公开(公告)号：US20070101068A1

公开(公告)日：2007-05-03

申请号：US11260833

申请日：2005-10-27

申请人： Vaijayanthiamala Anand ,  Sandra Johnson ,  Kimberly Simon

发明人： Vaijayanthiamala Anand ,  Sandra Johnson ,  Kimberly Simon

IPC分类号： G06F13/28

CPC分类号： G06F12/0831

摘要： A memory coherence protocol is provided for using cache line access frequencies to dynamically switch from an invalidation protocol to an update protocol. A frequency access count (FAC) is associated with each line of data in a memory area, such as each cache line in a private cache corresponding to a CPU in a multiprocessor system. Each time the line is accessed, the FAC associated with the line is incremented. When the CPU, or process, receives an invalidate signal for a particular line, the CPU checks the FAC for the line. If the CPU, or process, determines that it is a frequent accessor of a particular line that has been modified by another CPU, or process, the CPU sends an update request in order to obtain the modified data. If the CPU is not a frequent accessor of a line that has been modified, the line is simply invalidated in the CPU's memory area. By dynamically switching from an invalidate protocol to an update protocol, based on cache line access frequencies, efficiency is maintained while cache misses are minimized. Preferably, all FACs are periodically reset in order to ensure that the most recent cache line access data in considered.

摘要翻译： 提供了存储器一致性协议，用于使用高速缓存线路接入频率从无效协议动态地切换到更新协议。 频率访问计数（FAC）与存储器区域中的每一行数据相关联，诸如与多处理器系统中的CPU对应的专用高速缓存行中的每个高速缓存线。 每次访问线路时，与线路相关联的FAC将增加。 当CPU或进程接收到特定行的无效信号时，CPU会检查FAC是否为该行。 如果CPU或进程确定它是由另一个CPU或进程修改的特定行的频繁访问器，则CPU发送更新请求以获得修改的数据。 如果CPU不是经过修改的行的频繁访问器，则该行在CPU的内存区域中简单无效。 通过从无效协议动态切换到更新协议，基于高速缓存行接入频率，保持高速缓存未命中最小化的效率。 优选地，所有FAC都被周期性地复位，以便确保最新的高速缓存行访问所考虑的数据。

公开(公告)号：US20060129382A1

公开(公告)日：2006-06-15

申请号：US11351062

申请日：2006-02-09

申请人： Vaijayanthimala Anand ,  Sandra Johnson ,  Kimberly Simon

发明人： Vaijayanthimala Anand ,  Sandra Johnson ,  Kimberly Simon

IPC分类号： G06F17/27

CPC分类号： G06F21/552

摘要： A system, method, and computer program product for adaptively identifying unauthorized intrusions in a networked data processing system. In accordance with the method of the present invention, an intrusion detection module receives system event data that may be utilized for intrusion detection. The received system event data is processed utilizing multiple intrusion detection techniques including at least one behavior-based intrusion detection technique to generate an intrusion detection result. In response to the intrusion detection result indicating an unauthorized intrusion, at least one knowledge-based intrusion detection corpus is updated utilizing the system event data. In a preferred embodiment, the intrusion detection system/method is implemented in a network data processing environment in which the knowledge-based intrusion detection corpus is communicatively accessible by multiple elements coupled to the networked data processing system. The method preferably includes issuing a network update to update knowledge-based intrusion detection corpora associated with the multiple elements included in the network.

摘要翻译： 一种用于在联网数据处理系统中自适应地识别未经授权的入侵的系统，方法和计算机程序产品。 根据本发明的方法，入侵检测模块接收可用于入侵检测的系统事件数据。 使用多个入侵检测技术来处理所接收的系统事件数据，该技术包括至少一个基于行为的入侵检测技术以产生入侵检测结果。 响应于表示未授权入侵的入侵检测结果，利用系统事件数据来更新至少一个基于知识的入侵检测语料库。 在优选实施例中，入侵检测系统/方法在网络数据处理环境中实现，其中基于知识的入侵检测语料库可由耦合到联网数据处理系统的多个元件通信地访问。 该方法优选地包括发布网络更新以更新与包括在网络中的多个元素相关联的基于知识的入侵检测语料库。

公开(公告)号：US20070169195A1

公开(公告)日：2007-07-19

申请号：US11334672

申请日：2006-01-18

申请人： Vaijayanthimala Anand ,  Sandra Johnson ,  David Safford ,  Kimberly Simon

发明人： Vaijayanthimala Anand ,  Sandra Johnson ,  David Safford ,  Kimberly Simon

IPC分类号： G06F12/14 ,  G08B19/00

CPC分类号： H04L63/1416 ,  G06F21/55

摘要： An intrusion detection mechanism is provided for flexible, automatic, thorough, and consistent security checking and vulnerability resolution in a heterogeneous environment. The mechanism may provide a predefined number of default intrusion analysis approaches, such as signature-based, anomaly-based, scan-based, and danger theory. The intrusion detection mechanism also allows a limitless number of intrusion analysis approaches to be added on the fly. Using an intrusion detection skin, the mechanism allows various weights to be assigned to specific intrusion analysis approaches. The mechanism may adjust these weights dynamically. The score ration can be tailored to determine if an intrusion occurred and adjusted dynamically. Also, multiple security policies for any type of computing element may be enforced.

摘要翻译： 提供入侵检测机制，用于在异构环境中进行灵活，自动，彻底，一致的安全检查和漏洞解决。 该机制可以提供预定义数量的默认入侵分析方法，例如基于签名的，基于异常的，基于扫描的和危险理论。 入侵检测机制还允许在飞行中添加无限数量的入侵分析方法。 使用入侵检测皮肤，该机制允许将各种权重分配给特定的入侵分析方法。 该机制可以动态地调整这些权重。 可以定制分数比例以确定入侵是否发生并动态调整。 此外，可以强制执行用于任何类型的计算元件的多个安全策略。

公开(公告)号：US20070205271A1

公开(公告)日：2007-09-06

申请号：US11366668

申请日：2006-03-02

申请人： Sonia Gaillard ,  Nia Kelley ,  Kimberly Simon

发明人： Sonia Gaillard ,  Nia Kelley ,  Kimberly Simon

IPC分类号： G06F7/08 ,  G07F19/00

CPC分类号： G07F19/203 ,  G06Q20/381 ,  G07F19/20

摘要： The present invention provides a computer implemented method, apparatus, and computer usable program code to receive a request to withdraw money using a bank card. A determination is made as to whether a profile is present on the bank card. The money is dispensed using types of currency based on the profile in response to the determination that the profile is present on the bank card.

摘要翻译： 本发明提供了一种计算机实现的方法，装置和计算机可用程序代码，用于接收使用银行卡提款的请求。 确定银行卡上是否存在个人资料。 响应于该配置文件存在于银行卡上的确定，基于配置文件，使用货币类型分配货币。

公开(公告)号：US20070143601A1

公开(公告)日：2007-06-21

申请号：US11304933

申请日：2005-12-15

申请人： Diana Arroyo ,  George Blakley ,  Damir Jamsek ,  Sridhar Muppidi ,  Kimberly Simon ,  Ronald Williams

发明人： Diana Arroyo ,  George Blakley ,  Damir Jamsek ,  Sridhar Muppidi ,  Kimberly Simon ,  Ronald Williams

IPC分类号： H04L9/32 ,  H04N7/16 ,  G06F17/30 ,  H04L9/00 ,  G06F12/14 ,  G06F7/04 ,  G06F12/00 ,  G06K9/00 ,  G06F13/00 ,  H03M1/68 ,  H04K1/00 ,  G06F7/58 ,  G06K19/00 ,  G11C7/00

CPC分类号： G06F21/6218

摘要： A system, apparatus, computer program product and method for authorizing information flows between devices of a data processing system are provided. In one illustrative embodiment, an information flow request is received from a first device to authorize an information flow from the first device to a second device. The information flow request includes an identifier of the second device. Based on an identifier of the first device and the second device, security information identifying an authorization level of the first device and second device is retrieved. A sensitivity of an information object that is to be transferred in the information flow is determined and the information flow is authorized or denied based only on the sensitivity of the information object and the authorization level of the first and second devices irregardless of the particular action being performed on the information object as part of the information flow.

摘要翻译： 提供了一种用于在数据处理系统的设备之间授权信息流的系统，设备，计算机程序产品和方法。 在一个说明性实施例中，从第一设备接收信息流请求，以授权从第一设备到第二设备的信息流。 信息流请求包括第二设备的标识符。 基于第一设备和第二设备的标识符，检索识别第一设备和第二设备的授权级别的安全信息。 确定要在信息流中传送的信息对象的灵敏度，并且仅基于信息对象的灵敏度和第一和第二设备的授权级别而不管特定动作是否被授权或拒绝信息流 作为信息流的一部分对信息对象执行。

公开(公告)号：US20070143604A1

公开(公告)日：2007-06-21

申请号：US11304853

申请日：2005-12-15

申请人： Diana Arroyo ,  George Blakley ,  Damir Jamsek ,  Sridhar Muppidi ,  Kimberly Simon ,  Ronald Williams

发明人： Diana Arroyo ,  George Blakley ,  Damir Jamsek ,  Sridhar Muppidi ,  Kimberly Simon ,  Ronald Williams

IPC分类号： H04L9/00

CPC分类号： G06F21/6218

摘要： A reference monitor system, apparatus, computer program product and method are provided. In one illustrative embodiment, elements of the data processing system are associated with security data structures in a reference monitor. An information flow request is received from a first element to authorize an information flow from the first element to a second element. A first security data structure associated with the first element and a second security data structure associated with the second element are retrieved. At least one set theory operation is then performed on the first security data structure and the second security data structure to determine if the information flow from the first element to the second element is to be authorized. The security data structures may be labelsets having one or more labels identifying security policies to be applied to information flows involving the associated element.

摘要翻译： 提供了参考监视器系统，装置，计算机程序产品和方法。 在一个说明性实施例中，数据处理系统的元件与参考监视器中的安全数据结构相关联。 从第一元素接收信息流请求，以授权从第一元素到第二元素的信息流。 检索与第一元素相关联的第一安全数据结构和与第二元素相关联的第二安全数据结构。 然后对第一安全数据结构和第二安全数据结构执行至少一组理论操作，以确定是否授权从第一元素到第二元素的信息流。 安全数据结构可以是具有标识要应用于涉及相关元素的信息流的安全策略的一个或多个标签的标签集。

公开(公告)号：US20070133757A1

公开(公告)日：2007-06-14

申请号：US11301105

申请日：2005-12-12

申请人： Janice Girouard ,  Dustin Kirkland ,  Emily Ratliff ,  Kimberly Simon

发明人： Janice Girouard ,  Dustin Kirkland ,  Emily Ratliff ,  Kimberly Simon

IPC分类号： H04M1/64

CPC分类号： H04M3/53333 ,  H04M3/436 ,  H04M7/006

摘要： A method, system, and program provide for voice mail management. A voice mail filtering controller calculates a separate Bayesian score for each voice mail message from among multiple voice mail message entries received into a voice mailbox for a user, wherein each separate Bayesian score indicates a probability that the associated voice mail message is unwanted by said user. During playback, the voice mail filtering controller automatically deletes a selection of the voice mail messages each with a separate Bayesian score greater than a particular Bayesian score of the last played voice mail message from the voice mailbox.

摘要翻译： 方法，系统和程序提供语音邮件管理。 语音邮件过滤控制器从接收到用户的语音信箱中的多个语音邮件消息条目中为每个语音邮件消息计算单独的贝叶斯分数，其中每个单独的贝叶斯分数表示所述用户不需要相关联的语音邮件消息的概率 。 在播放期间，语音邮件过滤控制器自动删除语音邮件消息的选择，每个语音邮件消息的单独贝叶斯分数大于来自语音信箱的最后播放的语音邮件消息的特定贝叶斯分数。

公开(公告)号：US20050278537A1

公开(公告)日：2005-12-15

申请号：US10865346

申请日：2004-06-10

申请人： Dustin Kirkland ,  Liliana Orozco ,  Kimberly Simon

发明人： Dustin Kirkland ,  Liliana Orozco ,  Kimberly Simon

IPC分类号： H04K1/00 ,  H04L9/00 ,  H04L29/08

CPC分类号： H04L67/02 ,  H04L69/329

摘要： Methods, systems, and computer program products are described for logging off a user from a website, including detecting through a browser a predefined exit channel for a website; detecting a user's leaving the website outside the predefined exit channel; and guiding browser operation toward the predefined exit channel.

摘要翻译： 描述了用于从网站注销用户的方法，系统和计算机程序产品，包括通过浏览器检测网站的预定义的退出频道; 检测用户离开预定义出口通道之外的网站; 并将浏览器操作引导到预定义的退出通道。

公开(公告)号：US20070143840A1

公开(公告)日：2007-06-21

申请号：US11304971

申请日：2005-12-15

申请人： Diana Arroyo ,  George Blakley ,  Damir Jamsek ,  Sridhar Muppidi ,  Kimberly Simon ,  Ronald Williams

发明人： Diana Arroyo ,  George Blakley ,  Damir Jamsek ,  Sridhar Muppidi ,  Kimberly Simon ,  Ronald Williams

IPC分类号： G06F12/14

CPC分类号： G06F21/6218

摘要： A system, apparatus, computer program product and method for authorizing information flows based on security information associated with information objects is provided. A hash key is generated based on an information object and a lookup operation is performed in a hash table based on the hash key. A determination is made whether an entry in the hash table at an index corresponding to the hash key identifies a labelset for the information object. A labelset, identifying a sensitivity of the information object, is stored in the entry at the index corresponding to the hash key for the information object if a labelset for the information object is not identified in the entry in the hash table. Information flows involving the information object are authorized based on a lookup of the labelset associated with the information object in the hash table. The hash table may be a multidimensional hash table.

摘要翻译： 提供了一种基于与信息对象相关联的安全信息来授权信息流的系统，装置，计算机程序产品和方法。 基于信息对象生成散列密钥，并且基于散列密钥在哈希表中执行查找操作。 确定散列表中与散列键相对应的索引处的条目是否识别信息对象的标签集。 如果在散列表中的条目中没有标识信息对象的标签集，则标识信息对象的敏感度的标签集存储在与信息对象的散列键相对应的索引的条目中。 基于与哈希表中的信息对象相关联的标签集的查找来授权涉及信息对象的信息流。 散列表可以是多维哈希表。

公开(公告)号：US20050268117A1

公开(公告)日：2005-12-01

申请号：US10855737

申请日：2004-05-27

申请人： Kimberly Simon

发明人： Kimberly Simon

IPC分类号： G06F11/30 ,  G06F12/14 ,  H04L9/32 ,  H04L29/06

CPC分类号： H04L63/168 ,  H04L63/20

摘要： A database skin allows a database administrator to configure which security checks are to be implemented, the frequency with which the security checks are to be executed, the look and feel of the output, how security violations are to be resolved, where reports are to be sent, details of each security check as it is executed, statistics or metrics to be collected, and the like. A security checker is pre-loaded with security checks that always need to be executed for databases. Pluggable security check modules may also be used. A security violations manager includes a report mechanism for reporting security violations and a resolution mechanism for resolving security violations, if possible or if instructed by the database skin. The security violations manager reports errors to an error file and sends data to be reported to a report file.

摘要翻译： 数据库外观允许数据库管理员配置要执行哪些安全检查，执行安全检查的频率，输出的外观和感觉，安全违规情况如何解决，报告将在哪里 发送，执行时的每个安全检查的详细信息，要收集的统计信息或指标等。 安全检查器预先加载了总是需要为数据库执行的安全检查。 也可以使用可插拔的安全检查模块。 安全违规管理器包括报告安全违规的报告机制和解决安全违规的解决机制，如果可能，或者数据库皮肤指示。 安全违规管理器向错误文件报告错误，并发送要报告的数据到报告文件。