-
1.发明授权公开(公告)号:US11729004B2
公开(公告)日:2023-08-15
申请号:US17475397
申请日:2021-09-15
申请人: Sanket Panchamia , Kanupriya Pandey , Mehdi Entezari , Sachin B Patil , Amith Kk , Robert A Johnson
发明人: Sanket Panchamia , Kanupriya Pandey , Mehdi Entezari , Sachin B Patil , Amith Kk , Robert A Johnson
CPC分类号: H04L9/3268 , H04L9/083 , H04L9/0891 , H04L9/3215 , H04L9/50
摘要: Methods and systems for remote dynamic isolation of IoT devices are provided. One system includes a first IoT device and a second IoT device configured with an active communication channel with the first IoT device and a role certificate. An operator device is configured to interact with a distributed ledger to issue and revoke role certificates for a plurality of devices including the first IoT device and the second IoT device. The first IoT device periodically validates a role certificate proof received from the second IoT device with an entry of the role certificate proof recorded on the distributed ledger.
-
公开(公告)号:US20150381568A1
公开(公告)日:2015-12-31
申请号:US14474459
申请日:2014-09-02
CPC分类号: H04L63/0272 , G06F9/45533 , G06F21/105 , G06Q10/10 , H04L63/0209 , H04L63/029 , H04L63/04 , H04L63/0485 , H04L63/08 , H04L63/164
摘要: A system and method of managing secure integration of a cloud-based computing resource with a private domain are disclosed. One system includes a hybrid cloud arrangement including a plurality of virtual machines, the plurality of virtual machines including at least a first virtual machine within the private domain and a second virtual machine within a public cloud. The system also includes a virtual data relay within the private domain and associated with the second virtual machine. The virtual data relay includes a private domain interface used to establish a secure communication link according to a first security protocol with each virtual machine within the private domain that is a member of a community of interest, the virtual data relay assigned a community of interest key used by the private domain interface and defining the community of interest of which the second virtual machine is a member. The virtual data relay also includes a public cloud interface used to establish a secure communication link with the second virtual machine, the public cloud interface using a second security protocol different from the first security protocol.
摘要翻译: 公开了一种管理基于云的计算资源与私有域的安全集成的系统和方法。 一个系统包括包括多个虚拟机的混合云布置,所述多个虚拟机至少包括私有域内的第一虚拟机和公共云内的第二虚拟机。 该系统还包括私有域内的虚拟数据中继并与第二虚拟机相关联。 虚拟数据中继包括用于根据第一安全协议建立安全通信链路的专用域接口,私有域内的每个虚拟机是感兴趣社区的成员,虚拟数据中继器被分配了感兴趣的密钥 由私有域接口使用,并定义第二个虚拟机所属的兴趣社区。 虚拟数据中继还包括用于与第二虚拟机建立安全通信链路的公共云接口,公共云接口使用不同于第一安全协议的第二安全协议。
-
公开(公告)号:US20210266289A1
公开(公告)日:2021-08-26
申请号:US16797756
申请日:2020-02-21
申请人: David Maw , Robert A Johnson , Alex Dorrell , Arthur J Nilson
发明人: David Maw , Robert A Johnson , Alex Dorrell , Arthur J Nilson
摘要: A method of securing containers within clusters is disclosed. The method includes configuring service access points within clusters as secure endpoints; associating services within clusters with secure identities to constrain which communities-of-interest can reach which services; and wherein each cluster is cryptographically isolated such that no information will leak in or out of the cluster through an associated network.
-
公开(公告)号:US10158674B2
公开(公告)日:2018-12-18
申请号:US15494869
申请日:2017-04-24
摘要: Methods and systems for assigning security settings to one or more nodes within an enterprise network are disclosed. One method includes receiving network concordance data at an enterprise security management configuration tool from a plurality of nodes within an enterprise network, and receiving, in a configuration user interface, a selection of an affinitization level selected from a plurality of discrete affinitization levels, each of the discrete affinitization levels corresponding to a different extent to which nodes within an enterprise are grouped into profiles. The method also includes automatically grouping each of the plurality of nodes identified in the network concordance data into a plurality of profiles based on the selected affinitization level, and applying a common security policy to each of the nodes included in one of the plurality of profiles.
-
公开(公告)号:US09794225B2
公开(公告)日:2017-10-17
申请号:US14753146
申请日:2015-06-29
CPC分类号: H04L63/0272 , H04L63/08 , H04L63/104 , H04W88/16
摘要: Methods and systems of communicating with secure endpoints included within a secured network from a mobile device external to the secured network is disclosed. The method includes initiating a VPN-based secure connection to a VPN appliance, and initializing a stealth-based service on the mobile device. The method further includes transmitting user credential information from the mobile device to a VDR broker via the VPN appliance, and receiving status information from the VDR broker identifying a VDR associated with the mobile device and providing a connected status. The method also includes communicating with one or more secure endpoints within the secured network via a VPN connection to the VDR via the VPN appliance and through the VDR to the one or more secure endpoints within a community of interest based on the user credential information transmitted to the VDR broker.
-
公开(公告)号:US10248442B2
公开(公告)日:2019-04-02
申请号:US13547148
申请日:2012-07-12
申请人: David S Dodgson , Ralph Farina , James A Fontana , Robert A Johnson , David Maw , Anthony Narisi
发明人: David S Dodgson , Ralph Farina , James A Fontana , Robert A Johnson , David Maw , Anthony Narisi
摘要: Virtual machines in a network may be isolated by encrypting transmissions between the virtual machines with keys possessed only by an intended recipient. Within a network, the virtual machines may be logically organized into a number of community-of-interest (COI) groups. Each COI may use an encryption key to secure communications within the COI, such that only other virtual machines in the COI may decrypt the message. Virtual machines may be automatically provisioned with configuration information, such as the encryption keys, when the virtual machine is started. The provisioning information may be created based on a template stored on a configuration server.
-
公开(公告)号:US09716589B2
公开(公告)日:2017-07-25
申请号:US14042182
申请日:2013-09-30
CPC分类号: H04L63/02 , G06F21/00 , G06F21/53 , H04L9/0838 , H04L9/0841 , H04L63/0227 , H04L63/0236 , H04L63/0485 , H04L63/061 , H04L63/164 , H04L63/166 , H04L63/205 , H04L69/18
摘要: A secure communications arrangement including an endpoint is disclosed. The endpoint includes a computing system. The computing system includes a user level services component and a kernel level callout driver interfaced to the user level services component and configured to establish an IPsec tunnel with a remote endpoint. The computing system also includes a filter engine storing one or more filters defining endpoints authorized to communicate with the endpoint via the IPsec tunnel. The computing system also includes a second kernel level driver configured to establish a secure tunnel using a second security protocol different from IPsec.
-
公开(公告)号:US09596077B2
公开(公告)日:2017-03-14
申请号:US14042212
申请日:2013-09-30
CPC分类号: H04L63/02 , G06F21/00 , G06F21/53 , H04L9/0838 , H04L9/0841 , H04L63/0227 , H04L63/0236 , H04L63/0485 , H04L63/061 , H04L63/164 , H04L63/166 , H04L63/205 , H04L69/18
摘要: A method and system for establishing secure communications between endpoints includes transmitting a first message including a token having one or more entries each corresponding to a community of interest associated with a user of the first endpoint and including an encryption key and a validation key associated with the first endpoint. The method includes receiving a second message including a second authorization token including one or more entries, each entry corresponding to a community of interest associated with a second user and including an encryption key and a validation key associated with the second endpoint. The method includes, for each community of interest associated with both users, decrypting an associated entry in the second authorization token to obtain the encryption key and validation key associated with the second endpoint. The method also includes generating a shared secret based on the key pair, transmitting a third message including the created key pair to the second endpoint, and initializing tunnel using the shared secret to derive encryption keys used for IPsec-secured communications between the endpoints.
摘要翻译: 一种用于在端点之间建立安全通信的方法和系统包括:发送包括令牌的第一消息,所述令牌具有一个或多个条目,每个条目对应于与所述第一端点的用户相关联的感兴趣社区,并且包括与所述第一端点相关联的加密密钥和验证密钥 第一个端点。 该方法包括接收第二消息,其包括包括一个或多个条目的第二授权令牌,每个条目对应于与第二用户相关联的感兴趣社区,并且包括加密密钥和与第二端点相关联的验证密钥。 对于与两个用户相关联的每个感兴趣社区,该方法包括在第二授权令牌中解密相关联的条目以获得与第二端点相关联的加密密钥和验证密钥。 该方法还包括基于密钥对生成共享密钥,将包括所创建的密钥对的第三消息发送到第二端点,以及使用共享密钥初始化隧道以导出用于端点之间的IPsec安全通信的加密密钥。
-
公开(公告)号:US20150382193A1
公开(公告)日:2015-12-31
申请号:US14753146
申请日:2015-06-29
CPC分类号: H04L63/0272 , H04L63/08 , H04L63/104 , H04W88/16
摘要: Methods and systems of communicating with secure endpoints included within a secured network from a mobile device external to the secured network is disclosed. The method includes initiating a VPN-based secure connection to a VPN appliance, and initializing a stealth-based service on the mobile device. The method further includes transmitting user credential information from the mobile device to a VDR broker via the VPN appliance, and receiving status information from the VDR broker identifying a VDR associated with the mobile device and providing a connected status. The method also includes communicating with one or more secure endpoints within the secured network via a VPN connection to the VDR via the VPN appliance and through the VDR to the one or more secure endpoints within a community of interest based on the user credential information transmitted to the VDR broker.
摘要翻译: 公开了从安全网络外部的移动设备与包括在安全网络内的安全端点进行通信的方法和系统。 该方法包括启动与VPN设备的基于VPN的安全连接,以及在移动设备上初始化基于隐身的服务。 该方法还包括经由VPN设备将用户凭证信息从移动设备发送到VDR代理,以及从VDR代理接收状态信息,识别与移动设备相关联的VDR并提供连接状态。 该方法还包括:通过经由VPN设备的VDR的VPN连接以及通过VDR向安全网络内的一个或多个安全端点进行通信,所述VDR基于所发送的用户凭证信息到所关注的社区内的一个或多个安全端点 VDR代理。
-
公开(公告)号:US10454931B2
公开(公告)日:2019-10-22
申请号:US15001354
申请日:2016-01-20
申请人: Ted Hinaman , Steven J Rajcan , Matthew Mohr , William Gunn , Sarah K Inforzato , Robert A Johnson , Gregory J Small , David S Dodgson
发明人: Ted Hinaman , Steven J Rajcan , Matthew Mohr , William Gunn , Sarah K Inforzato , Robert A Johnson , Gregory J Small , David S Dodgson
摘要: Methods and systems for securing communications with an enterprise from a remote computing system are disclosed. One method includes initiating a secured connection with a VPN appliance associated with an enterprise using service credentials maintained in a secure applet installed on a remote computing device, and initiating communication with an authentication server within an enterprise via the secured connection. The method also includes receiving specific credentials from the authentication server, terminating the secured connection with the VPN appliance, and initiating a second secured connection with the VPN appliance using the specific credentials, the specific credentials providing access to one or more computing devices within the enterprise being within a same community of interest as the remote computing device and obfuscating one or more other computing systems within the enterprise excluded from the community of interest. The method also includes initiating communications with at least one of the one or more computing devices included in the community of interest.
-
-
-
-
-
-
-
-
-
搜索结果
19 条记录 (耗时 0.026 秒)
