专利快速检索-快速检索全球专利，免费商用专利数据库-IPRDB

11. 发明申请

US20120096565A1 DEVICE, METHOD AND SYSTEM TO PREVENT TAMPERING WITH NETWORK CONTENT 审中-公开
标题翻译：用于防止网络内容篡改的设备，方法和系统
公开(公告)号：US20120096565A1
公开(公告)日：2012-04-19
申请号：US13319545
申请日：2010-05-11
申请人： Huaigu Ou , Zhixu Liu , Zujun Xu , Tiejun Wu , Mingfeng Huang , Yanlong Zhang
发明人： Huaigu Ou , Zhixu Liu , Zujun Xu , Tiejun Wu , Mingfeng Huang , Yanlong Zhang
IPC分类号： G06F21/00 , G06F15/16 , G06F11/30
CPC分类号： H04L41/083 , H04L41/0806 , H04L63/0254 , H04L63/1425 , H04L63/1441 , H04L2463/145
摘要： The present invention discloses a system for preventing network content of one or more network servers from being tampered with. The system comprises a content caching and providing device to cache network content of the one or more network servers; and a content monitoring sub-system with one or more content monitoring client incorporated in the network servers respectively and a content monitoring server part incorporated in the content caching and providing device. The present invention further discloses a content caching and providing device, a network content providing system and a corresponding method. With the system, device and method according to the present invention, we can improve the speed and security of accessing network content while effectively preventing the network content from being tampered with.
摘要翻译：本发明公开了一种用于防止一个或多个网络服务器的网络内容被篡改的系统。该系统包括内容缓存和提供设备以缓存一个或多个网络服务器的网络内容; 以及分别包含在网络服务器中的一个或多个内容监控客户端的内容监控子系统和并入内容缓存和提供设备中的内容监控服务器部分。本发明还公开了一种内容缓存和提供设备，网络内容提供系统和相应的方法。利用根据本发明的系统，设备和方法，我们可以提高访问网络内容的速度和安全性，同时有效地防止网络内容被篡改。

12. 发明申请

US20100121981A1 AUTOMATED VERIFICATION OF DNS ACCURACY 有权
标题翻译：自动验证DNS的准确性
公开(公告)号：US20100121981A1
公开(公告)日：2010-05-13
申请号：US12268446
申请日：2008-11-11
申请人： DEAN DRAKO
发明人： DEAN DRAKO
IPC分类号： G06F15/173
CPC分类号： H04L63/0245 , G06F11/183 , H04L61/1511 , H04L63/0254 , H04L2463/145
摘要： Disclosed is a method, a computer system, and a computer readable media product that contains a set of computer executable software instructions for directing the computer to execute a process for independent confirmation of DNS replies to foil DNS cache poisoning attacks. The process comprises comparing a plurality of DNS replies for an exact or predefined “close enough” match as a condition for blocking or forwarding a DNS reply to a resolver. The tangible beneficial result is to prevent the success of a dns cache poisoning attack from diverting a user to a malicious site on the internet.
摘要翻译：公开了一种方法，计算机系统和计算机可读介质产品，其包含一组计算机可执行软件指令，用于引导计算机执行用于独立确认DNS复制以解决DNS缓存中毒攻击的过程。该过程包括将准确或预定义的“足够接近”匹配的多个DNS回复作为用于阻止或转发到解析器的DNS回复的条件。实际的有益结果是防止dns缓存中毒攻击的成功，将用户转移到互联网上的恶意站点。

13. 发明申请

US20100027551A1 METHOD AND SYSTEM FOR RESTRICTING A NODE FROM COMMUNICATING WITH OTHER NODES IN A BROADCAST DOMAIN OF AN IP (INTERNET PROTOCOL) NETWORK 有权
标题翻译：在IP（互联网协议）网络的广播域中限制节点与其他节点通信的方法和系统
公开(公告)号：US20100027551A1
公开(公告)日：2010-02-04
申请号：US12518807
申请日：2007-11-07
申请人： Ofir Arkin
发明人： Ofir Arkin
IPC分类号： H04L12/28
CPC分类号： H04L29/12028 , H04L61/103 , H04L63/10 , H04L2463/145
摘要： Method and system for restricting a first node in a broadcast domain of an IP (Internet Protocol) network from communicating with one or more other nodes. Each of the first node and the one or more other nodes has a respective translation table that maps an IP address to a respective physical address of all nodes with which the first node and the one or more other nodes have communicated. Embodiments of the invention describe obtaining communicated data including address resolution messages and accessing an address resolution table representative of address resolution activity in the network. Responsive to the communicated data indicating that the first node is communicating with other nodes, restricting the first node from communicating by generating and conveying a restricting address resolution message using information stored in the address resolution table, the restricting address resolution message including a substitute physical address.
摘要翻译：用于限制IP（因特网协议）网络的广播域中的第一节点与一个或多个其他节点通信的方法和系统。第一节点和一个或多个其他节点中的每一个具有相应的转换表，其将IP地址映射到第一节点和一个或多个其他节点与之通信的所有节点的相应物理地址。本发明的实施例描述了获得包括地址解析消息的通信数据，并访问表示网络中的地址解析活动的地址解析表。响应于指示第一节点与其他节点通信的所传送的数据，通过使用存储在地址解析表中的信息生成并传送限制地址解析消息来限制第一节点通信，所述限制地址解析消息包括替代物理地址。

14. 发明申请

US20090182854A1 Facilitating defense against MAC table overflow attacks 有权
标题翻译：方便防范MAC表溢出攻击
公开(公告)号：US20090182854A1
公开(公告)日：2009-07-16
申请号：US12008535
申请日：2008-01-11
申请人： Yong Sun , Vinod K. Choyi
发明人： Yong Sun , Vinod K. Choyi
IPC分类号： G06F15/173
CPC分类号： H04L12/4625 , H04L49/251 , H04L49/351 , H04L63/1458 , H04L63/1466 , H04L2463/145
摘要： A method for defending against MAC table overflow attacks comprises a plurality of operations. An operation is performed for determining whether each one of a plurality of MAC addresses within a MAC table has one-way traffic or two-way traffic corresponding thereto. Thereafter, operations are performed for designating each MAC address having two-way traffic corresponding thereto as a first category of MAC address and for designating each MAC address having one-way traffic corresponding thereto as a second category of MAC address. In response to the number of the MAC addresses designated as the second category of MAC address exceeding a prescribed threshold value, an operation is performed for causing a timeout value of at least a portion of the MAC addresses designated as the second category of MAC address to be less than a timeout value of the MAC addresses designated as the first category of MAC address.
摘要翻译：防止MAC表溢出攻击的方法包括多个操作。执行用于确定MAC表中的多个MAC地址中的每一个是否具有与其对应的单向业务或双向业务的操作。此后，执行操作来指定具有对应于其的双向业务的每个MAC地址作为第一类MAC地址，并且用于指定具有与其对应的单向业务的每个MAC地址作为第二类MAC地址。响应于指定为超过规定阈值的MAC地址的第二类别的MAC地址的数量，执行用于使指定为第二类别MAC地址的MAC地址的至少一部分的超时值的操作小于指定为第一类MAC地址的MAC地址的超时值。

15. 发明授权

US09471533B1 Defenses against use of tainted cache 有权
标题翻译：防止使用受污染的缓存
公开(公告)号：US09471533B1
公开(公告)日：2016-10-18
申请号：US13787568
申请日：2013-03-06
申请人： Amazon Technologies, Inc.
发明人： Gregory Branchek Roth , Nicholas Howard Brown
IPC分类号： G06F15/167 , G06F17/30 , H04L29/08 , H04L29/06
CPC分类号： G06F15/167 , G06F17/30902 , H04L63/10 , H04L63/145 , H04L63/168 , H04L67/2842 , H04L67/2852 , H04L69/14 , H04L2463/145
摘要： Systems, methods, and computer readable media are described for validating objects stored in a web cache. In one embodiment, a computing device caches objects received while accessing networked content over a network. The computing device generates a description of conditions associated with the caching of the objects. When the computing device accesses networked content via a second network, the computing device or a remote server connected thereto utilizes the description to determine whether an object in the cache is trusted or untrusted. The server manages a policy that defines rules for making the determination. The policy can be generated based on descriptions received from a plurality of devices.
摘要翻译：描述了用于验证存储在web缓存中的对象的系统，方法和计算机可读介质。在一个实施例中，计算设备缓存通过网络访问联网内容时所接收的对象。计算设备生成与对象的缓存相关联的条件的描述。当计算设备经由第二网络访问网络内容时，计算设备或与之相连的远程服务器利用该描述来确定高速缓存中的对象是否被信任或不受信任。服务器管理定义用于进行确定的规则的策略。该策略可以基于从多个设备接收的描述来生成。

16. 发明授权

US09185076B2 Packet processing apparatus, network equipment and packet processing method 有权
标题翻译：分组处理装置，网络设备和分组处理方法
公开(公告)号：US09185076B2
公开(公告)日：2015-11-10
申请号：US12619500
申请日：2009-11-16
申请人： Osamu Shiraki
发明人： Osamu Shiraki
IPC分类号： H04L29/06 , H04L12/721
CPC分类号： H04L63/0227 , H04L29/06925 , H04L45/32 , H04L63/1458 , H04L69/22 , H04L2463/141 , H04L2463/142 , H04L2463/143 , H04L2463/144 , H04L2463/145
摘要： A packet processing apparatus includes a static pattern matcher comparing pattern information defining a packet to be filtered with a value regarding at least a part of a received packet, the pattern information being stored by a pattern information manager. A frequency calculator calculates the frequency of matching by the static pattern matcher. A dynamic pattern matcher matches the frequency and a preset comparison value and a processing determiner determines a processing on the received packet based upon the dynamic pattern match.
摘要翻译：分组处理装置包括：静态模式匹配器，其将定义要过滤的分组的模式信息与关于所接收分组的至少一部分的值进行比较，所述模式信息由模式信息管理器存储。频率计算器通过静态模式匹配器计算匹配频率。动态模式匹配器匹配频率和预设比较值，并且处理确定器基于动态模式匹配来确定对接收到的分组的处理。

17. 发明授权

US08671157B2 System and method for optimizing name-resolution overhead in a caching network intermediary device 有权
标题翻译：用于优化缓存网络中介设备中的名称解析开销的系统和方法
公开(公告)号：US08671157B2
公开(公告)日：2014-03-11
申请号：US13218348
申请日：2011-08-25
申请人： Eric Maki
发明人： Eric Maki
IPC分类号： G06F15/16 , G06F7/04
CPC分类号： H04L61/1511 , H04L63/126 , H04L63/1466 , H04L2463/145
摘要： The present invention describes a system, method, and article of manufacture for resolving names received in network protocol requests by a network intermediary device coupled between a client network and a server network. A deferred trust model caching engine in the network intermediary device includes a transactor module configured to efficiently process a protocol request with a sequence of determinant criteria, although the sequence can occur in different orders. The deferred trust model caching engine includes a cacheability evaluator component configured to determine whether the protocol request is for a resource that the protocol permits to be cached by the network intermediate device, and a supplier trust evaluator component configured to compare information about the client's network protocol request and a cached object representation to determine if the object is trustworthy or not. The cached object representation associates an object with a supplier identity and a supplier trust property.
摘要翻译：本发明描述了一种用于解决在由客户端网络和服务器网络之间耦合的网络中介设备在网络协议请求中接收的名称的系统，方法和制品。网络中间设备中的延迟信任模型缓存引擎包括被配置为利用一系列行列式准则有效地处理协议请求的交易模块，尽管顺序可以以不同的顺序发生。延迟信任模型缓存引擎包括可缓存性评估器组件，其被配置为确定协议请求是否用于协议允许被网络中间设备缓存的资源，以及供应商信任评估器组件，被配置为比较关于客户端的网络协议请求和缓存的对象表示，以确定对象是否可信任。缓存对象表示将对象与供应商标识和供应商信任属性相关联。

18. 发明申请

US20130054671A1 SYSTEM AND METHOD FOR OPTIMIZING NAME-RESOLUTION OVERHEAD IN A CACHING NETWORK INTERMEDIARY DEVICE 有权
标题翻译：用于在缓存网络中间设备中优化名称解析的系统和方法
公开(公告)号：US20130054671A1
公开(公告)日：2013-02-28
申请号：US13218348
申请日：2011-08-25
申请人： Eric Maki
发明人： Eric Maki
IPC分类号： G06F15/16
CPC分类号： H04L61/1511 , H04L63/126 , H04L63/1466 , H04L2463/145
摘要： The present invention describes a system, method, and article of manufacture for resolving names received in network protocol requests by a network intermediary device coupled between a client network and a server network. A deferred trust model caching engine in the network intermediary device includes a transactor module configured to efficiently process a protocol request with a sequence of determinant criteria, although the sequence can occur in different orders. The deferred trust model caching engine includes a cacheability evaluator component configured to determine whether the protocol request is for a resource that the protocol permits to be cached by the network intermediate device, and a supplier trust evaluator component configured to compare information about the client's network protocol request and a cached object representation to determine if the object is trustworthy or not. The cached object representation associates an object with a supplier identity and a supplier trust property.
摘要翻译：本发明描述了一种用于解决在由客户端网络和服务器网络之间耦合的网络中介设备在网络协议请求中接收的名称的系统，方法和制品。网络中间设备中的延迟信任模型缓存引擎包括被配置为利用一系列行列式准则有效地处理协议请求的交易模块，尽管顺序可以以不同的顺序发生。延迟信任模型缓存引擎包括可缓存性评估器组件，其被配置为确定协议请求是否用于协议允许被网络中间设备缓存的资源，以及供应商信任评估器组件，被配置为比较关于客户端的网络协议请求和缓存的对象表示，以确定对象是否可信任。缓存对象表示将对象与供应商标识和供应商信任属性相关联。

19. 发明授权

US08302190B2 Method and apparatus for defending against ARP spoofing attacks 有权
标题翻译：防御ARP欺骗攻击的方法和装置
公开(公告)号：US08302190B2
公开(公告)日：2012-10-30
申请号：US12647336
申请日：2009-12-24
申请人： Zhenhai Li
发明人： Zhenhai Li
IPC分类号： H04L29/06
CPC分类号： H04L63/1466 , H04L29/12028 , H04L61/103 , H04L2463/145
摘要： A method and an apparatus for defending against Address Resolution Protocol (ARP) spoofing attacks are disclosed. When a network device receives an ARP message, the network judges whether the MAC address of the received ARP message is the same as the MAC address in an ARP entry, if the MAC addresses are different, the network device determines the received ARP message as an ambiguous ARP message and starts an ARP verification process, and makes further process according to the result of the ARP verification process. In this way, when no address spoofing attacks occur, no verification messages are generated, and thus reducing signaling interactions and saving network resources; besides, spoofing attacks possibly happening at any time are avoided, which effectively prevents address spoofing attacks via random scanning and protects the normal application of the real host.
摘要翻译：公开了一种用于防御地址解析协议（ARP）欺骗攻击的方法和装置。当网络设备收到ARP消息时，网络判断接收到的ARP报文的MAC地址是否与ARP表项中的MAC地址相同，如果MAC地址不同，则网络设备将收到的ARP报文确定为模糊ARP消息，启动ARP验证过程，并根据ARP验证过程的结果进一步处理。这样，当没有发生地址欺骗攻击时，不会生成验证消息，从而减少信令交互并节省网络资源; 此外，可以避免任何时候可能发生的欺骗攻击，通过随机扫描有效防止地址欺骗攻击，保护真实主机的正常应用。

20. 发明授权

US07930428B2 Verification of DNS accuracy in cache poisoning 有权
标题翻译：验证缓存中毒中的DNS准确性
公开(公告)号：US07930428B2
公开(公告)日：2011-04-19
申请号：US12268446
申请日：2008-11-11
申请人： Dean Drako
发明人： Dean Drako
IPC分类号： G06F15/16 , H04L9/32
CPC分类号： H04L63/0245 , G06F11/183 , H04L61/1511 , H04L63/0254 , H04L2463/145
摘要： Disclosed is a method, a computer system, and a computer readable media product that contains a set of computer executable software instructions for directing the computer to execute a process for independent confirmation of DNS replies to foil DNS cache poisoning attacks. The process comprises comparing a plurality of DNS replies for an exact or predefined “close enough” match as a condition for blocking or forwarding a DNS reply to a resolver. The tangible beneficial result is to prevent the success of a dns cache poisoning attack from diverting a user to a malicious site on the internet.
摘要翻译：公开了一种方法，计算机系统和计算机可读介质产品，其包含一组计算机可执行软件指令，用于引导计算机执行用于独立确认DNS复制以解决DNS缓存中毒攻击的过程。该过程包括将准确或预定义的“足够接近”匹配的多个DNS回复作为用于阻止或转发到解析器的DNS回复的条件。实际的有益结果是防止dns缓存中毒攻击的成功，将用户转移到互联网上的恶意站点。

你已经成功收藏专利！

检索式保存成功!

IPRDB

热门服务

关于我们

友情链接

联系方式