专利快速检索-快速检索全球专利，免费商用专利数据库-IPRDB

1. 发明授权

US09154475B1 User authentication and authorization in distributed security system 有权
标题翻译：分布式安全系统中的用户认证和授权
公开(公告)号：US09154475B1
公开(公告)日：2015-10-06
申请号：US12354900
申请日：2009-01-16
申请人： Kailash Kailash , Jeff Forristal , Narinder Paul , Sivaprasad Udupa
发明人： Kailash Kailash , Jeff Forristal , Narinder Paul , Sivaprasad Udupa
IPC分类号： G06F7/04 , H04L9/32 , G06F21/00 , H04L29/06
CPC分类号： H04L63/08 , H04L63/083 , H04L63/1408 , H04L63/168 , H04W12/06
摘要： Methods, systems, and apparatus, including computer program products, for distributed security system authorization. Client device authentication instructions are executed on a client device to determine if authentication data accessible by the client device authentication instructions are stored at the client device. If the authentication data are stored at the client device, the client device authentication instructions generate authenticated user data and store the authenticated user data at the client device. If the authentication data are not stored at the client device, the client device authentication instructions generate a login environment that allows a user of the client device to input login data. The login data are provided to a verification process that in response to verification provide the authentication data to the client device.
摘要翻译：方法，系统和设备，包括计算机程序产品，用于分布式安全系统授权。在客户端设备上执行客户端设备认证指令，以确定由客户机设备认证指令可访问的认证数据是否存储在客户端设备。如果认证数据存储在客户端设备，则客户端设备认证指令生成认证用户数据，并将认证用户数据存储在客户端设备。如果认证数据未被存储在客户端设备，则客户端设备认证指令生成允许客户端设备的用户输入登录数据的登录环境。将登录数据提供给验证过程，该验证过程响应于验证向客户端设备提供认证数据。

2. 发明授权

US08869259B1 Cloud based inspection of secure content avoiding man-in-the-middle attacks 有权
标题翻译：基于云的检查安全内容，避免中间人攻击
公开(公告)号：US08869259B1
公开(公告)日：2014-10-21
申请号：US13111753
申请日：2011-05-19
申请人： Sivaprasad Udupa , Narinder Paul , Jose Raphel , Kailash Kailash
发明人： Sivaprasad Udupa , Narinder Paul , Jose Raphel , Kailash Kailash
IPC分类号： H04L29/06
CPC分类号： H04L63/1483 , H04L63/0823 , H04L63/20
摘要： A cloud based system that facilitates inspection of secure content and inexpensively detects the presence of a Man-in-the-Middle attack in a client-server communication is disclosed. Through inspection of the server certificate, no Man-in-the-Middle attack between server and the system is ensured; through inspection and designation of the client certificate, absence of a Man-in-the-Middle attack between the cloud based system and the client is ensured. In this way, the cloud based system can perform its usual policy enforcement functions with respect to secure content while avoiding Man-in-the-Middle attacks.
摘要翻译：公开了一种基于云的系统，其便于检查安全内容并且廉价地检测客户端 - 服务器通信中的中间人攻击的存在。通过检查服务器证书，确保服务器与系统之间无中间人的攻击; 通过检查和指定客户端证书，确保了基于云的系统和客户端之间的中间人中的攻击。以这种方式，基于云的系统可以在安全内容方面执行其通常的策略执行功能，同时避免中间人攻击。

3. 发明授权

US08566925B2 Systems and methods for policy based triggering of client-authentication at directory level granularity 有权
标题翻译：用于以目录级粒度为基础的策略触发客户端认证的系统和方法
公开(公告)号：US08566925B2
公开(公告)日：2013-10-22
申请号：US11462350
申请日：2006-08-03
申请人： Sivaprasad Udupa , Tushar Kanekar , Tejus Ag
发明人： Sivaprasad Udupa , Tushar Kanekar , Tejus Ag
IPC分类号： H04L29/00
CPC分类号： H04L63/10 , H04L63/0272 , H04L63/0428 , H04L63/0823 , H04L63/166 , H04L63/20 , H04L2463/144
摘要： Systems and methods are disclosed for an appliance to authenticate access of a client to a protected directory on a server via a connection, such as a secure SSL connection, established by the appliance. A method comprises the steps of: receiving, by an appliance, a first request from a client on a first network to access a server on a second network, the appliance providing the client a virtual private network connection from the first network to the second network; determining, by the appliance, the first request comprises access to a protected directory of the server; associating, by the appliance, an authentication policy with the protected directory, the authentication policy specifying an action to authenticate the client's access to the protected directory; and transmitting, by the appliance in response to the authentication policy, a second request to the client for an authentication certificate. Corresponding systems are also disclosed.
摘要翻译：公开的系统和方法用于通过由设备建立的连接（例如安全SSL连接）来认证客户端访问服务器上的受保护目录的系统和方法。一种方法包括以下步骤：由设备从第一网络的客户端接收访问第二网络上的服务器的第一请求，所述设备向客户端提供从第一网络到第二网络的虚拟专用网络连接 ; 由设备确定第一请求包括访问服务器的受保护目录; 该设备将认证策略与受保护目录相关联，认证策略指定用于认证客户端对受保护目录的访问的动作; 以及响应于所述认证策略，所述设备向所述客户端发送用于认证证书的第二请求。还公开了相应的系统。

4. 发明授权

US08095787B2 Systems and methods for optimizing SSL handshake processing 有权
标题翻译：优化SSL握手处理的系统和方法
公开(公告)号：US08095787B2
公开(公告)日：2012-01-10
申请号：US11466030
申请日：2006-08-21
申请人： Tushar Kanekar , Sivaprasad Udupa
发明人： Tushar Kanekar , Sivaprasad Udupa
IPC分类号： H04L29/00
CPC分类号： H04L63/166
摘要： A method for buffering SSL handshake messages prior to computing a message digest for the SSL handshake includes: conducting, by an appliance with a client, an SSL handshake, the SSL handshake comprising a plurality of SSL handshake messages; storing, by the appliance, the plurality of SSL handshake messages; providing, by the appliance to a message digest computing device in response to receiving a client finish message corresponding to the SSL handshake, the plurality of SSL handshake messages; receiving, by the appliance from the message digest computing device, a message digest corresponding to the provided messages; determining by the appliance, the message digest matches a message digest included in the SSL client finish message; and completing, by the appliance with the client, the SSL handshake. Corresponding systems are also described.
摘要翻译：用于在计算用于SSL握手的消息摘要之前缓存SSL握手消息的方法包括：由具有客户端的设备进行SSL握手，所述SSL握手包括多个SSL握手消息; 由设备存储多个SSL握手消息; 响应于接收到与所述SSL握手相对应的客户端完成消息，所述设备向消息摘要计算设备提供所述多个SSL握手消息; 由所述设备从所述消息摘要计算设备接收与所提供的消息相对应的消息摘要; 由设备确定消息摘要与SSL客户端完成消息中包含的消息摘要相匹配; 并由用户与客户端完成SSL握手。还描述了相应的系统。

5. 发明授权

US08615654B2 Systems and methods for optimizing SSL handshake processing 有权
标题翻译：优化SSL握手处理的系统和方法
公开(公告)号：US08615654B2
公开(公告)日：2013-12-24
申请号：US13533713
申请日：2012-06-26
申请人： Tushar Kanekar , Sivaprasad Udupa
发明人： Tushar Kanekar , Sivaprasad Udupa
IPC分类号： H04L29/06
CPC分类号： H04L9/3263 , H04L63/166 , H04L2209/80
摘要： A method for enabling efficient SSL handshakes through pre-computing of handshake messages, the method includes: receiving, by an appliance, a server certificate identifying a server; generating, by the appliance, at least one of: (i) an SSL server certificate message comprising the received server certificate, (ii) an SSL client certificate request message, and (iii) an SSL hello done message; storing, by the appliance, the generated messages; receiving, by the appliance from a client, an SSL client hello message identifying the server; and transmitting, by the appliance to the client, an SSL server hello message and at least one of the stored messages. Corresponding systems are also described.
摘要翻译：一种用于通过预握握握消息来实现有效的SSL握手的方法，所述方法包括：由设备接收识别服务器的服务器证书; 由所述设备生成以下至少一个：（i）包括所接收的服务器证书的SSL服务器证书消息，（ii）SSL客户端证书请求消息，以及（iii）SSL hello完成消息; 由设备存储生成的消息; 用户从客户端接收标识服务器的SSL客户端hello消息; 以及由所述设备向所述客户端发送SSL服务器呼叫消息和所存储的消息中的至少一个。还描述了相应的系统。

6. 发明申请

US20120265991A1 SYSTEMS AND METHODS FOR OPTIMIZING SSL HANDSHAKE PROCESSING 有权
标题翻译：用于优化SSL HANDSHAKE处理的系统和方法
公开(公告)号：US20120265991A1
公开(公告)日：2012-10-18
申请号：US13533713
申请日：2012-06-26
申请人： Tushar Kanekar , Sivaprasad Udupa
发明人： Tushar Kanekar , Sivaprasad Udupa
IPC分类号： H04L9/32
CPC分类号： H04L9/3263 , H04L63/166 , H04L2209/80
摘要： A method for enabling efficient SSL handshakes through pre-computing of handshake messages, the method includes: receiving, by an appliance, a server certificate identifying a server; generating, by the appliance, at least one of: (i) an SSL server certificate message comprising the received server certificate, (ii) an SSL client certificate request message, and (iii) an SSL hello done message; storing, by the appliance, the generated messages; receiving, by the appliance from a client, an SSL client hello message identifying the server; and transmitting, by the appliance to the client, an SSL server hello message and at least one of the stored messages. Corresponding systems are also described.
摘要翻译：一种用于通过预握握握消息来实现有效的SSL握手的方法，所述方法包括：由设备接收识别服务器的服务器证书; 由所述设备生成以下至少一个：（i）包括所接收的服务器证书的SSL服务器证书消息，（ii）SSL客户端证书请求消息，以及（iii）SSL hello完成消息; 由设备存储生成的消息; 用户从客户端接收标识服务器的SSL客户端hello消息; 以及由所述设备向所述客户端发送SSL服务器呼叫消息和所存储的消息中的至少一个。还描述了相应的系统。

7. 发明申请

US20120117375A1 SYSTEMS AND METHODS FOR OPTIMIZING SSL HANDSHAKE PROCESSING 有权
标题翻译：用于优化SSL HANDSHAKE处理的系统和方法
公开(公告)号：US20120117375A1
公开(公告)日：2012-05-10
申请号：US13346314
申请日：2012-01-09
申请人： Tushar Kanekar , Sivaprasad Udupa
发明人： Tushar Kanekar , Sivaprasad Udupa
IPC分类号： H04L29/06
CPC分类号： H04L63/166
摘要： A method for buffering SSL handshake messages prior to computing a message digest for the SSL handshake includes: conducting, by an appliance with a client, an SSL handshake, the SSL handshake comprising a plurality of SSL handshake messages; storing, by the appliance, the plurality of SSL handshake messages; providing, by the appliance to a message digest computing device in response to receiving a client finish message corresponding to the SSL handshake, the plurality of SSL handshake messages; receiving, by the appliance from the message digest computing device, a message digest corresponding to the provided messages; determining by the appliance, the message digest matches a message digest included in the SSL client finish message; and completing, by the appliance with the client, the SSL handshake. Corresponding systems are also described.
摘要翻译：用于在计算用于SSL握手的消息摘要之前缓存SSL握手消息的方法包括：由具有客户端的设备进行SSL握手，所述SSL握手包括多个SSL握手消息; 由设备存储多个SSL握手消息; 响应于接收到与所述SSL握手相对应的客户端完成消息，所述设备向消息摘要计算设备提供所述多个SSL握手消息; 由所述设备从所述消息摘要计算设备接收与所提供的消息相对应的消息摘要; 由设备确定消息摘要与SSL客户端完成消息中包含的消息摘要相匹配; 并由用户与客户端完成SSL握手。还描述了相应的系统。

8. 发明授权

US08838958B2 Systems and methods for bulk encryption and decryption of transmitted data 有权
标题翻译：用于批量加密和解密传输数据的系统和方法
公开(公告)号：US08838958B2
公开(公告)日：2014-09-16
申请号：US13712658
申请日：2012-12-12
申请人： Josephine Suganthi , Tushar Kanekar , Sivaprasad Udupa
发明人： Josephine Suganthi , Tushar Kanekar , Sivaprasad Udupa
IPC分类号： H04L29/06
CPC分类号： H04L63/0428
摘要： A method for using a network appliance to efficiently buffer and encrypt data for transmission includes: receiving, by an appliance via a connection, two or more SSL records comprising encrypted messages; decrypting the two or more messages; buffering, by the appliance, the two or more decrypted messages; determining, by the appliance, that a transmittal condition has been satisfied; encrypting, by the appliance in response to the determination, the first decrypted message and a portion of the second decrypted message to produce a third SSL record; and transmitting, by the appliance via a second connection, the third record. Corresponding systems are also described.
摘要翻译：一种使用网络设备有效地缓冲和加密用于传输的数据的方法包括：由设备经由连接接收包括加密消息的两个或更多个SSL记录; 解密两个或多个消息; 由设备缓冲两个或更多个解密的消息; 由设备确定已经满足传送条件; 所述设备响应于所述确定，加密所述第一解密消息和所述第二解密消息的一部分以产生第三SSL记录; 以及由所述器具经由第二连接发送所述第三记录。还描述了相应的系统。

9. 发明申请

US20130145146A1 SYSTEMS AND METHODS FOR BULK ENCRYPTION AND DECRYPTION OF TRANSMITTED DATA 有权
标题翻译：用于批量加密和传输数据分解的系统和方法
公开(公告)号：US20130145146A1
公开(公告)日：2013-06-06
申请号：US13712658
申请日：2012-12-12
申请人： Josephine Suganthi , Tushar Kanekar , Sivaprasad Udupa
发明人： Josephine Suganthi , Tushar Kanekar , Sivaprasad Udupa
IPC分类号： H04L29/06
CPC分类号： H04L63/0428
摘要： A method for using a network appliance to efficiently buffer and encrypt data for transmission includes: receiving, by an appliance via a connection, two or more SSL records comprising encrypted messages; decrypting the two or more messages; buffering, by the appliance, the two or more decrypted messages; determining, by the appliance, that a transmittal condition has been satisfied; encrypting, by the appliance in response to the determination, the first decrypted message and a portion of the second decrypted message to produce a third SSL record; and transmitting, by the appliance via a second connection, the third record. Corresponding systems are also described.
摘要翻译：一种使用网络设备有效地缓冲和加密用于传输的数据的方法包括：由设备经由连接接收包括加密消息的两个或更多个SSL记录; 解密两个或多个消息; 由设备缓冲两个或更多个解密的消息; 由设备确定已经满足传送条件; 所述设备响应于所述确定，加密所述第一解密消息和所述第二解密消息的一部分以产生第三SSL记录; 以及由所述器具经由第二连接发送所述第三记录。还描述了相应的系统。

10. 发明申请

US20100125903A1 TRAFFIC REDIRECTION IN CLOUD BASED SECURITY SERVICES 有权
标题翻译：基于云安全服务的交通重定向
公开(公告)号：US20100125903A1
公开(公告)日：2010-05-20
申请号：US12274222
申请日：2008-11-19
申请人： Srikanth Devarajan , Alex Motyashov , Manoj Apte , Sivaprasad Udupa
发明人： Srikanth Devarajan , Alex Motyashov , Manoj Apte , Sivaprasad Udupa
IPC分类号： G06F15/173
CPC分类号： H04L63/102 , G06F21/577 , G06F2221/2141
摘要： Systems, methods and apparatus for tunneling in a cloud based security system. Management of tunnels, such as data tunnels, between enterprises and processing nodes for a security service is facilitate by the use of virtual gateway nodes and migration failover to minimize traffic impacts when a tunnel is migrated from one processing node to another processing node.
摘要翻译：用于基于云的安全系统中隧道的系统，方法和装置。通过使用虚拟网关节点和迁移故障转移来管理隧道，如数据隧道，企业和处理节点之间的隧道，可以通过隧道从一个处理节点迁移到另一个处理节点来最大限度地减少流量影响。

你已经成功收藏专利！

检索式保存成功!

IPRDB

热门服务

关于我们

友情链接

联系方式