专利快速检索-快速检索全球专利，免费商用专利数据库-IPRDB

21. 发明申请

US20050138378A1 Method and computer system operated software application for digital signature 审中-公开
标题翻译：方法和计算机系统操作的数字签名软件应用程序
公开(公告)号：US20050138378A1
公开(公告)日：2005-06-23
申请号：US10740484
申请日：2003-12-22
申请人： Makan Pourzandi , Axelle Apvrille
发明人： Makan Pourzandi , Axelle Apvrille
IPC分类号： H04L9/32 , H04L9/00
CPC分类号： H04L9/3247
摘要： A method and computer operated software application for digitally signing a portion of an electronic file, and for verifying such a digital signature. A portion of the file to be signed is extracted based on a computation of one or more functions, and the file portion is used for being either directly digitally signed, or for calculating a Message Digest value (MD1) and for digitally signing the MD1 value with a private key of the signer. The so-formed digital signature is appended to the file. During verification, the digital signature is removed from the file, decrypted using the signer's public key, which is known to the verifier, and the portion of the file, or respectively MD1 is obtained. The portion of the file used for the signature is again obtained and used for a similar a computation based on the one or more functions, which are also known to the verifier, for calculating a corresponding portion of the file, or another Message Digest value (MD2). MD1 and MD2 are compared, or alternatively the file portions are compared, to determine the authenticity and integrity of the file.
摘要翻译：一种用于数字签名电子文件的一部分并用于验证这样的数字签名的方法和计算机操作的软件应用程序。基于一个或多个功能的计算提取要签名的文件的一部分，并且文件部分用于直接数字签名或用于计算消息摘要值（MD 1），并且用于数字签名MD 1值与签名者的私钥。如此形成的数字签名附加到文件。在验证期间，从文件中删除数字签名，并使用验证者已知的签名者的公钥进行解密，并获得文件的一部分，或分别获得MD1。用于签名的文件的部分再次获得并用于基于验证者也已知的一个或多个功能的类似的计算，用于计算文件的相应部分或另一个消息摘要值（ MD 2）。比较MD1和MD2，或者将文件部分进行比较，以确定文件的真实性和完整性。

22. 发明授权

US11968295B2 Access to content of encrypted data session 有权
公开(公告)号：US11968295B2
公开(公告)日：2024-04-23
申请号：US17044755
申请日：2018-04-03
申请人： Telefonaktiebolaget LM Ericsson (publ) , Daniel Migault , Makan Pourzandi
发明人： Daniel Migault , Makan Pourzandi
IPC分类号： H04L9/08
CPC分类号： H04L9/0841 , H04L9/083 , H04L9/0891 , H04L9/0894
摘要： Methods, terminal and a data center gateway are provided for allowing efficient debugging and troubleshooting of data session encrypted with Perfect Forward Secrecy (PFS) encryption techniques such as for example the Transport Layer Security (TLS) protocol version 1.3. Embodiments of the invention allow the user terminal to authorize a data center gateway to persistently store one or more encryption keys associated with the data session for use to access the recorded data session and troubleshooting it after the session ended, when faults are detected. When a fault is detected, the user terminal provides authorization to the gateway to persistently store the data session along with one or more encryption key(s). With this, the gateway allows for the data session to be later decrypted and faults to be investigated despite the data session being encrypted with PFS techniques.

23. 发明申请

US20140164619A1 HYBRID FIREWALL FOR DATA CENTER SECURITY 有权
标题翻译：数据中心安全混合防火墙
公开(公告)号：US20140164619A1
公开(公告)日：2014-06-12
申请号：US13710642
申请日：2012-12-11
申请人： Zhongwen Zhu , Makan Pourzandi
发明人： Zhongwen Zhu , Makan Pourzandi
IPC分类号： G06F15/177
CPC分类号： G06F15/177 , G06F9/45558 , G06F9/5077 , G06F9/5083 , G06F21/53 , G06F2009/45587 , H04L63/0227
摘要： A system and method for managing a hybrid firewall solution, employing both hardware and software firewall components, for a cloud computing data center is provided. A virtual application is hosted by a first plurality of application virtual machines and a second plurality of firewall virtual machines provides firewalling services for traffic associated with the virtual application. A cloud management entity determines that the virtual application requires an increased number of application virtual machines. A security profile for the virtual application is verified to determine if an increased number of firewall virtual machines is required by the increased number of application virtual machines. The cloud management entity can instantiate additional application virtual machines and firewall virtual machines as required.
摘要翻译：提供了一种用于管理云计算数据中心的混合防火墙解决方案（采用硬件和软件防火墙组件）的系统和方法。虚拟应用由第一多个应用虚拟机托管，并且第二多个防火墙虚拟机为与虚拟应用相关联的流量提供防火墙服务。云管理实体确定虚拟应用程序需要更多数量的应用程序虚拟机。验证虚拟应用程序的安全配置文件，以确定增加数量的应用程序虚拟机是否需要增加数量的防火墙虚拟机。云管理实体可以根据需要实例化其他应用程序虚拟机和防火墙虚拟机。

24. 发明申请

US20130332983A1 Elastic Enforcement Layer for Cloud Security Using SDN 有权
标题翻译：使用SDN进行云安全的弹性执行层
公开(公告)号：US20130332983A1
公开(公告)日：2013-12-12
申请号：US13494637
申请日：2012-06-12
申请人： Tommy Koorevaar , Makan Pourzandi , Ying Zhang
发明人： Tommy Koorevaar , Makan Pourzandi , Ying Zhang
IPC分类号： G06F21/00 , G06F9/455
CPC分类号： G06F9/45558 , G06F2009/4557 , G06F2009/45595 , H04L45/306 , H04L63/20
摘要： An efficient elastic enforcement layer (EEL) for realizing security policies is deployed in a cloud computing environment based on a split architecture framework. The split architecture network includes a controller coupled to switches. When the controller receives a packet originating from a source VM, it extracts an application identifier from the received packet that identifies an application running on the source VM. Based on the application identifier, the controller determines a chain of middlebox types. The controller further determines middlebox instances based on current availability of resources. The controller then adds a set of rules to the switches to cause the switches to forward the packet toward the destination VM via the middlebox instances.
摘要翻译：基于分割架构框架，在云计算环境中部署了实现安全策略的高效弹性执行层（EEL）。分离架构网络包括耦合到交换机的控制器。当控制器接收到源VM的数据包时，它会从接收到的数据包中提取一个应用程序标识符，该数据包标识在源虚拟机上运行的应用程序。基于应用程序标识符，控制器确定一系列中间件类型。控制器还根据资源的当前可用性进一步确定中间件实例。然后，控制器向交换机添加一组规则，以使交换机通过中间箱实例将数据包转发到目标VM。

25. 发明授权

US08452957B2 Method and nodes for providing secure access to cloud computing for mobile users 有权
标题翻译：为移动用户提供安全访问云计算的方法和节点
公开(公告)号：US08452957B2
公开(公告)日：2013-05-28
申请号：US12768034
申请日：2010-04-27
申请人： Makan Pourzandi , Mats Naslund
发明人： Makan Pourzandi , Mats Naslund
IPC分类号： G06F21/00
CPC分类号： H04W12/02 , G06F21/6218 , H04L9/083 , H04L9/0869 , H04L63/0435 , H04L63/061 , H04L63/062 , H04L2209/60 , H04L2209/80 , H04L2463/061 , H04W12/04 , H04W12/06 , H04W88/08
摘要： A mobile node, a gateway node and methods are provided for securely storing a content into a remote node. The mobile node, or a gateway node of a network providing access to the mobile node, applies a content key to the content prior to sending the content for storage in the remote node. The content key is generated at the mobile node, based on a random value obtained from an authentication server, or directly at the authentication server if applied by the gateway node. The content key is not preserved in the mobile node or in the gateway node, for security purposes. When the mobile node or the gateway node fetches again the content from the remote node, the same content key is generated again for decrypting the content. The remote node does not have access to the content key and can therefore no read or modify the content.
摘要翻译：提供移动节点，网关节点和方法以将内容安全地存储到远程节点中。移动节点或提供对移动节点的访问的网络的网关节点在发送用于存储在远程节点内的内容之前向内容应用内容密钥。基于从认证服务器获得的随机值，或者如果由网关节点应用，则直接在认证服务器处，在移动节点生成内容密钥。出于安全考虑，内容密钥不会保留在移动节点或网关节点中。当移动节点或网关节点从远程节点再次获取内容时，再次产生相同的内容密钥以解密该内容。远程节点无法访问内容密钥，因此无法读取或修改内容。

26. 发明授权

US08385551B2 Highly available cryptographic key storage (HACKS) 有权
标题翻译：高可用密码密钥存储（HACKS）
公开(公告)号：US08385551B2
公开(公告)日：2013-02-26
申请号：US11615364
申请日：2006-12-22
申请人： Makan Pourzandi , András Méhes
发明人： Makan Pourzandi , András Méhes
IPC分类号： H04L9/00 , G06F15/16 , H04L9/32
CPC分类号： G06F21/53 , G06F11/203 , G06F11/2038 , G06F21/57 , G06F21/602 , G06F21/72 , G06F21/79 , G06F21/805 , H04L9/0897
摘要： A system and method for managing trusted platform module (TPM) keys utilized in a cluster of computing nodes. A cluster-level management unit communicates with a local TPM agent in each node in the cluster. The cluster-level management unit has access to a database of protection groups, wherein each protection group comprises one active node which creates a TPM key and at least one standby node which stores a backup copy of the TPM key for the active node. The local TPM agent in the active node automatically initiates a migration process for automatically migrating the backup copy of the TPM key to the at least one standby node. The system maintains coherency of the TPM keys by also deleting the backup copy of the TPM key in the standby node when the key is deleted by the active node.
摘要翻译：一种用于管理在一组计算节点中使用的可信平台模块（TPM）密钥的系统和方法。集群级管理单元与集群中每个节点中的本地TPM代理进行通信。集群级管理单元可以访问保护组的数据库，其中每个保护组包括一个创建TPM密钥的活动节点和存储活动节点的TPM密钥的备份副本的至少一个备用节点。主动节点中的本地TPM代理自动启动迁移过程，以便将TPM密钥的备份副本自动迁移到至少一个备用节点。当主动节点删除密钥时，系统还通过删除备用节点中TPM密钥的备份副本来维护TPM密钥的一致性。

27. 发明申请

US20110211693A1 METHOD AND AN APPARATUS FOR KEY MANAGEMENT IN A COMMUNICATION NETWORK 有权
标题翻译：方法和通信网络中关键管理的设备
公开(公告)号：US20110211693A1
公开(公告)日：2011-09-01
申请号：US13127079
申请日：2008-10-30
申请人： Tereza Cristina Melo de Brito Carvalho , Vlad Constantin Coroama , Mats Näslund , Makan Pourzandi , Marcos Antonio Simplicio Junior , Yeda Regina Venturini
发明人： Tereza Cristina Melo de Brito Carvalho , Vlad Constantin Coroama , Mats Näslund , Makan Pourzandi , Marcos Antonio Simplicio Junior , Yeda Regina Venturini
IPC分类号： H04L9/00 , H04N7/167
CPC分类号： H04L63/065 , H04L9/0833 , H04L63/10 , H04L65/4076 , H04L2209/60 , H04L2209/80 , H04N7/162 , H04N21/26613 , H04N21/4383 , H04N21/63345 , H04N21/6405
摘要： The present invention relates to a method of key management and to an apparatus (200) of communication network (100) comprising a plurality of groups (141, 142, 143), each group (141) including one or several members (132A, 132B, 132C) authorized to have access to key-protected services provided by the apparatus. According to the method, it is determined when a member (132A) starts a switching action from one service to another and it is determined a time dependent quantity starting from the switching action. The method further comprises, determining that the member (132A) is a member of a switching group (150) when the quantity is less than a threshold value, and when the quantity is larger than the threshold, determining that the member (132A) has decided to join a new group (142), and changing the appropriate access key(s).
摘要翻译：本发明涉及密钥管理方法和通信网络（100）的装置（200），包括多个组（141,142,143），每个组（141）包括一个或多个成员（132A，132B），132C）被授权访问由该设备提供的密钥保护服务。根据该方法，确定成员（132A）何时开始从一个服务到另一个服务的切换动作，并且从切换动作开始确定时间相关量。该方法还包括：当所述数量小于阈值时，确定所述构件（132A）是切换组（150）的成员，并且当所述数量大于所述阈值时，确定所述构件（132A）具有决定加入一个新的组（142），并更改适当的访问密钥。

28. 发明申请

US20100150006A1 DETECTION OF PARTICULAR TRAFFIC IN COMMUNICATION NETWORKS 审中-公开
标题翻译：检测通信网络中的特殊业务
公开(公告)号：US20100150006A1
公开(公告)日：2010-06-17
申请号：US12337254
申请日：2008-12-17
申请人： Makan Pourzandi , Michael Liljenstam , Andras Mehes , Mats Naslund
发明人： Makan Pourzandi , Michael Liljenstam , Andras Mehes , Mats Naslund
IPC分类号： G06F11/30
CPC分类号： H04L63/1408 , H04L43/16 , H04L63/1441
摘要： A method for detecting a particular data traffic in a communication network having a plurality of nodes comprises: maintaining a list of detecting scans to be applied to an incoming data traffic; receiving the incoming data traffic; and applying a subset of the detecting scans in the list to the incoming data traffic. A network node for detecting a particular traffic in a communication network having a plurality of nodes comprises: a list of detecting scans to be applied to an incoming data traffic; an input for receiving the incoming data traffic; and an inspection chain, which applies a subset of detecting scans in the list to the incoming data traffic.
摘要翻译：一种用于检测具有多个节点的通信网络中的特定数据业务的方法，包括：维护要应用于输入数据业务的检测扫描的列表; 接收传入数据流量; 以及将列表中的检测扫描的子集应用于输入数据业务。用于检测具有多个节点的通信网络中的特定业务的网络节点包括：要应用于输入数据业务的检测扫描的列表; 用于接收输入数据流量的输入; 以及检查链，其将列表中的检测扫描的子集应用于输入数据流量。

29. 发明申请

US20090190758A1 Method and Apparatus for Authentication Service Application Processes During Service Reallocation in High Availability Clusters 有权
标题翻译：在高可用性集群中的业务重新分配期间认证服务应用过程的方法和装置
公开(公告)号：US20090190758A1
公开(公告)日：2009-07-30
申请号：US12020185
申请日：2008-01-25
申请人： Makan Pourzandi , Frederic Rossi , Mats Naslund
发明人： Makan Pourzandi , Frederic Rossi , Mats Naslund
IPC分类号： H04L9/00
CPC分类号： G06F11/1482 , G06F9/468 , G06F11/2025 , G06F11/203
摘要： A method and communication node for providing secure communications and services in a High Availability (HA) cluster. The communication node comprises an Operating System (OS) that detects an unavailability of a first service application process and switches a second service application process from the first state to the second state, the second service application being selected for taking over service currently provided from the first service application process, the first state and the second state each being associated to a set of rights in the cluster. The OS generates a private key for the second service application process based on its second state. The set of rights associated to the second state allows the OS to replace the first service application process with the second service application process for providing secure communications between the second service application and other service application processes in the HA cluster.
摘要翻译：一种用于在高可用性（HA）集群中提供安全通信和服务的方法和通信节点。通信节点包括检测第一服务应用进程的不可用性的操作系统（OS），并且将第二服务应用进程从第一状态切换到第二状态，第二服务应用被选择用于接管目前从第一服务应用进程，第一状态和第二状态各自与集群中的一组权限相关联。操作系统基于其第二状态为第二服务应用进程生成私钥。与第二状态相关联的一组权限允许OS用第二服务应用进程替换第一服务应用进程，以在第二服务应用和HA群集中的其他服务应用进程之间提供安全通信。

30. 发明申请

US20090164782A1 METHOD AND APPARATUS FOR AUTHENTICATION OF SERVICE APPLICATION PROCESSES IN HIGH AVAILABILITY CLUSTERS 审中-公开
标题翻译：在高可用性集群中验证服务应用程序的方法和装置
公开(公告)号：US20090164782A1
公开(公告)日：2009-06-25
申请号：US11960058
申请日：2007-12-19
申请人： Makan Pourzandi , Frederic Rossi , David Gordon
发明人： Makan Pourzandi , Frederic Rossi , David Gordon
IPC分类号： H04L9/00
CPC分类号： H04L63/126 , G06F9/54 , G06F21/445 , G06F2221/2103 , H04L63/0861 , H04L2463/121
摘要： A method and communication node that for generate a unique service application process biometric identifier for a service application service application process requesting resources and services to another service application service application process in a High Availability (HA) cluster. The method and communication node further authenticate the requesting service application service application process using the unique service application process biometric identifier and thus allowing communication between the first service application process and the second service application process.
摘要翻译：一种方法和通信节点，用于为服务应用服务应用进程生成唯一的服务应用过程生物识别标识符，该过程向高可用性（HA）集群中的另一服务应用服务应用进程请求资源和服务。所述方法和通信节点使用所述唯一服务应用程序生物识别标识来进一步验证所述请求服务应用服务应用进程，从而允许所述第一服务应用进程和所述第二服务应用进程之间的通信。

你已经成功收藏专利！

检索式保存成功!

IPRDB

热门服务

关于我们

友情链接

联系方式