专利快速检索-快速检索全球专利，免费商用专利数据库-IPRDB

1. 发明授权

US08891550B2 Platform independent configuration of multiple network services 有权
标题翻译：平台独立配置多个网络服务
公开(公告)号：US08891550B2
公开(公告)日：2014-11-18
申请号：US11355023
申请日：2006-02-15
申请人： Lap T. Huynh , Dinakaran Joseph , Linwood H. Overby, Jr. , Mark T. Wright
发明人： Lap T. Huynh , Dinakaran Joseph , Linwood H. Overby, Jr. , Mark T. Wright
IPC分类号： H04J3/16 , H04J3/22 , H04L29/06
CPC分类号： H04L63/105 , H04L63/166
摘要： Embodiments of the present invention address deficiencies of the art in respect to network services protocol implementation configuration and provide a method, system and computer program product for platform independent configuration of multiple network services protocol implementations. In one embodiment of the invention, a method for configuring a network services protocol implementation can include configuring a platform independent configuration for a network services protocol implementation. Thereafter, a target node can be selected to receive a deployment of the network services protocol implementation and the configured platform independent configuration can be transformed into a platform specific configuration for the target node. Finally, the transformed platform specific configuration can be deployed onto the target node.
摘要翻译：本发明的实施例解决了关于网络服务协议实现配置的本领域的缺陷，并提供了用于多个网络服务协议实现的用于独立于平台的配置的方法，系统和计算机程序产品。在本发明的一个实施例中，用于配置网络服务协议实现的方法可以包括为网络服务协议实现配置与平台无关的配置。此后，可以选择目标节点以接收网络服务协议实现的部署，并且将配置的平台无关配置转换为目标节点的平台特定配置。最后，转换的平台特定配置可以部署到目标节点上。

2. 发明授权

US09715401B2 Securing live migration of a virtual machine from a secure virtualized computing environment, over an unsecured network, to a different virtualized computing environment 有权
公开(公告)号：US09715401B2
公开(公告)日：2017-07-25
申请号：US12210249
申请日：2008-09-15
申请人： Wesley M. Devine , Sivaram Gottimukkala , Lap T. Huynh , Dinakaran Joseph , Michael S. Law , Linwood H. Overby, Jr.
发明人： Wesley M. Devine , Sivaram Gottimukkala , Lap T. Huynh , Dinakaran Joseph , Michael S. Law , Linwood H. Overby, Jr.
IPC分类号： G06F9/455
CPC分类号： G06F9/45558 , G06F9/4856 , G06F2009/4557
摘要： In an embodiment of the invention, a method for secure live migration of a virtual machine (VM) in a virtualized computing environment can include selecting a VM in a secure virtualized computing environment for live migration to a different virtualized computing environment and blocking data communications with the selected VM and other VMs in the secure virtualized computing environment. The selected VM can be live migrated to the different virtualized computing environment and the VM can be restarted in the different virtualized computing environment. Notably, a secure communicative link can be established between the restarted VM and at least one other of the VMs in the secure virtualized computing environment. Finally, data communications between the restarted VM and the at least one other of the VMs can be enabled over the secure communicative link.

3. 发明授权

US08925081B2 Application based intrusion detection 有权
标题翻译：基于应用的入侵检测
公开(公告)号：US08925081B2
公开(公告)日：2014-12-30
申请号：US13469357
申请日：2012-05-11
申请人： Lap T. Huynh , Linwood H. Overby, Jr.
发明人： Lap T. Huynh , Linwood H. Overby, Jr.
IPC分类号： H04L29/06 , G06F21/55
CPC分类号： G06F21/554
摘要： Intrusion detection is performed by communicating an initialization request from an intrusion detection system enabled application to an intrusion module to begin intrusion detection. Also, a request is communicated to a policy transfer agent to provide an intrusion detection system policy specifically configured for the application. The application identifies where in the application code the intrusion detection system policy is to be checked against an incoming or outgoing communication. Information obtained by the application program is selectively evaluated against information in the intrusion detection system policy. A conditional response is made based upon information in the intrusion detection system policy if an intrusion associated with the application program is detected.
摘要翻译：通过将初始化请求从入侵检测系统启用的应用程序传送到入侵模块以开始入侵检测来执行入侵检测。而且，请求被传送给策略传输代理，以提供专门为应用配置的入侵检测系统策略。该应用程序在应用程序代码中识别入侵检测系统策略要根据传入或传出通信进行检查。根据入侵检测系统策略中的信息选择性地评估由应用程序获得的信息。如果检测到与应用程序相关联的入侵，则基于入侵检测系统策略中的信息进行条件响应。

4. 发明授权

US08220052B2 Application based intrusion detection 有权
标题翻译：基于应用的入侵检测
公开(公告)号：US08220052B2
公开(公告)日：2012-07-10
申请号：US10457908
申请日：2003-06-10
申请人： Lap T. Huynh , Linwood H. Overby, Jr.
发明人： Lap T. Huynh , Linwood H. Overby, Jr.
IPC分类号： H04L29/06
CPC分类号： G06F21/554
摘要： A method of detecting an intrusion into a computer. At least one communication to an application program is selectively evaluated by the application program accessing an intrusion detection service to evaluate the communication.
摘要翻译：一种检测入侵计算机的方法。通过访问入侵检测服务的应用程序来选择性地评估对应用程序的至少一个通信以评估通信。

5. 发明授权

US09781162B2 Predictive generation of a security network protocol configuration 有权
公开(公告)号：US09781162B2
公开(公告)日：2017-10-03
申请号：US11354360
申请日：2006-02-15
申请人： Linwood H. Overby, Jr. , Mark T. Wright
发明人： Linwood H. Overby, Jr. , Mark T. Wright
IPC分类号： H04L12/28 , H04L29/06
CPC分类号： H04L63/20 , H04L63/164
摘要： A method, system and computer program product for predictively configuring a security services protocol implementation can be provided. The method can include providing a set of network topology descriptions and determining a selection of one of the network topology descriptions. The method further can include identifying configuration settings corresponding to the selection and applying the configuration settings to the security services protocol implementation. For instance, applying the configuration settings to the security services protocol implementation can include selecting encapsulation mode and routing settings for the security services protocol implementation.

6. 发明授权

US08539548B1 Tiered network policy configuration with policy customization control 失效
标题翻译：具有策略定制控制的分层网络策略配置
公开(公告)号：US08539548B1
公开(公告)日：2013-09-17
申请号：US13458610
申请日：2012-04-27
申请人： Linwood H. Overby, Jr. , Kimberly T. Bailey , Jeffrey B. Cates , Mark T. Wright
发明人： Linwood H. Overby, Jr. , Kimberly T. Bailey , Jeffrey B. Cates , Mark T. Wright
IPC分类号： G06F21/00
CPC分类号： G06F21/6218
摘要： A hierarchical administrative system centrally controls configuration of network security policy for a group of information handling systems (IHSs) by multiple tier levels of administration. The highest tier level of administration builds policies that fulfill IT security policy intent. Higher level administrators may scope subordinate administrators to a group of IHSs or a single IHS. Higher level administrators may allow subordinate administrators to perform system specific customization of the policy based on permissions that the higher level administrator grants. Customization may include completing partially-built rule conditions with IP address and port, completing partially-built rule actions, and adding or deleting rules based on IHS unique applications or security requirements. A security enforcement tool may enforce customizations of network security policy. A security policy administration tool along with the security enforcement tool may detect attempts to work around the administrative system, and alerts higher tier level administrators and/or takes remedial action.
摘要翻译：分级管理系统通过多层次管理集中控制一组信息处理系统（IHS）的网络安全策略配置。最高级别的管理层构建了实现IT安全策略意图的策略。较高级别的管理员可以将下级管理员列为一组IHS或单个IHS。较高级别的管理员可以允许下级管理员根据上级管理员授予的权限执行策略的系统特定定制。定制可能包括完成部分构建的IP地址和端口的规则条件，完成部分构建的规则操作，以及基于IHS唯一应用程序或安全要求添加或删除规则。安全执行工具可以强制实施网络安全策略的自定义。安全策略管理工具以及安全执行工具可以检测围绕管理系统的尝试，并警告更高级别的管理员和/或采取补救措施。

7. 发明授权

US09954821B2 Internet protocol security (IPSEC) packet processing for multiple clients sharing a single network address 有权
公开(公告)号：US09954821B2
公开(公告)日：2018-04-24
申请号：US13547603
申请日：2012-07-12
申请人： Linwood H. Overby, Jr. , Joyce A. Porter , David J. Wierbowski
发明人： Linwood H. Overby, Jr. , Joyce A. Porter , David J. Wierbowski
IPC分类号： H04L29/06
CPC分类号： H04L63/0236 , H04L63/0263 , H04L63/164
摘要： Embodiments of the present invention address deficiencies of the art in respect to secure communications for multiple hosts in an address translation environment and provide a method, system and computer program product for IPsec SA management for multiple clients sharing a single network address. In one embodiment, a computer implemented method for IPsec SA management for multiple hosts sharing a single network address can include receiving a packet for IPsec processing for a specified client among the multiple clients sharing the single network address. A dynamic SA can be located among multiple dynamic SAs for the specified client using client identifying information exclusive of a 5-tuple produced for the dynamic SA. Finally, IPsec processing can be performed for the packet.

8. 发明授权

US08250229B2 Internet protocol security (IPSEC) packet processing for multiple clients sharing a single network address 有权
标题翻译：互联网协议安全（IPSEC）数据包处理为多个客户端共享单个网络地址
公开(公告)号：US08250229B2
公开(公告)日：2012-08-21
申请号：US11238613
申请日：2005-09-29
申请人： Linwood H. Overby, Jr. , Joyce A. Porter , David J. Wierbowski
发明人： Linwood H. Overby, Jr. , Joyce A. Porter , David J. Wierbowski
IPC分类号： G06F15/16
CPC分类号： H04L63/0236 , H04L63/0263 , H04L63/164
摘要： Embodiments of the present invention address deficiencies of the art in respect to secure communications for multiple hosts in an address translation environment and provide a method, system and computer program product for IPsec SA management for multiple clients sharing a single network address. In one embodiment, a computer implemented method for IPsec SA management for multiple hosts sharing a single network address can include receiving a packet for IPsec processing for a specified client among the multiple clients sharing the single network address. A dynamic SA can be located among multiple dynamic SAs for the specified client using client identifying information exclusive of a 5-tuple produced for the dynamic SA. Finally, IPsec processing can be performed for the packet.
摘要翻译：本发明的实施例解决了关于地址转换环境中的多个主机的安全通信的本领域的缺陷，并且提供了用于共享单个网络地址的多个客户机的IPsec SA管理的方法，系统和计算机程序产品。在一个实施例中，用于对共享单个网络地址的多个主机进行IPsec SA管理的计算机实现方法可以包括在共享单个网络地址的多个客户端之间接收用于指定客户端的IPsec处理的分组。动态SA可以在指定客户机的多个动态SA之间使用除了为动态SA生成的5元组之外的客户端标识信息。最后，可以对数据包执行IPsec处理。

9. 发明授权

US09137203B2 Centralized secure offload of cryptographic security services for distributed security enforcement points 有权
标题翻译：集中安全卸载分布式安全执行点的加密安全服务
公开(公告)号：US09137203B2
公开(公告)日：2015-09-15
申请号：US11626513
申请日：2007-01-24
申请人： Curtis M. Gearhart , Christopher Meyer , Linwood H. Overby, Jr. , David J. Wierbowski
发明人： Curtis M. Gearhart , Christopher Meyer , Linwood H. Overby, Jr. , David J. Wierbowski
IPC分类号： H04L29/06 , G06F15/16
CPC分类号： H04L63/0209 , H04L63/04 , H04L63/0485 , H04L63/0823 , H04L63/1408 , H04L2209/76
摘要： Embodiments of the present invention address deficiencies of the art in respect to network security and provide a method, system and computer program product for centralized secure offload of key exchange services for distributed security enforcement points. In one embodiment, a data processing system for centralized secure offload of key exchange services for distributed security enforcement points can be provided. The system can include a security enforcement point controlling communication flows between devices in different less trusted zones of protection, and a security server communicatively coupled to the security enforcement point and hosting key exchange services disposed in a more trusted zone of protection. The security enforcement point can include an interface to the key exchange services and program code enabled to offload at least one portion of a key exchange through the interface to the key exchange services disposed in the more trusted zone of protection.
摘要翻译：本发明的实施例解决了本领域在网络安全方面的缺陷，并且提供了一种用于分布式安全执行点的密钥交换服务的集中安全卸载的方法，系统和计算机程序产品。在一个实施例中，可以提供用于分布式安全执行点的密钥交换服务的集中安全卸载的数据处理系统。该系统可以包括控制不同不太信任的保护区域中的设备之间的通信流的安全执行点，以及通信地耦合到安全执行点并承载设置在更受信任的保护区域中的密钥交换服务的安全服务器。安全执行点可以包括密钥交换服务的接口和能够通过接口将密钥交换的至少一部分卸载到设置在更受信任的保护区域中的密钥交换服务的密码交换服务和程序代码。

10. 发明授权

US09021250B2 Security enforcement point inspection of encrypted data in an encrypted end-to end communications path 有权
标题翻译：在加密的端到端通信路径中对加密数据进行安全执行点检查
公开(公告)号：US09021250B2
公开(公告)日：2015-04-28
申请号：US11738500
申请日：2007-04-22
申请人： Linwood H. Overby, Jr.
发明人： Linwood H. Overby, Jr.
IPC分类号： H04L29/06
CPC分类号： H04L63/0428 , H04L63/062 , H04L63/168 , H04L63/30 , H04L63/306
摘要： Embodiments of the present invention address deficiencies of the art in respect to security function processing of encrypted data in a security enforcement point and provide a method, system and computer program product for security enforcement point inspection of a traversing encrypted data in a secure, end-to-end communications path. In an embodiment of the invention, a method for security enforcement point inspection of encrypted data in a secure, end-to-end communications path can be provided. The method can include establishing a persistent secure session with a key server holding an SA for an end-to-end secure communications path between endpoints, receiving the SA for the end-to-end secure communications path over the persistent secure session, decrypting an encrypted payload for the end-to-end secure communications path using session key data in the SA, and performing a security function on the decrypted payload.
摘要翻译：本发明的实施例解决了在安全执行点中关于加密数据的安全功能处理方面的技术缺陷，并且提供了一种用于安全执行点检查安全执行点检测的方法，系统和计算机程序产品，端到端通信路径。在本发明的实施例中，可以提供一种用于在安全的端到端通信路径中对加密数据进行安全执行点检查的方法。该方法可以包括与端点之间的端对端安全通信路径保持SA的密钥服务器建立持久的安全会话，通过持久安全会话接收端到端安全通信路径的SA，解密使用SA中的会话密钥数据进行端到端安全通信路径的加密有效载荷，并对解密的有效载荷执行安全功能。

你已经成功收藏专利！

检索式保存成功!

IPRDB

热门服务

关于我们

友情链接

联系方式