专利快速检索-快速检索全球专利，免费商用专利数据库-IPRDB

1. 发明授权

US08938511B2 Method and apparatus for detecting unauthorized bulk forwarding of sensitive data over a network 有权
标题翻译：用于检测通过网络的敏感数据的未经批准转发的方法和装置
公开(公告)号：US08938511B2
公开(公告)日：2015-01-20
申请号：US13494101
申请日：2012-06-12
申请人： Mihai Christodorescu , Josyula R. Rao , Reiner Sailer , Douglas Lee Schales
发明人： Mihai Christodorescu , Josyula R. Rao , Reiner Sailer , Douglas Lee Schales
IPC分类号： G06F15/16 , H04L12/58
CPC分类号： H04L51/32 , G06Q10/107 , H04L51/12
摘要： Methods and apparatus are provided for detecting unauthorized bulk forwarding of sensitive data over a network. A bulk forwarding of email from a first network environment is automatically detected by determining an arrival rate for internal emails received from within the first network environment into one or more user accounts; determining a sending rate for external emails sent from the one or more user accounts to a second network environment; and detecting the bulk forwarding of email from a given user account by comparing the arrival rate for internal emails and the sending rate for external emails. The bulk forwarding of email from a given user account can be detected by determining whether statistical models of the arrival rate for internal emails and of the sending rate for external emails are correlated in time.
摘要翻译：提供了用于检测通过网络的敏感数据的未授权批量转发的方法和装置。通过确定从第一网络环境中接收的内部电子邮件的到达率到一个或多个用户帐户，自动检测来自第一网络环境的电子邮件的批量转发; 确定从所述一个或多个用户帐户发送到第二网络环境的外部电子邮件的发送速率; 并通过比较内部电子邮件的到达率和外部电子邮件的发送速率来检测来自给定用户帐户的电子邮件的批量转发。通过确定内部电子邮件到达率的统计模型和外部电子邮件的发送速率是否及时相关，可以检测到来自给定用户帐户的电子邮件的批量转发。

2. 发明授权

US08650623B2 Risk adaptive information flow based access control 失效
标题翻译：基于风险自适应信息流的访问控制
公开(公告)号：US08650623B2
公开(公告)日：2014-02-11
申请号：US11623838
申请日：2007-01-17
申请人： Pau-Chen Cheng , Pankaj Rohatgi , Claudia Keser , Josyula R. Rao
发明人： Pau-Chen Cheng , Pankaj Rohatgi , Claudia Keser , Josyula R. Rao
IPC分类号： G06F7/04 , G06F15/16 , G06F17/30 , G06F12/00 , G06F12/14 , G06F13/00 , G06F11/00 , H04L29/00 , H04L29/06 , G11C7/00 , G08B23/00
CPC分类号： G06F21/604 , G06F21/62 , G06Q10/06 , G06Q30/0601
摘要： Systems and methods are provided to manage risk associated with access to information within a given organization. The overall risk tolerance for the organization is determined and allocated among a plurality of subjects within the organization. Allocation is accomplished using either a centralized, request/response or free market mechanism. As requested from subjects within the organization for access to objects, i.e. information and data, are received, the amount of risk or risk level associated with each requested is quantified. Risk quantification can be accomplished using, for example, fuzzy multi-level security. The quantified risk associated with the access request in combination with the identity of the object and the identity of the subject are used to determine whether or not the request should be granted, denied or granted with appropriated mitigation measures.
摘要翻译：提供系统和方法来管理与给定组织内的信息访问相关的风险。确定组织的整体风险承受能力，并在组织内的多个主体之间进行分配。分配是使用集中式，请求/响应或自由市场机制完成的。根据组织内用于访问对象（即信息和数据）的主体的要求，量化与每个请求相关联的风险或风险级别的数量。可以使用例如模糊多级安全性来实现风险量化。与访问请求相关的量化风险与对象的身份和主体的身份相结合，用于确定请求是否应被授予，拒绝或授予适当的缓解措施。

3. 发明授权

US08560722B2 System and method to govern sensitive data exchange with mobile devices based on threshold sensitivity values 有权
标题翻译：基于阈值灵敏度值来管理与移动设备的敏感数据交换的系统和方法
公开(公告)号：US08560722B2
公开(公告)日：2013-10-15
申请号：US13051679
申请日：2011-03-18
申请人： Stephen Carl Gates , Youngja Park , Josyula R. Rao , Wilfried Teiken
发明人： Stephen Carl Gates , Youngja Park , Josyula R. Rao , Wilfried Teiken
IPC分类号： G06F15/16
CPC分类号： H04N21/41407 , H04N21/4334 , H04N21/4335
摘要： Techniques for limiting the risk of loss of sensitive data from a mobile device are provided. In one aspect, a method for managing sensitive data on a mobile device is provided. The method includes the following steps. A sensitivity of a data item to be transferred to the mobile device is determined. It is determined whether an aggregate sensitivity of data items already present on the mobile device plus the data item to be transferred exceeds a current threshold sensitivity value for the mobile device. If the aggregate sensitivity exceeds the current threshold sensitivity value, measures are employed to ensure the aggregate sensitivity remains below the current threshold sensitivity value for the mobile device. Otherwise the data item is transferred to the mobile device.
摘要翻译：提供了用于限制从移动设备丢失敏感数据的风险的技术。一方面，提供了一种用于管理移动设备上的敏感数据的方法。该方法包括以下步骤。确定要传送到移动设备的数据项目的灵敏度。确定移动设备上已经存在的数据项的总体灵敏度加上要传送的数据项是否超过了移动设备的当前阈值灵敏度值。如果总灵敏度超过当前阈值灵敏度值，则采用措施来确保总灵敏度保持在移动设备的当前阈值灵敏度值以下。否则将数据项传送到移动设备。

4. 发明申请

US20120240238A1 System and Method to Govern Data Exchange with Mobile Devices 有权
标题翻译：用移动设备管理数据交换的系统和方法
公开(公告)号：US20120240238A1
公开(公告)日：2012-09-20
申请号：US13051679
申请日：2011-03-18
申请人： Stephen Carl Gates , Youngja Park , Josyula R. Rao , Wilfried Teiken
发明人： Stephen Carl Gates , Youngja Park , Josyula R. Rao , Wilfried Teiken
IPC分类号： H04N7/16
CPC分类号： H04N21/41407 , H04N21/4334 , H04N21/4335
摘要： Techniques for limiting the risk of loss of sensitive data from a mobile device are provided. In one aspect, a method for managing sensitive data on a mobile device is provided. The method includes the following steps. A sensitivity of a data item to be transferred to the mobile device is determined. It is determined whether an aggregate sensitivity of data items already present on the mobile device plus the data item to be transferred exceeds a current threshold sensitivity value for the mobile device. If the aggregate sensitivity exceeds the current threshold sensitivity value, measures are employed to ensure the aggregate sensitivity remains below the current threshold sensitivity value for the mobile device. Otherwise the data item is transferred to the mobile device.
摘要翻译：提供了用于限制从移动设备丢失敏感数据的风险的技术。一方面，提供了一种用于管理移动设备上的敏感数据的方法。该方法包括以下步骤。确定要传送到移动设备的数据项目的灵敏度。确定移动设备上已经存在的数据项的总体灵敏度加上要传送的数据项是否超过了移动设备的当前阈值灵敏度值。如果总灵敏度超过当前阈值灵敏度值，则采用措施来确保总灵敏度保持在移动设备的当前阈值灵敏度值以下。否则将数据项传送到移动设备。

5. 发明申请

US20120101870A1 Estimating the Sensitivity of Enterprise Data 审中-公开
标题翻译：估算企业数据敏感度
公开(公告)号：US20120101870A1
公开(公告)日：2012-04-26
申请号：US12910587
申请日：2010-10-22
申请人： Stephen Carl Gates , Youngja Park , Josyula R. Rao , Wilfried Teiken
发明人： Stephen Carl Gates , Youngja Park , Josyula R. Rao , Wilfried Teiken
IPC分类号： G06F17/30 , G06Q10/00
CPC分类号： G06Q10/0635
摘要： A method for evaluating data includes defining a list of data categories, determining a relative sensitivity to each data category, determining one or more classifiers for each of the data categories, receiving a plurality of data items to be valued, determining one of the data categories for each of said plurality of data items according to the one or more classifiers, and determining a respective sensitivity for each of said plurality of data items.
摘要翻译：一种用于评估数据的方法包括定义数据类别列表，确定对每个数据类别的相对灵敏度，为每个数据类别确定一个或多个分类器，接收要被重估的多个数据项，确定数据类别之一对于根据所述一个或多个分类器的所述多个数据项中的每一个，并且为所述多个数据项中的每一个确定相应的灵敏度。

6. 发明授权

US07142670B2 Space-efficient, side-channel attack resistant table lookups 失效
公开(公告)号：US07142670B2
公开(公告)日：2006-11-28
申请号：US09943720
申请日：2001-08-31
申请人： Suresh N. Chari , Josyula R. Rao , Pankaj Rohatgi , Helmut Scherzer
发明人： Suresh N. Chari , Josyula R. Rao , Pankaj Rohatgi , Helmut Scherzer
IPC分类号： H04K1/00 , H04L9/00
CPC分类号： G06F21/556 , H04L9/002 , H04L2209/043 , H04L2209/08
摘要： Methods, apparatus and computer software and hardware products providing method, apparatus and system solutions for implementing table lookups in a side-channel attack resistant manner. Embodiments are provided for devices and situations where there is limited amount of RAM memory available or restrictions on memory addressing. The solutions solve problems associated with look up tables with large indices, as well as problems associated with looking up large sized tables or a collection of tables of large cumulative size, in limited devices, in an efficient side-channel attack resistant manner. These solutions provide defenses against both first-order side channel attacks as well as higher-order side channel attacks. One aspect of the present invention is the creation of one or more random tables which are used possibly in conjunction with other tables to perform a table lookup. This denies an adversary information about the table lookup from the side channel and thereby imparting side-channel resistance to the table lookup operation. Another aspect of the present invention is the use of a combination of some operations such as Table Split, Table Mask and Table Aggregate, to achieve this side-channel resistance within the limited amounts of available RAM and limited memory addressing capabilities of the device performing table lookups.

7. 发明申请

US20130333041A1 Method and Apparatus for Automatic Identification of Affected Network Resources After a Computer Intrusion 审中-公开
标题翻译：计算机入侵后影响网络资源自动识别的方法与装置
公开(公告)号：US20130333041A1
公开(公告)日：2013-12-12
申请号：US13494108
申请日：2012-06-12
申请人： Mihai Christodorescu , Josyula R. Rao , Reiner Sailer , Douglas Lee Schales
发明人： Mihai Christodorescu , Josyula R. Rao , Reiner Sailer , Douglas Lee Schales
IPC分类号： G06F21/00
CPC分类号： G06F21/55 , G06F21/568
摘要： Methods and apparatus are provided for automatic identification of affected network resources after a computer intrusion. The network resources affected by a computer intrusion can be identified by collecting information about an external system from an external source; deriving a list of one or more affected internal systems on an internal network by correlating the information with internal information about internal systems that interacted with the external system; and identifying one or more user accounts associated with the one or more affected internal systems. Data residing on systems accessible by the one or more user accounts can also optionally be identified. A list can optionally be presented of the network resources that may be affected by the computer intrusion. The affected network resources can be, for example, servers, services and/or client machines.
摘要翻译：提供了方法和装置，用于在计算机入侵之后自动识别受影响的网络资源。可以通过从外部源收集有关外部系统的信息来识别受计算机入侵影响的网络资源; 通过将信息与与外部系统交互的内部系统的内部信息相关联，得出内部网络上的一个或多个受影响的内部系统的列表; 以及识别与所述一个或多个受影响的内部系统相关联的一个或多个用户帐户。还可以可选地识别驻留在由一个或多个用户帐户访问的系统上的数据。可以选择性地呈现可能受到计算机入侵影响的网络资源的列表。受影响的网络资源可以是例如服务器，服务和/或客户端机器。

8. 发明申请

US20130333034A1 Method and Apparatus for Automatic Identification of Affected Network Resources After a Computer Intrusion 审中-公开
标题翻译：计算机入侵后影响网络资源自动识别的方法与装置
公开(公告)号：US20130333034A1
公开(公告)日：2013-12-12
申请号：US13604031
申请日：2012-09-05
申请人： Mihai Christodorescu , Josyula R. Rao , Reiner Sailer , Douglas Lee Schales
发明人： Mihai Christodorescu , Josyula R. Rao , Reiner Sailer , Douglas Lee Schales
IPC分类号： G06F21/00
CPC分类号： G06F21/55 , G06F21/568
摘要： Methods and apparatus are provided for automatic identification of affected network resources after a computer intrusion. The network resources affected by a computer intrusion can be identified by collecting information about an external system from an external source; deriving a list of one or more affected internal systems on an internal network by correlating the information with internal information about internal systems that interacted with the external system: and identifying one or more user accounts associated with the one or more affected internal systems. Data residing on systems accessible by the one or more user accounts can also optionally be identified. A list can optionally be presented of the network resources that may be affected by the computer intrusion. The affected network resources can be, for example, servers, services and/or client machines.
摘要翻译：提供了方法和装置，用于在计算机入侵之后自动识别受影响的网络资源。可以通过从外部源收集有关外部系统的信息来识别受计算机入侵影响的网络资源; 通过将信息与与外部系统交互的内部系统的内部信息相关联，并且识别与所述一个或多个受影响的内部系统相关联的一个或多个用户帐户，来产生内部网络上的一个或多个受影响的内部系统的列表。还可以可选地识别驻留在由一个或多个用户帐户访问的系统上的数据。可以选择性地呈现可能受到计算机入侵影响的网络资源的列表。受影响的网络资源可以是例如服务器，服务和/或客户端机器。

9. 发明申请

US20110173084A1 Risk Adaptive Information Flow Based Access Control 失效
标题翻译：风险自适应信息流访问控制
公开(公告)号：US20110173084A1
公开(公告)日：2011-07-14
申请号：US11623838
申请日：2007-01-17
申请人： Pau-Chen Cheng , Pankaj Rohatgi , Claudia Keser , Josyula R. Rao
发明人： Pau-Chen Cheng , Pankaj Rohatgi , Claudia Keser , Josyula R. Rao
IPC分类号： G06Q30/00 , G06F21/00
CPC分类号： G06F21/604 , G06F21/62 , G06Q10/06 , G06Q30/0601
摘要： Systems and methods are provided to manage risk associated with access to information within a given organization. The overall risk tolerance for the organization is determined and allocated among a plurality of subjects within the organization. Allocation is accomplished using either a centralized, request/response or free market mechanism. As requested from subjects within the organization for access to objects, i.e. information and data, are received, the amount of risk or risk level associated with each requested is quantified. Risk quantification can be accomplished using, for example, fuzzy multi-level security. The quantified risk associated with the access request in combination with the identity of the object and the identity of the subject are used to determine whether or not the request should be granted, denied or granted with appropriated mitigation measures.
摘要翻译：提供系统和方法来管理与给定组织内的信息访问相关的风险。确定组织的整体风险承受能力，并在组织内的多个主体之间分配。分配是使用集中式，请求/响应或自由市场机制完成的。根据组织内用于访问对象（即信息和数据）的主体的要求，量化与每个请求相关联的风险或风险级别的数量。可以使用例如模糊多级安全性来实现风险量化。与访问请求相关的量化风险与对象的身份和主体的身份相结合，用于确定请求是否应被授予，拒绝或授予适当的缓解措施。

10. 发明授权

US06978446B2 System and method for protecting against leakage of sensitive information from compromising electromagnetic emanations from computing systems 失效
标题翻译：用于防止敏感信息泄露的计算机系统和方法免受来自计算系统的电磁辐射的影响
公开(公告)号：US06978446B2
公开(公告)日：2005-12-20
申请号：US10109297
申请日：2002-03-27
申请人： Bruce Roy Archambeault , Josyula R. Rao , Pankaj Rohatgi , Helmut Scherzer
发明人： Bruce Roy Archambeault , Josyula R. Rao , Pankaj Rohatgi , Helmut Scherzer
IPC分类号： G06F21/00 , G09F9/44
CPC分类号： G06F21/556
摘要： A method for changing an operation performed by an electronic device includes defining a process flow chart of the operation to be performed by the electronic device, the process flow chart having one or more primitive actions, the operation having one or more components, the primitive action operating on the components to produce an output. The method further includes determining a number of information dispersal units for each of the components. For each of the components, defining a set of information dispersal units, transforming one or more of the primitive actions of the operation using a transform function to create a transformed primitive action, and applying each of the transformed primitive actions to all the respective sets of information dispersal units to produce a transformed set of transformed information dispersal units.
摘要翻译：一种用于改变由电子设备执行的操作的方法包括定义由电子设备执行的操作的处理流程图，具有一个或多个原始动作的处理流程图，具有一个或多个组件的操作，原始动作在组件上运行以产生输出。该方法还包括为每个组件确定多个信息分散单元。对于每个组件，定义一组信息分散单元，使用变换函数来变换操作的一个或多个原始动作以创建变换的原始动作，并且将每个经变换的原始动作应用于所有相应的组信息分散单位来生成一组转换后的信息分散单元。

你已经成功收藏专利！

检索式保存成功!

IPRDB

热门服务

关于我们

友情链接

联系方式