专利快速检索-快速检索全球专利，免费商用专利数据库-IPRDB

21. 发明申请

US20080022388A1 Method and apparatus for multiple inclusion offsets for security protocols 审中-公开
标题翻译：用于安全协议的多重包含偏移的方法和装置
公开(公告)号：US20080022388A1
公开(公告)日：2008-01-24
申请号：US11478986
申请日：2006-06-30
申请人： Karanvir Grewal , David Durham , Hormuzd Khosravi , Men Long , Prashant Dewan
发明人： Karanvir Grewal , David Durham , Hormuzd Khosravi , Men Long , Prashant Dewan
IPC分类号： G06F15/16
CPC分类号： H04L63/105
摘要： A method and apparatus to define multiple zones in a data packet for inclusion in processing by security operations of a security protocol. In one embodiment, each defined zone has an associated list of security operations to which the zone is subjected. In another embodiment, the list of security operations for a zone includes parameters to be passed when performing the security operations on the zone.
摘要翻译：一种在数据分组中定义多个区域以包括在安全协议的安全操作的处理中的方法和装置。在一个实施例中，每个定义的区域具有该区域经受的安全操作的关联列表。在另一个实施例中，区域的安全操作的列表包括在区域上执行安全操作时要传递的参数。

22. 发明授权

US08752169B2 Botnet spam detection and filtration on the source machine 有权
标题翻译：在源机器上进行僵尸网络垃圾邮件检测和过滤
公开(公告)号：US08752169B2
公开(公告)日：2014-06-10
申请号：US12059877
申请日：2008-03-31
申请人： Men Long , David Durham , Hormuzd Khosravi
发明人： Men Long , David Durham , Hormuzd Khosravi
IPC分类号： H04L29/06 , G06F21/56 , G06F21/50
CPC分类号： G06F21/566 , G06F21/50 , G06F21/56 , H04L51/12 , H04L63/14 , H04L63/1408 , H04L63/1416 , H04L63/1441 , H04L63/145 , H04L2463/144
摘要： A method and device are disclosed. In one embodiment the method includes determining that a packet attempting to be sent from a first computer system has at least a portion of a human communication message that may contain spam. The method then increments a spam counter when the difference in time between a first time value in a time stamp within the packet and a second time value of a most recent activity from a human input device coupled to the first computer system is greater than a threshold difference in time value. The method also disallows the packet to be sent to a remote location if the spam counter exceeds a spam outbound threshold value.
摘要翻译：公开了一种方法和装置。在一个实施例中，该方法包括确定尝试从第一计算机系统发送的分组具有可能包含垃圾邮件的人类通信消息的至少一部分。该方法然后当分组内的时间戳中的第一时间值与耦合到第一计算机系统的人类输入设备的最新活动的第二时间值之间的时间差与阈值时间差值。如果垃圾邮件计数器超出垃圾邮件出站阈值，该方法也不允许将数据包发送到远程位置。

23. 发明申请

US20090249481A1 BOTNET SPAM DETECTION AND FILTRATION ON THE SOURCE MACHINE 有权
标题翻译： BOTNET垃圾邮件检测和过滤在源机上
公开(公告)号：US20090249481A1
公开(公告)日：2009-10-01
申请号：US12059877
申请日：2008-03-31
申请人： Men Long , David Durham , Hormuzd Khosravi
发明人： Men Long , David Durham , Hormuzd Khosravi
IPC分类号： G06F21/00
CPC分类号： G06F21/566 , G06F21/50 , G06F21/56 , H04L51/12 , H04L63/14 , H04L63/1408 , H04L63/1416 , H04L63/1441 , H04L63/145 , H04L2463/144
摘要： A method and device are disclosed. In one embodiment the method includes determining that a packet attempting to be sent from a first computer system has at least a portion of a human communication message that may contain spam. The method then increments a spam counter when the difference in time between a first time value in a time stamp within the packet and a second time value of a most recent activity from a human input device coupled to the first computer system is greater than a threshold difference in time value. The method also disallows the packet to be sent to a remote location if the spam counter exceeds a spam outbound threshold value.
摘要翻译：公开了一种方法和装置。在一个实施例中，该方法包括确定尝试从第一计算机系统发送的分组具有可能包含垃圾邮件的人类通信消息的至少一部分。该方法然后当分组内的时间戳中的第一时间值与耦合到第一计算机系统的人类输入设备的最新活动的第二时间值之间的时间差与阈值时间差值。如果垃圾邮件计数器超出垃圾邮件出站阈值，该方法也不允许将数据包发送到远程位置。

24. 发明申请

US20080002724A1 Method and apparatus for multiple generic exclusion offsets for security protocols 审中-公开
标题翻译：用于安全协议的多个通用排除偏移的方法和装置
公开(公告)号：US20080002724A1
公开(公告)日：2008-01-03
申请号：US11479157
申请日：2006-06-30
申请人： Karanvir Grewal , David Durham , Hormuzd Khosravi , Men Long , Prashant Dewan
发明人： Karanvir Grewal , David Durham , Hormuzd Khosravi , Men Long , Prashant Dewan
IPC分类号： H04L12/56
CPC分类号： H04L63/0428 , H04L63/104 , H04L63/164 , H04L69/22
摘要： A method and apparatus to define multiple zones in a data packet for exclusion from processing by security operations of a security protocol. In one embodiment, each defined zone has an associated list of security operations from which the zone is protected.
摘要翻译：一种在数据分组中定义多个区域以便通过安全协议的安全操作排除在处理之外的方法和装置。在一个实施例中，每个定义的区域具有相关的安全操作列表，从该区域被保护。

25. 发明申请

US20140044258A1 METHODS AND SYSTEMS FOR CRYPTOGRAPHIC ACCESS CONTROL OF VIDEO 有权
标题翻译：视频录像访问控制的方法与系统
公开(公告)号：US20140044258A1
公开(公告)日：2014-02-13
申请号：US13977529
申请日：2012-03-31
申请人： Karanvir S. Grewal , David Durham , Xiaozhu Kang , Men Long , Prashant Dewan
发明人： Karanvir S. Grewal , David Durham , Xiaozhu Kang , Men Long , Prashant Dewan
IPC分类号： H04N21/647
CPC分类号： H04N21/64715 , H04N21/23476 , H04N21/2541 , H04N21/266 , H04N21/4405 , H04N21/4627 , H04N21/8355
摘要： Methods and systems for cryptographic access control of multimedia video, include embedding as metadata access control policy (ACP) information, including authorization rules and cryptographic information tied to an encryption policy, into encrypted video. An authorized receiver device having credentials and/or capabilities matched to the authorization rules is able to extract the ACP information from the encrypted video and use it to decrypt and properly render the video.
摘要翻译：多媒体视频的密码访问控制方法和系统包括嵌入作为元数据访问控制策略（ACP）信息，包括与加密策略相关的授权规则和加密信息，加密视频。具有与授权规则匹配的凭证和/或能力的授权的接收机设备能够从加密的视频中提取ACP信息，并使用它来解密并适当地呈现视频。

26. 发明申请

US20120226903A1 SECURE PLATFORM VOUCHER SERVICE FOR SOFTWARE COMPONENTS WITHIN AN EXECUTION ENVIRONMENT 有权
标题翻译：执行环境中软件组件的安全平台提供服务
公开(公告)号：US20120226903A1
公开(公告)日：2012-09-06
申请号：US13412382
申请日：2012-03-05
申请人： David Durham , Hormuzd M. Khosravi , Uri Blumenthal , Men Long
发明人： David Durham , Hormuzd M. Khosravi , Uri Blumenthal , Men Long
IPC分类号： H04L29/06
CPC分类号： G06F21/54 , H04L9/004 , H04L9/3236 , H04L63/123 , H04L63/126 , H04L63/20 , H04L2209/60
摘要： Apparatuses, articles, methods, and systems for secure platform voucher service for software within an execution environment. An embodiment includes the ability for a Virtual Machine Monitor, Operating System Monitor, or other underlying platform capability to restrict memory regions for access only by authenticated, authorized and verified software components. A provisioning remote entity or gateway only needs to know a platform's public key or certificate hierarchy to receive verification for any component. The verification or voucher helps assure to the remote entity that no malware running in the platform or on the network will have access to provisioned material. The underlying platform to lock and unlock secrets on behalf of the authenticated/authorized/verified software component provided in protected memory regions only accessible to the software component.
摘要翻译：用于执行环境中的软件的安全平台凭证服务的设备，物品，方法和系统。一个实施例包括虚拟机监视器，操作系统监视器或其他底层平台功能的能力，以限制仅通过认证的，授权和验证的软件组件进行访问的存储器区域。配置远程实体或网关只需要知道平台的公钥或证书层次结构来接收任何组件的验证。验证或凭证有助于向远程实体确保在平台或网络上运行的恶意软件无法访问配置的资料。代表在受保护的内存区域中提供的经认证/授权/验证的软件组件的软件组件可访问的基础平台来锁定和解锁秘密。

27. 发明授权

US08132003B2 Secure platform voucher service for software components within an execution environment 有权
标题翻译：在执行环境中的软件组件的安全平台凭证服务
公开(公告)号：US08132003B2
公开(公告)日：2012-03-06
申请号：US11864573
申请日：2007-09-28
申请人： David Durham , Hormuzd M. Khosravi , Uri Blumenthal , Men Long
发明人： David Durham , Hormuzd M. Khosravi , Uri Blumenthal , Men Long
IPC分类号： H04L29/06
CPC分类号： G06F21/54 , H04L9/004 , H04L9/3236 , H04L63/123 , H04L63/126 , H04L63/20 , H04L2209/60
摘要： Embodiments of apparatus, articles, methods, and systems for secure platform voucher service for software components within an execution environment are generally described herein. An embodiment includes the ability for a Virtual Machine Monitor, Operating System Monitor, or other underlying platform capability to restrict memory regions for access only by specifically authenticated, authorized and verified software components, even when part of an otherwise compromised operating system environment. A provisioning remote entity or gateway only needs to know a platform's public key or certificate hierarchy in order to receive verification proof for any component in the platform. The verification proof or voucher helps to assure to the remote entity that no man-in-the-middle, rootkit, spyware or other malware running in the platform or on the network will have access to the provisioned material. The underlying platform to lock and unlock secrets on behalf of the authenticated/authorized/verified software component provided in protected memory regions only accessible to the authenticated/authorized/verified software component. Other embodiments may be described and claimed.
摘要翻译：这里一般地描述用于执行环境中的软件组件的安全平台凭单服务的装置，物品，方法和系统的实施例。一个实施例包括虚拟机监视器，操作系统监视器或其他底层平台功能的能力，以限制存储器区域，以便仅通过特定认证的，授权的和已验证的软件组件进行访问，即使在其他受损的操作系统环境的一部分。配置远程实体或网关只需要知道平台的公钥或证书层次结构，以便接收平台中任何组件的验证证明。验证证明或凭证有助于向远程实体确保在平台或网络上运行的中间人，rootkit，间谍软件或其他恶意软件将无法访问所提供的资料。代表被保护的内存区域中提供的经过身份验证/授权/验证的软件组件的锁定和解锁秘密的底层平台只能由经过身份验证/授权/验证的软件组件访问。可以描述和要求保护其他实施例。

28. 发明申请

US20110289146A1 METHOD AND APPARATUS ALLOWING SCAN OF DATA STORAGE DEVICE FROM REMOTE SERVER 有权
标题翻译：从远程服务器允许数据存储设备扫描的方法和设备
公开(公告)号：US20110289146A1
公开(公告)日：2011-11-24
申请号：US12785131
申请日：2010-05-21
申请人： Hormuzd Khosravi , David Durham , David A. Edwards , Venkat R. Gokulrangan , Men Long , Yasser Rasheed
发明人： Hormuzd Khosravi , David Durham , David A. Edwards , Venkat R. Gokulrangan , Men Long , Yasser Rasheed
IPC分类号： G06F15/167 , G06F12/00
CPC分类号： G06F21/57 , G06F21/56
摘要： A method and device allowing a scan of a data storage device from a remote server are disclosed. In some embodiments, a computing device may include an out-of-band (OOB) configured to compute a first hash value for data stored in one or more sectors of a data storage device at a first time; receive, using communication circuitry, a request to transmit a portion of the data stored in the one or more sectors of the data storage device at a second time, the second time being subsequent to the first time; compute a second hash value for the data stored in the one or more sectors of the data storage device at the second time; and transmit, using the communication circuitry, the requested portion of the data, only if the second hash value does not match the first hash value.
摘要翻译：公开了允许从远程服务器扫描数据存储设备的方法和设备。在一些实施例中，计算设备可以包括带外（OOB），其被配置为在第一时间对存储在数据存储设备的一个或多个扇区中的数据计算第一散列值; 接收使用通信电路的请求，以在第二时间之后的第二时间第二时间发送存储在数据存储装置的一个或多个扇区中的数据的一部分的请求; 在第二次计算存储在数据存储设备的一个或多个扇区中的数据的第二哈希值; 并且仅当所述第二散列值与所述第一散列值不匹配时，才使用所述通信电路来发送所请求的数据部分。

29. 发明申请

US20090119510A1 END-TO-END NETWORK SECURITY WITH TRAFFIC VISIBILITY 审中-公开
标题翻译：具有交通可见性的端到端网络安全
公开(公告)号：US20090119510A1
公开(公告)日：2009-05-07
申请号：US11935783
申请日：2007-11-06
申请人： Men Long , Jesse Walker , David Durham , Marc Millier , Karanvir Grewal , Prashant Dewan , Uday Savagaonkar , Steven D. Williams
发明人： Men Long , Jesse Walker , David Durham , Marc Millier , Karanvir Grewal , Prashant Dewan , Uday Savagaonkar , Steven D. Williams
IPC分类号： H04L9/32
CPC分类号： H04L63/0428 , H04L9/0631 , H04L9/3242 , H04L63/08 , H04L63/1466 , H04L63/168 , H04L2209/12 , H04L2209/38
摘要： End-to-end security between clients and a server, and traffic visibility to intermediate network devices, achieved through combined mode, single pass encryption and authentication using two keys is disclosed. In various embodiments, a combined encryption-authentication unit includes a cipher unit and an authentication unit coupled in parallel to the cipher unit, and generates an authentication tag using an authentication key in parallel with the generation of the cipher text using an encryption key, where the authentication and encryption key have different key values. In various embodiments, the cipher unit operates in AES counter mode, and the authentication unit operates in parallel, in AES-GMAC mode Using a two key, single pass combined mode algorithm preserves network performance using a limited number of HW gates, while allowing an intermediate device access to the encryption key for deciphering the data, without providing that device the ability to compromise data integrity, which is preserved between the end to end devices.
摘要翻译：公开了客户机与服务器之间的端到端安全性，以及通过组合模式，单程加密和使用两个密钥的认证实现的对中间网络设备的流量可见性。在各种实施例中，组合加密认证单元包括与密码单元并行耦合的密码单元和认证单元，并且使用加密密钥与密文生成并行地使用认证密钥生成认证标签，其中认证和加密密钥具有不同的密钥值。在各种实施例中，密码单元以AES计数器模式运行，并且认证单元以AES-GMAC模式并行操作。使用双键单通组合模式算法使用有限数量的HW门保留网络性能，同时允许中间设备访问用于解密数据的加密密钥，而不提供该设备损害数据完整性的能力，这在端到端设备之间保留。

30. 发明授权

US09094733B2 Methods and systems for cryptographic access control of video 有权
标题翻译：视频加密访问控制的方法和系统
公开(公告)号：US09094733B2
公开(公告)日：2015-07-28
申请号：US13977529
申请日：2012-03-31
申请人： Karanvir S. Grewal , David Durham , Xiaozhu Kang , Men Long , Prashant Dewan
发明人： Karanvir S. Grewal , David Durham , Xiaozhu Kang , Men Long , Prashant Dewan
IPC分类号： G06F21/62 , H04N21/647 , H04N21/266 , H04N21/4405 , H04N21/4627 , H04N21/8355 , H04L9/18
CPC分类号： H04N21/64715 , H04N21/23476 , H04N21/2541 , H04N21/266 , H04N21/4405 , H04N21/4627 , H04N21/8355
摘要： Cryptographic access control of multimedia video is presented. A method includes generating as metadata an access control policy (ACP) associated with video, the ACP including authorization rules and cryptographic information associated with an encryption policy; encrypting the video according to the encryption policy; and encoding the encrypted video with the authorization rules and the cryptographic information, which may be used to decrypt and render the encoded video. As an example, an authorized receiver device having credentials and/or capabilities matched to the authorization rules may extract the ACP information from the encrypted video and use it to decrypt and properly render the video. The method may further include visually encoding the encrypted video with at least portions of the authorization rules and the cryptographic information, such that the visually encoded video is renderable as the video by an authorized device, but is renderable as visually unintelligible video by an unauthorized device.
摘要翻译：介绍了多媒体视频的密码访问控制。一种方法包括：生成与视频相关联的访问控制策略（ACP）作为元数据，所述ACP包括与加密策略相关联的授权规则和加密信息; 根据加密策略加密视频; 并使用可用于解密和呈现编码视频的授权规则和密码信息对加密的视频进行编码。作为示例，具有与授权规则匹配的凭证和/或能力的授权接收机设备可以从加密的视频中提取ACP信息，并使用它来解密并适当地呈现视频。该方法还可以包括使用授权规则和密码信息的至少一部分来视觉地编码加密的视频，使得视觉编码的视频可以由授权设备呈现为视频，但是可被未经授权的设备呈现为视觉上难以理解的视频。

你已经成功收藏专利！

检索式保存成功!

IPRDB

热门服务

关于我们

友情链接

联系方式