专利快速检索-快速检索全球专利，免费商用专利数据库-IPRDB

11. 发明授权

US08700898B1 System and method for multi-layered sensitive data protection in a virtual computing environment 有权
标题翻译：在虚拟计算环境中进行多层次敏感数据保护的系统和方法
公开(公告)号：US08700898B1
公开(公告)日：2014-04-15
申请号：US13633454
申请日：2012-10-02
申请人： Alex Korthny , Nir Barak , Amir Jerbi
发明人： Alex Korthny , Nir Barak , Amir Jerbi
IPC分类号： H04L29/06 , H04L9/32 , G06F15/16
CPC分类号： G06F21/6218 , G06F9/45545 , G06F9/45558 , G06F21/64 , G06F2009/45587 , G06F2221/2115
摘要： Systems and methods for providing sensitive data protection in a virtual computing environment. The systems and methods utilize a sensitive data control monitor on a virtual appliance machine administering guest virtual machines in a virtual computing environment, wherein each of the guest virtual machines may include a local sensitive data control agent. The sensitive data control monitor generates encryption keys for each guest virtual machine which are sent to the local sensitive data control agents and used to encrypt data locally on a protected guest virtual machine. In this manner the data itself on the virtual (or physical) disc associated with the guest virtual machine is encrypted while access attempts are gated by a combination of the local agent and the environment-based monitor, providing for secure yet administrable sensitive data protection.
摘要翻译：在虚拟计算环境中提供敏感数据保护的系统和方法。系统和方法利用虚拟设备机器上的敏感数据控制监视器来管理虚拟计算环境中的客体虚拟机，其中每个客体虚拟机可以包括本地敏感数据控制代理。敏感数据控制监视器为每个客户虚拟机生成加密密钥，这些密钥发送到本地敏感数据控制代理，并用于在受保护的guest虚拟机上本地加密数据。以这种方式，与访客虚拟机相关联的虚拟（或物理）盘上的数据本身被加密，而访问尝试被本地代理和基于环境的监视器的组合门控，从而提供安全但可管理的敏感数据保护。

12. 发明申请

US20140013325A1 MANAGING VIRTUAL MACHINES USING OWNER DIGITAL SIGNATURES 有权
标题翻译：使用所有者数字签名管理虚拟机
公开(公告)号：US20140013325A1
公开(公告)日：2014-01-09
申请号：US13544505
申请日：2012-07-09
申请人： Shalom Shimoni , Nir Barak , Amir Jerbi , Yaron Holland
发明人： Shalom Shimoni , Nir Barak , Amir Jerbi , Yaron Holland
IPC分类号： G06F9/455
CPC分类号： G06F21/52 , G06F9/45558 , G06F21/575 , G06F2009/45587
摘要： A computer system is disclosed that includes a host operating system and a virtual hypervisor that operates under management of the host operating system to control operations of virtual machines operating under management of the virtual hypervisor. The virtual hypervisor provides an interface between the virtual machines and the host operating system. A signing component generates digital signatures which identify owners of the virtual machines and associates the digital signatures with the virtual machines. A signature validation component determines the owners of the virtual machines using the digital signatures and responsive to occurrence of defined events. Related methods and computer program products for operating computer systems are also disclosed.
摘要翻译：公开了一种计算机系统，其包括在主机操作系统的管理下操作的主机操作系统和虚拟管理程序，以控制在虚拟管理程序的管理下运行的虚拟机的操作。虚拟管理程序提供虚拟机和主机操作系统之间的接口。签名组件生成数字签名，其识别虚拟机的所有者并将数字签名与虚拟机相关联。签名验证组件使用数字签名确定虚拟机的所有者，并响应发生定义的事件。还公开了用于操作计算机系统的相关方法和计算机程序产品。

13. 发明授权

US09838383B1 Managing privileged shared accounts 有权
公开(公告)号：US09838383B1
公开(公告)日：2017-12-05
申请号：US13937809
申请日：2013-07-09
申请人： Ron Perlmuter , Amir Jerbi , Nir Barak , Miron Gross
发明人： Ron Perlmuter , Amir Jerbi , Nir Barak , Miron Gross
IPC分类号： G06F7/04 , H04L29/06 , G06F15/16
CPC分类号： H04L63/083 , H04L63/102 , H04L63/20
摘要： A method includes receiving a target credential object having administrative rights over a first user account located on a target system. The first user account includes a log-in permission for the target system. The method also includes receiving data indicative of a second user account corresponding to the first user account, wherein the second user account is located on a local system. The method further includes sending a first request to remove the log-in permission from the first user account to the target system using the target credential object. The method still further includes receiving a log-in request corresponding to the second user account on the local system. The method additionally includes, in response to receiving the log-in request for the second user account, sending a second request to add the log-in permission on the first user account to the target system using the target credential object.

14. 发明授权

US09389898B2 System and method for enforcement of security controls on virtual machines throughout life cycle state changes 有权
标题翻译：在整个生命周期状态变化中执行虚拟机上的安全控制的系统和方法
公开(公告)号：US09389898B2
公开(公告)日：2016-07-12
申请号：US13633487
申请日：2012-10-02
申请人： Nir Barak , Amir Jerbi , Eitan Hadar , Michael Kletskin
发明人： Nir Barak , Amir Jerbi , Eitan Hadar , Michael Kletskin
IPC分类号： G06F9/455 , G06F21/55 , G06F21/56
CPC分类号： G06F9/45558 , G06F21/554 , G06F21/56 , G06F21/566 , G06F2009/45562 , G06F2009/45587 , G06F2221/034
摘要： Systems and methods associated with virtual machine security are described herein. One example method includes instantiating a guest virtual machine in a virtual computing environment. The method also includes installing a life cycle agent on the guest virtual machine, assigning an identifying certificate, a set of policies, and an encryption key to the guest virtual machine, and providing the certificate, policies, and encryption key to the guest virtual machine. The certificate, policies, and encryption key may then be used by the guest virtual machine to authenticate itself within the virtual computing environment and to protect data stored on the guest virtual machine.
摘要翻译：这里描述了与虚拟机安全性相关联的系统和方法。一个示例性方法包括在虚拟计算环境中实例化虚拟机。该方法还包括在客户虚拟机上安装生命周期代理，向客户虚拟机分配识别证书，一组策略和加密密钥，以及向客户虚拟机提供证书，策略和加密密钥。客户虚拟机可以使用证书，策略和加密密钥在虚拟计算环境内对其进行身份验证，并保护存储在客户虚拟机上的数据。

15. 发明授权

US09268917B1 Method and system for managing identity changes to shared accounts 有权
标题翻译：用于管理共享帐户的身份更改的方法和系统
公开(公告)号：US09268917B1
公开(公告)日：2016-02-23
申请号：US14014669
申请日：2013-08-30
申请人： Nir Barak , Miron Gross , Amir Jerbi , Ron Perlmuter
发明人： Nir Barak , Miron Gross , Amir Jerbi , Ron Perlmuter
IPC分类号： G06F21/00
CPC分类号： G06F21/31 , G06F21/45
摘要： A method includes detecting an identity change instruction. The method also includes identifying a target account associated with the identity change instruction. The method also includes determining whether the target account is checked out. The method also includes passing the identity change instruction to a kernel in response to determining that the target account is checked out. The method also includes blocking the identity change instruction in response to determining that the target account is not checked out.
摘要翻译：一种方法包括检测身份改变指令。该方法还包括识别与身份改变指令相关联的目标帐户。该方法还包括确定目标帐户是否被检出。该方法还包括将身份改变指令传递给内核以响应于确定目标帐户被检出。该方法还包括响应于确定目标帐户未被检出而阻止身份改变指令。

16. 发明申请

US20130291052A1 TRUSTED PUBLIC INFRASTRUCTURE GRID CLOUD 有权
标题翻译：信托公共基础设施网球
公开(公告)号：US20130291052A1
公开(公告)日：2013-10-31
申请号：US13459593
申请日：2012-04-30
申请人： Eitan Hadar , Michael Kletskin , Nir Barak , Amir Jerbi , Yaacov Bezalel
发明人： Eitan Hadar , Michael Kletskin , Nir Barak , Amir Jerbi , Yaacov Bezalel
IPC分类号： G06F21/00
CPC分类号： G06F21/6218 , G06F2221/2113 , H04L63/10 , H04L63/20 , H04L67/10
摘要： Systems and methods of implementing a secured cloud environment allow for design and instantiation of a security policy at the infrastructure level. An example system may comprise a first module to facilitate selecting at least two cloud computing component templates from a cloud computing component catalog. The system may comprise a second module to facilitate defining a connection between the at least two selected cloud computing component templates. The system may comprise a third module to facilitate assigning a security level and a policy to at least one of the at least two selected cloud computing component templates. The system may comprise a fourth module to facilitate building a cloud computing component blueprint.
摘要翻译：实施安全云环境的系统和方法允许在基础架构级别设计和实例化安全策略。示例系统可以包括第一模块，以便于从云计算组件目录中选择至少两个云计算组件模板。该系统可以包括第二模块以便于定义所述至少两个所选择的云计算组件模板之间的连接。该系统可以包括第三模块，以便于向至少两个所选择的云计算组件模板中的至少一个分配安全级别和策略。该系统可以包括第四模块以便于构建云计算组件蓝图。

17. 发明申请

US20130061219A1 System and Method for Self-Aware Virtual Machine Image Deployment Enforcement 有权
标题翻译：自觉虚拟机映像部署执行的系统和方法
公开(公告)号：US20130061219A1
公开(公告)日：2013-03-07
申请号：US13223651
申请日：2011-09-01
申请人： Amir Jerbi , Michael Kletskin , Eitan Hadar
发明人： Amir Jerbi , Michael Kletskin , Eitan Hadar
IPC分类号： G06F9/455
CPC分类号： G06F9/468 , G06F21/577
摘要： According to one embodiment of the present disclosure, a method includes receiving a request to instantiate a virtual machine image in a virtualization environment. The method also includes sending a request for verification of the virtualization environment. The method further includes receiving information from the enforcement module in response to the request for verification of the virtualization environment. The method further includes determining whether the virtualization environment is verified based on the information received.
摘要翻译：根据本公开的一个实施例，一种方法包括在虚拟化环境中接收实例化虚拟机映像的请求。该方法还包括发送虚拟化环境的验证请求。该方法还包括响应于虚拟化环境的验证请求从执行模块接收信息。该方法还包括基于所接收的信息确定虚拟化环境是否被验证。

18. 发明申请

US20140067864A1 FILE ACCESS FOR APPLICATIONS DEPLOYED IN A CLOUD ENVIRONMENT 有权
标题翻译：文件访问在云环境中应用
公开(公告)号：US20140067864A1
公开(公告)日：2014-03-06
申请号：US13605442
申请日：2012-09-06
申请人： Yaron Holland , Amir Jerbi , Avi Kessel , Shalom Shimoni
发明人： Yaron Holland , Amir Jerbi , Avi Kessel , Shalom Shimoni
IPC分类号： G06F17/30
CPC分类号： G06F17/30233
摘要： A method of operating a virtual computer system including a file access interceptor and multiple virtual machines that are logically arranged in a virtualization environment that is managed by a virtualization environment manager is provided. The method includes reading file settings definitions that include identifications and properties of files that are configured to be accessed by a computer application, replacing operations of a file interface in the computer application using with file access interceptor operations that use the file settings to decouple file attributes from the computer application, managing file access via the file access interceptor operations to provide data file storage and read access to the files, and synchronizing file actions in each of a plurality of instances of the files. Related systems and computer program products are disclosed.
摘要翻译：提供了一种操作虚拟计算机系统的方法，该虚拟计算机系统包括文件访问拦截器和逻辑上排列在由虚拟化环境管理器管理的虚拟化环境中的多个虚拟机。该方法包括读取文件设置定义，包括配置为由计算机应用程序访问的文件的标识和属性，使用文件访问拦截器操作替换计算机应用程序中的文件接口的操作，文件访问拦截器操作使用文件设置来解耦文件属性从计算机应用程序，通过文件访问拦截器操作来管理文件访问以提供对文件的数据文件存储和读取访问，以及在文件的多个实例中的每一个中同步文件动作。公开了相关系统和计算机程序产品。

19. 发明申请

US20110072486A1 System, Method, and Software for Enforcing Access Control Policy Rules on Utility Computing Virtualization in Cloud Computing Systems 有权
标题翻译：系统，方法和软件，用于实施云计算系统中实用计算虚拟化的访问控制策略规则
公开(公告)号：US20110072486A1
公开(公告)日：2011-03-24
申请号：US12565318
申请日：2009-09-23
申请人： Ethan Hadar , Nimrod Vax , Amir Jerbi , Michael Kletskin
发明人： Ethan Hadar , Nimrod Vax , Amir Jerbi , Michael Kletskin
IPC分类号： G06F21/00 , G06F9/455
CPC分类号： H04L63/20 , G06F9/45558 , G06F21/6218 , G06F2009/45587
摘要： According to one embodiment, a system comprises one or more processors coupled to a memory and executing logic. A policy life cycle component is configured to maintain a repository of security policies. The repository of security policies comprises policies governing access to a virtual host and to a plurality of virtual machines running on the virtual host. The policy life cycle component is also configured to issue a compound policy for an identified virtual operating system running on the virtual host. The compound policy provides a virtual host policy and access rules for each of the plurality of virtual machines running on the virtual host. A topology manager is configured to receive the compound policy from the policy life cycle component, assign the compound to an access control agent, and maintain a security policy topology. The security policy topology stores associations between access control agents and compound policies.
摘要翻译：根据一个实施例，系统包括耦合到存储器和执行逻辑的一个或多个处理器。策略生命周期组件配置为维护安全策略的存储库。安全策略的存储库包括管理对虚拟主机和虚拟主机上运行的多个虚拟机的访问的策略。策略生命周期组件还被配置为为在虚拟主机上运行的标识的虚拟操作系统发出复合策略。复合策略为虚拟主机上运行的多个虚拟机中的每一个提供虚拟主机策略和访问规则。拓扑管理器被配置为从策略生命周期组件接收复合策略，将化合物分配给访问控制代理，并维护安全策略拓扑。安全策略拓扑存储访问控制代理和复合策略之间的关联。

20. 发明授权

US09678984B2 File access for applications deployed in a cloud environment 有权
公开(公告)号：US09678984B2
公开(公告)日：2017-06-13
申请号：US13605442
申请日：2012-09-06
申请人： Yaron Holland , Amir Jerbi , Avi Kessel , Shalom Shimoni
发明人： Yaron Holland , Amir Jerbi , Avi Kessel , Shalom Shimoni
IPC分类号： G06F17/30
CPC分类号： G06F17/30233
摘要： A method of operating a virtual computer system including a file access interceptor and multiple virtual machines that are logically arranged in a virtualization environment that is managed by a virtualization environment manager is provided. The method includes reading file settings definitions that include identifications and properties of files that are configured to be accessed by a computer application, replacing operations of a file interface in the computer application using with file access interceptor operations that use the file settings to decouple file attributes from the computer application, managing file access via the file access interceptor operations to provide data file storage and read access to the files, and synchronizing file actions in each of a plurality of instances of the files. Related systems and computer program products are disclosed.

你已经成功收藏专利！

检索式保存成功!

IPRDB

热门服务

关于我们

友情链接

联系方式