专利快速检索-快速检索全球专利，免费商用专利数据库-IPRDB

1. 发明授权

US07765581B1 System and method for enabling scalable security in a virtual private network 有权
标题翻译：用于实现虚拟专用网络中的可扩展安全性的系统和方法
公开(公告)号：US07765581B1
公开(公告)日：2010-07-27
申请号：US09457914
申请日：1999-12-10
申请人： Germano Caronni , Amit Gupta , Sandeep Kumar , Tom R. Markson , Christoph L. Schuba , Glenn C. Scott
发明人： Germano Caronni , Amit Gupta , Sandeep Kumar , Tom R. Markson , Christoph L. Schuba , Glenn C. Scott
IPC分类号： H04L9/00
CPC分类号： H04L63/0272 , H04L29/12009 , H04L29/12367 , H04L29/12396 , H04L29/12471 , H04L29/12528 , H04L61/2514 , H04L61/2525 , H04L61/2553 , H04L61/2575
摘要： Methods and systems consistent with the present invention provide dynamic security policies that change the granularity of the security at the node level, process level, or socket level. Specifically, a channel number and virtual address are associated with various processes included in a process table. Since a security policy is required for all processes, secure and insecure processes located on the same channel may communicate with one another. Moreover, processes located on different channels may communicate with one another by a gateway that connects both channels. This scalable blanketing security approach provides an institutionalized method for securing any process, node or socket by providing a unique mechanism for policy enforcement at runtime or by changing the security policies.
摘要翻译：与本发明一致的方法和系统提供动态安全策略，其改变节点级别，过程级别或套接字级别的安全性的粒度。具体地，通道号和虚拟地址与包括在处理表中的各种处理相关联。由于所有进程都需要安全策略，因此位于同一通道上的安全和不安全进程可能会相互通信。此外，位于不同信道上的进程可以通过连接两个信道的网关彼此通信。这种可扩展的覆盖安全方法提供了一种制度化的方法，用于通过在运行时或通过更改安全策略提供用于策略实施的唯一机制来保护任何进程，节点或套接字。

2. 发明授权

US07751569B2 Group admission control apparatus and methods 有权
标题翻译：集体准入控制装置及方法
公开(公告)号：US07751569B2
公开(公告)日：2010-07-06
申请号：US10299454
申请日：2002-11-19
申请人： Germano Caronni , Glenn C. Scott
发明人： Germano Caronni , Glenn C. Scott
IPC分类号： H04L9/00
CPC分类号： H04L9/0833 , H04L9/0891 , H04L2209/42 , H04L2209/60
摘要： The present invention uses a group key management scheme for admission control while enabling various conventional approaches toward establishing peer-to-peer security. Various embodiments of the invention can provide peer-to-peer confidentiality and authenticity, such that other parties, such as group members, can not understand communications not intended for them. A group key may be used in combination with known unicast security protocols to establish, implicitly or explicitly, proof of group membership together with bi-lateral secure communication.
摘要翻译：本发明使用用于准入控制的组密钥管理方案，同时支持各种常规方法来建立点对点安全性。本发明的各种实施例可以提供点对点保密性和真实性，使得诸如群组成员之类的其他方不能理解不针对他们的通信。组密钥可以与已知的单播安全协议组合使用，以便与双向安全通信一起建立，隐式或明确地证明组成员资格。

3. 发明授权

US07336790B1 Decoupling access control from key management in a network 有权
标题翻译：将访问控制从网络中的密钥管理中解耦
公开(公告)号：US07336790B1
公开(公告)日：2008-02-26
申请号：US09458020
申请日：1999-12-10
申请人： Germano Caronni , Amit Gupta , Tom R. Markson , Sandeep Kumar , Christoph L. Schuba , Glenn C. Scott
发明人： Germano Caronni , Amit Gupta , Tom R. Markson , Sandeep Kumar , Christoph L. Schuba , Glenn C. Scott
IPC分类号： H04L9/32
CPC分类号： H04L63/0272
摘要： Methods and systems consistent with the present invention provide a Supernet, a private network constructed out of components from a public-network infrastructure. Supernet nodes can be located on virtually any device in the public network (e.g., the Internet), and both their communication and utilization of resources occur in a secure manner. As a result, the users of a Supernet benefit from their network infrastructure being maintained for them as part of the public-network infrastructure, while the level of security they receive is similar to that of a private network. The Supernet has an access control component and a key management component which are decoupled. The access control component implements an access control policy that determines which users are authorized to use the network, and the key management component implements the network's key management policies, which indicate when keys are generated and what encryption algorithm is used. Both access control and key management are separately configurable. Thus, the Supernet provides great flexibility by allowing different key management policies to be used with the same access control component.
摘要翻译：与本发明一致的方法和系统提供了一种Supernet，一种由公共网络基础设施的组件构成的私有网络。超网络节点可以位于公共网络（例如，因特网）中的几乎任何设备上，并且资源的通信和利用都以安全的方式发生。因此，Supernet的用户受益于其网络基础架构，作为公共网络基础架构的一部分，而其接收的安全级别与私有网络的安全级别相似。 Supernet具有访问控制组件和分离的密钥管理组件。访问控制组件实现访问控制策略，其确定哪些用户被授权使用网络，并且密钥管理组件实现网络的密钥管理策略，其指示生成密钥以及使用什么加密算法。访问控制和密钥管理都可以单独配置。因此，通过允许不同的密钥管理策略与相同的访问控制组件一起使用，Supernet提供了极大的灵活性。

4. 发明授权

US07136895B2 System and method for forward chaining web-based procedure calls 有权
标题翻译：用于前向链接基于Web的过程调用的系统和方法
公开(公告)号：US07136895B2
公开(公告)日：2006-11-14
申请号：US10205108
申请日：2002-07-24
申请人： Robert P. St. Pierre , Glenn C. Scott
发明人： Robert P. St. Pierre , Glenn C. Scott
IPC分类号： G06F15/16
CPC分类号： G06F9/547 , H04L67/02 , H04L67/10 , H04L67/2804 , H04L67/2819 , H04L67/2833 , H04L69/329
摘要： A method of chaining together multiple dependent web-based procedure calls into a single request is disclosed. A request containing multiple MIME encoded service requests is transmitted to a first service. The request is parsed and the first service identified and performed. The results of the first service are appended to the remainder of the request which is forwarded to a second service listed in the request. The second service listed in the request may use the output of the first service as input and performs the second service. The process continues until the last service listed in the request is performed. Any output from the performance of the service requests is returned to the requesting device following execution of a MIME encoded callback request, the callback request being embedded in the original request following the last of the listed service requests.
摘要翻译：公开了将多个相关的基于web的过程调用链接到单个请求中的方法。包含多个MIME编码服务请求的请求被发送到第一个服务。解析请求并识别并执行第一个服务。第一个服务的结果附加到请求的其余部分，该请求被转发到请求中列出的第二个服务。请求中列出的第二个服务可以使用第一个服务的输出作为输入，并执行第二个服务。该过程一直持续到执行请求中列出的最后一个服务。在执行MIME编码的回调请求之后，执行服务请求的任何输出都将被返回给请求设备，该回调请求被嵌入在最后列出的服务请求之后的原始请求中。

5. 发明授权

US08787593B1 State feedback for single-valued devices with multiple inputs 有权
标题翻译：具有多个输入的单值器件的状态反馈
公开(公告)号：US08787593B1
公开(公告)日：2014-07-22
申请号：US10860531
申请日：2004-06-02
申请人： Randall B. Smith , John C. Tang , Glenn C. Scott
发明人： Randall B. Smith , John C. Tang , Glenn C. Scott
IPC分类号： H03G3/00
CPC分类号： G05B15/02 , G05B2219/23043 , G05B2219/2642 , G06F3/038
摘要： An apparatus for controlling a target device including a first input device configured to provide a first input to the target device, a second input device configured to provide a second input to the target device, and a control mixer configured to generate an output using a policy, the first input and the second input, wherein the output comprises a feedback and a target device output, wherein the feedback comprises some function of the state of the target device, the policy, and the state of each input device connected to the control mixer.
摘要翻译：一种用于控制目标设备的装置，包括被配置为向目标设备提供第一输入的第一输入设备，被配置为向目标设备提供第二输入的第二输入设备以及配置为使用策略生成输出的控制混合器，所述第一输入和所述第二输入，其中所述输出包括反馈和目标设备输出，其中所述反馈包括所述目标设备的状态，所述策略以及连接到所述控制混合器的每个输入设备的状态的某些功能。

6. 发明授权

US07590632B1 Method for serializer maintenance and coalescing 有权
标题翻译：串行器维护和聚结方法
公开(公告)号：US07590632B1
公开(公告)日：2009-09-15
申请号：US11045237
申请日：2005-01-28
申请人： Germano Caronni , Raphael J. Rom , Glenn C. Scott
发明人： Germano Caronni , Raphael J. Rom , Glenn C. Scott
IPC分类号： G06F7/00 , G06F17/30 , G06F17/00 , G06F3/00 , G06F9/44 , G06F9/46 , G06F13/00
CPC分类号： G06F9/52 , Y10S707/99944 , Y10S707/99953
摘要： A method for serializer maintenance and coalescing in a distributed object store (DOS) including a first partition and a second partition, involving requesting an update of an object, wherein the object includes an active globally unique identifier (AGUID) object and at least one version globally unique identifier (VGUID) object, wherein the least one VGUID object includes a first generation number and a first serializer name, determining whether a first serializer is located in the first partition using the first serializer name, wherein the first serializer is associated with the first generation number, if the first serializer is not located in the first partition, constructing a second serializer using the first serializer name, assigning a second generation number to the second serializer, obtaining an order of the update to the object using the second serializer, and creating a new VGUID object.
摘要翻译：一种在包括请求对象的更新的包括第一分区和第二分区的分布式对象存储（DOS）中的序列化程序维护和合并的方法，其中所述对象包括活动的全局唯一标识符（AGUID）对象和至少一个版本全球唯一标识符（VGUID）对象，其中所述至少一个VGUID对象包括第一代号和第一串行器名称，使用所述第一串行器名称确定所述第一分区是否位于所述第一分区中，其中所述第一串行器与所述第一序列化器相关联第一编号，如果第一串行器不位于第一分区中，则使用第一串行器名称构建第二串行器，向第二串行器分配第二代数，使用第二串行器获取更新对象的顺序，并创建一个新的VGUID对象。

7. 发明授权

US06742006B2 Method and apparatus for selective execution of a computer program 有权
标题翻译：用于选择性执行计算机程序的方法和装置
公开(公告)号：US06742006B2
公开(公告)日：2004-05-25
申请号：US10144070
申请日：2002-05-10
申请人： William J. Raduchel , Glenn C. Scott , Timothy G. Lindholm
发明人： William J. Raduchel , Glenn C. Scott , Timothy G. Lindholm
IPC分类号： G06F1200
CPC分类号： H04L63/168 , G06F9/44589 , G06F21/51 , G06F21/53 , G06F2221/2115 , H04L29/06 , H04L63/0245 , Y10S707/99943 , Y10S707/99944 , Y10S707/99952
摘要： A method and apparatus for ensuring that code being executed by a data processing system conforms to a platform standard. As an example, one embodiment of the present invention validates Pure Java platform standard conformance of Java programs downloaded from a remote server to ensure that they conform to the “Pure Java” standard. This checking can be performed at the time that the program is downloaded across a network firewall and/or at one or more times during the loading and execution of the program.
摘要翻译：一种用于确保由数据处理系统执行的代码符合平台标准的方法和装置。作为示例，本发明的一个实施例验证从远程服务器下载的Java程序的纯Java平台标准一致性，以确保它们符合“纯Java”标准。可以在程序在加载和执行程序期间通过网络防火墙和/或一次或多次下载时执行该检查。

8. 发明授权

US5878231A System for packet filtering of data packets at a computer network interface 失效
标题翻译：用于在计算机网络接口处对数据分组进行分组过滤的系统
公开(公告)号：US5878231A
公开(公告)日：1999-03-02
申请号：US795374
申请日：1997-02-04
申请人： Geoffrey G. Baehr , William Danielson , Thomas L. Lyon , Geoffrey Mulligan , Martin Patterson , Glenn C. Scott , Carolyn Turbyfill
发明人： Geoffrey G. Baehr , William Danielson , Thomas L. Lyon , Geoffrey Mulligan , Martin Patterson , Glenn C. Scott , Carolyn Turbyfill
IPC分类号： G06F13/00 , H04L29/06 , G06F13/38 , G06F15/17
CPC分类号： H04L63/0236
摘要： A system for screening data packets transmitted between a network to be protected, such as a private network, and another network, such as a public network. The system includes a dedicated computer with multiple (specifically, three) types of network ports: one connected to each of the private and public networks, and one connected to a proxy network that contains a predetermined number of the hosts and services, some of which may mirror a subset of those found on the private network. The proxy network is isolated from the private network, so it cannot be used as a jumping off point for intruders. Packets received at the screen (either into or out of a host in the private network) are filtered based upon their contents, state information and other criteria, including their source and destination, and actions are taken by the screen depending upon the determination of the filtering phase. The packets may be allowed through, with or without alteration of their data, IP (internet protocol) address, etc., or they may be dropped, with or without an error message generated to the sender of the packet. Packets may be sent with or without alteration to a host on the proxy network that performs some or all of the functions of the intended destination host as specified by a given packet. The passing through of packets without the addition of any network address pertaining to the screening system allows the screening system to function without being identifiable by such an address, and therefore it is more difficult to target as an IP entity, e.g. by intruders.
摘要翻译：一种用于筛选在诸如专用网络的被保护网络之间传送的数据分组和诸如公共网络的另一网络之间的数据分组的系统。该系统包括具有多个（具体为三个）类型的网络端口的专用计算机：一个连接到每个私有和公共网络，以及一个连接到代理网络，其包含预定数量的主机和服务，其中一些可能会反映在专用网络中发现的一个子集。代理网络与专用网络隔离，因此不能作为入侵者的跳点使用。根据其内容，状态信息和其他标准（包括其源和目的地），屏幕上接收到的数据包（进入或离开专用网络中的主机）被过滤，并且屏幕采取行动，这取决于过滤阶段。可以允许数据包通过或不改变其数据，IP（因特网协议）地址等，或者可以丢弃具有或不发送到分组的发送者的错误消息。可以向代理网络上的主机发送或不进行分组，该主机执行由给定分组指定的预期目的地主机的一些或全部功能。通过分组而不添加与筛选系统相关的任何网络地址，允许筛选系统在不被该地址识别的情况下起作用，因此更难以将其定位为IP实体。由入侵者

9. 发明授权

US07778970B1 Method and system for managing independent object evolution 有权
标题翻译：用于管理独立对象演化的方法和系统
公开(公告)号：US07778970B1
公开(公告)日：2010-08-17
申请号：US11045223
申请日：2005-01-28
申请人： Germano Caronni , Raphael J. Rom , Glenn C. Scott
发明人： Germano Caronni , Raphael J. Rom , Glenn C. Scott
IPC分类号： G06F7/00 , G06F17/00
CPC分类号： G06F9/52 , Y10S707/99944 , Y10S707/99953
摘要： A method for managing object evolution in a distributed object store (DOS) involving requesting an update of an object, wherein the object includes an active globally unique identifier (AGUID) object and at least one version globally unique identifier (VGUID) object, wherein the at least one VGUID object includes a first generation number and a first serializer name, locating a first serializer using the first serializer name, wherein the first serializer is associated with the first generation number, obtaining an order of the update using the first serializer, and creating a new VGUID object, wherein the new VGUID object includes a new version number, the first generation number, and the first serializer name.
摘要翻译：一种用于管理涉及请求对象的更新的分布式对象存储（DOS）中的对象演进的方法，其中所述对象包括活动全局唯一标识符（AGUID）对象和至少一个版本全局唯一标识符（VGUID）对象，其中，至少一个VGUID对象包括第一代号和第一串行器名称，使用第一串行器名称定位第一串行器，其中第一串行器与第一代数相关联，使用第一串行器获得更新的顺序，以及创建新的VGUID对象，其中新的VGUID对象包括新版本号，第一代号和第一串行器名称。

10. 发明授权

US07685309B2 System and method for separating addresses from the delivery scheme in a virtual private network 有权
标题翻译：用于在虚拟专用网络中将地址从传送方案分离的系统和方法
公开(公告)号：US07685309B2
公开(公告)日：2010-03-23
申请号：US11201160
申请日：2005-08-11
申请人： Germano Caronni , Amit Gupta , Sandeep Kulmar , Tom R. Markson , Christoph L. Schuba , Glenn C. Scott
发明人： Germano Caronni , Amit Gupta , Sandeep Kulmar , Tom R. Markson , Christoph L. Schuba , Glenn C. Scott
IPC分类号： G06F15/173 , G06F15/16
CPC分类号： H04L63/0272 , H04L12/4679 , H04L29/12009 , H04L29/12396 , H04L29/12528 , H04L61/2525 , H04L61/2575
摘要： Methods and systems consistent with the present invention establish a virtual network on top of current IP network naming schemes. The virtual network uses a separate layer to create a modification to the IP packet format that is used to separate network behavior from addressing. As a result of the modification to the packet format, any type of delivery method may be assigned to any address or group of addresses. The virtual network also maintains secure communications between nodes, while providing the flexibility of assigning delivery methods independent of the delivery addresses.
摘要翻译：与本发明一致的方法和系统在当前IP网络命名方案之上建立虚拟网络。虚拟网络使用单独的层来创建用于将网络行为与寻址分离的IP包格式的修改。作为对分组格式的修改的结果，可以将任何类型的传送方法分配给任何地址或地址组。虚拟网络还维护节点之间的安全通信，同时提供独立于传送地址的分配传送方法的灵活性。

你已经成功收藏专利！

检索式保存成功!

IPRDB

热门服务

关于我们

友情链接

联系方式