专利快速检索-快速检索全球专利，免费商用专利数据库-IPRDB

1. 发明授权

US09559837B2 Methods for cryptographic delegation and enforcement of dynamic access to stored data 有权
标题翻译：用于密码授权和强制实施对存储数据的动态访问的方法
公开(公告)号：US09559837B2
公开(公告)日：2017-01-31
申请号：US14478998
申请日：2014-09-05
申请人： Trustwave Holdings, Inc.
发明人： John Patrick McGregor , Matthew N. White
IPC分类号： H04L9/06 , G06F21/62 , H04L9/08 , H04L9/32 , H04L9/14
CPC分类号： H04L9/0643 , G06F21/6227 , H04L9/0618 , H04L9/0836 , H04L9/0861 , H04L9/14 , H04L9/3242 , H04L2209/24
摘要： Efficient methods for assigning, revoking, and realizing access to stored data involve a cryptographic key hierarchy and a set of operations performed on cryptographic keys and performed on the data objects to be protected. In addition to providing confidentiality and integrity for data objects, the methods allow access to selected data objects to be permanently revoked for all entities without requiring all instances of the data objects to be destroyed or overwritten. The methods also support access right modifications for a data object without requiring the re-encryption of the entire data object; instead, certain keys are selectively re-encrypted and re-authenticated to implement access control changes. The key hierarchy is parameterized to enable flexible performance tuning, and to provide efficient random access, keying and other security operations are performed for individual blocks within a data object rather than only for the entire data object.
摘要翻译：用于分配，撤销和实现对存储数据的访问的有效方法涉及对密码密钥执行的加密密钥层次和一组操作，并对待保护的数据对象执行。除了为数据对象提供机密性和完整性之外，该方法允许对所有实体永久撤销对所选数据对象的访问，而不需要销毁或重写数据对象的所有实例。该方法还支持对数据对象的访问权限修改，而不需要对整个数据对象进行重新加密; 而是选择性地重新加密和重新认证某些密钥以实现访问控制改变。密钥层次结构被参数化以实现灵活的性能调优，并为数据对象中的各个块而不是仅针对整个数据对象提供有效的随机访问，密钥和其他安全性操作。

2. 发明授权

US08677123B1 Method for accelerating security and management operations on data segments 有权
标题翻译：加快数据段安全管理操作的方法
公开(公告)号：US08677123B1
公开(公告)日：2014-03-18
申请号：US11441613
申请日：2006-05-26
申请人： John Patrick McGregor, Jr. , Matthew N. White
发明人： John Patrick McGregor, Jr. , Matthew N. White
IPC分类号： H04L9/00
CPC分类号： H04L9/00 , H03M7/30 , H04L2209/30
摘要： A method for improving the performance of data storage and transmission systems involves applying a transformation to one or a plurality of aligned data segment(s) prior to or subsequent to the execution of data management operations. The transformation effectively reduces the number of bits in the data segment that must be employed by the data management operation processing. Data management operations performed on a data segment may include but are not limited to cryptographic security operations and data comparison operations. Since the computation requirements of data management operations can decrease as the bit lengths of input data decrease, the transformation can reduce the latencies of data management operations in hardware or software. Furthermore, performing the transformation on a data segment does not reduce the number of bits needed to encode the data segment, thus maintaining the alignment of a plurality of data segments.
摘要翻译：一种用于改善数据存储和传输系统的性能的方法包括在数据管理操作执行之前或之后对一个或多个对齐的数据段应用变换。该转换有效地减少了数据管理操作处理中必须采用的数据段中的位数。对数据段执行的数据管理操作可以包括但不限于加密安全操作和数据比较操作。由于数据管理操作的计算要求随着输入数据的位长度的减少而减少，因此转换可以减少硬件或软件中数据管理操作的延迟。此外，对数据段执行变换不会减少编码数据段所需的位数，从而保持多个数据段的对准。

3. 发明授权

US08595835B2 System to enable detecting attacks within encrypted traffic 有权
标题翻译：系统能够检测加密流量内的攻击
公开(公告)号：US08595835B2
公开(公告)日：2013-11-26
申请号：US13006230
申请日：2011-01-13
申请人： Doron Kolton , Adi Stav , Asaf Wexler , Ariel Ernesto Frydman , Yoram Zahavi
发明人： Doron Kolton , Adi Stav , Asaf Wexler , Ariel Ernesto Frydman , Yoram Zahavi
IPC分类号： G06F21/00
CPC分类号： H04L63/0428 , G06F21/552 , H04L63/1408 , H04L63/1416
摘要： Systems and methods for identification of network attacks are disclosed. An example system includes an adaptor module to route a received encrypted packet to a decryption module, receive a decrypted packet corresponding to the encrypted packet from the decryption module, and transmit the decrypted packet and the encrypted packet to a sensor module. The decryption module is to receive an encrypted packet, decrypt the encrypted packet to form the decrypted packet, and transmit the decrypted packet to the adaptor module. The sensor module is to inspect the decrypted packet and the encrypted packet received from the adaptor module to determine when an attack is detected.
摘要翻译：公开了用于识别网络攻击的系统和方法。示例系统包括：将接收到的加密分组路由到解密模块的适配器模块，从解密模块接收对应于加密分组的解密分组，并将解密的分组和加密分组发送到传感器模块。解密模块是接收加密的分组，解密加密的分组以形成解密的分组，并将解密的分组发送到适配器模块。传感器模块将检查解密的数据包和从适配器模块接收到的加密数据包，以确定何时检测到攻击。

4. 发明授权

US09992014B2 Methods for cryptographic delegation and enforcement of dynamic access to stored data 有权
公开(公告)号：US09992014B2
公开(公告)日：2018-06-05
申请号：US15420076
申请日：2017-01-30
申请人： Trustwave Holdings, Inc.
发明人： John Patrick McGregor, Jr. , Matthew N. White
IPC分类号： G06F11/30 , H04L9/06 , G06F21/62 , H04L9/08 , H04L9/32 , H04L9/14
CPC分类号： H04L9/0643 , G06F21/6227 , H04L9/0618 , H04L9/0836 , H04L9/0861 , H04L9/14 , H04L9/3242 , H04L2209/24
摘要： Methods for cryptographic delegation and enforcement of dynamic access to stored data are disclosed. An example method includes generating for a first modified data block, a new per-block hash value using as a hash function input data contained in the first modified data block or a new per-block hash message authentication code (HMAC) using as hash function inputs a new per-block hash key and data contained in the first modified data block, writing the new per-block hash value or the new per-block HMAC to data block metadata associated with the modified data block in the protected data object, and writing the first modified data block to one of the data blocks of the protected data object.

5. 发明授权

US09774617B2 Distributed client side user monitoring and attack system 有权
公开(公告)号：US09774617B2
公开(公告)日：2017-09-26
申请号：US14054822
申请日：2013-10-15
申请人： TRUSTWAVE HOLDINGS, INC.
发明人： Tyler Rorabaugh , Quoc Quach , Matthew Batema , Jim Hong , Scott Parcel
IPC分类号： H04L29/06 , G06F21/57
CPC分类号： H04L63/1433 , G06F21/577
摘要： An embodiment invention provides a new way of creating a distributed client side user monitoring and attack system for use within the security market. In one embodiment of the invention, a distributed client side user monitoring and attack system, includes: a security application server; a target application server; a target application; and a first code in the target application to permit backchannel communications with the security application server.

6. 发明授权

US09619651B1 Pattern generation, IDS signature conversion, and fault detection 有权
公开(公告)号：US09619651B1
公开(公告)日：2017-04-11
申请号：US12590334
申请日：2009-11-04
申请人： Penny C. Leavy , Michael Gregory Hoglund , Jonathan Walter Gary , Riley Dennis Eller
发明人： Penny C. Leavy , Michael Gregory Hoglund , Jonathan Walter Gary , Riley Dennis Eller
IPC分类号： G06F11/00 , G06F21/57 , G06F21/54 , G06F11/36 , G06F21/52
CPC分类号： G06F21/577 , G06F11/3672 , G06F21/52 , G06F21/54 , H04L43/50 , H04L63/1433
摘要： A method of testing a target in a network by fault injection, includes: defining a transaction baseline; modifying at least one of an order and a structure of the transaction baseline to obtain a modified transaction with malformed grammar; and transmitting the modified transaction to a target. The method may further include, receiving a feedback from the target to determine fault occurrence. An apparatus for testing a target in a network by fault injection, includes: a driver configured to generate patterns, where a pattern can generate a plurality of packets for transmission to the target, the pattern being represented by an expression with a literal string and a wild character class; and a network interface coupled to the driver and configured to transmit and receive network traffic.

7. 发明授权

US09135439B2 Methods and apparatus to detect risks using application layer protocol headers 有权
标题翻译：使用应用层协议头来检测风险的方法和设备
公开(公告)号：US09135439B2
公开(公告)日：2015-09-15
申请号：US13839810
申请日：2013-03-15
申请人： Rodrigo Ribeiro Montoro
发明人： Rodrigo Ribeiro Montoro
IPC分类号： G06F21/56 , H04L29/06 , H04L29/08
CPC分类号： G06F21/56 , H04L63/145 , H04L67/02
摘要： Methods, apparatus, systems and articles of manufacture to detect risks using application protocol headers are disclosed. An example method includes extracting characteristics from a header of a received hypertext transport protocol (HTTP) request, determining a first score corresponding to a first characteristic of the characteristics, determining a second score corresponding to a second characteristic of the characteristics, adding the first score and the second score to determine a combined score, and indicating that the received HTTP request is malware when the combined score meets a threshold.
摘要翻译：公开了使用应用协议报头来检测风险的方法，装置，系统和制品。一种示例性方法包括从接收的超文本传输协议（HTTP）请求的报头中提取特征，确定与特征的第一特征相对应的第一分数，确定对应于特征的第二特征的第二分数，将第一分数以及第二分数以确定组合分数，并且当组合分数满足阈值时，指示接收到的HTTP请求是恶意软件。

8. 发明授权

US08819285B1 System and method for managing network communications 有权
标题翻译：用于管理网络通信的系统和方法
公开(公告)号：US08819285B1
公开(公告)日：2014-08-26
申请号：US10749718
申请日：2003-12-31
申请人： Mark L. Wilkinson , Ronald J. Miller , Michael J. McDaniels
发明人： Mark L. Wilkinson , Ronald J. Miller , Michael J. McDaniels
IPC分类号： G06F15/16
CPC分类号： H04L63/0263 , H04L61/103 , H04L61/6009 , H04L63/1441
摘要： The invention relates to managing network communications packets on a local segment of a network. If an attack on the network segment is detected, the system creates one or more synthetic hardware addresses for substitution with existing hardware address. If this substitution is maintained in address resolution tables, packets sent to or from an attacker may be monitored, managed, dropped, or responded to in a controlled manner while preventing communication with sensitive devices on the local network segment. If a permissible packet is sent to the synthetic hardware address, the packet may be reformulated by a server, workstation, smart router, or security device, among others and sent with the appropriate hardware address. The synthetic hardware address may be a hardware address not associated with a device on the local network segment. For example, the synthetic hardware address may be synthetic MAC address.
摘要翻译：本发明涉及在网络的本地分段上管理网络通信分组。如果检测到对网段的攻击，则系统创建一个或多个合成硬件地址以替代现有的硬件地址。如果在地址解析表中维护这种替换，那么发送到攻击者或从攻击者发送的数据包可能受到监控，管理，丢弃或以受控的方式响应，同时防止与本地网段上的敏感设备进行通信。如果允许的分组被发送到合成硬件地址，则分组可以由服务器，工作站，智能路由器或安全设备等重新配置，并且以适当的硬件地址发送。合成硬件地址可以是与本地网段上的设备无关的硬件地址。例如，合成硬件地址可以是合成MAC地址。

9. 发明授权

US08201256B2 Methods and systems for assessing and advising on electronic compliance 有权
标题翻译：评估和咨询电子合规性的方法和系统
公开(公告)号：US08201256B2
公开(公告)日：2012-06-12
申请号：US10400924
申请日：2003-03-28
申请人： Joseph Patanella
发明人： Joseph Patanella
IPC分类号： H04L29/06
CPC分类号： H04L63/0227 , G06F21/577 , G06Q10/10 , H04L63/1433
摘要： A method and system of developing electronic performance support systems implemented in a computer system or in a graphical user interface. A method and system determines electronic compliance with a regulatory scheme, includes a compliance standard and using a question and answer prompt in conjunction with a scanning engine to perform an assessment of a computer network's compliance with at least one predetermined standard in addition to a technical assessment of the computer network.
摘要翻译：开发在计算机系统或图形用户界面中实现的电子性能支持系统的方法和系统。一种方法和系统确定电子符合监管方案，包括符合性标准，并结合扫描引擎使用问答答案提示，除了进行技术评估以执行对计算机网络遵守至少一个预定标准的评估的计算机网络。

10. 发明授权

US07895652B2 System to enable detecting attacks within encrypted traffic 有权
标题翻译：系统能够检测加密流量内的攻击
公开(公告)号：US07895652B2
公开(公告)日：2011-02-22
申请号：US11325234
申请日：2006-01-04
申请人： Doron Kolton , Adi Stav , Asaf Wexler , Ariel Ernesto Frydman , Yoram Zahavi
发明人： Doron Kolton , Adi Stav , Asaf Wexler , Ariel Ernesto Frydman , Yoram Zahavi
IPC分类号： G06F15/16
CPC分类号： H04L63/0428 , G06F21/552 , H04L63/1408 , H04L63/1416
摘要： A system and method for detecting network attacks within encrypted network traffic received by a protected network includes a decryption module and an adaptor module. This system and method can be inserted and used with multiple types of operating systems.
摘要翻译：用于检测由受保护网络接收的加密网络流量内的网络攻击的系统和方法包括解密模块和适配器模块。该系统和方法可以插入和使用多种类型的操作系统。

你已经成功收藏专利！

检索式保存成功!

IPRDB

热门服务

关于我们

友情链接

联系方式