专利快速检索-快速检索全球专利，免费商用专利数据库-IPRDB

1. 发明授权

US07624373B2 Security mechanism for interpreting scripts in an interpretive environment 有权
标题翻译：在解释环境中解释脚本的安全机制
公开(公告)号：US07624373B2
公开(公告)日：2009-11-24
申请号：US11096623
申请日：2005-03-31
申请人： Bhalchandra S. Pandit , Bruce G. Payette , James W. Truher, III , Jeffrey P. Snover
发明人： Bhalchandra S. Pandit , Bruce G. Payette , James W. Truher, III , Jeffrey P. Snover
IPC分类号： G06F9/44 , G06F9/45 , G06F11/00 , G06F7/04
CPC分类号： G06F9/45508
摘要： The techniques and mechanisms described herein are directed to a scripting security mechanism that minimizes security risks associated with interpreting a script written with a scripting language. An interpreter recognizes the scripting-language syntax within the script and processes each line that is designated within a data block using a restrictive set of operations. The restrictive set of operations are a subset of the total operations available for processing. If one of the lines within the data block attempts to perform an operation that is not within the restrictive set of operations, the interpreter provides an indication, such as an exception or message explaining the illegal operation. The interpreter also recognizes a list of export variables associated with the data block and exports only the variables identified in the list to an external environment if the export variable meets a constraint identified for it, if any.
摘要翻译：本文描述的技术和机制针对脚本安全机制，其最小化与用脚本语言编写的脚本解释相关联的安全风险。解释器识别脚本中的脚本语言语法，并使用限制性操作处理在数据块中指定的每一行。限制性操作集合是可用于处理的总操作的子集。如果数据块中的一条行尝试执行不在限制操作集合内的操作，则解释器提供指示，例如解释非法操作的异常或消息。如果导出变量满足为其标识的约束（如果有的话），则解释器还会识别与数据块相关联的导出变量列表，并仅将列表中标识的变量导出到外部环境。

2. 发明授权

US07757282B2 System and method for distinguishing safe and potentially unsafe data during runtime processing 有权
标题翻译：在运行时处理期间区分安全和潜在不安全数据的系统和方法
公开(公告)号：US07757282B2
公开(公告)日：2010-07-13
申请号：US11133676
申请日：2005-05-20
申请人： Bhalchandra S. Pandit , James W. Truher, III , Jeffrey P. Snover , Bruce G. Payette
发明人： Bhalchandra S. Pandit , James W. Truher, III , Jeffrey P. Snover , Bruce G. Payette
IPC分类号： G06F11/00 , G06F12/14 , G06F12/16 , G08B23/00
CPC分类号： G06F21/52
摘要： The techniques and mechanisms described herein are directed to a taint mechanism. An object-based command declares a taint directive for a parameter within a command declaration. The taint directive is then associated with that parameter in a manner such that when an engine processes the command, the engine determines whether to process the command based on the taint directive and input for the parameter. The taint directive may specify that the input may be tainted or untainted. The command declaration may also include a taint parameter that specifies a taint characteristic for output from the command. The taint characteristic may be tainted, untainted, or propagated. Any type of object may become tainted. An untaint process may be applied to tainted data to obtain untainted data if an authorization check performed by the engine is successful.
摘要翻译：本文描述的技术和机制针对污染机制。基于对象的命令在命令声明中声明一个参数的污点指令。然后，污染指令以这样的方式与该参数相关联，使得当引擎处理命令时，引擎根据污点指令和参数的输入来确定是否处理命令。污点指令可能指定输入可能被污染或未被保留。命令声明还可以包括一个污染参数，该参数指定了从命令输出的污点特性。污点特性可能会被污染，未被维护或传播。任何类型的物体可能会被污染。如果发动机执行的授权检查成功，则可以将污染过程应用于污染数据以获得未维护的数据。

3. 发明授权

US07631341B2 Extensible security architecture for an interpretive environment 有权
标题翻译：用于解释环境的可扩展安全架构
公开(公告)号：US07631341B2
公开(公告)日：2009-12-08
申请号：US11118971
申请日：2005-04-28
申请人： Bhalchandra S. Pandit , James W. Truher, III , Jeffrey P. Snover
发明人： Bhalchandra S. Pandit , James W. Truher, III , Jeffrey P. Snover
IPC分类号： G06F21/00
CPC分类号： G06F21/54
摘要： The Techniques and Mechanisms Described Herein are Directed to an Extensible security architecture that provides a security mechanism for minimizing security problems within interpretive environments. The extensible security architecture comprises a script engine configured to process a script and a security manager configured to monitor the processing of the script based on a security policy. The security manager determines whether to open an assembly associated with a command within the script, whether to process the command, whether to allow certain input to the command, and the like. The security policy may be implemented by overriding one or more methods of a base security class that are called when processing the script. The input may be an object passed via an object-based pipeline.
摘要翻译：这里描述的技术和机制被定向到可扩展的安全架构，其提供用于最小化解释环境内的安全问题的安全机制。可扩展安全架构包括被配置为处理脚本的脚本引擎和被配置为基于安全策略来监视脚本的处理的安全管理器。安全管理器确定是否打开与脚本中的命令相关联的程序集，是否处理命令，是否允许对命令的某些输入等。可以通过覆盖在处理脚本时调用的基本安全类的一个或多个方法来实现安全策略。输入可以是通过基于对象的管道传递的对象。

4. 发明授权

US07555708B2 Mechanism for converting text output into objects 有权
标题翻译：将文本输出转换为对象的机制
公开(公告)号：US07555708B2
公开(公告)日：2009-06-30
申请号：US10944459
申请日：2004-09-17
申请人： Bhalchandra S. Pandit , Bruce G. Payette , James W. Truher, III
发明人： Bhalchandra S. Pandit , Bruce G. Payette , James W. Truher, III
IPC分类号： G06F15/00 , G06F17/00
CPC分类号： G06F17/248
摘要： The techniques and mechanisms described herein are directed at converting text into objects based on a template that describes the format of the text. The objects then being available for further processing. The conversion mechanism converts the text into an object having at least one method that is directly invocable and that is specific to a data type specified for the live object. The template comprises an object header indicator and a corresponding object header pattern. A new object is created whenever the object header pattern is identified within the text. In addition, the template comprises one or more field indicators each having a corresponding field pattern. The field pattern is in a format of a regular expression. A new field is created for the new object whenever a field pattern is identified within the text.
摘要翻译：本文描述的技术和机制旨在基于描述文本的格式的模板将文本转换为对象。然后可以进行进一步处理。转换机制将文本转换为具有至少一个方法的对象，该方法是直接可调用的，并且特定于为活动对象指定的数据类型。模板包括对象标题指示符和相应的对象标题模式。每当在文本中标识对象标题模式时，都会创建一个新对象。另外，模板包括一个或多个场指示器，每个场指示器具有对应的场模式。字段模式是正则表达式的格式。每当在文本中标识字段模式时，将为新对象创建一个新字段。

5. 发明授权

US07503038B2 System and method for seamlessly comparing objects 有权
标题翻译：用于无缝对比的系统和方法
公开(公告)号：US07503038B2
公开(公告)日：2009-03-10
申请号：US10928652
申请日：2004-08-27
申请人： Bhalchandra S. Pandit , Bradford R. Daniels , James W. Truher, III , Jeffrey P. Snover , Jonathan S. Newman
发明人： Bhalchandra S. Pandit , Bradford R. Daniels , James W. Truher, III , Jeffrey P. Snover , Jonathan S. Newman
IPC分类号： G06F9/45
CPC分类号： G06F9/4488
摘要： The present comparison technique operates on objects having the same type, similar types, or different types. Multiple comparison objects may be compared against one or more reference objects. The comparison objects may be obtained from a prior cmdlet in a pipeline of cmdlets operating in an object-based environment. The reference object and comparison object may be compared in an order-based manner or in a key-based manner. In addition, specific properties may be specified which will identify which properties of the reference object and the comparison object to compare during the comparison. The comparison may generate an output that identifies the difference and/or similarities. The output may be pipelined to another cmdlet for further processing.
摘要翻译：本比较技术对具有相同类型，相似类型或不同类型的对象进行操作。可以将多个比较对象与一个或多个参考对象进行比较。比较对象可以从在基于对象的环境中操作的cmdlet流水线中的先前的cmdlet获得。可以以基于顺序的方式或基于密钥的方式来比较参考对象和比较对象。此外，可以指定具体的属性，其将识别在比较期间比较的参考对象和比较对象的哪些属性。比较可以产生识别差异和/或相似性的输出。输出可以流水线到另一个cmdlet进行进一步处理。

6. 发明授权

US07665074B2 Mechanism for converting text output into objects 失效
标题翻译：将文本输出转换为对象的机制
公开(公告)号：US07665074B2
公开(公告)日：2010-02-16
申请号：US10998477
申请日：2004-11-29
申请人： Bhalchandra S. Pandit , Bruce G. Payette , James W. Truher
发明人： Bhalchandra S. Pandit , Bruce G. Payette , James W. Truher
IPC分类号： G06F9/45
CPC分类号： G06F17/248
摘要： The techniques and mechanisms described herein are directed at converting text into objects based on a template that describes the format of the text, where the format of the text is not in a standardized format. The objects then being available for further processing. The conversion mechanism converts the text into a dead object. The template comprises an object header indicator and a corresponding object header pattern. A new object is created based on the object header pattern identified within the text. In addition, the template comprises one or more field indicators each having a corresponding field pattern. The field pattern may be in a format of a regular expression. A field type and associated value are created from a string associated with the field pattern.
摘要翻译：本文描述的技术和机制旨在基于描述文本的格式的模板将文本转换为对象，其中文本的格式不是标准化格式。然后可以进行进一步处理。转换机制将文本转换为死对象。模板包括对象标题指示符和相应的对象标题模式。基于文本中标识的对象标题模式创建一个新对象。另外，模板包括一个或多个场指示器，每个场指示器具有对应的场模式。场图案可以是正则表达式的格式。字段类型和关联值是从与字段模式相关联的字符串创建的。

7. 发明授权

US07458063B2 Method and apparatus for supporting functionality documentation 有权
标题翻译：支持功能文档的方法和装置
公开(公告)号：US07458063B2
公开(公告)日：2008-11-25
申请号：US10940378
申请日：2004-09-14
申请人： Bhalchandra S. Pandit
发明人： Bhalchandra S. Pandit
IPC分类号： G06F9/45
CPC分类号： G06F8/73
摘要： A method identifies code to be analyzed and analyzes the identified code. The method determines whether the identified code contains a particular function. If the identified code contains the particular function, a determination is made whether the particular function has been properly documented. Additionally, a message is generated indicating improper documentation of the particular function if the particular function has not been documented.
摘要翻译：一种方法识别要分析的代码，并分析识别的代码。该方法确定所识别的代码是否包含特定的功能。如果识别的代码包含特定功能，则确定特定功能是否已被正确记录。此外，如果没有记录特定功能，则会生成一条消息，指示不正确地记录特定功能。

8. 发明申请

US20090241193A1 Enhanced Computer Intrusion Detection Methods And Systems 有权
标题翻译：增强计算机入侵检测方法与系统
公开(公告)号：US20090241193A1
公开(公告)日：2009-09-24
申请号：US12475883
申请日：2009-06-01
申请人： Bhalchandra S. Pandit , Praerit Garg , Richard B. Ward , Paul J. Leach , Scott A. Field , Robert P. Reichel , John E. Brezak
发明人： Bhalchandra S. Pandit , Praerit Garg , Richard B. Ward , Paul J. Leach , Scott A. Field , Robert P. Reichel , John E. Brezak
IPC分类号： G06F21/20 , G06F21/22 , G06F21/24 , G08B23/00 , H04K1/00 , G06F15/173 , G06F21/06
CPC分类号： G06F21/31 , G06F2221/2101
摘要： Improved intrusion detection and/or tracking methods and systems are provided for use across various computing devices and networks. Certain methods, for example, form a substantially unique audit identifier during each authentication/logon process. One method includes identifying one or more substantially unique parameters that are associated with the authentication/logon process and encrypting them to form at least one audit identifier that can then be generated and logged by each device involved in the authentication/logon process. The resulting audit log file can then be audited along with similar audit log files from other devices to track a user across multiple platforms.
摘要翻译：提供了改进的入侵检测和/或跟踪方法和系统，用于跨越各种计算设备和网络。例如，某些方法在每个认证/登录过程期间形成基本唯一的审计标识符。一种方法包括识别与认证/登录过程相关联的一个或多个基本上唯一的参数并将其加密以形成至少一个审核标识符，然后可以由认证/登录过程中涉及的每个设备生成和记录。然后可以将生成的审核日志文件与来自其他设备的类似审核日志文件一起审核，以跨多个平台跟踪用户。

9. 发明授权

US07543333B2 Enhanced computer intrusion detection methods and systems 有权
标题翻译：增强的计算机入侵检测方法和系统
公开(公告)号：US07543333B2
公开(公告)日：2009-06-02
申请号：US10118808
申请日：2002-04-08
申请人： Bhalchandra S. Pandit , Praerit Garg , Richard B. Ward , Paul J. Leach , Scott A. Field , Robert P. Reichel , John E. Brezak
发明人： Bhalchandra S. Pandit , Praerit Garg , Richard B. Ward , Paul J. Leach , Scott A. Field , Robert P. Reichel , John E. Brezak
IPC分类号： G06F21/06 , G06F21/20 , G06F21/22 , G06F21/24 , G08B23/00 , G06F15/173 , H04K1/00
CPC分类号： G06F21/31 , G06F2221/2101
摘要： Improved intrusion detection and/or tracking methods and systems are provided for use across various computing devices and networks. Certain methods, for example, form a substantially unique audit identifier during each authentication/logon process. One method includes identifying one or more substantially unique parameters that are associated with the authentication/logon process and encrypting them to form at least one audit identifier that can then be generated and logged by each device involved in the authentication/logon process. The resulting audit log file can then be audited along with similar audit log files from other devices to track a user across multiple platforms.
摘要翻译：提供了改进的入侵检测和/或跟踪方法和系统，用于跨越各种计算设备和网络。例如，某些方法在每个认证/登录过程期间形成基本唯一的审计标识符。一种方法包括识别与认证/登录过程相关联的一个或多个基本上唯一的参数并将其加密以形成至少一个审核标识符，然后可以由认证/登录过程中涉及的每个设备生成和记录。然后可以将生成的审核日志文件与来自其他设备的类似审核日志文件一起审核，以跨多个平台跟踪用户。

10. 发明授权

US07257719B2 System and method for storing events to enhance intrusion detection 有权
标题翻译：用于存储事件以增强入侵检测的系统和方法
公开(公告)号：US07257719B2
公开(公告)日：2007-08-14
申请号：US11275446
申请日：2006-01-03
申请人： Bhalchandra S. Pandit , Maximilian Aigner
发明人： Bhalchandra S. Pandit , Maximilian Aigner
IPC分类号： G06F9/24
CPC分类号： H04L63/1425 , G06F21/552 , H04L41/069
摘要： Storing events to enhance intrusion detection in networks is described. In one exemplary implementation, an event is received. The event includes a data section containing a set of strings each having an event field. A definition table is referenced to determine locations of event fields in the data section of the event. The event fields are stored in a database record corresponding to event field locations referenced from the definition table.
摘要翻译：描述了存储事件以增强网络中的入侵检测。在一个示例性实现中，接收事件。该事件包括一个包含一组每个具有事件字段的字符串的数据部分。引用定义表来确定事件的数据部分中的事件字段的位置。事件字段存储在对应于从定义表引用的事件字段位置的数据库记录中。

你已经成功收藏专利！

检索式保存成功!

IPRDB

热门服务

关于我们

友情链接

联系方式