-
公开(公告)号:US20070180491A1
公开(公告)日:2007-08-02
申请号:US11341279
申请日:2006-01-27
申请人: Ron Mevissen , Mark Gilbert
发明人: Ron Mevissen , Mark Gilbert
IPC分类号: H04L9/32
CPC分类号: H04L63/10 , H04L63/105 , H04L63/20
摘要: Various technologies and techniques are disclosed that provide a centralized model to assign, monitor, and manage security on home electronic devices. A three-dimensional security matrix uses a role-based model that allows users to map security into groupings. Users can be assigned security levels based on application role (what activity is involved), user role (what each family member or guest is allowed to do), and device role (what this device is allowed to do while preserving system integrity). An authorization service determines whether a particular activity requested by the user should be granted or denied based upon whether the user has authorization to access the particular activity and whether the particular device can support the particular activity without comprising the security of the network.
摘要翻译: 公开了提供集中式模型以分配,监视和管理家用电子设备的安全性的各种技术和技术。 三维安全矩阵使用基于角色的模型,允许用户将安全性映射到分组中。 用户可以根据应用程序角色(涉及哪些活动),用户角色(每个家庭成员或访客被允许做什么)以及设备角色(该设备在保持系统完整性的同时可以做什么)分配安全级别。 授权服务基于用户是否具有访问特定活动的权限以及特定设备是否可以支持特定活动而不包括网络的安全性来确定用户请求的特定活动是否应被授予或拒绝。
-
公开(公告)号:US20070039039A1
公开(公告)日:2007-02-15
申请号:US11201232
申请日:2005-08-10
申请人: Mark Gilbert , Ron Mevissen
发明人: Mark Gilbert , Ron Mevissen
IPC分类号: H04L9/32
CPC分类号: H04L63/10 , G06F21/6218 , G06F2221/2101 , G06F2221/2129 , G06F2221/2149 , H04L63/06 , H04L63/08 , H04L63/0853 , H04L63/0876
摘要: The invention provides for authorization of devices entering a network. A new device entering a network sends an authorization request. Another device in the network may receive the request and display a User Interface (UI) which prompts the user to approve the device. The user can use a device identifier provided by the new device in approving the new device. Assuming the identifier provided by the new device matches an identifier accessible by the authorizing device, the user authorizes the new device. A key is then generated for the new device, which allows access to an appropriate range of network services. Authorization decisions can be synchronized among the various devices in a network, so even if an authorizing device leaves the network, the new device key can be validated. A security service can be replicated in a new device once the device is authorized to access the network.
摘要翻译: 本发明提供了进入网络的设备的授权。 进入网络的新设备发送授权请求。 网络中的另一设备可以接收该请求并显示一个用户界面(UI),提示用户批准该设备。 用户可以使用新设备提供的设备标识符来批准新设备。 假设由新设备提供的标识符与授权设备可访问的标识符匹配,则用户授权新设备。 然后为新设备生成密钥,这允许访问适当范围的网络服务。 授权决定可以在网络中的各种设备之间同步,因此即使授权设备离开网络,新的设备密钥也可以被验证。 一旦设备被授权访问网络,安全服务就可以在新设备中复制。
-
公开(公告)号:US07992190B2
公开(公告)日:2011-08-02
申请号:US11341279
申请日:2006-01-27
申请人: Ron Mevissen , Mark Gilbert
发明人: Ron Mevissen , Mark Gilbert
IPC分类号: G06F17/30
CPC分类号: H04L63/10 , H04L63/105 , H04L63/20
摘要: Various technologies and techniques are disclosed that provide a centralized model to assign, monitor, and manage security on home electronic devices. A three-dimensional security matrix uses a role-based model that allows users to map security into groupings. Users can be assigned security levels based on application role (what activity is involved), user role (what each family member or guest is allowed to do), and device role (what this device is allowed to do while preserving system integrity). An authorization service determines whether a particular activity requested by the user should be granted or denied based upon whether the user has authorization to access the particular activity and whether the particular device can support the particular activity without comprising the security of the network.
摘要翻译: 公开了提供集中式模型以分配,监视和管理家用电子设备的安全性的各种技术和技术。 三维安全矩阵使用基于角色的模型,允许用户将安全性映射到分组中。 用户可以根据应用程序角色(涉及哪些活动),用户角色(每个家庭成员或访客被允许做什么)以及设备角色(该设备在保持系统完整性的同时可以做什么)分配安全级别。 授权服务基于用户是否具有访问特定活动的权限以及特定设备是否可以支持特定活动而不包括网络的安全性来确定用户请求的特定活动是否应被授予或拒绝。
-
公开(公告)号:US20090147795A1
公开(公告)日:2009-06-11
申请号:US12300296
申请日:2007-03-26
申请人: Ron Mevissen , Friedrich van Megen
发明人: Ron Mevissen , Friedrich van Megen
IPC分类号: H04L12/56
CPC分类号: H04L29/06
摘要: A network address translator (NAT) can be provided as part of a gateway between a private network and a public network. In situations where an entity in a private network requires establishment of a TCP connection to another entity in a separate private network, it is often the case that two NATs must be traversed one for each private network. In addition, these NATs may have associated one-way firewalls which block unsolicited incoming connections but allow outgoing connections. In this type of situation it is difficult to establish a TCP connection directly between the two entities in a simple and effective manner. We describe a method for achieving this which makes use of a redirection server in the public network to establish the connection but not to carry traffic during the communication session. We exploit features of the TCP simultaneous open process to establish a TCP connection directly between the entities.
摘要翻译: 可以将网络地址转换器(NAT)作为私有网络和公共网络之间的网关的一部分提供。 在私有网络中的实体需要在单独的专用网络中建立到另一实体的TCP连接的情况下,通常每个私有网络必须遍历两个NAT。 此外,这些NAT可能具有阻止未经请求的传入连接但允许传出连接的相关联的单向防火墙。 在这种情况下,很难以简单有效的方式直接在两个实体之间建立TCP连接。 我们描述了实现这一点的方法,其利用公共网络中的重定向服务器建立连接,但是在通信会话期间不携带业务。 我们利用TCP同时打开进程的特性,直接在实体之间建立TCP连接。
-
公开(公告)号:US07685303B2
公开(公告)日:2010-03-23
申请号:US11358600
申请日:2006-02-21
申请人: Ron Mevissen
发明人: Ron Mevissen
IPC分类号: G06F15/173 , G06F15/16 , H04L12/28 , G06F17/30
CPC分类号: G06F9/465 , G06F2209/462
摘要: An object-oriented programming framework allows developers to write applications for services and devices that are automatically “discoverable” by applications associated with other devices and services on a network. An attribute is added to a class in an application or web service object and an associated, generic discoverable base class is appended to the application to make the application discoverable on the network. The discovery framework imposes minimal requirements on the application in which it is embedded, so nearly every application can be converted into a “discoverable” application. The discovery protocol-dependent details are hidden from the application itself, so exchanging the discovery protocol can be done without affecting the application.
摘要翻译: 面向对象的编程框架允许开发人员为与网络上的其他设备和服务相关联的应用程序自动“可发现”的服务和设备编写应用程序。 将属性添加到应用程序或Web服务对象中的类中,并将相关联的通用可发现基类附加到应用程序,以使应用程序在网络上可发现。 发现框架对其嵌入的应用程序施加最小的需求,因此几乎每个应用程序都可以转换为“可发现”应用程序。 发现协议依赖的细节从应用程序本身隐藏,因此可以在不影响应用的情况下完成发现协议的交换。
-
公开(公告)号:US20070198732A1
公开(公告)日:2007-08-23
申请号:US11358600
申请日:2006-02-21
申请人: Ron Mevissen
发明人: Ron Mevissen
IPC分类号: G06F15/16
CPC分类号: G06F9/465 , G06F2209/462
摘要: An object-oriented programming framework allows developers to write applications for services and devices that are automatically “discoverable” by applications associated with other devices and services on a network. An attribute is added to a class in an application or web service object and an associated, generic discoverable base class is appended to the application to make the application discoverable on the network. The discovery framework imposes minimal requirements on the application in which it is embedded, so nearly every application can be converted into a “discoverable” application. The discovery protocol-dependent details are hidden from the application itself, so exchanging the discovery protocol can be done without affecting the application.
摘要翻译: 面向对象的编程框架允许开发人员为与网络上的其他设备和服务相关联的应用程序自动“可发现”的服务和设备编写应用程序。 将属性添加到应用程序或Web服务对象中的类中,并将相关联的通用可发现基类附加到应用程序,以使应用程序在网络上可发现。 发现框架对其嵌入的应用程序施加最小的需求,因此几乎每个应用程序都可以转换为“可发现”应用程序。 发现协议依赖的细节从应用程序本身隐藏,因此可以在不影响应用的情况下完成发现协议的交换。
-
-
-
-
-
搜索结果
6 条记录 (耗时 0.015 秒)
