专利快速检索-快速检索全球专利，免费商用专利数据库-IPRDB

1. 发明授权

US07725586B2 Method for advance negotiation of computer settings 有权
标题翻译：计算机设置提前协商的方法
公开(公告)号：US07725586B2
公开(公告)日：2010-05-25
申请号：US11699182
申请日：2007-01-29
申请人： Art Shelest , Christian Huitema
发明人： Art Shelest , Christian Huitema
IPC分类号： G06F15/16 , G01R31/08
CPC分类号： G06F9/44505
摘要： A method to negotiate computer settings in advance is presented. A prediction is made to determine if the computer setting will be needed, and if needed, whether a value outside of a normal range of values will be needed. A value for the computer setting that is outside of the normal range of values is determined and the value is set to the outside value. A value within the normal range of values is used if it was predicted that there is no need for a value outside of the normal range of values.
摘要翻译：提出了一种提前协商计算机设置的方法。进行预测以确定是否需要计算机设置，并且如果需要，是否需要在正常值范围之外的值。确定超出正常值范围的计算机设置的值，并将该值设置为外部值。如果预测不需要在正常值范围之外的值，则使用在正常范围内的值。

2. 发明授权

US07698548B2 Communications traffic segregation for security purposes 有权
标题翻译：为安全起见，通信业务隔离
公开(公告)号：US07698548B2
公开(公告)日：2010-04-13
申请号：US11297717
申请日：2005-12-08
申请人： Art Shelest , Eran Yariv , David Abzarian
发明人： Art Shelest , Eran Yariv , David Abzarian
IPC分类号： H04L29/06
CPC分类号： H04L63/1408 , H04L63/1441
摘要： Technology for applying a communications traffic security policy in which a distinct communications traffic flow is segregated based upon a security value; whereby the communications traffic security policy include one or both of a detection and an enforcement policy. The detection policy may include determining whether the segregated communications traffic flow involves malware; and, the enforcement policy may include a malware policy.
摘要翻译：基于安全值分配不同通信业务流的通信业务安全策略的应用技术; 由此通信交通安全策略包括检测和执行策略中的一个或两个。检测策略可以包括确定分离的通信业务流是否涉及恶意软件; 并且执法政策可能包括恶意软件策略。

3. 发明授权

US07591010B2 Method and system for separating rules of a security policy from detection criteria 有权
标题翻译：将安全策略的规则与检测标准分开的方法和系统
公开(公告)号：US07591010B2
公开(公告)日：2009-09-15
申请号：US11039637
申请日：2005-01-19
申请人： Art Shelest , Scott A. Field , Subhashini Raghunathan
发明人： Art Shelest , Scott A. Field , Subhashini Raghunathan
IPC分类号： G06F9/00 , G06F15/16 , G06F17/00
CPC分类号： G06F21/55
摘要： A method and system that enables a security policy to separate developer-provided detection criteria from an administrator-provided custom policy is provided. The security system allows a developer of detection criteria to provide a signature file containing the signatures that are available for use by a security policy. The security system also allows an administrator of a computer system to specify a custom policy that uses the signatures of the signature file. The developer may distribute the signature file to host computer systems independently of the administrator's distribution of the rules of the custom policy to the host computer systems. When a security enforcement event occurs at the host computer system, the security system applies the rules of the security policy to the event.
摘要翻译：提供了一种使安全策略能够将开发人员提供的检测标准与管理员提供的自定义策略分开的方法和系统。安全系统允许检测标准的开发者提供包含可由安全策略使用的签名的签名文件。安全系统还允许计算机系统的管理员指定使用签名文件签名的自定义策略。开发人员可以将签名文件分发到主机计算机系统，而不管管理员将自定义策略的规则分发给主机系统。当主机计算机系统发生安全执行事件时，安全系统将安全策略的规则应用于事件。

4. 发明授权

US07503068B2 Secure ISN generation 有权
标题翻译：安全的ISN生成
公开(公告)号：US07503068B2
公开(公告)日：2009-03-10
申请号：US10779950
申请日：2004-02-13
申请人： Sanjay Kaniyar , Art Shelest , Nk Srinivas , Scott K. Holden
发明人： Sanjay Kaniyar , Art Shelest , Nk Srinivas , Scott K. Holden
IPC分类号： H04L9/00
CPC分类号： H04L47/34 , H04L63/1458
摘要： An initial sequence number generator is provided that prevents the local server from being attacked while maintaining reliable data transfer. A random intermediate value is created that is unique to each connection identifier and is combined with a random value created from a global counter to generate the initial sequence number. The counter capable of monotonically increasing by both a fixed and variable amount for ensuring that the same connection identifier does not have data collisions from competing sequence numbers within a predetermined period of time, and also to ensures randomness of the initial sequence number on a per connection basis for preventing attacks on the local server.
摘要翻译：提供了初始序列号生成器，其防止本地服务器在保持可靠的数据传输的同时受到攻击。创建对每个连接标识符唯一的随机中间值，并与从全局计数器创建的随机值组合以生成初始序列号。该计数器能够通过固定和可变量单调增加，以确保相同的连接标识符在预定时间段内没有来自竞争序列号的数据冲突，并且还确保每个连接上的初始序列号的随机性防止对本地服务器的攻击的基础。

5. 发明申请

US20050005165A1 Method of assisting an application to traverse a firewall 有权
标题翻译：协助应用程序穿越防火墙的方法
公开(公告)号：US20050005165A1
公开(公告)日：2005-01-06
申请号：US10603648
申请日：2003-06-25
申请人： Dennis Morgan , Alexandru Gavrilescu , Jonathan Burstein , Art Shelest , David LeBlanc
发明人： Dennis Morgan , Alexandru Gavrilescu , Jonathan Burstein , Art Shelest , David LeBlanc
IPC分类号： G06F21/20 , G06F11/00 , G06F13/00 , G06F15/00 , H04L29/06 , H04L9/00
CPC分类号： H04L63/0227 , H04L63/0218 , H04L63/029
摘要： A method for a firewall-aware application to communicate its expectations to a firewall without requiring the firewall to change its policy or compromise network security. An application API is provided for applications to inform a firewall or firewalls of the application's needs, and a firewall API is provided that informs the firewall or firewalls of the application's needs. An interception module watches for connect and listen attempts by applications and services to the network stack on the local computer. The interception module traps these attempts and determines what user is making the attempt, what application or service is making the attempt, and conducts a firewall policy look-up to determine whether the user and/or application or service are allowed to connect to the network. If so, the interception module may instruct the host and/or edge firewall to configure itself for the connection being requested.
摘要翻译：防火墙感知应用程序将其期望传达到防火墙的方法，而不需要防火墙更改其策略或损害网络安全性。为应用程序提供应用程序API以通知防火墙或防火墙应用程序的需求，并提供防火墙API，通知防火墙或防火墙应用程序的需求。拦截模块监视应用程序和服务对本地计算机上的网络堆栈的连接和监听尝试。拦截模块捕获这些尝试，并确定用户正在进行的尝试，什么应用程序或服务正在进行尝试，并进行防火墙策略查找，以确定是否允许用户和/或应用程序或服务连接到网络。如果是这样，则拦截模块可以指示主机和/或边缘防火墙为正在请求的连接配置自身。

6. 发明授权

US07305705B2 Reducing network configuration complexity with transparent virtual private networks 有权
标题翻译：透明虚拟专用网络降低网络配置复杂度
公开(公告)号：US07305705B2
公开(公告)日：2007-12-04
申请号：US10611832
申请日：2003-06-30
申请人： Art Shelest , Christian Huitema
发明人： Art Shelest , Christian Huitema
IPC分类号： G06F15/16
CPC分类号： H04L63/0272 , H04L9/3218 , H04L63/029 , H04L63/0442 , H04L63/08 , H04L63/083 , H04L63/0853 , H04L63/1458 , H04L63/166 , H04L2209/56 , H04L2209/76 , H04L2209/80
摘要： A firewall acts as a transparent gateway to a server within a private network by initiating an unsolicited challenge to a client to provide authentication credentials. After receiving the client's credentials, the firewall verifies the authentication credentials and establishes a secure channel for accessing the server. Data destined for the server from the client may be forwarded through the firewall using the secure channel. The firewall may sign, or otherwise indicate that data forwarded to the server is from a client that the firewall has authenticated. The firewall also may provide some level of authentication to the client. While connected to the server, the client may access other servers external to the private network without having the data associated with the other servers pass through the private network. The firewall reduces configuration information that a client otherwise must maintain to access various private network servers.
摘要翻译：防火墙通过向客户端发起未经请求的挑战来提供认证凭据，作为私有网络中的服务器的透明网关。在收到客户端凭据后，防火墙会验证身份验证凭据，并建立一个用于访问服务器的安全通道。从客户端发往服务器的数据可以使用安全通道通过防火墙转发。防火墙可以签署或以其他方式指示转发到服务器的数据来自防火墙已经认证的客户端。防火墙还可以向客户端提供一定程度的认证。当连接到服务器时，客户端可以访问专用网络外部的其他服务器，而不会使与其他服务器相关联的数据通过专用网络。防火墙可以减少客户端必须维护的配置信息，以访问各种专用网络服务器。

7. 发明申请

US20060282876A1 Conditional activation of security policies 有权
公开(公告)号：US20060282876A1
公开(公告)日：2006-12-14
申请号：US11150819
申请日：2005-06-09
申请人： Art Shelest , Carl Ellison
发明人： Art Shelest , Carl Ellison
IPC分类号： G06F17/00
CPC分类号： G06F21/6218
摘要： A conditional activation system distributes a security policy to the computer systems of an enterprise. Upon receiving a security policy at a computer system, the computer system may install the received security policy without activation. When a security policy is installed without activation, it is loaded onto a computer system but is not used to process security enforcement events. The computer system may then determine whether a security policy activation criterion has been satisfied and, if so, activate the security policy.

8. 发明申请

US20060218635A1 Dynamic protection of unpatched machines 有权
公开(公告)号：US20060218635A1
公开(公告)日：2006-09-28
申请号：US11090679
申请日：2005-03-25
申请人： Michael Kramer , Art Shelest , Carl Carter-Schwendler , Gary Henderson , Scott Field , Sterling Reasor
发明人： Michael Kramer , Art Shelest , Carl Carter-Schwendler , Gary Henderson , Scott Field , Sterling Reasor
IPC分类号： G06F12/14
CPC分类号： G06F21/56 , G06F21/57 , H04L41/0659 , H04L41/0816 , H04L63/02 , H04L63/1441 , H04L69/40
摘要： A system and method for protecting a computer system connected to a communication network from a potential vulnerability. The system and method protects a computer system that is about to undergo or has just undergone a change in state that may result in placing the computer system at risk to viruses, and the like, over a communication network. The system and method first detect an imminent or recent change in state. A security component and a fixing component react to the detection of the change in state. The security component may raise the security level to block incoming network information, other than information from a secure or known location, or information requested by the computer system. The fixing component implements a fixing routine, such as installing missing updates or patches, and on successfully completing the fixing routine, the security level is relaxed or lowered.

9. 发明申请

US20060174318A1 Method and system for troubleshooting when a program is adversely impacted by a security policy 有权
标题翻译：用于在程序受到安全策略的不利影响时进行故障排除的方法和系统
公开(公告)号：US20060174318A1
公开(公告)日：2006-08-03
申请号：US11045733
申请日：2005-01-28
申请人： Art Shelest , Pradeep Bahl , Scott Field
发明人： Art Shelest , Pradeep Bahl , Scott Field
IPC分类号： H04L9/00 , G06F17/00 , H04K1/00 , G06F12/14 , G06F11/00 , G06F11/22 , G06F11/30 , G06F11/32 , G06F11/34 , G06F11/36 , G06F12/16 , G06F15/18 , G08B23/00
CPC分类号： H04L63/10 , G06F11/079 , G06F21/53 , G06F21/554
摘要： A method and system for selectively excluding a program from a security policy is provided. The security system receives from a user an indication of a program with a problem that is to be excluded from the security policy. When the program executes and a security enforcement event occurs, the security system does not apply the security policy. If the problem appears to be resolved as a result of excluding the program from the security policy, then the user may assume that the security policy is the cause of the problem.
摘要翻译：提供了一种用于从安全策略中选择性地排除程序的方法和系统。安全系统从用户接收到具有要从安全策略中排除的问题的程序的指示。当程序执行并发生安全执行事件时，安全系统不应用安全策略。如果由于从安全策略中排除程序，问题似乎得到解决，那么用户可能认为安全策略是问题的原因。

10. 发明申请

US20050261877A1 Hardware assist for pattern matches 失效
标题翻译：硬件辅助模式匹配
公开(公告)号：US20050261877A1
公开(公告)日：2005-11-24
申请号：US10770329
申请日：2004-02-02
申请人： Art Shelest , Jason Garms
发明人： Art Shelest , Jason Garms
IPC分类号： G06F11/30
CPC分类号： G06F21/567 , G06F21/55 , G06F21/564
摘要： An application contacts the ASIC with a request for a job, along with the name or identifier of a data stream to pattern match against, the name or identifier of the pattern set to use, and whether the job is partial or full. Depending on the priority rules set by the ASIC administrator, the ASIC may stop the job it is currently doing and begin work on the new job, or wait until the current job is finished before starting the new job. The ASIC determines if the pattern set for the new job is already stored in the cache, and contacts the calling application if it is not. Once the correct pattern set is loaded, the ASIC begins pattern matching on the requested data stream. The data stream is compared byte by byte with the each of the patterns in the loaded set. The ASIC will return a match to the calling application if a match has been made with one of the patterns in the pattern set.
摘要翻译：应用程序与作业请求联系，以及与要使用的模式集合的名称或标识符进行模式匹配的数据流的名称或标识符以及作业是部分还是完全。根据ASIC管理员设置的优先级规则，ASIC可能会停止当前正在执行的任务，并开始对新作业进行工作，或者在开始新作业之前等待当前作业完成。 ASIC确定为新作业设置的模式是否已经存储在高速缓存中，如果不是，则联系呼叫应用程序。一旦加载了正确的模式集，ASIC将在所请求的数据流上开始模式匹配。将数据流逐字节与加载集合中的每个模式进行比较。如果与模式集中的其中一个模式进行了匹配，ASIC将返回匹配到调用应用程序。

你已经成功收藏专利！

检索式保存成功!

IPRDB

热门服务

关于我们

友情链接

联系方式