专利快速检索-快速检索全球专利，免费商用专利数据库-IPRDB

31. 发明授权

US07707619B2 Method and system for troubleshooting when a program is adversely impacted by a security policy 有权
标题翻译：用于在程序受到安全策略的不利影响时进行故障排除的方法和系统
公开(公告)号：US07707619B2
公开(公告)日：2010-04-27
申请号：US11045733
申请日：2005-01-28
申请人： Art Shelest , Pradeep Bahl , Scott A. Field
发明人： Art Shelest , Pradeep Bahl , Scott A. Field
IPC分类号： H04L29/00
CPC分类号： H04L63/10 , G06F11/079 , G06F21/53 , G06F21/554
摘要： A method and system for selectively excluding a program from a security policy is provided. The security system receives from a user an indication of a program with a problem that is to be excluded from the security policy. When the program executes and a security enforcement event occurs, the security system does not apply the security policy. If the problem appears to be resolved as a result of excluding the program from the security policy, then the user may assume that the security policy is the cause of the problem.
摘要翻译：提供了一种用于从安全策略中选择性地排除程序的方法和系统。安全系统从用户接收到具有要从安全策略中排除的问题的程序的指示。当程序执行并发生安全执行事件时，安全系统不应用安全策略。如果由于从安全策略中排除程序，问题似乎得到解决，那么用户可能认为安全策略是问题的原因。

32. 发明授权

US07559082B2 Method of assisting an application to traverse a firewall 有权
标题翻译：协助应用程序穿越防火墙的方法
公开(公告)号：US07559082B2
公开(公告)日：2009-07-07
申请号：US10603648
申请日：2003-06-25
申请人： Dennis Morgan , Alexandru Gavrilescu , Jonathan L. Burstein , Art Shelest , David LeBlanc
发明人： Dennis Morgan , Alexandru Gavrilescu , Jonathan L. Burstein , Art Shelest , David LeBlanc
IPC分类号： H04L29/06
CPC分类号： H04L63/0227 , H04L63/0218 , H04L63/029
摘要： A method for a firewall-aware application to communicate its expectations to a firewall without requiring the firewall to change its policy or compromise network security. An application API is provided for applications to inform a firewall or firewalls of the application's needs, and a firewall API is provided that informs the firewall or firewalls of the application's needs. An interception module watches for connect and listen attempts by applications and services to the network stack on the local computer. The interception module traps these attempts and determines what user is making the attempt, what application or service is making the attempt, and conducts a firewall policy look-up to determine whether the user and/or application or service are allowed to connect to the network. If so, the interception module may instruct the host and/or edge firewall to configure itself for the connection being requested.
摘要翻译：防火墙感知应用程序将其期望传达到防火墙的方法，而不需要防火墙更改其策略或损害网络安全性。为应用程序提供应用程序API以通知防火墙或防火墙应用程序的需求，并提供防火墙API，通知防火墙或防火墙应用程序的需求。拦截模块监视应用程序和服务对本地计算机上的网络堆栈的连接和监听尝试。拦截模块捕获这些尝试，并确定用户正在进行的尝试，什么应用程序或服务正在进行尝试，并进行防火墙策略查找，以确定是否允许用户和/或应用程序或服务连接到网络。如果是这样，则拦截模块可以指示主机和/或边缘防火墙为正在请求的连接配置自身。

33. 发明授权

US07299491B2 Authenticated domain name resolution 有权
标题翻译：经过身份验证的域名解析
公开(公告)号：US07299491B2
公开(公告)日：2007-11-20
申请号：US10427458
申请日：2003-04-30
申请人： Art Shelest , James M. Gilroy
发明人： Art Shelest , James M. Gilroy
IPC分类号： H04L9/32 , G06F17/30
CPC分类号： H04L63/08
摘要： Methods, systems, and computer program products for resolving domain name system records based on client authentication. Basing domain name resolution on client authentication provides remote clients with the convenience of domain names, without sacrificing the security of keeping potentially sensitive domain names private. An authoritative name server receives requests for domain name resolution from clients. For requests without client authentication, the authoritative name server responds that the domain name cannot be found. This response identifies the authoritative name server to the client so that the client can submit subsequent requests with client authentication. For requests with client authentication, the authoritative name server responds with the corresponding domain name addresses. Client may communicate domain name resolution requests directly to the authoritative name server or indirection, through one or more intermediate domain name servers. Client authentication may occur over a secure connection with the authoritative name server.
摘要翻译：方法，系统和计算机程序产品，用于根据客户端认证来解析域名系统记录。基于客户端身份验证的域名解析为远程客户端提供了方便的域名，而不会牺牲将潜在敏感域名保密的安全性。权威的名称服务器从客户端接收域名解析请求。对于没有客户端认证的请求，权威名称服务器会响应找不到域名。此响应标识客户端的权威名称服务器，以便客户端可以使用客户端身份验证提交后续请求。对于具有客户端身份验证的请求，权威名称服务器将使用相应的域名地址进行响应。客户端可以通过一个或多个中间域名服务器将域名解析请求直接传递给权威名称服务器或间接。通过与权威名称服务器的安全连接可能会发生客户端身份验证。

34. 发明申请

US20070061574A1 Methods and Systems for Unilateral Authentication of Messages 有权
标题翻译：消息单向认证的方法和系统
公开(公告)号：US20070061574A1
公开(公告)日：2007-03-15
申请号：US11555573
申请日：2006-11-01
申请人： Art Shelest , David Thaler , Gregory O'Shea , Michael Roe , Brian Zill
发明人： Art Shelest , David Thaler , Gregory O'Shea , Michael Roe , Brian Zill
IPC分类号： H04L9/00
CPC分类号： H04L9/3247 , H04L2209/60 , H04L2209/805
摘要： Disclosed is an authentication mechanism that enables an information recipient to ascertain that the information comes from the sender it purports to be from. This mechanism integrates a private/public key pair with selection by the sender of a portion of its address. The sender derives its address from its public key, for example, by using a hash of the key. The recipient verifies the association between the address and the sender's private key. The recipient may retrieve the key from an insecure resource and know that it has the correct key because only that key can produce the sender's address in the message. The hash may be made larger than the sender-selectable portion of the address. The recipient may cache public key/address pairs and use the cache to detect brute force attacks and to survive denial of service attacks. The mechanism may be used to optimize security negotiation algorithms.
摘要翻译：公开了一种认证机制，其使得信息接收者能够确定信息来自其看来是来自的发送者。该机制将私钥/公钥对与发送方的地址的一部分进行选择进行集成。发件人从其公钥中导出其地址，例如通过使用密钥的散列。收件人验证地址和发件人私钥之间的关联。收件人可以从不安全的资源中检索密钥，并且知道它具有正确的密钥，因为只有该密钥可以在消息中产生发送者的地址。可以使该散列大于地址的发送者可选部分。收件人可以缓存公共密钥/地址对，并使用缓存来检测暴力攻击并生存拒绝服务攻击。该机制可用于优化安全协商算法。

35. 发明申请

US20060161965A1 Method and system for separating rules of a security policy from detection criteria 有权
公开(公告)号：US20060161965A1
公开(公告)日：2006-07-20
申请号：US11039637
申请日：2005-01-19
申请人： Art Shelest , Scott Field , Subhashini Raghunathan
发明人： Art Shelest , Scott Field , Subhashini Raghunathan
IPC分类号： H04L9/00 , G06F17/00 , H04K1/00
CPC分类号： G06F21/55
摘要： A method and system that enables a security policy to separate developer-provided detection criteria from an administrator-provided custom policy is provided. The security system allows a developer of detection criteria to provide a signature file containing the signatures that are available for use by a security policy. The security system also allows an administrator of a computer system to specify a custom policy that uses the signatures of the signature file. The developer may distribute the signature file to host computer systems independently of the administrator's distribution of the rules of the custom policy to the host computer systems. When a security enforcement event occurs at the host computer system, the security system applies the rules of the security policy to the event.

36. 发明申请

US20060136374A1 System and method for utilizing a search engine to prevent contamination 审中-公开
标题翻译：利用搜索引擎防止污染的系统和方法
公开(公告)号：US20060136374A1
公开(公告)日：2006-06-22
申请号：US11013440
申请日：2004-12-17
申请人： Art Shelest , Eytan Seidman
发明人： Art Shelest , Eytan Seidman
IPC分类号： G06F17/30
CPC分类号： G06F21/564 , G06F21/566 , G06F2221/2119
摘要： A system and method are incorporated within a search engine for preventing proliferation of malicious searchable content. The system includes a detection mechanism for detecting malicious searchable content within searchable content traversed by a web crawler. The system additionally includes a presentation mechanism for handling the detected malicious searchable content upon determination that the malicious searchable content is included in search results provided by the search engine. The presentation mechanism handles the detected malicious searchable content in order to prevent proliferation of the malicious searchable content to a receiver of the search results.
摘要翻译：在搜索引擎中并入系统和方法以防止恶意可搜索内容的扩散。该系统包括用于检测由网络抓取器遍历的可搜索内容内的恶意可搜索内容的检测机制。该系统另外包括一种呈现机制，用于在确定恶意可搜索内容被包括在由搜索引擎提供的搜索结果中时处理检测到的恶意可搜索内容。呈现机制处理检测到的恶意可搜索内容，以防止恶意可搜索内容向搜索结果的接收者的扩散。

37. 发明申请

US20060048209A1 Method and system for customizing a security policy 有权
公开(公告)号：US20060048209A1
公开(公告)日：2006-03-02
申请号：US10930713
申请日：2004-08-31
申请人： Art Shelest , Richard Tarquini
发明人： Art Shelest , Richard Tarquini
IPC分类号： H04L9/00
CPC分类号： H04L63/102 , G06F21/554 , H04L29/06 , H04L63/1416
摘要： An intrusion detection system for customizing a security policy that detects an attempt to exploit a vulnerability is provided. A security policy contains criteria and a procedure. The criteria specify attributes of a security event that may be an exploitation, and the procedure specifies instructions to be performed that indicate when a security event may be an exploitation. When the criteria and the procedure both indicate that a security event may be an exploitation, then the security event matches the security policy and an appropriate action is taken. The intrusion detection system allows a user to modify the criteria to customize the security policy.

38. 发明申请

US20050257252A1 Method for protecting privileged device functions 审中-公开
标题翻译：保护特权设备功能的方法
公开(公告)号：US20050257252A1
公开(公告)日：2005-11-17
申请号：US11116887
申请日：2005-04-27
申请人： Art Shelest
发明人： Art Shelest
IPC分类号： H04L9/00 , H04L29/06 , H04N5/00
CPC分类号： H04N21/6543 , H04L63/0853 , H04L63/102 , H04L2463/101 , H04N21/44236
摘要： A system and method are incorporated within electronic devices for preventing unauthorized use of privileged functions by legitimate or illegitimate users. The system includes a trusted agent, a secure communication channel between the trusted agent and the device, and an interface for the user to communicate with the trusted agent.
摘要翻译：系统和方法被并入电子设备中以防止合法或非法用户未授权使用特权功能。系统包括可信代理，可信代理和设备之间的安全通信信道，以及用于用户与可信代理通信的接口。

你已经成功收藏专利！

检索式保存成功!

IPRDB

热门服务

关于我们

友情链接

联系方式