专利快速检索-快速检索全球专利，免费商用专利数据库-IPRDB

51. 发明申请

US20160255067A1 METHODS, SYSTEMS, AND MEDIA FOR AUTHENTICATING USERS USING MULTIPLE SERVICES 审中-公开
标题翻译：使用多种服务验证使用者的方法，系统和媒体
公开(公告)号：US20160255067A1
公开(公告)日：2016-09-01
申请号：US15032940
申请日：2014-08-07
申请人： Angelos D. Keromytis , Elias Athanasopoulos , Georgios Kontaxis , Georgios Portokalidis
发明人： Angelos D. Keromytis , Elias Athanasopoulos , Georgios Kontaxis , Georgios Portokalidis
IPC分类号： H04L29/06 , H04L9/32
CPC分类号： H04L63/08 , H04L9/321 , H04L9/3247 , H04L9/3271 , H04L63/0807 , H04L63/0823
摘要： Methods, systems, and media for automatically authenticating a user account using multiple services are provided. In accordance with some embodiments of the disclosed subject matter, methods for authenticating a user using multiple services are provided, the methods comprising: receiving, from a client device, first credentials for a target service account; authenticating the target service account based on the first credentials; issuing a redirecting request that directs the client device to at least one vouching service in response to authenticating the target service account; receiving a vouching response indicating that the client device has authenticated a vouching service account with the at least one vouching service, wherein the vouching response includes a vouching token; and providing the client device with access to the target service account in response to determining that the vouching service account is associated with the target service account.
摘要翻译：提供了使用多种服务自动验证用户帐户的方法，系统和媒体。根据所公开的主题的一些实施例，提供了用于使用多个服务进行认证的方法，所述方法包括：从客户端设备接收目标服务帐户的第一凭证; 基于第一个凭据验证目标服务帐户; 发出重定向请求，其响应于认证目标服务帐户而将客户端设备引导至少一个支票服务; 接收表示客户端设备已经利用所述至少一个支票服务认证了一个提供服务帐户的凭证响应，其中所述支票响应包括凭证令牌; 以及响应于确定所述提供服务帐户与所述目标服务帐户相关联，向所述客户端设备提供对所述目标服务帐户的访问。

52. 发明授权

US07904959B2 Systems and methods for detecting and inhibiting attacks using honeypots 有权
标题翻译：使用蜜罐检测和抑制攻击的系统和方法
公开(公告)号：US07904959B2
公开(公告)日：2011-03-08
申请号：US11870043
申请日：2007-10-10
申请人： Stylianos Sidiroglou , Angelos D. Keromytis , Kostas G. Anagnostakis
发明人： Stylianos Sidiroglou , Angelos D. Keromytis , Kostas G. Anagnostakis
IPC分类号： G06F11/00 , H04L9/32
CPC分类号： G06F21/554
摘要： In accordance with some embodiments, systems and methods that protect an application from attacks are provided. In some embodiments, traffic from a communication network is received by an anomaly detection component. The anomaly detection component monitors the received traffic and routes the traffic either to the protected application or to a honeypot, where the honeypot shares all state information with the application. If the received traffic is routed to the honeypot, the honeypot monitors the traffic for an attack. If an attack occurs, the honeypot repairs the protected application (e.g., discarding any state changes incurred from the attack, reverting to previously saved state information, etc.).
摘要翻译：根据一些实施例，提供了保护应用免受攻击的系统和方法。在一些实施例中，来自通信网络的业务由异常检测组件接收。异常检测组件监视接收的流量，并将流量路由到受保护的应用程序或蜜罐，蜜罐与应用程序共享所有状态信息。如果接收到的流量被路由到蜜罐，那么蜜罐会监视流量的攻击。如果发生攻击，蜜罐将修复受保护的应用程序（例如，丢弃从攻击中导致的任何状态更改，恢复到以前保存的状态信息等）。

53. 发明申请

US20100235879A1 SYSTEMS, METHODS, AND MEDIA FOR ENFORCING A SECURITY POLICY IN A NETWORK INCLUDING A PLURALITY OF COMPONENTS 有权
标题翻译：用于执行网络中的安全策略的系统，方法和媒体，包括大量组件
公开(公告)号：US20100235879A1
公开(公告)日：2010-09-16
申请号：US12632934
申请日：2009-12-08
申请人： Matthew Burnside , Angelos D. Keromytis
发明人： Matthew Burnside , Angelos D. Keromytis
IPC分类号： G06F11/00 , G06F17/00 , H04L29/06 , G06F15/16 , G06F17/30
CPC分类号： H04L63/0263 , G06F2221/2101 , H04L63/1416 , H04L63/1425
摘要： Systems, methods, and media for enforcing a security policy in a network are provided, including, for example, receiving a plurality of events describing component behavior detected by a plurality of sensors, each sensor monitoring a different component of a plurality of components; attributing a first event of the plurality of events to a first principal; attributing a second event of the plurality of events to a second principal; determining whether the first and second events are correlated; storing a data structure that attributes each of the first and second events to the first principal, if it is determined that the first and second events are correlated; comparing the second event to the security policy; and modifying network behavior to enforce the security policy against the first principal based on the comparison of the second event to the security policy and the attribution of the second event to the first principal.
摘要翻译：提供了用于在网络中实施安全策略的系统，方法和媒体，包括例如接收描述由多个传感器检测到的组件行为的多个事件，每个传感器监视多个组件的不同组件; 将所述多个事件的第一事件归因于第一主体; 将所述多个事件的第二事件归因于第二主体; 确定所述第一和第二事件是否相关; 如果确定所述第一和第二事件相关，则存储将所述第一和第二事件中的每一个归属于所述第一主体的数据结构; 将第二个事件与安全策略进行比较; 以及基于所述第二事件与所述安全策略的比较以及所述第二事件对所述第一主体的归属，修改网络行为以对所述第一主体执行所述安全策略。

54. 发明授权

US07660261B2 Systems and methods for computing data transmission characteristics of a network path based on single-ended measurements 有权
标题翻译：基于单端测量计算网络路径的数据传输特性的系统和方法
公开(公告)号：US07660261B2
公开(公告)日：2010-02-09
申请号：US11940231
申请日：2007-11-14
申请人： Angelos D. Keromytis , Sambuddho Chakravarty , Angelos Stavrou
发明人： Angelos D. Keromytis , Sambuddho Chakravarty , Angelos Stavrou
IPC分类号： H04L12/26
CPC分类号： H04L43/0882 , H04L41/0896 , H04L41/5003 , H04L45/00 , H04L47/10
摘要： Systems and methods for computing data transmission characteristics of a network path are disclosed. In some embodiments, the network path has a sending host, at least one intermediate host, and a receiving host, and the data transmission characteristics are computed based on single-ended measurements performed at the sending host.
摘要翻译：公开了一种用于计算网络路径的数据传输特性的系统和方法。在一些实施例中，网络路径具有发送主机，至少一个中间主机和接收主机，并且基于在发送主机处执行的单端测量来计算数据传输特性。

55. 发明授权

US08516575B2 Systems, methods, and media for enforcing a security policy in a network including a plurality of components 有权
标题翻译：用于在包括多个组件的网络中执行安全策略的系统，方法和媒体
公开(公告)号：US08516575B2
公开(公告)日：2013-08-20
申请号：US12632934
申请日：2009-12-08
申请人： Matthew Burnside , Angelos D. Keromytis
发明人： Matthew Burnside , Angelos D. Keromytis
IPC分类号： H04L29/06 , G06F11/00 , G06F12/14 , G06F12/16 , G08B23/00
CPC分类号： H04L63/0263 , G06F2221/2101 , H04L63/1416 , H04L63/1425
摘要： Systems, methods, and media for enforcing a security policy in a network are provided, including, for example, receiving a plurality of events describing component behavior detected by a plurality of sensors, each sensor monitoring a different component of a plurality of components; attributing a first event of the plurality of events to a first principal; attributing a second event of the plurality of events to a second principal; determining whether the first and second events are correlated; storing a data structure that attributes each of the first and second events to the first principal, if it is determined that the first and second events are correlated; comparing the second event to the security policy; and modifying network behavior to enforce the security policy against the first principal based on the comparison of the second event to the security policy and the attribution of the second event to the first principal.
摘要翻译：提供了用于在网络中实施安全策略的系统，方法和媒体，包括例如接收描述由多个传感器检测到的组件行为的多个事件，每个传感器监视多个组件的不同组件; 将所述多个事件的第一事件归因于第一主体; 将所述多个事件的第二事件归因于第二主体; 确定所述第一和第二事件是否相关; 如果确定所述第一和第二事件相关，则存储将所述第一和第二事件中的每一个归属于所述第一主体的数据结构; 将第二个事件与安全策略进行比较; 以及基于所述第二事件与所述安全策略的比较以及所述第二事件对所述第一主体的归属，修改网络行为以对所述第一主体执行所述安全策略。

56. 发明授权

US08228815B2 Systems and methods for computing data transmission characteristics of a network path based on single-ended measurements 有权
标题翻译：基于单端测量计算网络路径的数据传输特性的系统和方法
公开(公告)号：US08228815B2
公开(公告)日：2012-07-24
申请号：US12648091
申请日：2009-12-28
申请人： Angelos D. Keromytis , Sambuddho Chakravarty , Angelos Stavrou
发明人： Angelos D. Keromytis , Sambuddho Chakravarty , Angelos Stavrou
IPC分类号： H04L12/28
CPC分类号： H04L43/0882 , H04L41/0896 , H04L41/5003 , H04L45/00 , H04L47/10
摘要： Systems and methods for computing data transmission characteristics of a network path are disclosed. In some embodiments, the network path has a sending host, at least one intermediate host, and a receiving host, and the data transmission characteristics are computed based on single-ended measurements performed at the sending host.
摘要翻译：公开了一种用于计算网络路径的数据传输特性的系统和方法。在一些实施例中，网络路径具有发送主机，至少一个中间主机和接收主机，并且基于在发送主机处执行的单端测量来计算数据传输特性。

57. 发明申请

US20100293407A1 Systems, Methods, and Media for Recovering an Application from a Fault or Attack 有权
标题翻译：用于从故障或攻击中恢复应用程序的系统，方法和介质
公开(公告)号：US20100293407A1
公开(公告)日：2010-11-18
申请号：US12523989
申请日：2008-01-28
申请人： Michael E. Locasto , Angelos D. Keromytis , Angelos Stavrou , Gabriela F. Ciocarlie
发明人： Michael E. Locasto , Angelos D. Keromytis , Angelos Stavrou , Gabriela F. Ciocarlie
IPC分类号： G06F11/07
CPC分类号： G06F11/1469 , G06F11/1471 , G06F11/3604 , G06F11/3612 , G06F11/3672 , G06F2201/84
摘要： Systems, methods, and media for recovering an application from a fault or an attack are disclosed herein. In some embodiments, a method is provided for enabling a software application to recover from a fault condition. The method includes specifying constrained data items and assigning a set of repair procedures to the constrained data items. The method further includes detecting a fault condition on the constrained data items during execution of the software application, which triggers at least one repair procedure. The triggered repair procedures are executed and the execution of the software application is restored. In some embodiments, the restoring comprises providing memory rollback to a point of execution of the software application before the fault condition was detected.
摘要翻译：本文公开了用于从故障或攻击中恢复应用的系统，方法和媒体。在一些实施例中，提供了一种使软件应用程序能够从故障状态恢复的方法。该方法包括指定受约束的数据项，并将一组修复过程分配给受约束的数据项。该方法还包括在执行软件应用期间检测受限数据项上的故障状况，其触发至少一个修复过程。执行触发的修复过程，并恢复软件应用程序的执行。在一些实施例中，恢复包括在检测到故障状况之前向软件应用的执行点提供内存回滚。

58. 发明申请

US20100157834A1 SYSTEMS AND METHODS FOR COMPUTING DATA TRANSMISSION CHARACTERISTICS OF A NETWORK PATH BASED ON SINGLE-ENDED MEASUREMENTS 有权
标题翻译：基于单端测量的网路路径数据传输特性的系统与方法
公开(公告)号：US20100157834A1
公开(公告)日：2010-06-24
申请号：US12648091
申请日：2009-12-28
申请人： Angelos D. Keromytis , Sambuddho Chakravarty , Angelos Stavrou
发明人： Angelos D. Keromytis , Sambuddho Chakravarty , Angelos Stavrou
IPC分类号： H04L12/26
CPC分类号： H04L43/0882 , H04L41/0896 , H04L41/5003 , H04L45/00 , H04L47/10
摘要： Systems and methods for computing data transmission characteristics of a network path are disclosed. In some embodiments, the network path has a sending host, at least one intermediate host, and a receiving host, and the data transmission characteristics are computed based on single-ended measurements performed at the sending host.
摘要翻译：公开了一种用于计算网络路径的数据传输特性的系统和方法。在一些实施例中，网络路径具有发送主机，至少一个中间主机和接收主机，并且基于在发送主机处执行的单端测量来计算数据传输特性。

59. 发明授权

US07490268B2 Methods and systems for repairing applications 有权
标题翻译：修复应用程序的方法和系统
公开(公告)号：US07490268B2
公开(公告)日：2009-02-10
申请号：US11142743
申请日：2005-06-01
申请人： Angelos D. Keromytis , Michael Locasto , Stylianos Sidiroglou
发明人： Angelos D. Keromytis , Michael Locasto , Stylianos Sidiroglou
IPC分类号： G06F11/00
CPC分类号： G06F11/362 , G06F11/0742 , G06F11/0748 , G06F11/0793 , G06F11/366 , G06F21/554 , G06F21/568
摘要： In accordance with the present invention, computer implemented methods and systems are provided that allow an application to automatically recover from software failures and attacks. Using one or more sensors, failures may be detected in the application. In response to detecting the failure, the portion of the application's code that caused the failure is isolated. Using the input vectors that caused the failure, information regarding the failure (e.g., the type of failure), a core dump file (e.g., stack trace), etc., an emulator-based vaccine that repairs the failure is constructed. In response to verifying that the vaccine repaired the failure, the application is automatically updated with the emulator-based vaccine without user intervention. Application community features that efficiently use the resources available in software monoculture is also provided. An application community may be defined that includes a plurality of devices and the application's code may be divided into smaller portions of code, which are assigned to each of the plurality of devices for monitoring. Each device also notifies the other devices of the failure.
摘要翻译：根据本发明，提供了允许应用程序自动从软件故障和攻击中恢复的计算机实现的方法和系统。使用一个或多个传感器，可能会在应用程序中检测到故障。响应检测到故障，导致故障的应用程序代码部分被隔离。使用导致故障的输入向量，构建了关于故障的信息（例如故障类型），核心转储文件（例如，堆栈跟踪）等，修复故障的基于仿真器的疫苗。为了验证疫苗是否修复了故障，应用程序会自动更新基于仿真器的疫苗，无需用户干预。还提供了有效利用软件单一培养中可用资源的应用程序社区功能。可以定义应用社区，其包括多个设备，并且应用程序的代码可以被划分为更小的代码部分，其分配给多个设备中的每一个用于监视。每个设备还会通知其他设备发生故障。

60. 发明授权

US10367797B2 Methods, systems, and media for authenticating users using multiple services 有权
公开(公告)号：US10367797B2
公开(公告)日：2019-07-30
申请号：US15032940
申请日：2014-08-07
申请人： Angelos D. Keromytis , Elias Athanasopoulos , Georgios Kontaxis , Georgios Portokalidis
发明人： Angelos D. Keromytis , Elias Athanasopoulos , Georgios Kontaxis , Georgios Portokalidis
IPC分类号： H04L29/06 , H04L9/32
摘要： Methods, systems, and media for automatically authenticating a user account using multiple services are provided. In accordance with some embodiments of the disclosed subject matter, methods for authenticating a user using multiple services are provided, the methods comprising: receiving, from a client device, first credentials for a target service account; authenticating the target service account based on the first credentials; issuing a redirecting request that directs the client device to at least one vouching service in response to authenticating the target service account; receiving a vouching response indicating that the client device has authenticated a vouching service account with the at least one vouching service, wherein the vouching response includes a vouching token; and providing the client device with access to the target service account in response to determining that the vouching service account is associated with the target service account.

你已经成功收藏专利！

检索式保存成功!

IPRDB

热门服务

关于我们

友情链接

联系方式