专利快速检索-快速检索全球专利，免费商用专利数据库-IPRDB

1. 发明授权

US08874528B1 Systems and methods for detecting cloud-based data leaks 有权
标题翻译：用于检测基于云的数据泄漏的系统和方法
公开(公告)号：US08874528B1
公开(公告)日：2014-10-28
申请号：US13227873
申请日：2011-09-08
申请人： Deb Banerjee , Sanjay Sawhney , Sharada Sundaram
发明人： Deb Banerjee , Sanjay Sawhney , Sharada Sundaram
IPC分类号： G06F7/00
CPC分类号： G06F21/6227 , G06F17/30306 , G06F2221/2127
摘要： A computer-implemented method for detecting cloud-based data leaks may include (1) identifying a relational database stored on a third-party storage service, the relational database including a plurality of tuples related by an attribute designated for storing contact information, (2) adding at least one deceptive tuple representing an illegitimate contact and including known false contact information stored under the attribute to the relational database, (3) maintaining a data repository identifying the deceptive tuple as containing false contact information, (4) identifying a contact attempt performed by an attempted use of the known false contact information, and then, in response to identifying the contact attempt, and (5) determining, based on the data repository identifying the deceptive tuple as containing false contact information, that an originator of the contact attempt is implicated in a data leak. Various other methods, systems, and computer-readable media are also disclosed.
摘要翻译：用于检测基于云的数据泄漏的计算机实现的方法可以包括：（1）识别存储在第三方存储服务中的关系数据库，所述关系数据库包括与被指定用于存储联系人信息的属性相关的多个元组（2 将至少一个代表非法联系的欺骗性元组添加到该关联数据库中，并将属性下存储的已知虚假联系人信息添加到关系数据库中，（3）将识别欺骗性元组的数据仓库维护为包含虚假联系人信息，（4）通过尝试使用已知的虚假联系人信息，然后响应于识别联系人尝试而执行，以及（5）基于识别欺骗性元组的数据库包含虚假联系人信息来确定联系人的发起者尝试涉及数据泄漏。还公开了各种其它方法，系统和计算机可读介质。

2. 发明授权

US08869244B1 Techniques for providing role-based access control using dynamic shared accounts 有权
标题翻译：使用动态共享帐户提供基于角色的访问控制的技术
公开(公告)号：US08869244B1
公开(公告)日：2014-10-21
申请号：US13340264
申请日：2011-12-29
申请人： Sharada Sundaram , Sanjay Sawhney , Robert Koeten
发明人： Sharada Sundaram , Sanjay Sawhney , Robert Koeten
IPC分类号： G06F7/04 , G06F21/62 , G06F21/60 , H04L29/06
CPC分类号： H04L63/083 , G06F9/5061 , G06F17/30 , G06F21/00 , G06F21/50 , G06F21/604 , G06F21/62 , G06F21/6218 , H04L9/32 , H04L63/04 , H04L63/08 , H04L63/0815 , H04L63/104 , H04L63/105 , H04L63/107 , H04L67/10
摘要： Techniques for providing role-based access control using dynamic shared accounts are disclosed. In one particular exemplary embodiment, the techniques may be realized as a system and method for providing role-based access using dynamic shared accounts. For example, the system may comprise one or more processors communicatively coupled to a network. The one or more processors may be configured to: receive a request for access to an account, wherein the request comprises an identifier associated with a user; authenticate the user for access to the account; identify one or more predetermined roles associated with the account for the user; identify one or more pseudo accounts corresponding to the one or more predetermined roles; map the user to the one or more pseudo accounts; and provide user access to the account based on the mapping and with access privileges associated with the one or more predetermined roles associated with the user.
摘要翻译：公开了使用动态共享帐户提供基于角色的访问控制的技术。在一个特定的示例性实施例中，这些技术可以被实现为用于使用动态共享帐户提供基于角色的访问的系统和方法。例如，系统可以包括通信地耦合到网络的一个或多个处理器。一个或多个处理器可以被配置为：接收对帐户的访问请求，其中所述请求包括与用户相关联的标识符; 验证用户访问该帐户; 识别与用户的帐户相关联的一个或多个预定角色; 识别对应于一个或多个预定角色的一个或多个伪帐户; 将用户映射到一个或多个伪帐户; 并且基于映射提供对帐户的用户访问，以及与与用户相关联的一个或多个预定角色相关联的访问权限。

3. 发明授权

US08762512B1 Providing dynamically shared cloud accounts 有权
标题翻译：提供动态共享的云端帐户
公开(公告)号：US08762512B1
公开(公告)日：2014-06-24
申请号：US13463612
申请日：2012-05-03
申请人： Sharada Sundaram , Sanjay Sawhney , Robert Koeten
发明人： Sharada Sundaram , Sanjay Sawhney , Robert Koeten
IPC分类号： G06F15/173
CPC分类号： H04L63/083 , G06F9/5061 , G06F17/30 , G06F21/00 , G06F21/50 , G06F21/604 , G06F21/62 , G06F21/6218 , H04L9/32 , H04L63/04 , H04L63/08 , H04L63/0815 , H04L63/104 , H04L63/105 , H04L63/107 , H04L67/10
摘要： A computing system identifies shared cloud accounts of a cloud that are created for an entity. The computing system resides outside of the cloud. The number of shared cloud accounts is less than a number of entity users that use the cloud. The computing system determines that one of the users is authorized to use any of the shared cloud accounts in response to a determination that identity information of the user is valid. The computing system receives a request from the user to access the cloud and determines whether one of the shared cloud accounts is available to be assigned to the user. The computing system adds the request to a queue based on a determination that none of the shared cloud accounts is available and assigns one of the cloud accounts to the user based on a determination that one of the shared cloud accounts is available.
摘要翻译：计算系统识别为实体创建的云的共享云帐户。计算系统位于云之外。共享云帐户的数量少于使用云的实体用户数。响应于用户的身份信息有效的确定，计算系统确定其中一个用户被授权使用任何共享云帐户。计算系统接收来自用户访问云的请求，并确定共享云帐户中的一个是否可用于分配给用户。计算系统根据一个共享云帐户可用的确定将队列中的请求添加到队列中，并根据一个共享云帐户可用的确定将一个云帐户分配给用户。

4. 发明授权

US08370312B1 Systems and methods for using cloud-based storage to optimize data-storage operations 有权
标题翻译：使用基于云的存储优化数据存储操作的系统和方法
公开(公告)号：US08370312B1
公开(公告)日：2013-02-05
申请号：US12560374
申请日：2009-09-15
申请人： Sanjay Sawhney , Hemant Puri , Hans Van Rietschote
发明人： Sanjay Sawhney , Hemant Puri , Hans Van Rietschote
IPC分类号： G06F7/00 , G06F17/00
CPC分类号： G06F17/30566 , G06F17/30194 , H04L67/1002 , H04L67/1008 , H04L67/1021 , H04L67/1097
摘要： A computer-implemented method for using cloud-based storage to optimize data-storage operations may include: 1) receiving a request from a client device for instructions or directions for storing a data object, 2) accessing a data-placement policy that contains criteria for identifying storage systems suitable for storing the data object, 3) identifying, based at least in part on the data-placement policy, a plurality of storage systems for storing the data object, at least one of the storage systems including a third-party Internet-based storage system, and then 4) directing the client device to store the data object on the identified storage systems.
摘要翻译：用于使用基于云的存储来优化数据存储操作的计算机实现的方法可以包括：1）从客户端设备接收用于存储数据对象的指令或指令的请求，2）访问包含标准的数据放置策略用于识别适于存储数据对象的存储系统，3）至少部分地基于数据放置策略来识别用于存储数据对象的多个存储系统，至少一个存储系统包括第三方基于互联网的存储系统，然后4）指导客户端设备将数据对象存储在所识别的存储系统上。

5. 发明授权

US08111154B1 Systems and methods for monitoring a mobile-computing device using geo-location information 有权
标题翻译：使用地理位置信息监控移动计算设备的系统和方法
公开(公告)号：US08111154B1
公开(公告)日：2012-02-07
申请号：US12559456
申请日：2009-09-14
申请人： Hemant Puri , Anand Kashyap , Sanjay Sawhney
发明人： Hemant Puri , Anand Kashyap , Sanjay Sawhney
IPC分类号： G08B1/08
CPC分类号： G08B21/0202
摘要： A computer-implemented method for monitoring a mobile-computing device using geo-location information is disclosed. The method may include a learning phase. During the learning phase, a user may be located within a first range of physical locations during a recurring time period. The method may include generating a location profile for a mobile-computing device of the user and receiving a device-monitoring policy for the mobile-computing device from an administrator. The location profile may correlate the first range of physical locations with the recurring time period. The method may further include detecting, after the learning phase, that the mobile-computing device is outside the first range of physical locations during a first instance of the recurring time period. The method may also include implementing the device-monitoring policy after detecting that the mobile-computing device is outside the first range of physical locations during the first instance of the recurring time period.
摘要翻译：公开了一种使用地理位置信息监视移动计算设备的计算机实现的方法。该方法可以包括学习阶段。在学习阶段期间，在循环时间期间，用户可以位于物理位置的第一范围内。该方法可以包括为用户的移动计算设备生成位置简档，并从管理员接收移动计算设备的设备监视策略。位置简档可以将物理位置的第一范围与循环时间段相关联。该方法还可以包括在学习阶段之后在循环时间段的第一个实例期间检测出移动计算设备在物理位置的第一范围之外。该方法还可以包括在检测到在循环时间段的第一个实例期间移动计算设备在物理位置的第一范围之外的情况下实现设备监视策略。

6. 发明授权

US08874522B2 Managing backups of data objects in containers 有权
标题翻译：管理容器中数据对象的备份
公开(公告)号：US08874522B2
公开(公告)日：2014-10-28
申请号：US13285331
申请日：2011-10-31
申请人： Fanglu Guo , Petros Efstathopoulos , Xianbo Zhang , Sanjay Sawhney , Weibao Wu
发明人： Fanglu Guo , Petros Efstathopoulos , Xianbo Zhang , Sanjay Sawhney , Weibao Wu
IPC分类号： G06F17/30 , G06F7/00 , G06F11/14
CPC分类号： G06F11/1448 , G06F11/1451 , G06F11/1469 , G06F2201/81
摘要： Containers that store data objects that were written to those containers during a particular backup are accessed. Then, a subset of the containers is identified; the containers in the subset have less than a threshold number of data objects associated with the particular backup. Data objects that are in containers in that subset and that are associated with the backup are copied to one or more other containers. Those other containers are subsequently used to restore data objects associated with the backup.
摘要翻译：存储在特定备份期间存储写入这些容器的数据对象的容器。然后，识别容器的一个子集; 子集中的容器具有小于阈值数量的与特定备份相关联的数据对象。位于该子集中并与备份关联的容器中的数据对象将复制到一个或多个其他容器。这些其他容器随后用于还原与备份相关联的数据对象。

7. 发明授权

US08387046B1 Security driver for hypervisors and operating systems of virtualized datacenters 有权
标题翻译：虚拟化管理程序的安全驱动程序和虚拟化数据中心的操作系统
公开(公告)号：US08387046B1
公开(公告)日：2013-02-26
申请号：US12411628
申请日：2009-03-26
申请人： Bruce Montague , Sanjay Sawhney , Matthew Conover , Tzi-cker Chiueh
发明人： Bruce Montague , Sanjay Sawhney , Matthew Conover , Tzi-cker Chiueh
IPC分类号： G06F9/00
CPC分类号： G06F21/53 , G06F9/4555 , G06F9/45558 , G06F21/566 , G06F21/6281 , G06F2009/45587
摘要： A system and method for efficient security protocols in a virtualized datacenter environment are contemplated. In one embodiment, a system is provided comprising a hypervisor coupled to one or more protected virtual machines (VMs) and a security VM. Within a private communication channel, a split kernel loader provides an end-to-end communication between a paravirtualized security device driver, or symbiont, and the security VM. The symbiont monitors kernel-level activities of a corresponding guest OS, and conveys kernel-level metadata to the security VM via the private communication channel. Therefore, the well-known semantic gap problem is solved. The security VM is able to read all of the memory of a protected VM, detect locations of memory compromised by a malicious rootkit, and remediate any detected problems.
摘要翻译：预期在虚拟化数据中心环境中有效的安全协议的系统和方法。在一个实施例中，提供了一种系统，其包括耦合到一个或多个受保护的虚拟机（VM）和安全VM的管理程序。在私有通信信道中，分离的内核加载器提供了半虚拟化安全设备驱动程序或共生体与安全VM之间的端到端通信。 symbiont监控相应客户操作系统的内核级活动，并通过专用通信通道将内核级元数据传送到安全VM。因此，解决了众所周知的语义差距问题。安全VM能够读取受保护的VM的所有内存，检测由恶意rootkit损坏的内存的位置，并修复任何检测到的问题。

8. 发明授权

US08195688B1 Deconstruction and transformation of complex objects for de-duplicated storage 有权
标题翻译：复制存储的复杂对象的解构和转换
公开(公告)号：US08195688B1
公开(公告)日：2012-06-05
申请号：US12545245
申请日：2009-08-21
申请人： Sanjay Sawhney , Weibao Wu
发明人： Sanjay Sawhney , Weibao Wu
IPC分类号： G06F17/00
CPC分类号： G06F17/30097 , G06F17/30156
摘要： A system and method for storing a data object in a single-instance storage system are described. The data object may be deconstructed into a template and one or more values. If the template is not already stored in the single-instance storage system then it may be stored. Otherwise an existing copy of the template may be referenced. Similarly, existing copies of the values may be referenced if they are already present, or otherwise the values may be stored. Reconstruction information useable to reconstruct the data object may also be stored. The reconstruction information may reference the template and the one or more values stored in the single-instance storage system.
摘要翻译：描述用于在单实例存储系统中存储数据对象的系统和方法。数据对象可以被解构为模板和一个或多个值。如果模板尚未存储在单实例存储系统中，则可以存储该模板。否则可以引用模板的现有副本。类似地，如果这些值的现有副本已经存在，或者否则可以存储值，则可以引用这些值的现有副本。也可以存储可用于重建数据对象的重建信息。重建信息可以引用模板和存储在单实例存储系统中的一个或多个值。

9. 发明授权

US06212558B1 Method and apparatus for configuring and managing firewalls and security devices 失效
标题翻译：用于配置和管理防火墙和安全设备的方法和设备
公开(公告)号：US06212558B1
公开(公告)日：2001-04-03
申请号：US08998100
申请日：1997-12-24
申请人： Anand K. Antur , Sanjay Sawhney , Hemant Puri , Naveen S. Bisht
发明人： Anand K. Antur , Sanjay Sawhney , Hemant Puri , Naveen S. Bisht
IPC分类号： G06F1516
CPC分类号： H04L41/28 , H04L41/0893 , H04L41/22 , H04L63/02 , H04L63/20
摘要： A method for configuring a plurality of network security devices, includes the steps of providing a network directory services server providing network directory services to a plurality of network servers, each of the plurality of network servers coupled to one of the plurality of network security devices, implementing a security policy for the plurality of network security devices on the network directory services server, and using the network directory services to provide configuration information for the plurality of network security devices, in response to the security policy.
摘要翻译：一种用于配置多个网络安全设备的方法，包括以下步骤：提供向多个网络服务器提供网络目录服务的网络目录服务服务器，所述多个网络服务器中的每一个耦合到所述多个网络安全设备之一，对网络目录服务服务器上的多个网络安全设备实施安全策略，并响应于安全策略，使用网络目录服务为多个网络安全设备提供配置信息。

10. 发明授权

US09106687B1 Mechanism for profiling user and group accesses to content repository 有权
标题翻译：用于对用户和组访问内容存储库的机制
公开(公告)号：US09106687B1
公开(公告)日：2015-08-11
申请号：US13286952
申请日：2011-11-01
申请人： Sanjay Sawhney , Anantharaman Ganesh
发明人： Sanjay Sawhney , Anantharaman Ganesh
IPC分类号： G06F12/14 , G08B23/00 , H04L29/06
CPC分类号： H04L63/1416 , G06F21/316 , H04L12/185 , H04L51/04
摘要： A mechanism for profiling user and group accesses to a content repository is described. The mechanism for profiling accesses may generate baseline profiles and determine if new access behavior deviates from the generated baseline profile. The deviations may be defined in terms of folder and/or user-group distances within a file-system/storage and/or organization hierarchy, respectively. The mechanism also includes an analytics engine for anomaly detection and a recommendation component for recommending access-permissions to files/folders.
摘要翻译：描述用于对用户和组访问内容存储库进行分析的机制。分析访问的机制可能会生成基线配置文件，并确定新的访问行为是否偏离生成的基准配置文件。偏差可以分别根据文件系统/存储和/或组织层次结构中的文件夹和/或用户组距离来定义。该机制还包括用于异常检测的分析引擎和用于推荐对文件/文件夹的访问权限的推荐组件。

你已经成功收藏专利！

检索式保存成功!

IPRDB

热门服务

关于我们

友情链接

联系方式