会员体验
专利管家(专利管理)
工作空间(专利管理)
风险监控(情报监控)
数据分析(专利分析)
侵权分析(诉讼无效)
联系我们
交流群
官方交流:
QQ群: 891211   
微信请扫码    >>>
现在联系顾问~
热词
    • 1. 发明授权
    • Method and apparatus for determining secure endpoints of tunnels in a network that uses internet security protocol
    • 用于确定使用互联网安全协议的网络中隧道的安全端点的方法和装置
    • US07207063B1
    • 2007-04-17
    • US09990814
    • 2001-11-15
    • Scott Fluhrer
    • Scott Fluhrer
    • G06F9/00G06F15/16G06F17/00G06F15/177G06F15/173H04L9/00
    • H04L63/0272H04L63/0281H04L63/029H04L63/10H04L63/164
    • A method for establishing a secure connection between two network devices, such as a source end host and a destination end host, is disclosed. An initiator peer that sends network traffic on behalf of the source end host sends to a responder peer a first description of network traffic that is to be protected. In response, the initiator peer receives a second description of network traffic that is to be protected from the responder peer. The initiator peer then derives a third description of network traffic that is mutually acceptable to both the initiator peer and the responder peer. The third description of the network traffic is based on the first description of network traffic and the second description of the network traffic. The third description of network traffic is derived by finding the largest common subset of proxies from the first and second descriptions of network traffic.
    • 公开了一种用于在诸如源端主机和目的端终端主机之间的两个网络设备之间建立安全连接的方法。 代表源端主机发送网络流量的发起方对等体向应答者对等体发送要保护的网络流量的第一个描述。 作为响应,发起方对等体接收到将被保护的响应者对等体的网络流量的第二描述。 发起方对等体然后得出发起者对等体和响应者对等体相互可接受的网络流量的第三描述。 网络流量的第三个描述基于网络流量的第一描述和网络流量的第二描述。 网络流量的第三个描述是通过从网络流量的第一和第二描述中找到代理的最大公共子集得到的。
    • 2. 发明申请
    • Techniques for Detecting Program Modifications
    • 检测程序修改的技术
    • US20130347109A1
    • 2013-12-26
    • US13529068
    • 2012-06-21
    • Scott Fluhrer
    • Scott Fluhrer
    • G06F21/24
    • G06F21/64G06F21/12G06F21/554G06F21/566
    • Techniques are provided for detecting modifications to software instructions. At a computing apparatus configured to execute a software program comprising a plurality of instructions, at least a first check point having a first check value and a second check point having a second check value are assigned within the instructions. At least first and second portions of the instructions are identified. The first portion of the instructions comprises one or more check points other than the first check point. The second portion of the instructions comprises one or more check points other than the second check point. A first hashing operation is performed over the first portion resulting in a first equation and a second hashing operation is performed over the second portion resulting in a second equation. The first check value and the second check value are computed based on the first equation and the second equation.
    • 提供了用于检测对软件指令的修改的技术。 在被配置为执行包括多个指令的软件程序的计算装置中,在指令内分配至少具有第一检查值的第一检查点和具有第二检查值的第二检查点。 指示的至少第一和第二部分被识别。 指令的第一部分包括除第一检查点之外的一个或多个检查点。 指令的第二部分包括除第二检查点之外的一个或多个检查点。 在第一部分上执行第一散列操作,得到第一等式,并且在第二部分上执行第二散列操作,得到第二等式。 基于第一等式和第二等式来计算第一检查值和第二检查值。
    • 3. 发明申请
    • Strong anti-replay protection for IP traffic sent point to point or multi-cast to large groups
    • 强大的反重放保护IP流量点播或多播到大群组
    • US20070083923A1
    • 2007-04-12
    • US11249898
    • 2005-10-12
    • Scott FluhrerBrian Weis
    • Scott FluhrerBrian Weis
    • G06F15/16
    • H04L63/1466H04L63/164H04L2463/121
    • A mechanism for providing strong anti-replay protection at a security gateway in a network for protection against an attacker duplicating encrypted packets. The mechanism assigns a unique sequence number to each encrypted packet and a time stamp. A receiving security gateway rejects packets that have a duplicative sequence number or that is too old to protect itself against replay attacks. Each security gateway checks off the sequence numbers as they are received knowing that the sending security gateway assigns sequence numbers in an increasing order. The receiving security gateway remembers the value of the highest sequence number that it has already seen as well as up to N additional sequence numbers. Any packet with a duplicative sequence number is discarded. In addition to the sequence number, each packet also has an associated time stamp that corresponds to an epoch during which it should be received. If the packet is received after the epoch has expired, the packet is rejected.
    • 一种用于在网络中的安全网关提供强大的反重放保护的机制,用于防止复制加密分组的攻击者。 该机制为每个加密的分组和时间戳分配唯一的序列号。 接收安全网关拒绝具有重复序列号或太旧的数据包,以保护自身免受重放攻击。 每个安全网关检查序列号,因为它们被接收,知道发送安全网关按照递增的顺序分配序列号。 接收安全网关记住其已经看到的最高序列号的值以及最多N个附加序列号。 任何具有重复序列号的数据包都被丢弃。 除了序列号之外,每个分组还具有对应于其应该被接收的时期的相关联的时间戳。 如果在时期到期后收到数据包,则数据包被拒绝。
    • 8. 发明申请
    • Enciphering method
    • 加密方法
    • US20070081668A1
    • 2007-04-12
    • US11201626
    • 2005-08-10
    • David McGrewScott Fluhrer
    • David McGrewScott Fluhrer
    • H04K1/04
    • H04L9/0637H04L9/002H04L2209/12H04L2209/20
    • A block cipher mode of operation implements a block cipher with an arbitrary block length and provides output ciphertext that is always the same size as the input plaintext. The mode can provide the best possible security in systems that cannot allow data expansion, such as disk-block encryption and some network protocols. The mode accepts an additional input, which can be used to protect against attacks that manipulate the ciphertext by rearranging the ciphertext blocks. The universal hash function from Galois/Counter Mode of operation for block ciphers may be used in an embodiment for hardware and software efficiency.
    • 块密码操作模式实现具有任意块长度的块密码,并提供与输入明文总是相同大小的输出密文。 该模式可以在不能允许数据扩展的系统中提供最佳的安全性,例如磁盘块加密和一些网络协议。 该模式接受一个额外的输入,可以用来防止通过重新排列密文块来处理密文的攻击。 用于块密码的Galois / Counter操作模式的通用散列函数可以用于硬件和软件效率的实施例中。
    • 10. 发明授权
    • System and method for encrypted group network communication with point-to-point privacy
    • 用于加密组网络通信的点对点隐私的系统和方法
    • US08160255B2
    • 2012-04-17
    • US11379920
    • 2006-04-24
    • Scott Fluhrer
    • Scott Fluhrer
    • H04L29/06
    • H04L9/0833H04L63/0428H04L63/065
    • Various embodiments of the disclosed subject matter provide methods and systems for improved efficiency and security in secure gateway-to-secure gateway network communication. Embodiments provide systems and methods for generating a sender secure gateway private identity, obtaining a receiver secure gateway public identity, generating an encryption key using the sender secure gateway private identity and the receiver secure gateway public identity, encrypting a data packet using the encryption key, and sending the encrypted data packet to a receiver secure gateway. Embodiments also provide systems and methods for generating a receiver secure gateway private identity, obtaining a sender secure gateway public identity, generating a decryption key using the receiver secure gateway private identity and the sender secure gateway public identity, receiving an encrypted data packet from a sender secure gateway, and decrypting the data packet using the decryption key.
    • 所公开的主题的各种实施例提供了用于提高安全网关到安全网关网络通信中的效率和安全性的方法和系统。 实施例提供了用于生成发送方安全网关私有身份的系统和方法,获得接收方安全网关公共标识,使用发送方安全网关私有身份和接收方安全网关公共标识生成加密密钥,使用加密密钥加密数据包, 并将加密的数据分组发送到接收机安全网关。 实施例还提供用于生成接收机安全网关私有身份的系统和方法,获得发送方安全网关公共标识,使用接收方安全网关私有身份和发送方安全网关公共标识生成解密密钥,从发送方接收加密数据包 安全网关,并使用解密密钥解密数据包。