中科微点-全球专利检索

  1. Login
  2. Sign Up

Search Results

241 records (took 0.025 seconds)

    CLOUD-BASED MULTI-FUNCTION FIREWALL AND ZERO TRUST PRIVATE VIRTUAL NETWORK
    1.
    发明申请
    CLOUD-BASED MULTI-FUNCTION FIREWALL AND ZERO TRUST PRIVATE VIRTUAL NETWORK 审中-公开

    公开(公告)号:WO2019090153A1

    公开(公告)日:2019-05-09

    申请号:PCT/US2018/059063

    申请日:2018-11-02

    Applicant: TODYL, INC.

    Inventor: NELLEN, John

    IPC: H04L29/06 H04L29/08

    CPC classification number: H04L63/0272 H04L61/1511 H04L63/0218 H04L63/1416 H04L63/20 H04L67/1008 H04L67/1021 H04L67/30

    Abstract: Method and system embodiments for providing a cloud-based multi-function firewall are described. A method includes retrieving device information associated with a network-enabled device. The device information is transmitted to a secure cloud for configuring a virtual private network (VPN) connection between the secure cloud and the network-enabled device. Cloud information specifying a cloud server in the secure cloud is received from the secure cloud. The secure cloud generates the cloud information based on the device information. Domain name service and routing functions are updated to forward network requests to the cloud server specified in the cloud information. The VPN connection to the secure cloud is established based on the cloud information such that network traffic to and from the network-enabled device is routed through the VPN connection to the cloud-based multi-function firewall implemented on the cloud server.

    DISTRIBUTED VPN SERVICE
    2.
    发明申请
    DISTRIBUTED VPN SERVICE 审中-公开
    分布式VPN服务

    公开(公告)号:WO2017023706A1

    公开(公告)日:2017-02-09

    申请号:PCT/US2016/044566

    申请日:2016-07-28

    Applicant: NICIRA, INC.

    Inventor: JAIN, Jayant SENGUPTA, Anirban MASUREKAR, Uday

    IPC: H04L29/06 H04L12/46 H04L12/24

    CPC classification number: H04L9/0819 G06F9/45558 H04L12/4633 H04L12/4641 H04L41/0803 H04L63/0218 H04L63/0272 H04L63/06

    Abstract: For a network that includes host machines for providing computing and networking resources and a VPN gateway for providing external access to those resources, a novel method that distributes encryption keys to the hosts to encrypt / decrypt the complete payload originating / terminating at those hosts is described. These encryption keys are created or obtained by the VPN gateway based on network security negotiations with the external networks / devices. These negotiated keys are then distributed to the hosts via control plane of the network. In some embodiments, this creates a complete distributed mesh framework for processing crypto payloads.

    Abstract translation: 对于包括用于提供计算和网络资源的主机的网络和用于提供对这些资源的外部访问的VPN网关,描述了将加密密钥分发到主机以加密/解密在这些主机处发起/终止的完整有效载荷的新颖方法 。 这些加密密钥是基于与外部网络/设备的网络安全协商而由VPN网关创建或获得的。 然后,这些协商的密钥通过网络的控制平面分配给主机。 在一些实施例中,这创建用于处理加密有效载荷的完整的分布式网格框架。

    DISTRIBUTED TRAFFIC MANAGEMENT SYSTEM AND TECHNIQUES
    3.
    发明申请
    DISTRIBUTED TRAFFIC MANAGEMENT SYSTEM AND TECHNIQUES 审中-公开
    分销交通管理系统和技术

    公开(公告)号:WO2016049228A1

    公开(公告)日:2016-03-31

    申请号:PCT/US2015/051783

    申请日:2015-09-23

    Applicant: NETFLIX, INC.

    Inventor: CHAN, Jason UDUPI, Poornaprajna MADAPPA, Shashi

    IPC: H04L29/08 H04L29/06

    CPC classification number: H04L63/0245 G06F17/30312 H04L63/0218 H04L63/0227 H04L63/1408 H04L63/20 H04L67/10

    Abstract: Approaches, techniques, and mechanisms are disclosed for implementing a distributed firewall. In an embodiment, many different computer assets police incoming messages based on local policy data. This local policy data is synchronized with global policy data. The global policy data is generated by one or more separate analyzers. Each analyzer has access to message logs, or information derived therefrom, for groups of computer assets, and is thus able to generate policies based on intelligence from an entire group as opposed to an isolated asset. Among other effects, some of the approaches, techniques, and mechanisms may be effective even in computing environments with limited supervision over the attack surface, and/or computing environments in which assets may need to make independent decisions with respect to how incoming messages should be handled, on account of latency and/or unreliability in connections to other system components.

    Abstract translation: 公开了实现分布式防火墙的方法,技术和机制。 在一个实施例中,许多不同的计算机资产基于本地策略数据来警告传入的消息。 此本地策略数据与全局策略数据同步。 全局策略数据由一个或多个单独的分析器生成。 每个分析器都可以访问消息日志或从其导出的信息,用于计算机资产的组,因此能够基于来自整个组而不是隔离资产的智能生成策略。 除了其他效果之外,一些方法,技术和机制可能是有效的,即使在对攻击面的监督有限的计算环境中,和/或资产可能需要就输入消息应如何进行独立决定的计算环境 由于与其他系统组件的连接的延迟和/或不可靠性而处理。

    NATIVE APPLICATION HOTSPOT
    4.
    发明申请
    NATIVE APPLICATION HOTSPOT 审中-公开
    本应用程序

    公开(公告)号:WO2015002853A1

    公开(公告)日:2015-01-08

    申请号:PCT/US2014/044779

    申请日:2014-06-30

    Applicant: FACEBOOK, INC.

    Inventor: TOKSVIG, Michael John, McKenzie HUGHES, Charles, J. TSENG, Erick

    IPC: H04W48/14 H04W12/06 H04W88/02

    CPC classification number: H04L43/0876 G06F21/31 G06F21/41 G06F21/44 H04L63/0218 H04L63/0236 H04L63/08 H04L63/0884 H04L63/10 H04L67/02 H04W4/21 H04W88/08

    Abstract: In one embodiment, a method includes detecting interception of data sent by the computing device to a first network resource through a communication network. The first network resource corresponds to a particular domain of the communication network. The method also includes determining whether the communication network is administered by the particular domain; and automatically generating a request to access the communication network that identifies a second network resource based at least in part on the determination. The second network resource is configured to authenticate a user to the particular domain of the communication network. The method also includes sending the request to the second network resource to access the communication network.

    Abstract translation: 在一个实施例中,一种方法包括通过通信网络检测由计算设备发送到第一网络资源的数据的拦截。 第一网络资源对应于通信网络的特定域。 该方法还包括确定通信网络是否由特定域管理; 以及至少部分地基于所述确定自动生成访问所述通信网络的标识第二网络资源的请求。 第二网络资源被配置为将用户认证到通信网络的特定域。 该方法还包括将请求发送到第二网络资源以访问通信网络。

    SYSTEM AND METHOD FOR DISTRIBUTION OF POLICY ENFORCEMENT POINT
    5.
    发明申请
    SYSTEM AND METHOD FOR DISTRIBUTION OF POLICY ENFORCEMENT POINT 审中-公开
    分配政策执行点的系统和方法

    公开(公告)号:WO2014210067A1

    公开(公告)日:2014-12-31

    申请号:PCT/US2014/043956

    申请日:2014-06-24

    Applicant: VMWARE, INC.

    Inventor: JAIN, Jayant SENGUPTA, Anirban BASAK, Debashis MASKALIK, Serge WU, Weiqing SRINIVASAN, Aravind SABIN, Todd

    IPC: H04L29/06 H04L29/12

    CPC classification number: H04L47/20 H04L61/2514 H04L63/0218 H04L63/0263 H04L67/1002

    Abstract: The disclosure herein describes an edge device of a network for distributed policy enforcement. During operation, the edge device receives an initial packet for an outgoing traffic flow, and identifies a policy being triggered by the initial packet. The edge device performs a reverse lookup to identify at least an intermediate node that is previously traversed by the initial packet and traffic parameters associated with the initial packet at the identified intermediate node. The edge device translates the policy based on the traffic parameters at the intermediate node, and forwards the translated policy to the intermediate node, thus facilitating the intermediate node in applying the policy to the traffic flow.

    Abstract translation: 本文的公开内容描述了用于分布式策略实施的网络的边缘设备。 在操作期间,边缘设备接收用于出站业务流的初始分组,并且识别由初始分组触发的策略。 边缘设备执行反向查找以识别先前由初始分组穿过的中间节点和与所识别的中间节点处的初始分组相关联的业务参数。 边缘设备根据中间节点的流量参数转换策略,并将转换的策略转发到中间节点,从而便于中间节点将策略应用于业务流。

    METHOD AND APPARATUS FOR APPLICATION AWARENESS IN A NETWORK
    6.
    发明申请
    METHOD AND APPARATUS FOR APPLICATION AWARENESS IN A NETWORK 审中-公开
    网络中应用意识的方法和设备

    公开(公告)号:WO2014126574A1

    公开(公告)日:2014-08-21

    申请号:PCT/US2013/026225

    申请日:2013-02-14

    Applicant: VMWARE, INC. FEROZ, Azeem CHEN, Binyuan CHOPRA, Amit

    Inventor: FEROZ, Azeem CHEN, Binyuan CHOPRA, Amit

    IPC: G06F21/55 G06F21/62 H04L29/06

    CPC classification number: H04L63/0263 G06F21/44 G06F21/554 H04L63/0218 H04L63/10 H04L63/1416 H04L63/1441 H04L63/166 H04L63/168 H04L63/20

    Abstract: A method for enforcing a network policy is described herein. In the method, a network socket event request from an application executing in a first context is intercepted by an agent prior to the request reaching a transport layer in the first context. A context refers to virtualization software, a physical computer, or a combination of virtualization software and physical computer. In response to the interception of the request, the agent requests a decision on whether to allow or deny the network socket event request to be communicated to a security server executing in a second context that is distinct from the first context. The request for a decision includes an identification of the application. The agent then receives from the security server either an allowance or a denial of the network socket event request, the allowance or denial being based at least in part on the identification of the application and a security policy. The agent blocks the network socket event from reaching the transport layer when the denial is received from the security server. In one embodiment, the method is implemented using a machine readable medium embodying software instructions executable by a computer.

    Abstract translation: 本文描述了用于实施网络策略的方法。 在该方法中,来自在第一上下文中执行的应用的网络套接字事件请求在请求到达第一上下文中的传输层之前被代理截获。 上下文是指虚拟化软件,物理计算机或虚拟化软件和物理计算机的组合。 响应于该请求的截取,代理请求关于是否允许或拒绝网络套接字事件请求被传送到在与第一上下文不同的第二上下文中执行的安全服务器的决定。 决定请求包括应用程序的标识。 代理然后从安全服务器接收对网络套接字事件请求的允许或拒绝,所述允许或拒绝至少部分地基于应用的标识和安全策略。 当从安全服务器接收到拒绝时,代理阻止网络套接字事件到达传输层。 在一个实施例中,该方法使用体现可由计算机执行的软件指令的机器可读介质来实现。

    CONTROL PLANE INTERFACE FOR LOGICAL MIDDLEBOX SERVICES
    7.
    发明申请
    CONTROL PLANE INTERFACE FOR LOGICAL MIDDLEBOX SERVICES 审中-公开
    用于逻辑中间件服务的控制平面接口

    公开(公告)号:WO2013074855A1

    公开(公告)日:2013-05-23

    申请号:PCT/US2012/065383

    申请日:2012-11-15

    Applicant: NICIRA, INC.

    Inventor: PADMANABHAN, Amar KOPONEN, Teemu ZHANG, Ronghua THAKKAR, Pankaj DAVIE, Bruce CASADO, Martin

    IPC: G06F15/16

    CPC classification number: G06F9/45558 G06F9/455 G06F9/45533 G06F15/177 G06F2009/4557 G06F2009/45595 H04L41/08 H04L41/0803 H04L41/0806 H04L41/0813 H04L41/0823 H04L41/0889 H04L41/0893 H04L41/12 H04L45/02 H04L45/64 H04L45/74 H04L49/15 H04L49/70 H04L61/2503 H04L61/2517 H04L61/2521 H04L61/256 H04L63/0218 H04L67/1008

    Abstract: Some embodiments provide a non-transitory machine readable medium of a first middlebox element of several middlebox elements to implement a middlebox instance in a distributed manner in several hosts. The non-transitory machine readable medium stores a set of instructions for receiving (1) configuration data for configuring the middlebox instance to implement a middlebox in a logical network and (2) a particular identifier associated with the middlebox in the logical network. The non-transitory machine readable medium stores a set of instructions for generating (1) a set of rules to process packets for the middlebox in the logical network and (2) an internal identifier associated with the set of rules. The non- transitory machine readable medium stores a set of instructions for associating the particular identifier with the internal identifier for later processing of packets having the particular identifier.

    Abstract translation: 一些实施例提供了几个中间件元件的第一中间件元件的非暂时机器可读介质,以在几个主机中以分布式的方式实现中间件实例。 非暂时机器可读介质存储用于接收(1)用于配置中间箱实例以配置逻辑网络中的中间箱的配置数据的指令集,以及(2)与逻辑网络中的中间框相关联的特定标识符。 非暂时机器可读介质存储用于生成(1)一组规则以处理逻辑网络中的中间箱的分组的指令集,以及(2)与该组规则相关联的内部标识符。 非暂时机器可读介质存储用于将特定标识符与内部标识符相关联的指令集,用于稍后处理具有特定标识符的分组。

Patent Agency Ranking