提供基于身份验证的功能,例如在用户不活动期间或响应于用户命令之后撤销授权访问。
-
公开(公告)号:US20100115578A1
公开(公告)日:2010-05-06
申请号:US12338268
申请日:2008-12-18
CPC分类号: G06F21/577 , G06F21/31 , G06F21/33 , G06F2221/2129 , H04L63/08 , H04L63/1441
摘要: A network with authentication implemented using a client health enforcement framework. The framework is adapted to receive plug-ins on clients that generate health information. Corresponding plug-ins on a server validate that health information. Based on the results of validation, the server may instruct the client to remediate or may authorize an underlying access enforcement mechanism to allow access. A client plug-in that generates authentication information formatted as a statement of health may be incorporated into such a framework. Similarly, on the server, a validator to determine, based on the authentication information, whether the client should be granted network access can be incorporated into the framework. Authentication can be simply applied or modified by changing the plug-ins, while relying on the framework to interface with an enforcement mechanism. Functions of the health enforcement framework can be leveraged to provide authentication-based functionality, such as revoking authorized access after a period of user inactivity or in response to a user command.
摘要翻译: 使用客户端健康执行框架实施认证的网络。 该框架适用于在生成健康信息的客户端上接收插件。 服务器上的相应插件验证该健康信息。 基于验证的结果,服务器可以指示客户端修复或者可以授权底层访问执行机制以允许访问。 生成格式为健康声明的认证信息的客户端插件可以并入到这样的框架中。 类似地,在服务器上,验证器根据认证信息来确定客户端是否被授予网络访问可以并入到框架中。 可以通过更改插件来简单地应用或修改身份验证,同时依靠框架与强制机制进行交互。 可以利用健康执行框架的功能来提供基于身份验证的功能,例如在用户不活动期间或响应于用户命令之后撤销授权访问。
-
公开(公告)号:US20080301647A1
公开(公告)日:2008-12-04
申请号:US11756782
申请日:2007-06-01
申请人: Eugene Neystadt , Nissim Natanov , Meir Shmouely , Yoram Singer
发明人: Eugene Neystadt , Nissim Natanov , Meir Shmouely , Yoram Singer
IPC分类号: G06F9/44
CPC分类号: G06F11/3672
摘要: Systems and methods to deliver malformed data for software application fuzzing are described. In one aspect, a fuzzing engine receives well-formed valid input data from a test automation tool. The received data is for input into a software application to implement a functional test. Responsive to receiving the well-formed valid input data, the fuzzing engine automatically generates corresponding malformed data based on characteristics of the well-formed valid input data. The application is then automatically fuzzed with the malformed data to notify an end-user of any security vulnerabilities in one or more code paths of the application used to process the malformed data.
摘要翻译: 描述了用于提供软件应用程序模糊的畸形数据的系统和方法。 在一个方面,模糊引擎从测试自动化工具接收良好的有效输入数据。 接收到的数据用于输入到软件应用程序中以实现功能测试。 响应于接收到良好的有效输入数据,模糊引擎基于形成良好的有效输入数据的特性自动生成相应的畸形数据。 然后,应用程序会自动使用格式错误的数据进行模糊处理,以通知最终用户在用于处理格式错误的数据的应用程序的一个或多个代码路径中的任何安全漏洞。
-
公开(公告)号:US08336102B2
公开(公告)日:2012-12-18
申请号:US11756782
申请日:2007-06-01
申请人: Eugene Neystadt , Nissim Natanov , Meir Shmouely , Yoram Singer
发明人: Eugene Neystadt , Nissim Natanov , Meir Shmouely , Yoram Singer
CPC分类号: G06F11/3672
摘要: Systems and methods to deliver malformed data for software application fuzzing are described. In one aspect, a fuzzing engine receives well-formed valid input data from a test automation tool. The received data is for input into a software application to implement a functional test. Responsive to receiving the well-formed valid input data, the fuzzing engine automatically generates corresponding malformed data based on characteristics of the well-formed valid input data. The application is then automatically fuzzed with the malformed data to notify an end-user of any security vulnerabilities in one or more code paths of the application used to process the malformed data.
摘要翻译: 描述了用于提供软件应用程序模糊的畸形数据的系统和方法。 在一个方面,模糊引擎从测试自动化工具接收良好的有效输入数据。 接收到的数据用于输入到软件应用程序中以实现功能测试。 响应于接收到良好的有效输入数据,模糊引擎基于形成良好的有效输入数据的特性自动生成相应的畸形数据。 然后,应用程序会自动使用格式错误的数据进行模糊处理,以通知最终用户在用于处理格式错误的数据的应用程序的一个或多个代码路径中的任何安全漏洞。
-
公开(公告)号:US08528069B2
公开(公告)日:2013-09-03
申请号:US13015202
申请日:2011-01-27
申请人: Mark Novak , Yair Tor , Eugene Neystadt , Yoav Yassour , Alexey Efron , Amos Ortal , Daniel Alon , Ran Didi
发明人: Mark Novak , Yair Tor , Eugene Neystadt , Yoav Yassour , Alexey Efron , Amos Ortal , Daniel Alon , Ran Didi
IPC分类号: G06F15/16
CPC分类号: G06F21/335 , G06F21/51 , G06F21/575 , H04L9/3234 , H04L2209/127
摘要: Embodiments of the invention enable a client device to procure trustworthy device claims describing one or more attributes of the client device, have those device claims included in a data structure having a format suitable for processing by an application, and use the data structure which includes the device claims in connection with a request to access the application. The application may use the device claims to drive any of numerous types of application functionality, such as security-related and/or other functionality.
摘要翻译: 本发明的实施例使得客户端设备能够获得描述客户端设备的一个或多个属性的可信赖的设备权利要求,将这些设备权利要求包括在具有适合于应用程序处理的格式的数据结构中,并且使用包括 设备声明涉及访问应用程序的请求。 应用可以使用设备权利要求来驱动许多类型的应用功能中的任何一种,诸如安全相关和/或其他功能。
-
公开(公告)号:US06801603B1
公开(公告)日:2004-10-05
申请号:US09473837
申请日:1999-12-28
申请人: Amos Arev , Yael Shain , Eugene Neystadt
发明人: Amos Arev , Yael Shain , Eugene Neystadt
IPC分类号: H04M164
CPC分类号: H04M3/5307 , H04L51/00 , H04L51/36 , H04M3/53325 , H04M2201/60
摘要: Method and apparatus for providing a centralized access, in real-time, to messages received in, or sent from two or more mail accounts of a user. Data related to incoming and/or outgoing messages from one or more accounts of the user is continuously aggregating and/or stored in real-time. The user accesses each aggregated message received in, or sent from one or more accounts, from each of the accounts. The status of the user's aggregated updated and/or outgoing messages may be continuously updated and/or displayed to the user, in real-time.
摘要翻译: 实时地提供对用户的两个或多个邮件帐户中接收或发送的消息的集中访问的方法和装置。 与来自用户的一个或多个帐户的传入和/或输出消息有关的数据正在不断地聚合和/或实时存储。 用户访问从每个帐户接收或从一个或多个帐户发送的每个聚合消息。 可以实时地向用户持续更新和/或显示用户聚合的更新和/或传出消息的状态。
-
-
-
-
-
搜索结果
6 条记录 (耗时 0.02 秒)
