专利快速检索-快速检索全球专利，免费商用专利数据库-IPRDB

1. 发明授权

US07373666B2 Distributed threat management 有权
标题翻译：分布式威胁管理
公开(公告)号：US07373666B2
公开(公告)日：2008-05-13
申请号：US10185008
申请日：2002-07-01
申请人： Christopher G. Kaler , Giovanni Moises Della-Libera , John P. Shewchuk
发明人： Christopher G. Kaler , Giovanni Moises Della-Libera , John P. Shewchuk
IPC分类号： G06F12/00 , G06F7/04 , G06F11/30 , H04L9/32
CPC分类号： G06F21/554
摘要： A method and system are provided for managing a security threat in a distributed system. A distributed element of the system detects and reports suspicious activity to a threat management agent. The threat management agent determines whether an attack is taking place and deploys a countermeasure to the attack when the attack is determined to be taking place. Another method and system are also provided for managing a security threat in a distributed system. A threat management agent reviews reported suspicious activity including suspicious activity reported from at least one distributed element of the system, determines, based on the reports, whether a pattern characteristic of an attack occurred, and predicts when a next attack is likely to occur. Deployment of a countermeasure to the predicted next attack is directed in a time window based on when the next attack is predicted to occur.
摘要翻译：提供了一种用于管理分布式系统中的安全威胁的方法和系统。系统的分布式元素会将威胁管理代理的可疑活动检测并报告。威胁管理代理确定攻击是否发生，并在攻击确定发生时部署对攻击的对策。还提供另一种方法和系统来管理分布式系统中的安全威胁。威胁管理代理审查报告了可疑活动，包括从系统的至少一个分布式元素报告的可疑活动，根据报告确定是否发生攻击的模式特征，并预测何时可能发生下一次攻击。基于预测发生下一次攻击的时间窗口，针对预测的下一次攻击的对策部署。

2. 发明授权

US07707637B2 Distributed threat management 有权
标题翻译：分布式威胁管理
公开(公告)号：US07707637B2
公开(公告)日：2010-04-27
申请号：US12058156
申请日：2008-03-28
申请人： Christopher G. Kaler , Giovanni Moises Della-Libera , John P. Shewchuk
发明人： Christopher G. Kaler , Giovanni Moises Della-Libera , John P. Shewchuk
IPC分类号： G06F7/04 , G06F11/30 , H04L9/00
CPC分类号： G06F21/554
摘要： A method and system are provided for managing a security threat in a distributed system. A distributed element of the system detects and reports suspicious activity to a threat management agent. The threat management agent determines whether an attack is taking place and deploys a countermeasure to the attack when the attack is determined to be taking place. Another method and system are also provided for managing a security threat in a distributed system. A threat management agent reviews reported suspicious activity including suspicious activity reported from at least one distributed element of the system, determines, based on the reports, whether a pattern characteristic of an attack occurred, and predicts when a next attack is likely to occur. Deployment of a countermeasure to the predicted next attack is directed in a time window based on when the next attack is predicted to occur.
摘要翻译：提供了一种用于管理分布式系统中的安全威胁的方法和系统。系统的分布式元素会将威胁管理代理的可疑活动检测并报告。威胁管理代理确定攻击是否发生，并在攻击确定发生时部署对攻击的对策。还提供另一种方法和系统来管理分布式系统中的安全威胁。威胁管理代理审查报告了可疑活动，包括从系统的至少一个分布式元素报告的可疑活动，根据报告确定是否发生攻击的模式特征，并预测何时可能发生下一次攻击。基于预测发生下一次攻击的时间窗口，针对预测的下一次攻击的对策部署。

3. 发明授权

US07512782B2 Method and system for using a web service license 有权
标题翻译：使用Web服务许可证的方法和系统
公开(公告)号：US07512782B2
公开(公告)日：2009-03-31
申请号：US10218584
申请日：2002-08-15
申请人： Christopher G. Kaler , John P. Shewchuk , Giovanni Moises Della-Libera , Robert George Atkinson
发明人： Christopher G. Kaler , John P. Shewchuk , Giovanni Moises Della-Libera , Robert George Atkinson
IPC分类号： H04L9/00 , G06F7/04 , G06F7/58 , G06F17/30 , H04K1/00 , G06K15/00 , G09F3/00
CPC分类号： G06Q30/02 , G06F21/10 , G06F21/31
摘要： A method and system are provided such that a universal license may be used for authentication and authorization purposes and may include one or more cryptographic keys as well as assertions and related indications of authenticity. In an aspect of the invention, a license may be presented that includes access information, such that authentication and authorization decisions may be made based only on the access information. In other aspects of the invention, rights may be delegated and a trusted party may assert that another party can be trusted.
摘要翻译：提供了一种方法和系统，使得通用许可证可以用于认证和授权目的，并且可以包括一个或多个密码密钥以及真实性的断言和相关的指示。在本发明的一个方面，可以呈现包括访问信息的许可证，使得可以仅基于访问信息进行认证和授权决定。在本发明的其他方面，可以委托权利，并且可信方可以断言另一方可以被信任。

4. 发明授权

US08086849B2 Secure internet-scale eventing 有权
标题翻译：安全的互联网规模事件
公开(公告)号：US08086849B2
公开(公告)日：2011-12-27
申请号：US10210067
申请日：2002-08-02
申请人： Christopher G. Kaler , John P. Shewchuk , Giovanni Moises Della-Libera , Luis Felipe Cabrera
发明人： Christopher G. Kaler , John P. Shewchuk , Giovanni Moises Della-Libera , Luis Felipe Cabrera
IPC分类号： H04L9/00
CPC分类号： H04L63/0428 , H04L63/08 , H04L63/126
摘要： A method and system are provided for delivering event messages in a secure scalable manner. A network includes an event distribution device serving as an event generation device for generating and disseminating an event message through the network to event distribution devices serving as edge event delivery devices having recipient devices connected thereto. Event messages may be encrypted at the event generation device for each of the destination recipient devices or event messages may be encrypted at each of the edge event delivery devices for delivery to respective recipient devices connected thereto. A signing key may also be included with the encrypted message such that the respective recipient devices may authenticate a sender of the encrypted message based on the signing key. Encryption keys may be established based on policies of the network of event distribution devices or based on policies of the respective recipient devices.
摘要翻译：提供了一种以安全可伸缩的方式传送事件消息的方法和系统。网络包括作为事件发生设备的事件发布设备，用于通过网络生成和传播事件消息到用作具有连接到其的接收设备的边缘事件传递设备的事件分发设备。事件消息可以在每个目的地接收者设备的事件生成设备处被加密，或者可以在每个边缘事件传递设备处对事件消息进行加密，以便递送到与之相连接的相应接收者设备。签名密钥也可以包含在加密的消息中，使得相应的接收者设备可以基于签名密钥来认证加密消息的发送者。加密密钥可以基于事件分发设备的网络的策略或基于各个接收方设备的策略来建立。

5. 发明授权

US07447785B2 Dependent context trees for related network offerings 有权
标题翻译：相关网络产品的依赖上下文树
公开(公告)号：US07447785B2
公开(公告)日：2008-11-04
申请号：US10403857
申请日：2003-03-31
申请人： Christopher G. Kaler , Erik B. Christensen , Giovanni M. Della-Libera , John P. Shewchuk , Stephen J. Millet , Steven E. Lucco
发明人： Christopher G. Kaler , Erik B. Christensen , Giovanni M. Della-Libera , John P. Shewchuk , Stephen J. Millet , Steven E. Lucco
IPC分类号： G06F15/16
CPC分类号： H04L63/102 , H04L67/327 , H04L69/329 , H04L2463/102
摘要： A network site often provides multiple offerings, each having their own context. The complete context for one of the offerings is stored. That complete context represents a root node in a hierarchical tree of context nodes, each node representing the context information for one or more of the offerings. Each node in the tree includes a reference to its parent node, and then a description of incremental changes to the context information as compared to the context information from the parent node. Accordingly, the context information for a particular node in the tree may be obtained by combining the complete context for the root node offering with incremental changes described in other nodes in the ancestral chain that leads from the particular offering to the root offering.
摘要翻译：网络站点通常提供多个产品，每个产品都有自己的上下文。存储其中一个产品的完整上下文。该完整上下文表示上下文节点的分层树中的根节点，每个节点表示一个或多个提供的上下文信息。树中的每个节点都包含对其父节点的引用，然后是与父节点的上下文信息相比较，对上下文信息的增量更改的描述。因此，可以通过将根节点提供的完整上下文与从特定产品引导到根产品的祖先链中的其他节点中描述的增量变化相结合来获得树中的特定节点的上下文信息。

6. 发明授权

US07313687B2 Establishing a secure context at an electronic communications end-point 有权
标题翻译：在电子通信端点建立安全的环境
公开(公告)号：US07313687B2
公开(公告)日：2007-12-25
申请号：US10340694
申请日：2003-01-10
申请人： Christopher G. Kaler , Giovanni M. Della-Libera , John P. Shewchuk
发明人： Christopher G. Kaler , Giovanni M. Della-Libera , John P. Shewchuk
IPC分类号： H04L9/00
CPC分类号： H04L67/34 , H04L29/06 , H04L63/12 , H04L67/327 , H04L69/329
摘要： A first application layer at a first message processor identifies a first portion of context information. A second message processor receives the first portion of context information. A second application layer at the second message processor identifiers a second portion of context information. The second message processor sends the second portion of context information along with a first digital signature created from both the first and second portions of context information. The first message processor receives the second portion of context information and first digital signature. The first message processor sends a second digital signature created from the first and second portions of context information to the second message processor. If both the first and second digital signatures are authenticated, a secure context can be established between the first and second application layers.
摘要翻译：第一消息处理器处的第一应用层识别上下文信息的第一部分。第二消息处理器接收上下文信息的第一部分。第二消息处理器处的第二应用层识别上下文信息的第二部分。第二消息处理器发送上下文信息的第二部分以及从上下文信息的第一和第二部分创建的第一数字签名。第一消息处理器接收上下文信息和第一数字签名的第二部分。第一消息处理器将从上下文信息的第一和第二部分创建的第二数字签名发送到第二消息处理器。如果第一和第二数字签名都被认证，则可以在第一和第二应用层之间建立安全上下文。

7. 发明授权

US07899047B2 Virtual network with adaptive dispatcher 有权
标题翻译：具有自适应调度器的虚拟网络
公开(公告)号：US07899047B2
公开(公告)日：2011-03-01
申请号：US11838161
申请日：2007-08-13
申请人： Luis F. Cabrera , Erik B. Christensen , Giovanni M. Della-Libera , Christopher G. Kaler , David E. Levin , Bradford H. Lovering , Steven E. Lucco , Stephen J. Millet , John P. Shewchuk , Robert S. Wahbe , David A. Wortendyke
发明人： Luis F. Cabrera , Erik B. Christensen , Giovanni M. Della-Libera , Christopher G. Kaler , David E. Levin , Bradford H. Lovering , Steven E. Lucco , Stephen J. Millet , John P. Shewchuk , Robert S. Wahbe , David A. Wortendyke
IPC分类号： H04L12/56
CPC分类号： H04L61/15 , H04L29/12047 , H04L67/327 , H04L69/32
摘要： Methods and systems for providing a virtual network are disclosed. At least one layer of abstraction is created between network service applications and conventional network protocols by inserting an adaptive dispatcher between applications and network transport services on each machine in a network. The message protocol in the virtual network is extensible, allowing application programs to create new headers within any message as needed. The adaptive dispatcher contains handlers that route and dispatch messages within the virtual network based on arbitrary content within each message, including any combination of headers and/or data content. Each device on the virtual network has a virtual address to which messages are directed, allowing devices to move within the network without reconfiguring routing tables. Handlers may be automatically created when an event meeting predefined criteria occurs, including the non-occurrence of a condition, making the virtual network self-healing and adaptive to reconfiguration.
摘要翻译：公开了用于提供虚拟网络的方法和系统。通过在网络中的每台机器上的应用程序和网络传输服务之间插入自适应调度器，在网络服务应用程序和常规网络协议之间创建至少一个抽象层。虚拟网络中的消息协议是可扩展的，允许应用程序根据需要在任何消息内创建新头。自适应调度器包含基于每个消息内的任意内容（包括报头和/或数据内容的任何组合）在虚拟网络内路由和调度消息的处理程序。虚拟网络上的每个设备都具有指向消息的虚拟地址，允许设备在网络内移动而不重新配置路由表。当满足预定义标准的事件发生时，可以自动创建处理程序，包括不发生条件，使虚拟网络自我修复并适应重新配置。

8. 发明授权

US07746250B2 Message encoding/decoding using templated parameters 有权
标题翻译：消息编码/解码使用模板参数
公开(公告)号：US07746250B2
公开(公告)日：2010-06-29
申请号：US12023998
申请日：2008-01-31
申请人： Arun K. Nanda , John P. Shewchuk , Christopher G. Kaler , Hervey O. Wilson
发明人： Arun K. Nanda , John P. Shewchuk , Christopher G. Kaler , Hervey O. Wilson
IPC分类号： H03M7/30
CPC分类号： G06F15/16 , H03M7/30
摘要： Communication of a compressed message over a communication channel between message processors. The compressed message may be expressed in terms of an expressed or implicit template identification, and values of one or more parameters. Based on the template identification, the meaning of the one or more parameters may be understood, whereas the meaning of the parameter(s) may not be understood without a knowledge of the template. The template provides semantic context for the one or more parameters. The transmitting message processor may have compressed the message using the identified template. Alternatively or in addition, the receiving message processor may decompress the message using the identified template. The template itself need not be part of the compressed message as transmitted.
摘要翻译：通过消息处理器之间的通信信道通信压缩消息。压缩消息可以用表达或隐含的模板标识和一个或多个参数的值表示。基于模板识别，可以理解一个或多个参数的含义，而在不了解模板的情况下，参数的含义可能不被理解。模板提供一个或多个参数的语义上下文。发送消息处理器可以使用所标识的模板来压缩消息。或者或另外，接收消息处理器可以使用所识别的模板解压缩消息。模板本身不需要是传输的压缩消息的一部分。

9. 发明授权

US07627759B2 End-to-end reliable messaging with complete acknowledgement 有权
标题翻译：端到端可靠的消息传递与完整的确认
公开(公告)号：US07627759B2
公开(公告)日：2009-12-01
申请号：US11548266
申请日：2006-10-10
申请人： David E. Langworthy , Christopher G. Kaler , Luis Felipe Cabrera , Patrick J. Helland , Steven E. Lucco , John P. Shewchuk
发明人： David E. Langworthy , Christopher G. Kaler , Luis Felipe Cabrera , Patrick J. Helland , Steven E. Lucco , John P. Shewchuk
IPC分类号： G06F9/24
CPC分类号： H04L69/16 , H04L67/02 , H04L69/162 , H04L69/163
摘要： Reliable end-to-end messaging in which tracking and acknowledgement information are contained in the electronic message that is visible to layers above the transport layer, thereby being independent of what transport protocols, and whether different transport protocols, are used to communicate between the two end points. Furthermore, acknowledgment messages may identify multiple ranges of sequence numbers corresponding to received electronic messages, thereby permitting further flexibility and completeness in acknowledging received messages.
摘要翻译：可靠的端到端消息传递，其中跟踪和确认信息包含在电子消息中，对传输层之上的层是可见的，从而独立于什么传输协议以及是否使用不同的传输协议来在两者之间进行通信终点此外，确认消息可以标识与所接收的电子消息相对应的多个序列号范围，从而允许在确认所接收的消息时进一步的灵活性和完整性。

10. 发明申请

US20090217383A1 LOW-COST SECURITY USING WELL-DEFINED MESSAGES 审中-公开
标题翻译：使用良好定义的消息进行低成本安全
公开(公告)号：US20090217383A1
公开(公告)日：2009-08-27
申请号：US12037806
申请日：2008-02-26
申请人： Douglas A. Walter , Christopher G. Kaler , John P. Shewchuk , Arun K. Nanda
发明人： Douglas A. Walter , Christopher G. Kaler , John P. Shewchuk , Arun K. Nanda
IPC分类号： G06F21/22 , H04L9/32
CPC分类号： H04L63/20 , H04L9/3247 , H04L2209/68 , H04L2209/80
摘要： Well-defined messages may be transmitted from a sending device to a recipient device in order to reduce the processing and resource requirements imposed by the security semantics of general message standards. The well-defined messages may include an expression of a collective intent of the security semantics included in the message. The expression of the security semantics within the message simplifies the discovery process for devices processing the message. The well-defined message may also require that any intermediary devices that process the well-defined message as it is transmitted from the sender device to the receiver device follow the expressed collective intent of the security semantics. If an intermediary device cannot understand or adhere to the expressed intent, the well-defined message must be rejected.
摘要翻译：良好定义的消息可以从发送设备发送到接收者设备，以便减少由一般消息标准的安全语义强加的处理和资源需求。明确定义的消息可以包括消息中包括的安全语义的集体意图的表达。消息内的安全语义表达简化了处理消息的设备的发现过程。明确定义的消息还可能要求在从发送方设备发送到接收方设备时处理明确定义的消息的任何中间设备遵循安全性语义所表达的集体意图。如果中介设备无法理解或遵守表达的意图，则明确的消息必须被拒绝。

你已经成功收藏专利！

检索式保存成功!

IPRDB

热门服务

关于我们

友情链接

联系方式