-
公开(公告)号:US20080120690A1
公开(公告)日:2008-05-22
申请号:US11601155
申请日:2006-11-17
IPC分类号: G06F21/00
CPC分类号: G06F21/57 , G06F2221/2149
摘要: If a service detects that a state of a computer system deviates from an acceptable state, the computer system can be prevented from accessing network resources or locations, except for those network resources or locations that would bring the state into compliance. Monitored states can include whether applications or the operating system have been properly purchased, whether they have been properly updated, and whether they are being properly used given the environment of their usage. Network restrictions can be implemented through a parental control mechanism, a domain name service mechanism, or other like mechanisms, and can include redirection to appropriate network resources or locations.
摘要翻译: 如果服务检测到计算机系统的状态偏离可接受状态,则可以防止计算机系统访问网络资源或位置,除了将使状态符合的那些网络资源或位置。 受监视的状态可以包括应用程序或操作系统是否已正确购买,是否已正确更新,以及是否在使用环境中正确使用它们。 网络限制可以通过家长控制机制,域名服务机制或其他类似的机制实现,并且可以包括重定向到适当的网络资源或位置。
-
公开(公告)号:US07603708B2
公开(公告)日:2009-10-13
申请号:US11181376
申请日:2005-07-13
CPC分类号: H04L63/1441 , H04L63/101
摘要: A computer system having secured network services is presented. The computer system comprises a processor, a memory, and a network action processing module. The network action processing module processes network actions from one or more network services executing on the computer system. The computer system is further configured to execute at least network service performing network actions in conjunction with the network action processing module. Upon receiving a network action from a network service, the network action processing module determines whether the network action is a valid network action according to a network action control list. If the network action is determined to not be a valid network action, the network action is blocked. Alternatively, if the network action is determined to be a valid network action, the network action is permitted to be completed.
摘要翻译: 提出了一种具有安全网络服务的计算机系统。 计算机系统包括处理器,存储器和网络动作处理模块。 网络动作处理模块处理来自在计算机系统上执行的一个或多个网络服务的网络动作。 该计算机系统进一步被配置为至少执行网络服务,与网络动作处理模块一起执行网络动作。 网络动作处理模块从网络服务接收到网络动作后,根据网络动作控制列表判断网络动作是否为有效的网络动作。 如果网络动作被确定为不是有效的网络动作,则网络动作被阻止。 或者,如果网络动作被确定为有效的网络动作,则允许网络动作被完成。
-
3.发明授权Method and system for troubleshooting when a program is adversely impacted by a security policy 有权用于在程序受到安全策略的不利影响时进行故障排除的方法和系统公开(公告)号:US07707619B2
公开(公告)日:2010-04-27
申请号:US11045733
申请日:2005-01-28
申请人: Art Shelest , Pradeep Bahl , Scott A. Field
发明人: Art Shelest , Pradeep Bahl , Scott A. Field
IPC分类号: H04L29/00
CPC分类号: H04L63/10 , G06F11/079 , G06F21/53 , G06F21/554
摘要: A method and system for selectively excluding a program from a security policy is provided. The security system receives from a user an indication of a program with a problem that is to be excluded from the security policy. When the program executes and a security enforcement event occurs, the security system does not apply the security policy. If the problem appears to be resolved as a result of excluding the program from the security policy, then the user may assume that the security policy is the cause of the problem.
摘要翻译: 提供了一种用于从安全策略中选择性地排除程序的方法和系统。 安全系统从用户接收到具有要从安全策略中排除的问题的程序的指示。 当程序执行并发生安全执行事件时,安全系统不应用安全策略。 如果由于从安全策略中排除程序,问题似乎得到解决,那么用户可能认为安全策略是问题的原因。
-
公开(公告)号:US08909743B2
公开(公告)日:2014-12-09
申请号:US13157089
申请日:2011-06-09
申请人: Pradeep Bahl
发明人: Pradeep Bahl
IPC分类号: G06F15/177 , H04L29/12
CPC分类号: H04L61/1511 , H04L29/12066 , H04L29/12301 , H04L61/2015 , H04L61/2076
摘要: A framework and method are disclosed for supporting changed addresses by mobile network nodes. Such support is provided through enhancements to the mobile network nodes and utilizes DNS servers, Dynamic Host Configuration Protocol (DHCP), and virtual private network (VPN) servers—or their functional equivalents—to dynamically assign a current network address to a mobile node, provide the current network address to an authoritative name server, and thereafter have correspondent nodes update their addresses for the mobile node based upon an address provided by the authoritative name server. A mobile node registers all of its name-to-address mappings with its authoritative DNS server using a time to live of zero. Furthermore, when a mobile node moves outside its home security domain, the mobile node initiates a virtual private network connection to a virtual private server for a security domain.
摘要翻译: 公开了用于支持移动网络节点改变的地址的框架和方法。 通过对移动网络节点的增强来提供这样的支持,并且利用DNS服务器,动态主机配置协议(DHCP)和虚拟专用网络(VPN)服务器或其功能等效物来动态地为移动节点分配当前网络地址, 将当前网络地址提供给权威的名称服务器,然后基于由权威名称服务器提供的地址,对应节点更新其移动节点的地址。 移动节点通过其权威DNS服务器将所有名称与地址映射注册为零。 此外,当移动节点移动到其家庭安全域之外时,移动节点发起到用于安全域的虚拟专用服务器的虚拟专用网络连接。
-
公开(公告)号:US08676969B2
公开(公告)日:2014-03-18
申请号:US13300743
申请日:2011-11-21
IPC分类号: G06F15/173
CPC分类号: H04L43/08 , H04L41/00 , H04L41/0233 , H04L41/0803 , H04L41/0853 , H04L41/12 , H04L41/14 , H04L41/145 , H04L41/28 , H04L63/20
摘要: Network DNA may be determined for a computer network that taxonomically classifies the computer network. Network DNA may include derived network DNA components and raw network DNA components. Raw network DNA components may be acquired from local or remote sources. Derived network DNA components may be generated according to derived network DNA component specifications. Derived network DNA component specifications may reference raw network DNA components. Network DNA determined for the computer network may include a network species component capable of indicating network species classifications for computer networks. Network species classifications may include enterprise network, home network and public place network. Network species classifications may be determined as a function of network security, network management and network addressing. One or more network DNA stores may be configured to store network DNA for computer networks. Network DNA stores may store network DNA history as well as current network DNA.
摘要翻译: 可以为对计算机网络进行分类分类的计算机网络确定网络DNA。 网络DNA可以包括衍生的网络DNA组分和原始网络DNA组分。 原始网络DNA组件可以从本地或远程来源获取。 衍生网络DNA组分可以根据衍生网络DNA组分规格生成。 衍生网络DNA组件规范可以参考原始网络DNA组件。 为计算机网络确定的网络DNA可以包括能够指示计算机网络的网络物种分类的网络物种组件。 网络物种分类可能包括企业网络,家庭网络和公共场所网络。 网络物种分类可以根据网络安全,网络管理和网络寻址来确定。 一个或多个网络DNA存储可以被配置为存储用于计算机网络的网络DNA。 网络DNA存储可以存储网络DNA历史以及当前的网络DNA。
-
公开(公告)号:US20110131658A1
公开(公告)日:2011-06-02
申请号:US13023518
申请日:2011-02-08
申请人: Pradeep Bahl
发明人: Pradeep Bahl
IPC分类号: G06F21/00
CPC分类号: G06F21/577 , H04L41/28 , H04L63/1416
摘要: A dynamic risk management system for operating systems that provides monitoring, detection, assessment, and follow-up action to reduce the risk whenever it rises. The system enables an operating system to protect itself automatically in dynamic environments. The risk management system monitors a diverse set of attributes of the system which determines the security state of the system and is indicative of the risk the system is under. Based on a specification of risk levels for the various attributes and for their combinations, the risk management system determines whether one or more actions are required to alleviate the overall risk to the system.
摘要翻译: 操作系统的动态风险管理系统,提供监控,检测,评估和后续行动,以便在风险上升时降低风险。 该系统使操作系统能够在动态环境中自动保护自身。 风险管理系统监视系统的各种属性集,该属性决定系统的安全状态,并指示系统所处的风险。 基于各种属性及其组合的风险级别规范,风险管理系统确定是否需要一个或多个动作来减轻系统的整体风险。
-
7.发明授权公开(公告)号:US07610057B2
公开(公告)日:2009-10-27
申请号:US10830516
申请日:2004-04-23
申请人: Pradeep Bahl , Paramvir Bahl , Amer Hassan
发明人: Pradeep Bahl , Paramvir Bahl , Amer Hassan
CPC分类号: H04W88/06 , H04L12/5692
摘要: Criteria-driven methods and a framework are disclosed that facilitate configuration/selection of one or more wireless network interfaces/networks for carrying out wireless communications on a computing device. The wireless network interface selection and coexistence driver architecture described herein facilitates automated selection of a particular mode of network access based upon status information provided by a set of network interface drivers associated with particular network interfaces and wireless technologies. Furthermore, a criteria-driven interface/network selection framework is described that is potentially invoked in a variety of situations including, but not limited to, when an application is invoked or to select another interface/network to avoid detected interference.
摘要翻译: 公开了标准驱动的方法和框架,其促进用于在计算设备上执行无线通信的一个或多个无线网络接口/网络的配置/选择。 这里描述的无线网络接口选择和共存驱动器架构基于由与特定网络接口和无线技术相关联的一组网络接口驱动器提供的状态信息来促进对特定模式的网络访问的自动选择。 此外,描述了在各种情况下可能调用的标准驱动的接口/网络选择框架,包括但不限于当应用被调用时或者选择另一个接口/网络以避免检测到的干扰。
-
公开(公告)号:US07505756B2
公开(公告)日:2009-03-17
申请号:US10778849
申请日:2004-02-13
申请人: Pradeep Bahl
发明人: Pradeep Bahl
IPC分类号: H04M1/66
摘要: Methods and systems are provided for dynamically subscribing for access to a wireless wide-area network via an online process. Subscription information and user credentials are digitally transmitted by a network carrier to a networking device and is stored locally by the device in a SmartCard, other portable medium, or on the device's hard drive. The locally stored credentials and information may subsequently be updated wirelessly. No human interaction is required to subscribe, and access may be limited by a variety of criteria. A subscription may be used to access networks operated by multiple network carriers.
摘要翻译: 提供的方法和系统用于通过在线处理来动态地订阅对无线广域网的访问。 订阅信息和用户凭证由网络运营商数字地传输到网络设备,并由设备本地存储在智能卡,其他便携式媒体或设备的硬盘驱动器上。 随后可以无线地更新本地存储的凭证和信息。 订阅不需要人为的互动,并且访问可能受到各种标准的限制。 可以使用订阅来访问由多个网络运营商操作的网络。
-
公开(公告)号:US20070016945A1
公开(公告)日:2007-01-18
申请号:US11183317
申请日:2005-07-15
申请人: Charles Bassett , Eran Yariv , Ian Carbaugh , Lokesh Koppolu , Maksim Noy , Sarah Wahlert , Pradeep Bahl
发明人: Charles Bassett , Eran Yariv , Ian Carbaugh , Lokesh Koppolu , Maksim Noy , Sarah Wahlert , Pradeep Bahl
IPC分类号: G06F15/16
CPC分类号: H04L63/0263 , H04L63/20
摘要: A method and system for creating security policies for firewall and connection policies in an integrated manner is provided. The security system provides a user interface through which a user can define a security rule that specifies both a firewall policy and a connection policy. After the security rule is specified, the security system automatically generates a firewall rule and a connection rule to implement the security rule. The security system provides the firewall rule to a firewall engine that is responsible for enforcing the firewall rules and provides the connection rule to an IPsec engine that is responsible for enforcing the connection rules.
摘要翻译: 提供了以综合方式为防火墙和连接策略创建安全策略的方法和系统。 安全系统提供用户界面,用户可以通过该界面定义指定防火墙策略和连接策略的安全规则。 指定安全规则后,安全系统自动生成防火墙规则和连接规则,实现安全规则。 安全系统向防火墙引擎提供防火墙规则,该引擎负责执行防火墙规则,并向负责执行连接规则的IPsec引擎提供连接规则。
-
公开(公告)号:US20060047791A1
公开(公告)日:2006-03-02
申请号:US11206380
申请日:2005-08-18
申请人: Pradeep Bahl
发明人: Pradeep Bahl
IPC分类号: G06F15/177
CPC分类号: H04L61/2015
摘要: Presented is a system and method for providing centralized address management of static IP addresses through the dynamic host control protocol. Static or permanent IP addresses are those addresses assigned by DHCP having an infinite lease time. The assignment of such static IP addresses follows the conventional DHCP mechanism for the assignment of other IP addresses. However, the centralized reclamation of a statically or permanently assigned IP address by a network administrator through the DHCP server presents novel aspects of the invention heretofore unknown. Specifically, through the system and method of the present invention, the DHCP server is capable of reclaiming at any point in time, a statically or permanently assigned IP address by transmitting a DHCP RECLAIM command to the DHCP client, or through its relay agent. In the normal situation, the DHCP client acknowledges the RECLAIM command, allowing the IP address to be placed in the FREE state. If, however, the DHCP client does not respond or the responses are not received by the DHCP server, the DHCP server marks the state of the IP address as DEPRECATED. The state of the IP address will be changed from DEPRECATED to FREE once a number of retries of the RECLAIM process has been completed, or a maximum period of time has passed. Security mechanisms to prevent a malicious attacker from reclaiming static IP address from DHCP clients are also presented.
-
-
-
-
-
-
-
-
-
搜索结果
86 条记录 (耗时 0.03 秒)
