专利快速检索-快速检索全球专利，免费商用专利数据库-IPRDB

1. 发明申请

US20090260083A1 SYSTEM AND METHOD FOR SOURCE IP ANTI-SPOOFING SECURITY 有权
标题翻译：源IP防盗安全系统和方法
公开(公告)号：US20090260083A1
公开(公告)日：2009-10-15
申请号：US12392422
申请日：2009-02-25
申请人： Ronald W. Szeto , Nitin Jain , Ravindran Suresh , Philip Kwan
发明人： Ronald W. Szeto , Nitin Jain , Ravindran Suresh , Philip Kwan
IPC分类号： G06F7/04 , G06F15/18
CPC分类号： H04L63/0263 , H04L63/101 , H04L63/1441 , H04L2463/146
摘要： A system and method that provides for using source IP addresses and MAC addresses in a network to provide security against attempts by users of the network to use false source IP addresses in data packets. The system and method provide for analyzing MAC addresses and source IP addresses at the datalink (layer 2) level, and to use the information derived from such analysis to block access through a port where a host device is using a false, or spoofed, source IP address in transmitted data packets. Further, the system and method provide for validating initially learned source IP addresses, and for determining whether the number of unsuccessful attempts to validate new source IP addresses exceeds a threshold level, and where the number does exceed the threshold number the system and method can provide for operation in a possible attack mode.
摘要翻译：提供在网络中使用源IP地址和MAC地址的系统和方法来提供安全性以防止网络用户在数据分组中使用虚拟源IP地址的尝试。该系统和方法提供用于分析数据链路（层2）级别的MAC地址和源IP地址，并且使用从这种分析导出的信息阻止通过主机设备正在使用虚假或欺骗源的端口的访问传输数据包中的IP地址。此外，系统和方法提供用于验证初始学习的源IP地址，并且用于确定验证新的源IP地址的不成功尝试的次数是否超过阈值水平，并且其中该数量超过阈值数目，系统和方法可以提供用于在可能的攻击模式下操作。

2. 发明授权

US08533823B2 System and method for source IP anti-spoofing security 有权
公开(公告)号：US08533823B2
公开(公告)日：2013-09-10
申请号：US12392422
申请日：2009-02-25
申请人： Ronald W. Szeto , Nitin Jain , Ravindran Suresh , Philip Kwan
发明人： Ronald W. Szeto , Nitin Jain , Ravindran Suresh , Philip Kwan
IPC分类号： G06F12/00
CPC分类号： H04L63/0263 , H04L63/101 , H04L63/1441 , H04L2463/146
摘要： A system and method that provides for using source IP addresses and MAC addresses in a network to provide security against attempts by users of the network to use false source IP addresses in data packets. The system and method provide for analyzing MAC addresses and source IP addresses at the datalink (layer 2) level, and to use the information derived from such analysis to block access through a port where a host device is using a false, or spoofed, source IP address in transmitted data packets. Further, the system and method provide for validating initially learned source IP addresses, and for determining whether the number of unsuccessful attempts to validate new source IP addresses exceeds a threshold level, and where the number does exceed the threshold number the system and method can provide for operation in a possible attack mode.

3. 发明授权

US07516487B1 System and method for source IP anti-spoofing security 有权
标题翻译：源IP防欺骗安全的系统和方法
公开(公告)号：US07516487B1
公开(公告)日：2009-04-07
申请号：US10850505
申请日：2004-05-20
申请人： Ronald W. Szeto , Nitin Jain , Ravindran Suresh , Philip Kwan
发明人： Ronald W. Szeto , Nitin Jain , Ravindran Suresh , Philip Kwan
IPC分类号： G06F7/04
CPC分类号： H04L63/0263 , H04L63/101 , H04L63/1441 , H04L2463/146
摘要： A system and method that provides for using source IP addresses and MAC addresses in a network to provide security against attempts by users of the network to use false source IP addresses in data packets. The system and method provide for analyzing MAC addresses and source IP addresses at the datalink (layer 2) level, and to use the information derived from such analysis to block access through a port where a host device is using a false, or spoofed, source IP address in transmitted data packets. Further, the system and method provide for validating initially learned source IP addresses, and for determining whether the number of unsuccessful attempts to validate new source IP addresses exceeds a threshold level, and where the number does exceed the threshold number the system and method can provide for operation in a possible attack mode.
摘要翻译：提供在网络中使用源IP地址和MAC地址的系统和方法来提供安全性以防止网络用户在数据分组中使用虚拟源IP地址的尝试。该系统和方法提供用于分析数据链路（层2）级别的MAC地址和源IP地址，并且使用从这种分析导出的信息阻止通过主机设备正在使用虚假或欺骗源的端口的访问传输数据包中的IP地址。此外，系统和方法提供用于验证初始学习的源IP地址，并且用于确定验证新的源IP地址的不成功尝试的次数是否超过阈值水平，并且其中该数量超过阈值数目，系统和方法可以提供用于在可能的攻击模式下操作。

4. 发明授权

US08893256B2 System and method for protecting CPU against remote access attacks 有权
标题翻译：防止CPU远程访问攻击的系统和方法
公开(公告)号：US08893256B2
公开(公告)日：2014-11-18
申请号：US12827235
申请日：2010-06-30
申请人： Ronald W. Szeto , Philip Kwan , Raymond Wai-Kit Kwong
发明人： Ronald W. Szeto , Philip Kwan , Raymond Wai-Kit Kwong
IPC分类号： H04L29/06
CPC分类号： H04L63/0236
摘要： A system and method that provides for protection of a CPU of a router, by establishing a management port on a router. Hosts which are connected to a non-management ports of the router are denied access to management functions of a CPU of the router. The system and method can utilize an application specific integrated circuit, in conjunction with a CAM-ACL, which analyzes data packets received on the ports of router, and the ASIC operates to drop data packets which are directed to the CPU of the router. This system and method operates to filter data packets which may be generated in attempts to hack in to control functions of a network device, and the operation does not require that the CPU analyze all received data packets in connection with determining access to the control functions of the router.
摘要翻译：通过在路由器上建立管理端口，提供路由器的CPU保护的系统和方法。连接到路由器的非管理端口的主机被拒绝访问路由器的CPU的管理功能。该系统和方法可以结合CAM-ACL使用专用集成电路，CAM-ACL分析在路由器端口上接收的数据分组，并且ASIC操作以丢弃指向路由器的CPU的数据分组。该系统和方法操作以过滤可能在尝试入侵以控制网络设备的功能时产生的数据分组，并且该操作不要求CPU分析所有接收到的数据分组，以确定访问控制功能路由器

5. 发明申请

US20100333191A1 SYSTEM AND METHOD FOR PROTECTING CPU AGAINST REMOTE ACCESS ATTACKS 有权
标题翻译：保护CPU防范远程访问攻击的系统和方法
公开(公告)号：US20100333191A1
公开(公告)日：2010-12-30
申请号：US12827235
申请日：2010-06-30
申请人： Ronald W. Szeto , Philip Kwan , Raymond Wai-Kit Kwong
发明人： Ronald W. Szeto , Philip Kwan , Raymond Wai-Kit Kwong
IPC分类号： H04L29/06 , G06F21/00
CPC分类号： H04L63/0236
摘要： A system and method that provides for protection of a CPU of a router, by establishing a management port on a router. Hosts which are connected to a non-management ports of the router are denied access to management functions of a CPU of the router. The system and method can utilize an application specific integrated circuit, in conjunction with a CAM-ACL, which analyzes data packets received on the ports of router, and the ASIC operates to drop data packets which are directed to the CPU of the router. This system and method operates to filter data packets which may be generated in attempts to hack in to control functions of a network device, and the operation does not require that the CPU analyze all received data packets in connection with determining access to the control functions of the router.
摘要翻译：通过在路由器上建立管理端口，提供路由器的CPU保护的系统和方法。连接到路由器的非管理端口的主机被拒绝访问路由器的CPU的管理功能。该系统和方法可以结合CAM-ACL使用专用集成电路，CAM-ACL分析在路由器端口上接收的数据分组，并且ASIC操作以丢弃指向路由器的CPU的数据分组。该系统和方法操作以过滤可能在尝试入侵以控制网络设备的功能时产生的数据分组，并且该操作不要求CPU分析所有接收到的数据分组，以确定访问控制功能路由器

6. 发明授权

US07774833B1 System and method for protecting CPU against remote access attacks 有权
标题翻译：防止CPU远程访问攻击的系统和方法
公开(公告)号：US07774833B1
公开(公告)日：2010-08-10
申请号：US10668455
申请日：2003-09-23
申请人： Ronald W. Szeto , Philip Kwan , Raymond Wai-Kit Kwong
发明人： Ronald W. Szeto , Philip Kwan , Raymond Wai-Kit Kwong
IPC分类号： H04L29/06 , G06F21/00
CPC分类号： H04L63/0236
摘要： A system and method that provides for protection of a CPU of a router, by establishing a management port on a router. Hosts which are connected to a non-management ports of the router are denied access to management functions of a CPU of the router. The system and method can utilize an application specific integrated circuit, in conjunction with a CAM-ACL, which analyzes data packets received on the ports of router, and the ASIC operates to drop data packets which are directed to the CPU of the router. This system and method operates to filter data packets which may be generated in attempts to hack in to control functions of a network device, and the operation does not require that the CPU analyze all received data packets in connection with determining access to the control functions of the router.
摘要翻译：通过在路由器上建立管理端口，提供路由器的CPU保护的系统和方法。连接到路由器的非管理端口的主机被拒绝访问路由器的CPU的管理功能。该系统和方法可以结合CAM-ACL使用专用集成电路，CAM-ACL分析在路由器端口上接收的数据分组，并且ASIC操作以丢弃指向路由器的CPU的数据分组。该系统和方法操作以过滤可能在尝试入侵以控制网络设备的功能时产生的数据分组，并且该操作不要求CPU分析所有接收到的数据分组，以确定访问控制功能路由器

7. 发明授权

US08769260B1 Messaging system with user-friendly encryption and decryption 有权
标题翻译：消息系统具有用户友好的加密和解密功能
公开(公告)号：US08769260B1
公开(公告)日：2014-07-01
申请号：US13443337
申请日：2012-04-10
申请人： Philip Kwan , Michael Harry Palmer
发明人： Philip Kwan , Michael Harry Palmer
IPC分类号： H04L29/06 , G06F21/00
CPC分类号： G06F21/00 , H04L51/066 , H04L63/045 , H04L63/0471
摘要： Encryption of message content of an e-mail sent by way of a webmail service may be performed in response to activation of a user interface element. The message content may be encrypted using a symmetric key. A public key of a recipient of the e-mail is received from a backend service and employed to encrypt the symmetric key. The encrypted symmetric key and encrypted message content are sent to a recipient by way of the webmail service. Decryption of the encrypted message content may be performed in response to activation of another user interface element. A private key of the recipient is received from the backend service and employed to decrypt the encrypted symmetric key. The symmetric key is thereafter employed to decrypt the encrypted message content.
摘要翻译：可以响应于用户界面元素的激活来执行通过webmail服务发送的电子邮件的消息内容的加密。消息内容可以使用对称密钥加密。从后端服务接收电子邮件接收者的公开密钥，用于加密对称密钥。加密的对称密钥和加密的消息内容通过webmail服务发送给接收者。加密消息内容的解密可以响应于另一个用户界面元素的激活来执行。从后端服务接收到接收者的私钥，并采用解密加密的对称密钥。此后采用对称密钥来解密加密的消息内容。

8. 发明授权

US08239929B2 Multiple tiered network security system, method and apparatus using dynamic user policy assignment 有权
标题翻译：多层网络安全系统，使用动态用户策略分配的方法和装置
公开(公告)号：US08239929B2
公开(公告)日：2012-08-07
申请号：US12769626
申请日：2010-04-28
申请人： Philip Kwan , Chi-Jui Ho
发明人： Philip Kwan , Chi-Jui Ho
IPC分类号： G06F21/00 , H04L9/32
CPC分类号： H04L63/08 , H04L63/0876 , H04L63/102
摘要： A multiple key, multiple tiered network security system, method and apparatus provides at least three levels of security. The first level of security includes physical (MAC) address authentication of a user device being attached to the network, such as a user device being attached to a port of a network access device. The second level includes authentication of the user of the user device, such as user authentication in accordance with the IEEE 802.1x standard. The third level includes dynamic assignment of a user policy to the port based on the identity of the user, wherein the user policy is used to selectively control access to the port. The user policy may identify or include an access control list (ACL) or MAC address filter. Also, the user policy is not dynamically assigned if insufficient system resources are available to do so. Failure to pass a lower security level results in a denial of access to subsequent levels of authentication.
摘要翻译：多重密钥，多层网络安全系统，方法和装置提供至少三个层次的安全性。第一级安全性包括附加到网络的用户设备的物理（MAC）地址认证，例如附加到网络接入设备的端口的用户设备。第二级包括用户设备的用户的认证，例如根据IEEE 802.1x标准的用户认证。第三级包括基于用户的身份将用户策略动态分配给端口，其中用户策略用于选择性地控制对该端口的访问。用户策略可以标识或包括访问控制列表（ACL）或MAC地址过滤器。此外，如果系统资源不足，则不会动态分配用户策略。未能通过较低的安全级别导致拒绝访问后续级别的身份验证。

9. 发明申请

US20090307773A1 SYSTEM AND METHOD FOR ARP ANTI-SPOOFING SECURITY 有权
标题翻译：用于ARP防垃圾邮件安全的系统和方法
公开(公告)号：US20090307773A1
公开(公告)日：2009-12-10
申请号：US12478216
申请日：2009-06-04
申请人： Philip Kwan
发明人： Philip Kwan
IPC分类号： G06F11/00
CPC分类号： H04L63/1408 , H04L61/103 , H04L63/0236 , H04L63/101 , H04L63/1466
摘要： A system and method that provides for copying ARP replies, and generating data packets which include the ARP reply, and other information such as an identification of the port on the ARP reply was received. These data packets are then transmitted to an ARP collector which stores the ARP reply and port information. The ARP collector then uses this stored information, and analyzes future data packets relative to the stored information to detect occurrences of ARP spoofing. The ARP collector further provides for generating alerts and taking security actions when ARP reply spoofing is detected.
摘要翻译：接收到一种系统和方法，用于复制ARP应答，生成包含ARP应答的数据包，以及其他信息，如ARP应答端口的标识。然后将这些数据包发送到存储ARP应答和端口信息的ARP收集器。 ARP收集器然后使用这个存储的信息，并分析与存储的信息相关的未来数据包，以检测ARP欺骗的发生。 ARP收发器进一步提供在检测到ARP回复欺骗时产生警报并采取安全措施。

10. 发明授权

US08762712B1 Methods and system for person-to-person secure file transfer 有权
标题翻译：个人到个人安全文件传输的方法和系统
公开(公告)号：US08762712B1
公开(公告)日：2014-06-24
申请号：US13559968
申请日：2012-07-27
申请人： Philip Kwan , Michael Harry Palmer
发明人： Philip Kwan , Michael Harry Palmer
IPC分类号： H04L9/00
CPC分类号： H04L63/0428 , G06F21/606 , H04L9/0825 , H04L63/061 , H04L67/04 , H04L2463/062
摘要： A person-to-person secure file transfer system includes an originating computer that receives a public key of a recipient from a cloud computing system. The originating computer encrypts a file using a message key, and encrypts the message key using the public key of the recipient. The encrypted file is stored in the cloud computing system. In response to a request from a receiving computer, the cloud computing system decrypts the encrypted message key using a private key of the recipient, decrypts the encrypted file using the message key, and provides the now decrypted file to the receiving computer. In another example, the cloud computing system provides the private key of the recipient and the encrypted file to the receiving computer, which decrypts the encrypted message key using the private key of the recipient and decrypts the encrypted file using the message key.
摘要翻译：个人对个人安全文件传输系统包括从云计算系统接收接收者的公开密钥的始发计算机。始发计算机使用消息密钥加密文件，并使用接收者的公钥加密消息密钥。加密文件存储在云计算系统中。响应于来自接收计算机的请求，云计算系统使用接收者的私钥对加密的消息密钥进行解密，并使用消息密钥解密加密文件，并将现在解密的文件提供给接收计算机。在另一个例子中，云计算系统将收件人的私钥和加密的文件提供给接收计算机，接收计算机使用接收者的私钥对加密的消息密钥进行解密，并使用消息密钥解密加密的文件。

你已经成功收藏专利！

检索式保存成功!

IPRDB

热门服务

关于我们

友情链接

联系方式