专利快速检索-快速检索全球专利，免费商用专利数据库-IPRDB

21. 发明授权

US09712563B2 Connection-specific communication management 有权
公开(公告)号：US09712563B2
公开(公告)日：2017-07-18
申请号：US14792828
申请日：2015-07-07
申请人： Cyber-Ark Software Ltd.
发明人： Doron Shem Tov , Yair Sade , Shlomy Marom , Millie Richter
IPC分类号： H04L29/06 , G06Q10/06
CPC分类号： H04L63/20 , G06Q10/06 , H04L63/08
摘要： A method of managing a connection-specific policy for accessing a target system includes receiving a request from a user client for a connection with a target system. A unique identifier is determined for the requested connection. Connection settings for connecting to the target system are provided to the user client. The connection settings include the unique connection identifier. A corresponding access policy for the connection identifier is provided to the target system. The target system applies the corresponding access policy on the connection established with the connection settings.

22. 发明授权

US09680813B2 User provisioning 有权
公开(公告)号：US09680813B2
公开(公告)日：2017-06-13
申请号：US14479498
申请日：2014-09-08
申请人： Cyber-Ark Software Ltd.
发明人： Yair Sade , Roy Adar , Yossi Dantes , Tzippi Yitzhack , Andrey Dulkin
IPC分类号： H04L29/06 , G06Q10/06
CPC分类号： H04L63/08 , G06Q10/06
摘要： A method of credential provisioning on a target service utilizes three credential sets: authentication credentials, privileged credentials and provisioned credentials. An intermediate element receives a request from a user client to establish a session with a target service. The request includes authentication credentials. The intermediate element creates provisioned credentials using privileged credentials which are authorized for creating provisioned credentials for accessing the target service. Once provisioned credentials have been created, a dual session communication channel is established between the user client and the target service. The session between the user client and intermediate element is established using the authentication credentials and the session between the intermediate element and the target service is established using the provisioned credentials. Optionally, user authorization to establish a session with the target service is determined prior to creating the provisioned credentials.

23. 发明授权

US09386044B2 Correlation based security risk identification 有权
公开(公告)号：US09386044B2
公开(公告)日：2016-07-05
申请号：US14825226
申请日：2015-08-13
申请人： Cyber-Ark Software Ltd
发明人： Andrey Dulkin , Denis Kamanovsky , Yoel Eilat , Yair Sade
IPC分类号： H04L29/00 , H04L29/06 , G06F21/57
CPC分类号： H04L63/1433 , G06F21/577 , H04L63/0807 , H04L63/083 , H04L63/20
摘要： Methods and systems are disclosed for identifying security risks, arising from credentials existing on machines in the networks that enable access to other machines on the networks. Account credentials indications are retrieved from machines in the network, which indicate that credentials for accounts are stored on those machines. Access rights for accounts are collected, describing the access and operation permissions of these accounts on machines in the networks. A correlation is then performed to identify machines that can be accessed by employing credentials of accounts retrieved from other machines in the network.

24. 发明申请

US20150350238A1 CORRELATION BASED SECURITY RISK IDENTIFICATION 有权
公开(公告)号：US20150350238A1
公开(公告)日：2015-12-03
申请号：US14825226
申请日：2015-08-13
申请人： Cyber-Ark Software Ltd
发明人： Andrey DULKIN , Denis Kamanovsky , Yoel Eilat , Yair Sade
IPC分类号： H04L29/06
CPC分类号： H04L63/1433 , G06F21/577 , H04L63/0807 , H04L63/083 , H04L63/20
摘要： Methods and systems are disclosed for identifying security risks, arising from credentials existing on machines in the networks that enable access to other machines on the networks. Account credentials indications are retrieved from machines in the network, which indicate that credentials for accounts are stored on those machines. Access rights for accounts are collected, describing the access and operation permissions of these accounts on machines in the networks. A correlation is then performed to identify machines that can be accessed by employing credentials of accounts retrieved from other machines in the network.

25. 发明申请

US20150304292A1 A SYSTEM AND METHOD FOR SECURE PROXY-BASED AUTHENTICATION 审中-公开
标题翻译：一种用于安全基于验证的系统和方法
公开(公告)号：US20150304292A1
公开(公告)日：2015-10-22
申请号：US14372772
申请日：2013-10-22
申请人： CYBER-ARK SOFTWARE LTD.
发明人： Andrey DULKIN , Yair SADE
IPC分类号： H04L29/06
CPC分类号： H04L63/0884 , G06F21/31 , H04L63/0281 , H04L63/08 , H04L63/10
摘要： A system and method for secure authentication facilitates improving the security of authentication between a client and a target by using an innovative authentication module on a proxy. The client can connect to the proxy using a native protocol and provides client credentials to the proxy. The proxy uses an authentication module to authenticate the client and then to provide target access credentials for proxy-target authentication, thereby giving the client access to the target through the proxy. The invention facilitates connection between the client and the target without requiring the client to be in possession of the target access credentials. The proxy can optionally be connected to a privileged, access management system which can provide and/or store target access credentials. Proxy-provided target access credentials facilitate preventing a client security breech from exposing target access credentials.
摘要翻译：用于安全认证的系统和方法有助于通过在代理上使用创新的认证模块来提高客户端与目标之间的认证安全性。客户端可以使用本地协议连接到代理，并为代理提供客户端凭据。代理使用身份验证模块对客户端进行身份验证，然后为代理目标身份验证提供目标访问凭据，从而通过代理向客户端访问目标。本发明有助于客户机与目标之间的连接，而不需要客户端拥有目标访问凭证。代理可以可选地连接到可以提供和/或存储目标访问凭证的特权访问管理系统。代理提供的目标访问凭证有助于防止客户端安全劫持暴露目标访问凭据。

26. 发明申请

US20150121548A1 System and method for protected publication of sensitive documents 有权
标题翻译：敏感文件的保护性出版系统和方法
公开(公告)号：US20150121548A1
公开(公告)日：2015-04-30
申请号：US14246098
申请日：2014-04-06
申请人： CYBER-ARK SOFTWARE LTD.
发明人： Andrey DULKIN , Ori HIRSHFELD , Oded VALIN
IPC分类号： G06F21/62 , G06F21/31
CPC分类号： G06F21/16 , G06F2221/0775
摘要： Protected publication of sensitive documents with authentication and accountability enables storing and sharing confidential files, while reducing risk that a recipient will distribute and share the file information with unauthorized recipients. Every user request for an original file generates a unique provided file based on the original file, the user request, and configuration information. The provided file has characteristics that make the provided file based on a first user request unique from any other provided file based on any other user request. Unique characteristics include changing the format of the original file to another format for the provided file, altering file properties, altering file content, and watermarking.
摘要翻译：通过身份验证和问责制保护敏感文档的发布，可以存储和共享机密文件，同时降低收件人分发风险，并与未经授权的收件人共享文件信息。每个用户对原始文件的请求都会根据原始文件，用户请求和配置信息生成唯一提供的文件。所提供的文件具有使得所提供的文件基于任何其他所提供的文件基于任何其他用户请求唯一的第一用户请求的特征。唯一的特征包括将原始文件的格式更改为所提供文件的另一格式，更改文件属性，更改文件内容和水印。

27. 发明申请

US20080196101A1 METHODS AND SYSTEMS FOR SOLVING PROBLEMS WITH HARD-CODED CREDENTIALS 有权
标题翻译：用硬解码证书解决问题的方法和系统
公开(公告)号：US20080196101A1
公开(公告)日：2008-08-14
申请号：US12029477
申请日：2008-02-12
申请人： Yair SADE , Roy ADAR
发明人： Yair SADE , Roy ADAR
IPC分类号： G06F11/00
CPC分类号： G06F21/33 , G06F21/41
摘要： The present invention discloses methods, media, and systems for handling hard-coded credentials, the system including: an interception module configured for: intercepting credential usage upon receiving an application request for application credentials in order to provide access to a host application; a configuration/settings module configured for reading system configurations and settings for handling the application credentials; a credential-mapping module configured for: applying appropriate credential-mapping logic based on the system configurations and settings; and upon determining that the application credentials need to be replaced, obtaining appropriate credentials from a secured storage. Preferably, the interception module is further configured for: prior to the intercepting, hooking a connection API of the host application upon access of a credential location in which the application credentials are stored; and wherein the credential-mapping module is further configured for: subsequent to the hooking, using the appropriate credentials to connect the host application with the connection API.
摘要翻译：本发明公开了用于处理硬编码凭证的方法，媒体和系统，该系统包括：拦截模块，被配置为：在接收到应用程序凭证的应用程序请求时拦截凭证使用，以便提供对主机应用程序的访问; 配置/设置模块，用于读取用于处理应用程序凭证的系统配置和设置; 凭证映射模块，其被配置为：基于所述系统配置和设置来应用适当的凭证映射逻辑; 并且在确定需要更换应用程序凭据之后，从安全存储中获得适当的凭证。优选地，拦截模块还被配置为：在拦截之前，在存储应用凭证的凭证位置的访问时钩住主机应用的连接API; 并且其中所述证书映射模块被进一步配置用于：在所述挂接之后，使用适当的证书将所述主机应用与所述连接API连接。

你已经成功收藏专利！

检索式保存成功!

IPRDB

热门服务

关于我们

友情链接

联系方式