专利快速检索-快速检索全球专利，免费商用专利数据库-IPRDB

1. 发明授权

US07814228B2 System and method for using data encapsulation in a virtual network 有权
标题翻译：在虚拟网络中使用数据封装的系统和方法
公开(公告)号：US07814228B2
公开(公告)日：2010-10-12
申请号：US10367553
申请日：2003-02-13
申请人： Germano Caronni , Robert P. St. Pierre
发明人： Germano Caronni , Robert P. St. Pierre
IPC分类号： G06F15/16
CPC分类号： H04L61/35 , H04L29/00 , H04L29/12037 , H04L29/125 , H04L29/12783 , H04L61/106 , H04L61/2564 , H04L2212/00
摘要： A method of extending the functionality of a virtual network is disclosed. Messages intended for a virtual destination address located on a network equipped with a device performing packet filtering, network address translation or a similar function on the edge of the network (an “edge device”), are encapsulated in higher level protocols prior to being sent to the edge device. The virtual destination address may be associated with a process on the edge device or a process on another device in the interior of the network. Higher level protocol designations, including transport protocol designations accompanied by a port number and application protocol designations, are retrieved from an extended virtual address registration. Messages arriving at the edge device are determined by the Network layer to contain a higher level protocol and are passed up the Internet Protocol model stack to a higher layer. The higher layers of the edge device, such as the Transport layer and the Application layer, may be accessible and therefore configurable to a non-Systems Administrator thus allowing the message to reach the intended virtual destination address.
摘要翻译：公开了一种扩展虚拟网络功能的方法。用于位于配备有执行包过滤，网络地址转换或网络边缘上类似功能的设备（“边缘设备”）的网络的虚拟目标地址的消息在发送之前被封装在较高级别的协议中到边缘设备。虚拟目的地地址可以与边缘设备上的进程或网络内部的另一设备上的进程相关联。从扩展的虚拟地址注册中检索更高级别的协议指定，包括伴随着端口号和应用协议指定的传输协议指定。到达边缘设备的消息由网络层确定以包含较高级别的协议，并将Internet协议模型堆栈传递到更高层。边缘设备（如传输层和应用层）的较高层可能是可访问的，因此可配置为非系统管理员，从而允许消息达到预期的虚拟目标地址。

2. 发明授权

US07590632B1 Method for serializer maintenance and coalescing 有权
标题翻译：串行器维护和聚结方法
公开(公告)号：US07590632B1
公开(公告)日：2009-09-15
申请号：US11045237
申请日：2005-01-28
申请人： Germano Caronni , Raphael J. Rom , Glenn C. Scott
发明人： Germano Caronni , Raphael J. Rom , Glenn C. Scott
IPC分类号： G06F7/00 , G06F17/30 , G06F17/00 , G06F3/00 , G06F9/44 , G06F9/46 , G06F13/00
CPC分类号： G06F9/52 , Y10S707/99944 , Y10S707/99953
摘要： A method for serializer maintenance and coalescing in a distributed object store (DOS) including a first partition and a second partition, involving requesting an update of an object, wherein the object includes an active globally unique identifier (AGUID) object and at least one version globally unique identifier (VGUID) object, wherein the least one VGUID object includes a first generation number and a first serializer name, determining whether a first serializer is located in the first partition using the first serializer name, wherein the first serializer is associated with the first generation number, if the first serializer is not located in the first partition, constructing a second serializer using the first serializer name, assigning a second generation number to the second serializer, obtaining an order of the update to the object using the second serializer, and creating a new VGUID object.
摘要翻译：一种在包括请求对象的更新的包括第一分区和第二分区的分布式对象存储（DOS）中的序列化程序维护和合并的方法，其中所述对象包括活动的全局唯一标识符（AGUID）对象和至少一个版本全球唯一标识符（VGUID）对象，其中所述至少一个VGUID对象包括第一代号和第一串行器名称，使用所述第一串行器名称确定所述第一分区是否位于所述第一分区中，其中所述第一串行器与所述第一序列化器相关联第一编号，如果第一串行器不位于第一分区中，则使用第一串行器名称构建第二串行器，向第二串行器分配第二代数，使用第二串行器获取更新对象的顺序，并创建一个新的VGUID对象。

3. 发明授权

US06507908B1 Secure communication with mobile hosts 有权
标题翻译：与移动主机的安全通信
公开(公告)号：US06507908B1
公开(公告)日：2003-01-14
申请号：US09262191
申请日：1999-03-04
申请人： Germano Caronni
发明人： Germano Caronni
IPC分类号： H04L932
CPC分类号： H04L29/12009 , H04L29/12433 , H04L29/12481 , H04L29/12783 , H04L61/2539 , H04L61/2557 , H04L61/35 , H04L63/0227 , H04L63/0823 , H04L63/123 , H04W8/26 , H04W80/04
摘要： A method for secure data communication with a mobile machine in which a data packet is received from the mobile machine having a particular network address. A pool of secure addresses is established and a data structure is created to hold address translation associations. Each association is between a particular network address and a particular one of the secure addresses. If the received data packet is a secure data packet an association between the received data packet's network address and a secure address in the data structure is identified and the data packet's network address is translated to the associated secure address before forwarding the data packet on to higher network protocol layers. When the received data packet is not secure it is passed it on without address translation to the higher network protocol layers. For outgoing packets addressed to a secure address, the secure address is translated to a real network address (e.g., IPv4 or IPv6 addresses) and the packet payload is encrypted. Outgoing packets that are addressed directly to real network addresses pass through in a conventional manner.
摘要翻译：一种用于与移动机进行安全数据通信的方法，其中从具有特定网络地址的移动机接收数据分组。建立一个安全地址池，创建一个数据结构来保存地址转换关联。每个关联在特定网络地址和特定的一个安全地址之间。如果接收到的数据分组是安全数据分组，则在接收到的数据分组的网络地址和数据结构中的安全地址之间的关联被识别，并且将数据分组的网络地址转换为相关联的安全地址，然后将数据分组转发到更高网络协议层。当接收到的数据包不安全时，将其通过地址转换到较高的网络协议层。对于寻址到安全地址的输出分组，将安全地址转换为真实网络地址（例如，IPv4或IPv6地址），并且分组有效载荷被加密。直接寻址到实际网络地址的传出数据包以常规方式通过。

4. 发明授权

US07890633B2 System and method of extending virtual address resolution for mapping networks 有权
标题翻译：扩展映射网络的虚拟地址解析的系统和方法
公开(公告)号：US07890633B2
公开(公告)日：2011-02-15
申请号：US10367548
申请日：2003-02-13
申请人： Robert P. St. Pierre , Germano Caronni
发明人： Robert P. St. Pierre , Germano Caronni
IPC分类号： G06F15/16
CPC分类号： H04L29/12018 , H04L29/12009 , H04L29/12783 , H04L61/10 , H04L61/35
摘要： A method of associating a range of destination IP addresses with a real IP address for use with the Virtual Address Resolution Protocol is disclosed. The destination addresses may be a range of virtual IP addresses in a virtual network or a range of real IP addresses in a physical network. A record of the association of the range of destination addresses with a single real IP address is stored in a Virtual Address Resolution Protocol lookup table which is utilized when sending messages from a virtual IP address. The ability to assign a range of destination addresses to a single real IP address represents an extension of the use of VARP. The association of multiple destination addresses to a single real IP address allows an electronic device to function as a router to a widely distributed real or virtual network. The virtual network of the present invention adds a layer of encryption to the originating virtual network by sending encrypted data packets between the origin and destination addresses.
摘要翻译：公开了将目的地IP地址范围与实际IP地址相关联以用于虚拟地址解析协议的方法。目标地址可以是虚拟网络中的虚拟IP地址范围或物理网络中的实际IP地址范围。将目的地地址范围与单个实际IP地址的关联的记录存储在从虚拟IP地址发送消息时使用的虚拟地址解析协议查找表中。将一系列目标地址分配给单个实际IP地址的能力代表了VARP的使用的扩展。多个目的地地址与单个实际IP地址的关联允许电子设备用作广泛分布的真实或虚拟网络的路由器。本发明的虚拟网络通过在原始地址和目的地址之间发送加密的数据分组来向发起的虚拟网络添加一层加密。

5. 发明授权

US07792300B1 Method and apparatus for re-encrypting data in a transaction-based secure storage system 有权
标题翻译：用于在基于事务的安全存储系统中重新加密数据的方法和装置
公开(公告)号：US07792300B1
公开(公告)日：2010-09-07
申请号：US10675667
申请日：2003-09-30
申请人： Germano Caronni
发明人： Germano Caronni
IPC分类号： H04L9/00
CPC分类号： H04L9/0894 , G06Q20/3829 , H04L9/0825 , H04L9/0891 , H04L2209/56
摘要： A method for re-encrypting encrypted data in a secure storage file system, including obtaining selected data to re-encrypt from the secure storage file system using a user data access record and the encrypted data, decrypting the selected data using a symmetric key, re-encrypting the selected data using a new symmetric key to obtain new encrypted data, encrypting the new symmetric key using a public key to obtain a new encrypted symmetric key, storing the new encrypted data and the new encrypted symmetric key if the public key is associated with a file system user having read permission, and storing an encrypted hash data if the file system user has write permission.
摘要翻译：一种在安全存储文件系统中重新加密加密数据的方法，包括使用用户数据访问记录和加密数据从安全存储文件系统获得所选数据以再加密，使用对称密钥解密所选择的数据 - 使用新的对称密钥加密所选择的数据以获得新的加密数据，使用公共密钥加密新的对称密钥以获得新的加密对称密钥，如果公开密钥相关联则存储新的加密数据和新的加密对称密钥具有读取权限的文件系统用户，并且如果文件系统用户具有写入许可，则存储加密的散列数据。

6. 发明授权

US07765581B1 System and method for enabling scalable security in a virtual private network 有权
标题翻译：用于实现虚拟专用网络中的可扩展安全性的系统和方法
公开(公告)号：US07765581B1
公开(公告)日：2010-07-27
申请号：US09457914
申请日：1999-12-10
申请人： Germano Caronni , Amit Gupta , Sandeep Kumar , Tom R. Markson , Christoph L. Schuba , Glenn C. Scott
发明人： Germano Caronni , Amit Gupta , Sandeep Kumar , Tom R. Markson , Christoph L. Schuba , Glenn C. Scott
IPC分类号： H04L9/00
CPC分类号： H04L63/0272 , H04L29/12009 , H04L29/12367 , H04L29/12396 , H04L29/12471 , H04L29/12528 , H04L61/2514 , H04L61/2525 , H04L61/2553 , H04L61/2575
摘要： Methods and systems consistent with the present invention provide dynamic security policies that change the granularity of the security at the node level, process level, or socket level. Specifically, a channel number and virtual address are associated with various processes included in a process table. Since a security policy is required for all processes, secure and insecure processes located on the same channel may communicate with one another. Moreover, processes located on different channels may communicate with one another by a gateway that connects both channels. This scalable blanketing security approach provides an institutionalized method for securing any process, node or socket by providing a unique mechanism for policy enforcement at runtime or by changing the security policies.
摘要翻译：与本发明一致的方法和系统提供动态安全策略，其改变节点级别，过程级别或套接字级别的安全性的粒度。具体地，通道号和虚拟地址与包括在处理表中的各种处理相关联。由于所有进程都需要安全策略，因此位于同一通道上的安全和不安全进程可能会相互通信。此外，位于不同信道上的进程可以通过连接两个信道的网关彼此通信。这种可扩展的覆盖安全方法提供了一种制度化的方法，用于通过在运行时或通过更改安全策略提供用于策略实施的唯一机制来保护任何进程，节点或套接字。

7. 发明授权

US07751569B2 Group admission control apparatus and methods 有权
标题翻译：集体准入控制装置及方法
公开(公告)号：US07751569B2
公开(公告)日：2010-07-06
申请号：US10299454
申请日：2002-11-19
申请人： Germano Caronni , Glenn C. Scott
发明人： Germano Caronni , Glenn C. Scott
IPC分类号： H04L9/00
CPC分类号： H04L9/0833 , H04L9/0891 , H04L2209/42 , H04L2209/60
摘要： The present invention uses a group key management scheme for admission control while enabling various conventional approaches toward establishing peer-to-peer security. Various embodiments of the invention can provide peer-to-peer confidentiality and authenticity, such that other parties, such as group members, can not understand communications not intended for them. A group key may be used in combination with known unicast security protocols to establish, implicitly or explicitly, proof of group membership together with bi-lateral secure communication.
摘要翻译：本发明使用用于准入控制的组密钥管理方案，同时支持各种常规方法来建立点对点安全性。本发明的各种实施例可以提供点对点保密性和真实性，使得诸如群组成员之类的其他方不能理解不针对他们的通信。组密钥可以与已知的单播安全协议组合使用，以便与双向安全通信一起建立，隐式或明确地证明组成员资格。

8. 发明授权

US07613774B1 Chaperones in a distributed system 有权
标题翻译：分布式系统中的伴侣
公开(公告)号：US07613774B1
公开(公告)日：2009-11-03
申请号：US11069804
申请日：2005-03-01
申请人： Germano Caronni , Raphael J. Rom , Glenn Carter Scott
发明人： Germano Caronni , Raphael J. Rom , Glenn Carter Scott
IPC分类号： G06F15/16 , G06F15/173
CPC分类号： H04L67/104 , H04L67/10 , H04L67/1065 , H04L67/1093
摘要： A method for approving a response or a decision of an observed node in a distributed system that includes generating at least one selected from the group consisting of the response and the decision by the observed node, forwarding the at least one selected from the group consisting of the response and the decision to at least one of the plurality of chaperones associated with the observed node based on a chaperone scheme, and approving the least one selected from the group consisting of the response and the decision by the plurality of chaperones using a chaperone voting policy and a chaperone approval policy to obtain at least one selected from the group consisting of a approved response and a approved decision, wherein the distributed system implements an overlay network for message delivery, and wherein the observed node and the plurality of chaperones communicate using the overlay network.
摘要翻译：一种用于批准在分布式系统中的观测节点的响应或决定的方法，包括生成从由所述观察节点组成的组中的至少一个和由所述观察节点决定的组中选择的至少一个，转发从由所述响应和对所述观察节点相关联的所述多个伴侣中的至少一个的响应以及基于伴侣伴侣方案的决定，并且批准从由所述多个伴侣使用伴侣投票的响应和所述决定中选择的组中的至少一个策略和伴侣认证策略以获得从由批准的响应和批准的决定组成的组中选择的至少一个，其中分布式系统实现用于消息传递的覆盖网络，并且其中所观察的节点和多个伴侣通过使用覆盖网络。

9. 发明授权

US07336790B1 Decoupling access control from key management in a network 有权
标题翻译：将访问控制从网络中的密钥管理中解耦
公开(公告)号：US07336790B1
公开(公告)日：2008-02-26
申请号：US09458020
申请日：1999-12-10
申请人： Germano Caronni , Amit Gupta , Tom R. Markson , Sandeep Kumar , Christoph L. Schuba , Glenn C. Scott
发明人： Germano Caronni , Amit Gupta , Tom R. Markson , Sandeep Kumar , Christoph L. Schuba , Glenn C. Scott
IPC分类号： H04L9/32
CPC分类号： H04L63/0272
摘要： Methods and systems consistent with the present invention provide a Supernet, a private network constructed out of components from a public-network infrastructure. Supernet nodes can be located on virtually any device in the public network (e.g., the Internet), and both their communication and utilization of resources occur in a secure manner. As a result, the users of a Supernet benefit from their network infrastructure being maintained for them as part of the public-network infrastructure, while the level of security they receive is similar to that of a private network. The Supernet has an access control component and a key management component which are decoupled. The access control component implements an access control policy that determines which users are authorized to use the network, and the key management component implements the network's key management policies, which indicate when keys are generated and what encryption algorithm is used. Both access control and key management are separately configurable. Thus, the Supernet provides great flexibility by allowing different key management policies to be used with the same access control component.
摘要翻译：与本发明一致的方法和系统提供了一种Supernet，一种由公共网络基础设施的组件构成的私有网络。超网络节点可以位于公共网络（例如，因特网）中的几乎任何设备上，并且资源的通信和利用都以安全的方式发生。因此，Supernet的用户受益于其网络基础架构，作为公共网络基础架构的一部分，而其接收的安全级别与私有网络的安全级别相似。 Supernet具有访问控制组件和分离的密钥管理组件。访问控制组件实现访问控制策略，其确定哪些用户被授权使用网络，并且密钥管理组件实现网络的密钥管理策略，其指示生成密钥以及使用什么加密算法。访问控制和密钥管理都可以单独配置。因此，通过允许不同的密钥管理策略与相同的访问控制组件一起使用，Supernet提供了极大的灵活性。

10. 发明授权

US07685312B1 Resource location by address space allocation 有权
标题翻译：资源位置按地址空间分配
公开(公告)号：US07685312B1
公开(公告)日：2010-03-23
申请号：US11055727
申请日：2005-02-10
申请人： Germano Caronni , Raphael J. Rom , Glenn Carter Scott
发明人： Germano Caronni , Raphael J. Rom , Glenn Carter Scott
IPC分类号： G06F15/16
CPC分类号： H04L29/12783 , H04L61/35 , H04L67/10 , H04L67/16
摘要： A method for locating a free resource involves maintaining an address space containing a plurality of regions, wherein each of the plurality of regions is mapped with a server to obtain a mapping, transmitting a request for the free resource from a client to a request address that belongs to one of the plurality of regions, determining a selected server using the mapping, and directing the request for the free resource to the selected server.
摘要翻译：用于定位空闲资源的方法包括维护包含多个区域的地址空间，其中，多个区域中的每一个被映射到服务器以获得映射，将空闲资源的请求从客户端发送到请求地址，该请求地址属于多个区域中的一个区域，使用该映射确定所选择的服务器，并将所述可用资源的请求指向所选择的服务器。

你已经成功收藏专利！

检索式保存成功!

IPRDB

热门服务

关于我们

友情链接

联系方式