专利快速检索-快速检索全球专利，免费商用专利数据库-IPRDB

1. 发明申请

US20120297491A1 NETWORK SECURITY SMART LOAD BALANCING 有权
标题翻译：网络安全智能负载平衡
公开(公告)号：US20120297491A1
公开(公告)日：2012-11-22
申请号：US13431989
申请日：2012-03-28
申请人： Omer Schory , Ofer Raz , Oded Gonda
发明人： Omer Schory , Ofer Raz , Oded Gonda
IPC分类号： G06F21/24 , G06F15/173
CPC分类号： H04L63/0218 , H04L29/12481 , H04L61/2557
摘要： A system and method for protecting data communications in a system including a toad-balancer connected to a cluster of security network components, e.g. firewall node. The load-balancer transfers one or more of the data streams respectively to the security components. The security network components transmit control information to the load-balancer and the control information includes an instruction regarding balancing load of the data streams between said components; The load-balancer balances load based on the control information. Preferably, network address translation (NAT) is performed by the load-balancer based on the control information or NAT is performed by the security network component and the control information includes information regarding an expected connection based on NAT. Preferably, when the data communications includes an encrypted session, an encrypted connection of the encrypted session is identified based on the control information and the balancing of the load maintains stickiness of said encrypted connection.
摘要翻译：一种用于保护系统中的数据通信的系统和方法，包括连接到安全网络组件集群的蟾蜍平衡器，例如。防火墙节点。负载均衡器将一个或多个数据流分别传送到安全组件。安全网络组件将控制信息发送到负载平衡器，并且控制信息包括关于平衡所述组件之间的数据流的负载的指令; 负载均衡器根据控制信息平衡负载。优选地，基于控制信息由负载平衡器执行网络地址转换（NAT），或者由安全网络组件执行NAT，并且控制信息包括关于基于NAT的预期连接的信息。优选地，当数据通信包括加密会话时，基于控制信息和负载的平衡来识别加密会话的加密连接，保持所述加密连接的粘性。

2. 发明授权

US08726008B2 Network security smart load balancing 有权
标题翻译：网络安全智能负载均衡
公开(公告)号：US08726008B2
公开(公告)日：2014-05-13
申请号：US13431989
申请日：2012-03-28
申请人： Omer Schory , Ofer Raz , Oded Gonda
发明人： Omer Schory , Ofer Raz , Oded Gonda
IPC分类号： G06F21/24 , H04L29/06
CPC分类号： H04L63/0218 , H04L29/12481 , H04L61/2557
摘要： A system and method for protecting data communications in a system including a load-balancer connected to a cluster of security network components, e.g. firewall node. The load-balancer transfers one or more of the data streams respectively to the security components. The security network components transmit control information to the load-balancer and the control information includes an instruction regarding balancing load of the data streams between said components; The load-balancer balances load based on the control information. Preferably, network address translation (NAT) is performed by the load-balancer based on the control information or NAT is performed by the security network component and the control information includes information regarding an expected connection based on NAT. Preferably, when the data communications includes an encrypted session, an encrypted connection of the encrypted session is identified based on the control information and the balancing of the load maintains stickiness of said encrypted connection.
摘要翻译：一种用于保护系统中的数据通信的系统和方法，包括连接到安全网络组件集群的负载平衡器，例如，防火墙节点。负载均衡器将一个或多个数据流分别传送到安全组件。安全网络组件将控制信息发送到负载平衡器，并且控制信息包括关于平衡所述组件之间的数据流的负载的指令; 负载均衡器根据控制信息平衡负载。优选地，基于控制信息由负载平衡器执行网络地址转换（NAT），或者由安全网络组件执行NAT，并且控制信息包括关于基于NAT的预期连接的信息。优选地，当数据通信包括加密会话时，基于控制信息和负载的平衡来识别加密会话的加密连接，保持所述加密连接的粘性。

3. 发明授权

US08161188B2 Devices and methods for providing network access control utilizing traffic-regulation hardware 有权
标题翻译：使用交通规则硬件提供网络访问控制的设备和方法
公开(公告)号：US08161188B2
公开(公告)日：2012-04-17
申请号：US12114778
申请日：2008-05-04
申请人： Oded Gonda , Yaron Sheffer
发明人： Oded Gonda , Yaron Sheffer
IPC分类号： G06F15/173
CPC分类号： H04L63/0227 , H04L63/0218
摘要： Disclosed are devices and methods for providing network access control utilizing traffic-regulation hardware, the device including: at least one client-side port for operationally connecting to a client system; at least one network-side port for operationally connecting to a network; a logic module for regulating network traffic, based on device-related data, between the ports, the logic module including: a memory unit for storing and loading the device-related data; and a CPU for processing the device-related data; and at least one relay, between at least one respective client-side port and at least one respective network-side port, configured to open upon receiving a respective network-access-denial command from the logic module. Preferably, the logic module is configured to maintain an open-relay line-rate when at least one relay is open, and to maintain a closed-relay line-rate when at least one relay is closed.
摘要翻译：公开了利用交通管制硬件提供网络访问控制的设备和方法，该设备包括：用于操作地连接到客户端系统的至少一个客户端端口; 至少一个用于操作地连接到网络的网络侧端口; 逻辑模块，用于根据设备相关的数据，在端口之间调节网络流量，所述逻辑模块包括：用于存储和加载所述设备相关数据的存储器单元; 以及用于处理设备相关数据的CPU; 以及至少一个中继站，在至少一个相应的客户侧端口和至少一个相应的网络侧端口之间，被配置为在从逻辑模块接收到相应的网络访问拒绝命令时打开。优选地，逻辑模块被配置为当至少一个继电器断开时维持开路继电器线路速率，并且当至少一个继电器闭合时保持闭路继电器线路速率。

4. 发明授权

US09137204B2 Network security smart load balancing 有权
标题翻译：网络安全智能负载均衡
公开(公告)号：US09137204B2
公开(公告)日：2015-09-15
申请号：US11345341
申请日：2006-02-02
申请人： Omer Schory , Ofer Raz , Oded Gonda
发明人： Omer Schory , Ofer Raz , Oded Gonda
IPC分类号： H04L29/06 , H04L29/12
CPC分类号： H04L63/0218 , H04L29/12481 , H04L61/2557
摘要： A system and method for protecting data communications in a system including a load-balancer connected to a cluster of security network components, e.g. firewall node. The load-balancer transfers one or more of the data streams respectively to the security components. The security network components transmit control information to the load-balancer and the control information includes an instruction regarding balancing load of the data streams between said security network components; The load-balancer balances load based on the control information. Preferably, network address translation is performed by the load-balancer based on the control information or network address translation is performed by the security network component and the control information includes information regarding an expected connection based on the network address translation. Preferably, when the data communications includes an encrypted session, an encrypted connection of the encrypted session is identified based on the control information and the balancing of the load maintains stickiness of said encrypted connection.
摘要翻译：一种用于保护系统中的数据通信的系统和方法，包括连接到安全网络组件集群的负载平衡器，例如，防火墙节点。负载均衡器将一个或多个数据流分别传送到安全组件。所述安全网络组件将控制信息发送到所述负载平衡器，并且所述控制信息包括关于在所述安全网络组件之间平衡负载的数据流的指令; 负载均衡器根据控制信息平衡负载。优选地，基于控制信息由负载平衡器执行网络地址转换，或者由安全网络组件执行网络地址转换，并且控制信息包括关于基于网络地址转换的预期连接的信息。优选地，当数据通信包括加密会话时，基于控制信息和负载的平衡来识别加密会话的加密连接，保持所述加密连接的粘性。

5. 发明授权

US08776017B2 Scripting language processing engine in data leak prevention application 有权
标题翻译：数据泄漏预防应用程序中的脚本语言处理引擎
公开(公告)号：US08776017B2
公开(公告)日：2014-07-08
申请号：US12843056
申请日：2010-07-26
申请人： Amnon Perlmutter , Aviad Mor , Oded Gonda , Ofer Raz , Matt LeGrow
发明人： Amnon Perlmutter , Aviad Mor , Oded Gonda , Ofer Raz , Matt LeGrow
IPC分类号： G06F9/44
CPC分类号： G06F21/6218
摘要： A data leak prevention application that categorizes documents by data type is provided, a data type being a sensitivity classification of a document based on what data the document contains. A scripting language processing engine is embedded into the data leak prevention application, the scripting language forming part of the application as hard code. A user configures interaction of the scripting language processing engine with the application. The configuring may include modifying or adding code or setting criteria for when code portions of the scripting language processing engine activates. The scripting language processing engine is activated to enhance an accuracy of an existing data type or so as to detect a new data type. Upon enhancing the accuracy of the data type, documents may be re-categorized.
摘要翻译：提供了按照数据类型对文档进行分类的数据泄漏预防应用程序，数据类型是基于文档包含的数据的文档的灵敏度分类。将脚本语言处理引擎嵌入到数据泄漏预防应用程序中，将脚本语言构成应用程序的一部分作为硬编码。用户配置脚本语言处理引擎与应用程序的交互。配置可以包括修改或添加代码或设置标准，以便脚本语言处理引擎的代码部分激活。激活脚本语言处理引擎以提高现有数据类型的准确性，或者检测新的数据类型。在提高数据类型的准确性时，文档可能会被重新分类。

6. 发明申请

US20070180226A1 Network security smart load balancing field and background of the invention 有权
标题翻译：网络安全智能负载平衡领域和本发明背景
公开(公告)号：US20070180226A1
公开(公告)日：2007-08-02
申请号：US11345341
申请日：2006-02-02
申请人： Omer Schory , Ofer Raz , Oded Gonda
发明人： Omer Schory , Ofer Raz , Oded Gonda
IPC分类号： G06F15/16 , H04L9/00 , G06F12/14 , G06F17/00 , H04L9/32 , G06F9/00 , G06F11/30
CPC分类号： H04L63/0218 , H04L29/12481 , H04L61/2557
摘要： A system and method for protecting data communications in a system including a load-balancer connected to a cluster of security network components, e.g. firewall node. The load-balancer transfers one or more of the data streams respectively to the security components. The security network components transmit control information to the load-balancer and the control information includes an instruction regarding balancing load of the data streams between said security network components; The load-balancer balances load based on the control information. Preferably, network address translation is performed by the load-balancer based on the control information or network address translation is performed by the security network component and the control information includes information regarding an expected connection based on the network address translation. Preferably, when the data communications includes an encrypted session, an encrypted connection of the encrypted session is identified based on the control information and the balancing of the load maintains stickiness of said encrypted connection.
摘要翻译：一种用于保护系统中的数据通信的系统和方法，包括连接到安全网络组件集群的负载平衡器，例如，防火墙节点。负载均衡器将一个或多个数据流分别传送到安全组件。所述安全网络组件将控制信息发送到所述负载平衡器，并且所述控制信息包括关于在所述安全网络组件之间平衡负载的数据流的指令; 负载均衡器根据控制信息平衡负载。优选地，基于控制信息由负载平衡器执行网络地址转换，或者由安全网络组件执行网络地址转换，并且控制信息包括关于基于网络地址转换的预期连接的信息。优选地，当数据通信包括加密会话时，基于控制信息和负载的平衡来识别加密会话的加密连接，保持所述加密连接的粘性。

7. 发明授权

US09130777B2 Methods and systems for using a vault server in conjunction with a client-side restricted-execution vault-mail environment 有权
标题翻译：使用保管库服务器与客户端受限执行的保管库邮件环境结合使用的方法和系统
公开(公告)号：US09130777B2
公开(公告)日：2015-09-08
申请号：US12273567
申请日：2008-11-19
申请人： Oded Gonda , Ofer Raz , Alon Kantor , Uri Bialik , Yoav Kirsch
发明人： Oded Gonda , Ofer Raz , Alon Kantor , Uri Bialik , Yoav Kirsch
IPC分类号： H04L12/58 , G06Q10/10 , H04L29/06
CPC分类号： H04L12/583 , G06Q10/107 , H04L51/063 , H04L51/12 , H04L51/34 , H04L63/08 , H04L63/20
摘要： Disclosed are methods, media, and vault servers for providing a secure messaging system using vault servers in conjunction with client-side restricted-execution vault-mail environments. Methods include the steps of upon activating a vault-mail message containing sensitive content, removing the content from the vault-mail message; placing the content on a vault server; creating a link in the vault-mail message to the content on the vault server; sending the vault-mail message to a designated recipient; and upon activating the link, allowing the content to be only viewed in a restricted-execution session of a client application, wherein the restricted-execution session does not allow the content to be altered, copied, stored, printed, forwarded, or otherwise executed. Preferably, the activation of the vault-mail message is performed by a network-security gateway, and can be performed on a per-message basis. Preferably, the activation of the link requires user authentication which may be designated during activation of the vault-mail message on a per-message basis based on said content. Preferably, the restricted-execution session enforces a security policy.
摘要翻译：公开了方法，媒体和保管库服务器，用于使用保管库服务器与客户端受限执行的保管库邮件环境一起提供安全邮件系统。方法包括以下步骤：激活包含敏感内容的保管箱邮件消息，从文件库邮件消息中移除内容; 将内容放置在保管库服务器上; 在保管库邮件消息中创建一个到保管库服务器上的内容的链接; 将保险库邮件发送给指定的收件人; 并且在激活链接时，允许仅在客户端应用的受限执行会话中观看内容，其中，限制执行会话不允许改变，复制，存储，打印，转发或以其他方式执行内容。优选地，保险库邮件消息的激活由网络安全网关执行，并且可以基于每个消息来执行。优选地，链接的激活需要用户认证，其可以在基于所述内容的基于每个消息的激活邮箱消息期间被指定。优选地，限制执行会话强制执行安全策略。

8. 发明申请

US20120023480A1 SCRIPTING LANGUAGE PROCESSING ENGINE IN DATA LEAK PREVENTION APPLICATION 有权
标题翻译：数据泄漏预防应用中的语言处理引擎
公开(公告)号：US20120023480A1
公开(公告)日：2012-01-26
申请号：US12843056
申请日：2010-07-26
申请人： Amnon Perlmutter , Aviad Mor , Oded Gonda , Ofer Raz , Matt LeGrow
发明人： Amnon Perlmutter , Aviad Mor , Oded Gonda , Ofer Raz , Matt LeGrow
IPC分类号： G06F9/44
CPC分类号： G06F21/6218
摘要： A data leak prevention application that categorizes documents by data type is provided, a data type being a sensitivity classification of a document based on what data the document contains. A scripting language processing engine is embedded into the data leak prevention application, the scripting language forming part of the application as hard code. A user configures interaction of the scripting language processing engine with the application. The configuring may include modifying or adding code or setting criteria for when code portions of the scripting language processing engine activates. The scripting language processing engine is activated to enhance an accuracy of an existing data type or so as to detect a new data type. Upon enhancing the accuracy of the data type, documents may be re-categorized.
摘要翻译：提供了按照数据类型对文档进行分类的数据泄漏预防应用程序，数据类型是基于文档包含的数据的文档的灵敏度分类。将脚本语言处理引擎嵌入到数据泄漏预防应用程序中，将脚本语言构成应用程序的一部分作为硬编码。用户配置脚本语言处理引擎与应用程序的交互。配置可以包括修改或添加代码或设置标准，以便脚本语言处理引擎的代码部分激活。激活脚本语言处理引擎以提高现有数据类型的准确性，或者检测新的数据类型。在提高数据类型的准确性时，文档可能会被重新分类。

9. 发明申请

US20100125637A1 METHODS AND SYSTEMS FOR USING A VAULT SERVER IN CONJUNCTION WITH A CLIENT-SIDE RESTRICTED-EXECUTION VAULT-MAIL ENVIRONMENT 有权
标题翻译：使用连接客户端限制执行恶意邮件环境的维护服务器的方法和系统
公开(公告)号：US20100125637A1
公开(公告)日：2010-05-20
申请号：US12273567
申请日：2008-11-19
申请人： Oded GONDA , Ofer Raz , Alon Kantor , Uri Bialik , Yoav Kirsch
发明人： Oded GONDA , Ofer Raz , Alon Kantor , Uri Bialik , Yoav Kirsch
IPC分类号： G06F15/16
CPC分类号： H04L12/583 , G06Q10/107 , H04L51/063 , H04L51/12 , H04L51/34 , H04L63/08 , H04L63/20
摘要： Disclosed are methods, media, and vault servers for providing a secure messaging system using vault servers in conjunction with client-side restricted-execution vault-mail environments. Methods include the steps of upon activating a vault-mail message containing sensitive content, removing the content from the vault-mail message; placing the content on a vault server; creating a link in the vault-mail message to the content on the vault server; sending the vault-mail message to a designated recipient; and upon activating the link, allowing the content to be only viewed in a restricted-execution session of a client application, wherein the restricted-execution session does not allow the content to be altered, copied, stored, printed, forwarded, or otherwise executed. Preferably, the activation of the vault-mail message is performed by a network-security gateway, and can be performed on a per-message basis. Preferably, the activation of the link requires user authentication which may be designated during activation of the vault-mail message on a per-message basis based on said content. Preferably, the restricted-execution session enforces a security policy.
摘要翻译：公开了方法，媒体和保管库服务器，用于使用保管库服务器与客户端受限执行的保管库邮件环境一起提供安全邮件系统。方法包括以下步骤：激活包含敏感内容的保管箱邮件消息，从文件库邮件消息中移除内容; 将内容放置在保管库服务器上; 在保管库邮件消息中创建一个到保管库服务器上的内容的链接; 将保险库邮件发送给指定的收件人; 并且在激活链接时，允许仅在客户端应用的受限执行会话中观看内容，其中，限制执行会话不允许改变，复制，存储，打印，转发或以其他方式执行内容。优选地，保险库邮件消息的激活由网络安全网关执行，并且可以基于每个消息来执行。优选地，链接的激活需要用户认证，其可以在基于所述内容的基于每个消息的激活邮箱消息期间被指定。优选地，限制执行会话强制执行安全策略。

10. 发明申请

US20090276538A1 DEVICES AND METHODS FOR PROVIDING NETWORK ACCESS CONTROL UTILIZING TRAFFIC-REGULATION HARDWARE 有权
标题翻译：使用交通规则硬件提供网络访问控制的设备和方法
公开(公告)号：US20090276538A1
公开(公告)日：2009-11-05
申请号：US12114778
申请日：2008-05-04
申请人： Oded Gonda , Yaron Sheffer
发明人： Oded Gonda , Yaron Sheffer
IPC分类号： G06F15/16
CPC分类号： H04L63/0227 , H04L63/0218
摘要： Disclosed are devices and methods for providing network access control utilizing traffic-regulation hardware, the device including: at least one client-side port for operationally connecting to a client system; at least one network-side port for operationally connecting to a network; a logic module for regulating network traffic, based on device-related data, between the ports, the logic module including: a memory unit for storing and loading the device-related data; and a CPU for processing the device-related data; and at least one relay, between at least one respective client-side port and at least one respective network-side port, configured to open upon receiving a respective network-access-denial command from the logic module. Preferably, the logic module is configured to maintain an open-relay line-rate when at least one relay is open, and to maintain a closed-relay line-rate when at least one relay is closed.
摘要翻译：公开了利用交通管制硬件提供网络访问控制的设备和方法，该设备包括：用于操作地连接到客户端系统的至少一个客户端端口; 至少一个用于操作地连接到网络的网络侧端口; 逻辑模块，用于根据设备相关的数据，在端口之间调节网络流量，所述逻辑模块包括：用于存储和加载所述设备相关数据的存储器单元; 以及用于处理设备相关数据的CPU; 以及至少一个中继站，在至少一个相应的客户侧端口和至少一个相应的网络侧端口之间，被配置为在从逻辑模块接收到相应的网络访问拒绝命令时打开。优选地，逻辑模块被配置为当至少一个继电器断开时维持开路继电器线路速率，并且当至少一个继电器闭合时保持闭路继电器线路速率。

你已经成功收藏专利！

检索式保存成功!

IPRDB

热门服务

关于我们

友情链接

联系方式