专利快速检索-快速检索全球专利，免费商用专利数据库-IPRDB

21. 发明授权

US08020197B2 Explicit delegation with strong authentication 有权
标题翻译：具有强认证的明确授权
公开(公告)号：US08020197B2
公开(公告)日：2011-09-13
申请号：US11276139
申请日：2006-02-15
申请人： Tomer Shiran , Sara Bitan , Nir Nice , Jeroen de Borst , Dave Field , Shai Herzog
发明人： Tomer Shiran , Sara Bitan , Nir Nice , Jeroen de Borst , Dave Field , Shai Herzog
IPC分类号： G06F7/04 , H04L9/32
CPC分类号： H04L9/321 , H04L9/3263 , H04L9/3271 , H04L9/3297
摘要： Systems and methods for performing explicit delegation with strong authentication are described herein. Systems can include one or more clients, one or more end servers, and one or more gateways intermediate or between the client and the end server. The client may include an explicit strong delegation component that is adapted to strongly authenticate the client to the gateway. The explicit strong delegation component may also explicitly delegate to the gateway a right to authenticate on behalf of the client, and to define a period of time over which the explicit delegation is valid. The system may be viewed as being self-contained, in the sense that the system need not access third-party certificate or key distribution authorities. Finally, the client controls the gateways or end servers to which the gateway may authenticate on the client's behalf.
摘要翻译：这里描述了用于执行具有强认证的显式授权的系统和方法。系统可以包括一个或多个客户端，一个或多个终端服务器，以及在客户端和终端服务器之间中间或之间的一个或多个网关。客户端可以包括适合于向网关强烈认证客户端的显式强委派组件。显式强委托组件还可以向网关显式地委托代表客户端进行认证的权限，并定义显式授权有效的时间段。在系统不需要访问第三方证书或密钥分发机构的意义上，该系统可以被视为是独立的。最后，客户端代表客户端控制网关可以对其进行身份验证的网关或终端服务器。

22. 发明申请

US20110145566A1 Secret Encryption with Public or Delegated Comparison 有权
标题翻译：秘密加密与公开或委派比较
公开(公告)号：US20110145566A1
公开(公告)日：2011-06-16
申请号：US12637811
申请日：2009-12-15
申请人： Nir Nice , Yacov Yacobi
发明人： Nir Nice , Yacov Yacobi
IPC分类号： H04L9/00
CPC分类号： H04L9/002 , H04L9/3066 , H04L2209/08
摘要： Described is a technology comprising a system in which two distrusting parties can submit sets of encrypted keywords using two independent secret keys to a third party who can decide, using only public keys, if the underlying cleartext message of a cryptogram produced by one distrusting party matches that of a cryptogram produced by the other. The third party (e.g., a server) uses generator information corresponding to a generator of an elliptic curve group to determine whether the sets of encrypted keywords match each other. Various ways to provide the generator information based upon the generator are described. Also described is the use of one-ray randomization and two-way randomization as part of the system to protect against dictionary attacks.
摘要翻译：描述了一种技术，其包括一种系统，其中两个不信任方可以使用两个独立的秘密密钥向第三方提交一组加密的关键字，该第三方可以仅使用公钥来决定如果由一个不信任方产生的密码的底层明文消息匹配另一个密码产生的密码。第三方（例如，服务器）使用与椭圆曲线组的生成器相对应的生成器信息来确定加密关键字的集合是否彼此匹配。描述了基于发电机提供发电机信息的各种方式。还描述了使用单线随机化和双向随机化作为系统的一部分来防止字典攻击。

23. 发明申请

US20100218247A1 SERVICE ACCESS USING A SERVICE ADDRESS 有权
标题翻译：使用服务地址的服务访问
公开(公告)号：US20100218247A1
公开(公告)日：2010-08-26
申请号：US12389402
申请日：2009-02-20
申请人： Nir Nice , Jeromy S. Statia , Samer J. Karim
发明人： Nir Nice , Jeromy S. Statia , Samer J. Karim
IPC分类号： H04L9/32 , G06F15/16
CPC分类号： H04W12/00 , H04L61/2046 , H04L61/2084 , H04L61/6059 , H04L63/10 , H04L63/164 , H04L63/20 , H04L69/167
摘要： A method is disclosed that includes assigning a service address to a service of a private network. The service of the private network is accessible, via a gateway, by a client computer. The method also includes turning off duplicate address detection at the gateway. The gateway is associated with a public network address that is different from the service address.
摘要翻译：公开了一种方法，其包括将服务地址分配给专用网络的服务。私有网络的服务可以通过网关由客户端计算机访问。该方法还包括关闭网关上的重复地址检测。网关与不同于服务地址的公共网络地址相关联。

24. 发明授权

US10438268B2 Recommender system 有权
公开(公告)号：US10438268B2
公开(公告)日：2019-10-08
申请号：US13369318
申请日：2012-02-09
申请人： Nir Nice , Noam Koenigstein , Ulrich Paquet
发明人： Nir Nice , Noam Koenigstein , Ulrich Paquet
IPC分类号： G06Q30/06
摘要： Embodiments of the invention provide methods and apparatus for recommending items from a catalog of items to a user by parsing the catalog of items into a plurality of catalog clusters of related items and recommending catalog items to the user from catalog clusters to which items previously preferred by the user belong.

25. 发明授权

US10116580B2 Seamless location aware network connectivity 有权
公开(公告)号：US10116580B2
公开(公告)日：2018-10-30
申请号：US12163046
申请日：2008-06-27
申请人： Ehud Mordechai Itshaki , Nir Nice , Eugene John Neystadt , Noam Gershon Ben-Yochanan
发明人： Ehud Mordechai Itshaki , Nir Nice , Eugene John Neystadt , Noam Gershon Ben-Yochanan
IPC分类号： G06F15/16 , H04L12/911 , H04W76/10
摘要： Described is a technology by which a seamless automatic connection to an (e.g., corporate) network is made for a client device. Upon detecting a need for a connection to a network, such as by intercepting a communication directed towards a network destination, a list of available connection methods is automatically obtained based on the device's current location data (e.g., LAN or remote) and policy information. An available connection method from the list is selected, e.g., in order, and an attempt is made to establish a connection via that connection method. If the attempt fails, another attempt is made with a different connection method, and so on, until a connection method succeeds. Additional seamlessness from the user's perspective is provided via a credentials vault, by which stored credentials may be retrieved and used in association with the access method being attempted.

26. 发明授权

US09443084B2 Authentication in a network using client health enforcement framework 有权
标题翻译：使用客户端健康执行框架在网络中进行身份验证
公开(公告)号：US09443084B2
公开(公告)日：2016-09-13
申请号：US12338268
申请日：2008-12-18
申请人： Nir Nice , Anat Eyal , Chandrasekhar Nukala , Sreenivas Addagatla , Eugene Neystadt
发明人： Nir Nice , Anat Eyal , Chandrasekhar Nukala , Sreenivas Addagatla , Eugene Neystadt
IPC分类号： H04L29/06 , G06F21/57 , G06F21/31 , G06F21/33
CPC分类号： G06F21/577 , G06F21/31 , G06F21/33 , G06F2221/2129 , H04L63/08 , H04L63/1441
摘要： A network with authentication implemented using a client health enforcement framework. The framework is adapted to receive plug-ins on clients that generate health information. Corresponding plug-ins on a server validate that health information. Based on the results of validation, the server may instruct the client to remediate or may authorize an underlying access enforcement mechanism to allow access. A client plug-in that generates authentication information formatted as a statement of health may be incorporated into such a framework. Similarly, on the server, a validator to determine, based on the authentication information, whether the client should be granted network access can be incorporated into the framework. Authentication can be simply applied or modified by changing the plug-ins, while relying on the framework to interface with an enforcement mechanism. Functions of the health enforcement framework can be leveraged to provide authentication-based functionality, such as revoking authorized access after a period of user inactivity or in response to a user command.
摘要翻译：使用客户端健康执行框架实施认证的网络。该框架适用于在生成健康信息的客户端上接收插件。服务器上的相应插件验证该健康信息。基于验证的结果，服务器可以指示客户端修复或者可以授权底层访问执行机制以允许访问。生成格式为健康声明的认证信息的客户端插件可以并入到这样的框架中。类似地，在服务器上，验证器根据认证信息来确定客户端是否被授予网络访问可以并入到框架中。可以通过更改插件来简单地应用或修改身份验证，同时依靠框架与强制机制进行交互。可以利用健康执行框架的功能来提供基于身份验证的功能，例如在用户不活动期间或响应于用户命令之后撤销授权访问。

27. 发明授权

US08954897B2 Protecting a virtual guest machine from attacks by an infected host 有权
标题翻译：保护虚拟客机免受受感染主机的攻击
公开(公告)号：US08954897B2
公开(公告)日：2015-02-10
申请号：US12199812
申请日：2008-08-28
申请人： John Neystadt , Noam Ben-Yochanan , Nir Nice
发明人： John Neystadt , Noam Ben-Yochanan , Nir Nice
IPC分类号： G06F17/00
CPC分类号： G06F21/575 , G06F21/57 , G06F2221/2105 , H04L63/14 , H04L63/20
摘要： In a virtualization environment, a host machine on which a guest machine is operable is monitored to determine that it is healthy by being compliant with applicable policies (such as being up to date with the current security patches, running an anti-virus program, certified to run a guest machine, etc.) and free from malicious software or “malware” that could potentially disrupt or compromise the security of the guest machine. If the host machine is found to be non-compliant, then the guest machine is prevented from either booting up on the host machine or connecting to a network to ensure that the entire virtualization environment is compliant and that the guest machine, including its data and applications, etc., is protected against attacks that may be launched against it via malicious code that runs on the unhealthy host machine, or is isolated from the network until the non-compliancy is remediated.
摘要翻译：在虚拟化环境中，通过遵守适用的策略（例如最新的当前安全补丁，运行防病毒程序，认证的）来监视客户机可操作的主机，以确定它是健康的运行访客机器等），并且没有恶意软件或“恶意软件”可能会破坏或危及客机的安全性。如果发现主机不符合要求，则可以防止客机机器在主机上启动或连接到网络，以确保整个虚拟化环境是兼容的，并且客机包括其数据和应用程序等，可以防止可能通过恶意代码在不健康的主机上运行的攻击，或与网络隔离，直到不合规被修复。

28. 发明授权

US08935742B2 Authentication in a globally distributed infrastructure for secure content management 有权
标题翻译：全球分布式基础架构中的身份验证，用于安全内容管理
公开(公告)号：US08935742B2
公开(公告)日：2015-01-13
申请号：US12193070
申请日：2008-08-18
申请人： Nir Nice , Oleg Ananiev , John Wohlfert , Amit Finkelstein , Alik Teplitsky
发明人： Nir Nice , Oleg Ananiev , John Wohlfert , Amit Finkelstein , Alik Teplitsky
IPC分类号： H04L29/06 , G06F21/00 , G06F21/56 , G06F17/30 , G06F21/55 , G06F21/62 , G06Q30/02
CPC分类号： G06F21/56 , G06F17/30867 , G06F21/55 , G06F21/629 , G06F2221/2115 , G06F2221/2141 , G06F2221/2149 , G06F2221/2151 , G06Q30/0204 , G06Q30/0215 , H04L63/0281 , H04L63/14 , H04L63/20
摘要： Secure content management is enabled as a cloud-based service through which security protection and policy enforcement may be implemented for both on-premise network users and roaming users. The global SCM service integrates the security functionalities—such as anti-virus, spyware, and phishing protection, firewall, intrusion detection, centralized management, and the like—that are typically provided by enterprise network SCM appliance hardware or servers into a cloud-based service that users reach via Internet-based points-of-presence (“POPs”). The POPs are configured with forward proxy servers, and in some implementations, caching and network acceleration components, and coupled to hubs which provide configuration management and identity management services such as active directory services.
摘要翻译：启用安全内容管理作为基于云的服务，通过该服务可以为内部部署的网络用户和漫游用户实施安全保护和策略强制。全球SCM服务将通常由企业网络SCM设备硬件或服务器提供的安全功能（如防病毒，间谍软件和网络钓鱼保护，防火墙，入侵检测，集中管理等）集成到基于云的用户通过基于互联网的在线点（“POPs”）达成的服务。 POP被配置有转发代理服务器，并且在一些实现中，缓存和网络加速组件，并且耦合到提供诸如主动目录服务的配置管理和身份管理服务的集线器。

29. 发明授权

US08739289B2 Hardware interface for enabling direct access and security assessment sharing 有权
标题翻译：用于实现直接访问和安全评估共享的硬件接口
公开(公告)号：US08739289B2
公开(公告)日：2014-05-27
申请号：US12144863
申请日：2008-06-24
申请人： Nir Nice , Lee F. Walker
发明人： Nir Nice , Lee F. Walker
IPC分类号： H04L9/00 , H04L29/06
CPC分类号： H04L63/0485
摘要： Native IPv6 capabilities are provided to an IPv4 network node, device, or endpoint using a hardware interface that supports network communication under a Direct Access model. The Direct Access model supports IPv6 communication with IPsec and enforces Network Access Protection (“NAP”) health requirement policies for endpoints that are network clients. A Direct Access-ready server is enabled using a hardware interface that implements IPv4 to IPv6 translation and optionally IPsec termination capability. A Direct Access-ready client is enabled using a hardware interface that implements IPv4 to IPv6 translation, IPsec termination capability, and which optionally provides NAP (Network Access Protection) capabilities for Direct Access-ready clients that are configured as mobile information appliances. The hardware interface may be implemented as a network interface card (“NIC”) or as a chipset.
摘要翻译：本地IPv6功能使用支持直接访问模式下的网络通信的硬件接口提供给IPv4网络节点，设备或端点。直接访问模式支持与IPsec的IPv6通信，并对作为网络客户端的端点实施网络访问保护（“NAP”）健康要求策略。使用实现IPv4到IPv6转换和可选的IPsec终止功能的硬件接口启用直接访问就绪服务器。使用实现IPv4到IPv6转换，IPsec终止功能的硬件接口启用直接访问就绪客户端，并且可选地为配置为移动信息设备的直接访问就绪客户端提供NAP（网络访问保护）功能。硬件接口可以实现为网络接口卡（“NIC”）或芯片组。

30. 发明授权

US08719582B2 Access control using identifiers in links 有权
标题翻译：访问控制使用链接中的标识符
公开(公告)号：US08719582B2
公开(公告)日：2014-05-06
申请号：US12396500
申请日：2009-03-03
申请人： John Neystadt , Nir Nice
发明人： John Neystadt , Nir Nice
IPC分类号： G06F21/00 , G06F21/10 , H04L29/06 , G07F7/10 , G06F21/64 , G06F21/34 , G06F21/31 , G06Q20/34
CPC分类号： G06F21/10 , G06F21/6209 , G06F2221/2101 , G06F2221/2137 , G06F2221/2151 , G06Q20/341 , G07F7/1008 , H04L9/3213 , H04L9/3271 , H04L9/3297 , H04L63/0428 , H04L63/083 , H04L2209/603
摘要： Methods, systems, and computer-readable media are disclosed for access control. A particular method receives a resource access identifier associated with a shared computing resource and embeds the resource access identifier into a link to the shared resource. The link to the shared resource is inserted into an information element. An access control scheme is associated with the information element to generate a protected information element, and the protected information element is sent to a destination computing device.
摘要翻译：公开了用于访问控制的方法，系统和计算机可读介质。特定方法接收与共享计算资源相关联的资源访问标识符，并将资源访问标识符嵌入到共享资源的链接中。到共享资源的链接被插入到信息元素中。访问控制方案与信息元素相关联以生成受保护的信息元素，并且将受保护的信息元素发送到目的地计算设备。

你已经成功收藏专利！

检索式保存成功!

IPRDB

热门服务

关于我们

友情链接

联系方式