会员体验
专利管家(专利管理)
工作空间(专利管理)
风险监控(情报监控)
数据分析(专利分析)
侵权分析(诉讼无效)
联系我们
交流群
官方交流:
QQ群: 891211   
微信请扫码    >>>
现在联系顾问~
热词
    • 4. 发明授权
    • Method and system for separating rules of a security policy from detection criteria
    • 将安全策略的规则与检测标准分开的方法和系统
    • US07591010B2
    • 2009-09-15
    • US11039637
    • 2005-01-19
    • Art ShelestScott A. FieldSubhashini Raghunathan
    • Art ShelestScott A. FieldSubhashini Raghunathan
    • G06F9/00G06F15/16G06F17/00
    • G06F21/55
    • A method and system that enables a security policy to separate developer-provided detection criteria from an administrator-provided custom policy is provided. The security system allows a developer of detection criteria to provide a signature file containing the signatures that are available for use by a security policy. The security system also allows an administrator of a computer system to specify a custom policy that uses the signatures of the signature file. The developer may distribute the signature file to host computer systems independently of the administrator's distribution of the rules of the custom policy to the host computer systems. When a security enforcement event occurs at the host computer system, the security system applies the rules of the security policy to the event.
    • 提供了一种使安全策略能够将开发人员提供的检测标准与管理员提供的自定义策略分开的方法和系统。 安全系统允许检测标准的开发者提供包含可由安全策略使用的签名的签名文件。 安全系统还允许计算机系统的管理员指定使用签名文件签名的自定义策略。 开发人员可以将签名文件分发到主机计算机系统,而不管管理员将自定义策略的规则分发给主机系统。 当主机计算机系统发生安全执行事件时,安全系统将安全策略的规则应用于事件。
    • 5. 发明授权
    • Secure ISN generation
    • 安全的ISN生成
    • US07503068B2
    • 2009-03-10
    • US10779950
    • 2004-02-13
    • Sanjay KaniyarArt ShelestNk SrinivasScott K. Holden
    • Sanjay KaniyarArt ShelestNk SrinivasScott K. Holden
    • H04L9/00
    • H04L47/34H04L63/1458
    • An initial sequence number generator is provided that prevents the local server from being attacked while maintaining reliable data transfer. A random intermediate value is created that is unique to each connection identifier and is combined with a random value created from a global counter to generate the initial sequence number. The counter capable of monotonically increasing by both a fixed and variable amount for ensuring that the same connection identifier does not have data collisions from competing sequence numbers within a predetermined period of time, and also to ensures randomness of the initial sequence number on a per connection basis for preventing attacks on the local server.
    • 提供了初始序列号生成器,其防止本地服务器在保持可靠的数据传输的同时受到攻击。 创建对每个连接标识符唯一的随机中间值,并与从全局计数器创建的随机值组合以生成初始序列号。 该计数器能够通过固定和可变量单调增加,以确保相同的连接标识符在预定时间段内没有来自竞争序列号的数据冲突,并且还确保每个连接上的初始序列号的随机性 防止对本地服务器的攻击的基础。
    • 7. 发明授权
    • Reducing network configuration complexity with transparent virtual private networks
    • 透明虚拟专用网络降低网络配置复杂度
    • US07305705B2
    • 2007-12-04
    • US10611832
    • 2003-06-30
    • Art ShelestChristian Huitema
    • Art ShelestChristian Huitema
    • G06F15/16
    • H04L63/0272H04L9/3218H04L63/029H04L63/0442H04L63/08H04L63/083H04L63/0853H04L63/1458H04L63/166H04L2209/56H04L2209/76H04L2209/80
    • A firewall acts as a transparent gateway to a server within a private network by initiating an unsolicited challenge to a client to provide authentication credentials. After receiving the client's credentials, the firewall verifies the authentication credentials and establishes a secure channel for accessing the server. Data destined for the server from the client may be forwarded through the firewall using the secure channel. The firewall may sign, or otherwise indicate that data forwarded to the server is from a client that the firewall has authenticated. The firewall also may provide some level of authentication to the client. While connected to the server, the client may access other servers external to the private network without having the data associated with the other servers pass through the private network. The firewall reduces configuration information that a client otherwise must maintain to access various private network servers.
    • 防火墙通过向客户端发起未经请求的挑战来提供认证凭据,作为私有网络中的服务器的透明网关。 在收到客户端凭据后,防火墙会验证身份验证凭据,并建立一个用于访问服务器的安全通道。 从客户端发往服务器的数据可以使用安全通道通过防火墙转发。 防火墙可以签署或以其他方式指示转发到服务器的数据来自防火墙已经认证的客户端。 防火墙还可以向客户端提供一定程度的认证。 当连接到服务器时,客户端可以访问专用网络外部的其他服务器,而不会使与其他服务器相关联的数据通过专用网络。 防火墙可以减少客户端必须维护的配置信息,以访问各种专用网络服务器。