专利快速检索-快速检索全球专利，免费商用专利数据库-IPRDB

1. 发明授权

US09954821B2 Internet protocol security (IPSEC) packet processing for multiple clients sharing a single network address 有权
公开(公告)号：US09954821B2
公开(公告)日：2018-04-24
申请号：US13547603
申请日：2012-07-12
申请人： Linwood H. Overby, Jr. , Joyce A. Porter , David J. Wierbowski
发明人： Linwood H. Overby, Jr. , Joyce A. Porter , David J. Wierbowski
IPC分类号： H04L29/06
CPC分类号： H04L63/0236 , H04L63/0263 , H04L63/164
摘要： Embodiments of the present invention address deficiencies of the art in respect to secure communications for multiple hosts in an address translation environment and provide a method, system and computer program product for IPsec SA management for multiple clients sharing a single network address. In one embodiment, a computer implemented method for IPsec SA management for multiple hosts sharing a single network address can include receiving a packet for IPsec processing for a specified client among the multiple clients sharing the single network address. A dynamic SA can be located among multiple dynamic SAs for the specified client using client identifying information exclusive of a 5-tuple produced for the dynamic SA. Finally, IPsec processing can be performed for the packet.

2. 发明授权

US09781162B2 Predictive generation of a security network protocol configuration 有权
公开(公告)号：US09781162B2
公开(公告)日：2017-10-03
申请号：US11354360
申请日：2006-02-15
申请人： Linwood H. Overby, Jr. , Mark T. Wright
发明人： Linwood H. Overby, Jr. , Mark T. Wright
IPC分类号： H04L12/28 , H04L29/06
CPC分类号： H04L63/20 , H04L63/164
摘要： A method, system and computer program product for predictively configuring a security services protocol implementation can be provided. The method can include providing a set of network topology descriptions and determining a selection of one of the network topology descriptions. The method further can include identifying configuration settings corresponding to the selection and applying the configuration settings to the security services protocol implementation. For instance, applying the configuration settings to the security services protocol implementation can include selecting encapsulation mode and routing settings for the security services protocol implementation.

3. 发明授权

US08250229B2 Internet protocol security (IPSEC) packet processing for multiple clients sharing a single network address 有权
标题翻译：互联网协议安全（IPSEC）数据包处理为多个客户端共享单个网络地址
公开(公告)号：US08250229B2
公开(公告)日：2012-08-21
申请号：US11238613
申请日：2005-09-29
申请人： Linwood H. Overby, Jr. , Joyce A. Porter , David J. Wierbowski
发明人： Linwood H. Overby, Jr. , Joyce A. Porter , David J. Wierbowski
IPC分类号： G06F15/16
CPC分类号： H04L63/0236 , H04L63/0263 , H04L63/164
摘要： Embodiments of the present invention address deficiencies of the art in respect to secure communications for multiple hosts in an address translation environment and provide a method, system and computer program product for IPsec SA management for multiple clients sharing a single network address. In one embodiment, a computer implemented method for IPsec SA management for multiple hosts sharing a single network address can include receiving a packet for IPsec processing for a specified client among the multiple clients sharing the single network address. A dynamic SA can be located among multiple dynamic SAs for the specified client using client identifying information exclusive of a 5-tuple produced for the dynamic SA. Finally, IPsec processing can be performed for the packet.
摘要翻译：本发明的实施例解决了关于地址转换环境中的多个主机的安全通信的本领域的缺陷，并且提供了用于共享单个网络地址的多个客户机的IPsec SA管理的方法，系统和计算机程序产品。在一个实施例中，用于对共享单个网络地址的多个主机进行IPsec SA管理的计算机实现方法可以包括在共享单个网络地址的多个客户端之间接收用于指定客户端的IPsec处理的分组。动态SA可以在指定客户机的多个动态SA之间使用除了为动态SA生成的5元组之外的客户端标识信息。最后，可以对数据包执行IPsec处理。

4. 发明授权

US09715401B2 Securing live migration of a virtual machine from a secure virtualized computing environment, over an unsecured network, to a different virtualized computing environment 有权
公开(公告)号：US09715401B2
公开(公告)日：2017-07-25
申请号：US12210249
申请日：2008-09-15
申请人： Wesley M. Devine , Sivaram Gottimukkala , Lap T. Huynh , Dinakaran Joseph , Michael S. Law , Linwood H. Overby, Jr.
发明人： Wesley M. Devine , Sivaram Gottimukkala , Lap T. Huynh , Dinakaran Joseph , Michael S. Law , Linwood H. Overby, Jr.
IPC分类号： G06F9/455
CPC分类号： G06F9/45558 , G06F9/4856 , G06F2009/4557
摘要： In an embodiment of the invention, a method for secure live migration of a virtual machine (VM) in a virtualized computing environment can include selecting a VM in a secure virtualized computing environment for live migration to a different virtualized computing environment and blocking data communications with the selected VM and other VMs in the secure virtualized computing environment. The selected VM can be live migrated to the different virtualized computing environment and the VM can be restarted in the different virtualized computing environment. Notably, a secure communicative link can be established between the restarted VM and at least one other of the VMs in the secure virtualized computing environment. Finally, data communications between the restarted VM and the at least one other of the VMs can be enabled over the secure communicative link.

5. 发明授权

US09137203B2 Centralized secure offload of cryptographic security services for distributed security enforcement points 有权
标题翻译：集中安全卸载分布式安全执行点的加密安全服务
公开(公告)号：US09137203B2
公开(公告)日：2015-09-15
申请号：US11626513
申请日：2007-01-24
申请人： Curtis M. Gearhart , Christopher Meyer , Linwood H. Overby, Jr. , David J. Wierbowski
发明人： Curtis M. Gearhart , Christopher Meyer , Linwood H. Overby, Jr. , David J. Wierbowski
IPC分类号： H04L29/06 , G06F15/16
CPC分类号： H04L63/0209 , H04L63/04 , H04L63/0485 , H04L63/0823 , H04L63/1408 , H04L2209/76
摘要： Embodiments of the present invention address deficiencies of the art in respect to network security and provide a method, system and computer program product for centralized secure offload of key exchange services for distributed security enforcement points. In one embodiment, a data processing system for centralized secure offload of key exchange services for distributed security enforcement points can be provided. The system can include a security enforcement point controlling communication flows between devices in different less trusted zones of protection, and a security server communicatively coupled to the security enforcement point and hosting key exchange services disposed in a more trusted zone of protection. The security enforcement point can include an interface to the key exchange services and program code enabled to offload at least one portion of a key exchange through the interface to the key exchange services disposed in the more trusted zone of protection.
摘要翻译：本发明的实施例解决了本领域在网络安全方面的缺陷，并且提供了一种用于分布式安全执行点的密钥交换服务的集中安全卸载的方法，系统和计算机程序产品。在一个实施例中，可以提供用于分布式安全执行点的密钥交换服务的集中安全卸载的数据处理系统。该系统可以包括控制不同不太信任的保护区域中的设备之间的通信流的安全执行点，以及通信地耦合到安全执行点并承载设置在更受信任的保护区域中的密钥交换服务的安全服务器。安全执行点可以包括密钥交换服务的接口和能够通过接口将密钥交换的至少一部分卸载到设置在更受信任的保护区域中的密钥交换服务的密码交换服务和程序代码。

6. 发明授权

US09021250B2 Security enforcement point inspection of encrypted data in an encrypted end-to end communications path 有权
标题翻译：在加密的端到端通信路径中对加密数据进行安全执行点检查
公开(公告)号：US09021250B2
公开(公告)日：2015-04-28
申请号：US11738500
申请日：2007-04-22
申请人： Linwood H. Overby, Jr.
发明人： Linwood H. Overby, Jr.
IPC分类号： H04L29/06
CPC分类号： H04L63/0428 , H04L63/062 , H04L63/168 , H04L63/30 , H04L63/306
摘要： Embodiments of the present invention address deficiencies of the art in respect to security function processing of encrypted data in a security enforcement point and provide a method, system and computer program product for security enforcement point inspection of a traversing encrypted data in a secure, end-to-end communications path. In an embodiment of the invention, a method for security enforcement point inspection of encrypted data in a secure, end-to-end communications path can be provided. The method can include establishing a persistent secure session with a key server holding an SA for an end-to-end secure communications path between endpoints, receiving the SA for the end-to-end secure communications path over the persistent secure session, decrypting an encrypted payload for the end-to-end secure communications path using session key data in the SA, and performing a security function on the decrypted payload.
摘要翻译：本发明的实施例解决了在安全执行点中关于加密数据的安全功能处理方面的技术缺陷，并且提供了一种用于安全执行点检查安全执行点检测的方法，系统和计算机程序产品，端到端通信路径。在本发明的实施例中，可以提供一种用于在安全的端到端通信路径中对加密数据进行安全执行点检查的方法。该方法可以包括与端点之间的端对端安全通信路径保持SA的密钥服务器建立持久的安全会话，通过持久安全会话接收端到端安全通信路径的SA，解密使用SA中的会话密钥数据进行端到端安全通信路径的加密有效载荷，并对解密的有效载荷执行安全功能。

7. 发明授权

US08925081B2 Application based intrusion detection 有权
标题翻译：基于应用的入侵检测
公开(公告)号：US08925081B2
公开(公告)日：2014-12-30
申请号：US13469357
申请日：2012-05-11
申请人： Lap T. Huynh , Linwood H. Overby, Jr.
发明人： Lap T. Huynh , Linwood H. Overby, Jr.
IPC分类号： H04L29/06 , G06F21/55
CPC分类号： G06F21/554
摘要： Intrusion detection is performed by communicating an initialization request from an intrusion detection system enabled application to an intrusion module to begin intrusion detection. Also, a request is communicated to a policy transfer agent to provide an intrusion detection system policy specifically configured for the application. The application identifies where in the application code the intrusion detection system policy is to be checked against an incoming or outgoing communication. Information obtained by the application program is selectively evaluated against information in the intrusion detection system policy. A conditional response is made based upon information in the intrusion detection system policy if an intrusion associated with the application program is detected.
摘要翻译：通过将初始化请求从入侵检测系统启用的应用程序传送到入侵模块以开始入侵检测来执行入侵检测。而且，请求被传送给策略传输代理，以提供专门为应用配置的入侵检测系统策略。该应用程序在应用程序代码中识别入侵检测系统策略要根据传入或传出通信进行检查。根据入侵检测系统策略中的信息选择性地评估由应用程序获得的信息。如果检测到与应用程序相关联的入侵，则基于入侵检测系统策略中的信息进行条件响应。

8. 发明授权

US08891550B2 Platform independent configuration of multiple network services 有权
标题翻译：平台独立配置多个网络服务
公开(公告)号：US08891550B2
公开(公告)日：2014-11-18
申请号：US11355023
申请日：2006-02-15
申请人： Lap T. Huynh , Dinakaran Joseph , Linwood H. Overby, Jr. , Mark T. Wright
发明人： Lap T. Huynh , Dinakaran Joseph , Linwood H. Overby, Jr. , Mark T. Wright
IPC分类号： H04J3/16 , H04J3/22 , H04L29/06
CPC分类号： H04L63/105 , H04L63/166
摘要： Embodiments of the present invention address deficiencies of the art in respect to network services protocol implementation configuration and provide a method, system and computer program product for platform independent configuration of multiple network services protocol implementations. In one embodiment of the invention, a method for configuring a network services protocol implementation can include configuring a platform independent configuration for a network services protocol implementation. Thereafter, a target node can be selected to receive a deployment of the network services protocol implementation and the configured platform independent configuration can be transformed into a platform specific configuration for the target node. Finally, the transformed platform specific configuration can be deployed onto the target node.
摘要翻译：本发明的实施例解决了关于网络服务协议实现配置的本领域的缺陷，并提供了用于多个网络服务协议实现的用于独立于平台的配置的方法，系统和计算机程序产品。在本发明的一个实施例中，用于配置网络服务协议实现的方法可以包括为网络服务协议实现配置与平台无关的配置。此后，可以选择目标节点以接收网络服务协议实现的部署，并且将配置的平台无关配置转换为目标节点的平台特定配置。最后，转换的平台特定配置可以部署到目标节点上。

9. 发明授权

US06976164B1 Technique for handling subsequent user identification and password requests with identity change within a certificate-based host session 失效
标题翻译：用于在基于证书的主机会话内处理后续用户标识和密码请求的技术用于身份更改
公开(公告)号：US06976164B1
公开(公告)日：2005-12-13
申请号：US09619912
申请日：2000-07-19
申请人： Julie H. King , Susan D. Kirkman , Daniel J. Labrecque , Linwood H. Overby, Jr. , Steven Wayne Pogue
发明人： Julie H. King , Susan D. Kirkman , Daniel J. Labrecque , Linwood H. Overby, Jr. , Steven Wayne Pogue
IPC分类号： G06F11/30 , H04L9/00 , H04L29/06 , G04K1/00
CPC分类号： H04L63/0815 , G06Q20/202 , G06Q20/367 , H04L63/0823 , Y10S707/99939
摘要： The present invention provides a method, system, and computer program product which enables changing user credentials that are used to access legacy host applications and/or systems which provide legacy host data during a secure host access session which is authenticated using a digital certificate and is protected by a host-based security system, such as RACF (Resource Access Control Facility, a product offered by the IBM Corporation), where these changed credentials are used to authenticate a user after previously-provided credentials have been used for authentication earlier in the same session. The changed credentials may belong to the same user, where that user happens to have a different user ID and/or password for different legacy host applications and wishes to change from accessing one legacy host application to accessing another. Or, the changed credentials may be used to enable a different user to interact with the same legacy host application used by the previously-authenticated user. The disclosed technique may also be used advantageously to authenticate a user for accessing an application, when the user's credentials are not changing.
摘要翻译：本发明提供一种方法，系统和计算机程序产品，其能够改变用于访问传统主机应用的用户凭证和/或在使用数字证书认证的安全主机访问会话期间提供传统主机数据的系统，并且是受基于主机的安全系统的保护，例如RACF（资源访问控制设施，IBM公司提供的产品），其中这些更改的凭据用于在之前提供的凭据在相同的会话已更改的凭据可能属于同一用户，其中该用户恰好具有不同的传统主机应用程序的不同用户ID和/或密码，并希望从访问一个旧主机应用程序改变为访问另一个。或者，更改的凭证可以用于使不同的用户能够与先前认证的用户使用的相同的遗留主机应用交互。当用户的凭证不改变时，所公开的技术也可以有利地用于认证用户访问应用。

10. 发明授权

US08458768B2 Policy-based security certificate filtering 有权
标题翻译：基于策略的安全证书过滤
公开(公告)号：US08458768B2
公开(公告)日：2013-06-04
申请号：US13111907
申请日：2011-05-19
申请人： Roy F. Brabson , Barry Mosakowski , Linwood H. Overby, Jr.
发明人： Roy F. Brabson , Barry Mosakowski , Linwood H. Overby, Jr.
IPC分类号： H04L29/06
CPC分类号： H04L63/0823 , G06F21/33 , H04L9/3265 , H04L63/0227 , H04L63/12 , H04L63/166 , H04L2209/80
摘要： Policy filtering services are built into security processing of an execution environment for resolving how to handle a digital security certificate of a communicating entity without requiring a local copy of a root certificate that is associated with the entity through a certificate authority (“CA”) chain. Policy may be specified using a set of rules (or other policy format) indicating conditions for certificate filtering. This filtering is preferably invoked during handshaking, upon determining that a needed root CA certificate is not available. In one approach, the policy uses rules specifying conditions under which a certificate is permitted (i.e., treated as if it is validated) and other rules specifying conditions under which a certificate is blocked (i.e., treated as if it is invalid). Preferably, policy rules are evaluated and enforced in order of most-specific to least-specific.
摘要翻译：策略过滤服务内置在执行环境的安全处理中，用于解决如何处理通信实体的数字安全证书，而不需要通过证书颁发机构（“CA”）链与实体相关联的根证书的本地副本。可以使用指示证书筛选条件的一组规则（或其他策略格式）来指定策略。在确定所需的根CA证书不可用时，优选地在握手期间调用该过滤。在一种方法中，策略使用规则来规定允许证书的条件（即被视为已被验证）以及指定证书被阻止的条件的其他规则（即被视为无效）。优选地，按照大多数特定到最小特定的顺序来评估和执行策略规则。

你已经成功收藏专利！

检索式保存成功!

IPRDB

热门服务

关于我们

友情链接

联系方式