专利快速检索-快速检索全球专利，免费商用专利数据库-IPRDB

1. 发明申请

US20130091354A1 Agile Network Protocol for Secure Communications with Assured System Availability 有权
标题翻译：用于确保系统可用性的安全通信的敏捷网络协议
公开(公告)号：US20130091354A1
公开(公告)日：2013-04-11
申请号：US13475637
申请日：2012-05-18
申请人： Edmund Colby Munger , Vincent J. Sabio , Robert Dunham Short, III , Virgil D. Gligor , Douglas Charles Schmidt
发明人： Edmund Colby Munger , Vincent J. Sabio , Robert Dunham Short, III , Virgil D. Gligor , Douglas Charles Schmidt
IPC分类号： H04L29/06
CPC分类号： H04L61/2539 , H04L9/065 , H04L29/12216 , H04L29/12301 , H04L29/1232 , H04L29/12801 , H04L45/20 , H04L45/24 , H04L61/2007 , H04L61/2076 , H04L61/2092 , H04L61/30 , H04L61/6004 , H04L63/0272 , H04L63/04 , H04L63/0407 , H04L63/0421 , H04L63/0428 , H04L63/0435 , H04L63/1441 , H04L63/1491 , H04M3/42008
摘要： A plurality of computer nodes communicates using seemingly random IP source and destination addresses and (optionally) a seemingly random discriminator field. Data packets matching criteria defined by a moving window of valid addresses are accepted for further processing, while those that do not meet the criteria are rejected. In addition to “hopping” of IP addresses and discriminator fields, hardware addresses such as Media Access Control addresses can be hopped. The hopped addresses are generated by random number generators having non-repeating sequence lengths that are easily determined a-priori, which can quickly jump ahead in sequence by an arbitrary number of random steps and which have the property that future random numbers are difficult to guess without knowing the random number generator's parameters. Synchronization techniques can be used to re-establish synchronization between sending and receiving nodes.
摘要翻译：多个计算机节点使用看似随意的IP源和目的地址和（可选地）看似随机的鉴别符字段进行通信。由有效地址的移动窗口定义的数据包匹配条件被接受进一步处理，而不符合条件的数据包将被拒绝。除了跳转IP地址和鉴别字段之外，还可以跳过媒体访问控制地址等硬件地址。跳跃地址由具有非重复序列长度的随机数生成器产生，其可以先前容易地确定，其可以通过任意数量的随机步骤快速地向前跳跃，并且具有将来随机数难以猜测的性质不知道随机数生成器的参数。同步技术可用于重新建立发送和接收节点之间的同步。

2. 发明申请

US20110084800A1 Access Authorization Method And Apparatus For A Wireless Sensor Network 有权
标题翻译：无线传感器网络的接入授权方法和装置
公开(公告)号：US20110084800A1
公开(公告)日：2011-04-14
申请号：US12652743
申请日：2010-01-06
申请人： Lee-Chun Ko , Virgil D. Gligor , Hayan Lee
发明人： Lee-Chun Ko , Virgil D. Gligor , Hayan Lee
IPC分类号： H04L9/32
CPC分类号： H04L63/102 , H04L9/3242 , H04L63/08 , H04L63/1416 , H04L67/12 , H04L2209/805 , H04W4/70 , H04W12/08 , H04W12/12 , H04W84/18
摘要： An access authorization method and apparatus for a wireless sensor network comprises at least a base station and a wireless sensor network formed by a plurality of sensor nodes. After having obtained an access authorization of a user, the at least a base station issues a request message to a target sensor node in the wireless sensor network. The target sensor node requests at least a controlling node in the wireless sensor network for sensing data sensed by the at least a controlling node, and checks if the sensing data meets the requirements of the access authorization of the user. Whether the target sensor node responds with the required multimedia or not is based on the checking result.
摘要翻译：用于无线传感器网络的接入授权方法和装置至少包括由多个传感器节点形成的基站和无线传感器网络。在获得用户的访问许可之后，所述至少一个基站向无线传感器网络中的目标传感器节点发出请求消息。目标传感器节点至少请求无线传感器网络中的控制节点来感测由至少一个控制节点感测的数据，并检查感测数据是否满足用户的访问授权的要求。目标传感器节点是否响应所需的多媒体是基于检查结果。

3. 发明授权

US07486795B2 Method and apparatus for key management in distributed sensor networks 有权
标题翻译：分布式传感器网络密钥管理方法与装置
公开(公告)号：US07486795B2
公开(公告)日：2009-02-03
申请号：US10666207
申请日：2003-09-18
申请人： Laurent Eschenauer , Virgil D. Gligor
发明人： Laurent Eschenauer , Virgil D. Gligor
IPC分类号： H04L9/00
CPC分类号： H04L63/1408 , H04L9/0838 , H04L9/0891 , H04L2209/805 , H04W12/04 , H04W76/10 , H04W84/18
摘要： In a distributed sensor network, a method of key management is carried out in several phases, particularly key pre-distribution phase, shared key discovery phase, and as needed, a path key establishment phase. In the key pre-distribution phase, prior to DSN deployment, a ring of keys is distributed to each sensor node, each key ring consisting of randomly chosen keys from a large pool of keys which is generated off-line. A shared key exists between each two key rings with a predetermined probability. In the shared key discovery phase, which takes place upon deployment of the DSN, every sensor node discovers its neighbors in wireless communication range with which it shares keys, and the topology of the sensor array is established by forming secure communication links between respective sensor nodes. The path key establishment phase assigns a path key to selected pairs of sensor nodes in wireless communication range that do not share a key but are connected by two or more links at the end of the shared key discovery phase. The key management scheme also assumes a revocation phase for removal of the key ring of the compromised sensor node from the network. Also, re-keying phase is assumed for removal of those keys with the expired lifetime.
摘要翻译：在分布式传感器网络中，密钥管理的方法分几个阶段进行，特别是关键的预分配阶段，共享密钥发现阶段，以及需要的路径密钥建立阶段。在密钥预分发阶段，在DSN部署之前，将一个密钥环分配给每个传感器节点，每个密钥环由离线生成的大量密钥库中随机选择的密钥组成。共享密钥以预定的概率存在于每个两个密钥环之间。在部署DSN时发生的共享密钥发现阶段，每个传感器节点发现其与其共享密钥的无线通信范围内的邻居，并且通过在各个传感器节点之间形成安全通信链路来建立传感器阵列的拓扑结构。路径密钥建立阶段将路径密钥分配给在共享密钥发现阶段结束时不共享密钥但由两个或多个链路连接的无线通信范围内的选定传感器节点对。密钥管理方案还假定用于从网络去除受感染传感器节点的密钥环的撤销阶段。此外，假设重新键入阶段用于删除具有过期寿命的那些密钥。

4. 发明授权

US07010604B1 Agile network protocol for secure communications with assured system availability 有权
标题翻译：用于安全通信的敏捷网络协议，确保系统可用性
公开(公告)号：US07010604B1
公开(公告)日：2006-03-07
申请号：US09429643
申请日：1999-10-29
申请人： Edmund Colby Munger , Vincent J. Sabio , Robert Dunham Short, III , Virgil D. Gligor , Douglas Charles Schmidt
发明人： Edmund Colby Munger , Vincent J. Sabio , Robert Dunham Short, III , Virgil D. Gligor , Douglas Charles Schmidt
IPC分类号： G06F15/16
CPC分类号： H04L61/2539 , H04L9/065 , H04L29/12216 , H04L29/12301 , H04L29/1232 , H04L29/12801 , H04L45/20 , H04L45/24 , H04L61/2007 , H04L61/2076 , H04L61/2092 , H04L61/30 , H04L61/6004 , H04L63/0272 , H04L63/04 , H04L63/0407 , H04L63/0421 , H04L63/0428 , H04L63/0435 , H04L63/1441 , H04L63/1491 , H04M3/42008
摘要： A plurality of computer nodes communicates using seemingly random IP source and destination addresses and (optionally) a seemingly random discriminator field. Data packets matching criteria defined by a moving window of valid addresses are accepted for further processing, while those that do not meet the criteria are rejected. In addition to “hopping” of IP addresses and discriminator fields, hardware addresses such as Media Access Control addresses can be hopped. The hopped addresses are generated by random number generators having non-repeating sequence lengths that are easily determined a-priori, which can quickly jump ahead in sequence by an arbitrary number of random steps and which have the property that future random numbers are difficult to guess without knowing the random number generator's parameters. Synchronization techniques can be used to re-establish synchronization between sending and receiving-nodes. These techniques include a self-synchronization technique in which a sync field is transmitted as part of each packet, and a “checkpoint” scheme by which transmitting and receiving nodes can advance to a known point in their hopping schemes. A fast-packet reject technique based on the use of presence vectors is also described. A distributed transmission path embodiment incorporates randomly selected physical transmission paths.
摘要翻译：多个计算机节点使用看似随意的IP源和目的地址和（可选地）看似随机的鉴别符字段进行通信。由有效地址的移动窗口定义的数据包匹配条件被接受进一步处理，而不符合标准的数据包将被拒绝。除了IP地址和鉴别字段的“跳”之外，还可以跳过媒体访问控制地址等硬件地址。跳跃地址由具有非重复序列长度的随机数生成器产生，其可以先前容易地确定，其可以通过任意数量的随机步骤快速地向前跳跃，并且具有将来随机数难以猜测的性质不知道随机数生成器的参数。同步技术可用于重新发送和接收节点之间的同步。这些技术包括其中同步字段作为每个分组的一部分被发送的自同步技术，以及发送和接收节点可以通过其发送到其跳频方案中的已知点的“检查点”方案。还描述了基于使用存在向量的快速分组拒绝技术。分布式传输路径实施例包括随机选择的物理传输路径。

5. 发明授权

US5278901A Pattern-oriented intrusion-detection system and method 失效
标题翻译：基于模式的入侵检测系统和方法
公开(公告)号：US5278901A
公开(公告)日：1994-01-11
申请号：US875943
申请日：1992-04-30
申请人： Shiuh-Pyung W. Shieh , Virgil D. Gligor
发明人： Shiuh-Pyung W. Shieh , Virgil D. Gligor
IPC分类号： G06F21/00 , H04L9/00
CPC分类号： G06F21/552
摘要： The present invention provides a pattern-oriented intrusion detection system and method that defines patterns of intrusion based on object privilege and information flow in secure computer systems to detect actual intrusion occurrences. This approach has the advantage of detecting context-dependent intrusions such as those caused by inadvertent execution of foreign programs containing viruses or Trojan Horses and also those caused by unintended use of foreign input data. The present invention can track both information and privilege flows within a system, and has the ability to uniformly define various types of intrusion patterns. Operational security problems can lead to intrusion in secure computer systems. With this approach, explicitly defined types of intrusion patterns due to operational security problems can be detected.
摘要翻译：本发明提供一种基于模式的入侵检测系统和方法，其基于安全计算机系统中的对象特权和信息流定义入侵模式以检测实际的入侵事件。这种方法具有检测上下文相关入侵的优点，例如由于无意中执行包含病毒或特洛伊木马的外来程序引起的入侵，以及由意外使用外来输入数据引起的入侵。本发明可以跟踪系统内的信息和特权流，并具有统一定义各种类型的入侵模式的能力。操作安全问题可能导致安全的计算机系统入侵。使用这种方法，可以检测到由于操作安全问题引起的明确定义的入侵模式类型。

6. 发明申请

US20130067222A1 AGILE NETWORK PROTOCOL FOR SECURE COMMUNICATIONS WITH ASSURED SYSTEM AVAILABILITY 审中-公开
标题翻译：用于安全通信的AGILE网络协议，具有确保的系统可用性
公开(公告)号：US20130067222A1
公开(公告)日：2013-03-14
申请号：US13620550
申请日：2012-09-14
申请人： Edmund Colby Munger , Vincent J. Sabio , Robert Dunham Short, III , Virgil D. Gligor , Douglas Charles Schmidt
发明人： Edmund Colby Munger , Vincent J. Sabio , Robert Dunham Short, III , Virgil D. Gligor , Douglas Charles Schmidt
IPC分类号： H04L9/00 , G06F15/16
CPC分类号： H04L61/2539 , H04L9/065 , H04L29/12216 , H04L29/12301 , H04L29/1232 , H04L29/12801 , H04L45/20 , H04L45/24 , H04L61/2007 , H04L61/2076 , H04L61/2092 , H04L61/30 , H04L61/6004 , H04L63/0272 , H04L63/04 , H04L63/0407 , H04L63/0421 , H04L63/0428 , H04L63/0435 , H04L63/1441 , H04L63/1491 , H04L69/14 , H04M3/42008
摘要： A plurality of computer nodes communicates using seemingly random IP source and destination addresses and (optionally) a seemingly random discriminator field. Data packets matching criteria defined by a moving window of valid addresses are accepted for further processing, while those that do not meet the criteria are rejected. In addition to “hopping” of IP addresses and discriminator fields, hardware addresses such as Media Access Control addresses can be hopped. The hopped addresses are generated by random number generators having non-repeating sequence lengths that are easily determined a-priori, which can quickly jump ahead in sequence by an arbitrary number of random steps and which have the property that future random numbers are difficult to guess without knowing the random number generator's parameters. Synchronization techniques can be used to re-establish synchronization between sending and receiving nodes.
摘要翻译：多个计算机节点使用看似随意的IP源和目的地址和（可选地）看似随机的鉴别符字段进行通信。由有效地址的移动窗口定义的数据包匹配条件被接受进一步处理，而不符合标准的数据包将被拒绝。除了跳转IP地址和鉴别字段之外，还可以跳过媒体访问控制地址等硬件地址。跳跃地址由具有非重复序列长度的随机数生成器产生，其可以先前容易地确定，其可以通过任意数量的随机步骤快速地向前跳跃，并且具有将来随机数难以猜测的性质不知道随机数生成器的参数。同步技术可用于重新建立发送和接收节点之间的同步。

7. 发明申请

US20110191582A1 Agile Network Protocol For Secure Communications With Assured System Availability 审中-公开
公开(公告)号：US20110191582A1
公开(公告)日：2011-08-04
申请号：US13080684
申请日：2011-04-06
申请人： Edmund Colby Munger , Vincent J. Sabio , Robert Dunham Short, III , Virgil D. Gligor , Douglas Charles Schmidt
发明人： Edmund Colby Munger , Vincent J. Sabio , Robert Dunham Short, III , Virgil D. Gligor , Douglas Charles Schmidt
IPC分类号： H04L29/06 , G06F15/16
CPC分类号： H04L61/2539 , H04L9/065 , H04L29/12216 , H04L29/12301 , H04L29/1232 , H04L29/12801 , H04L45/20 , H04L45/24 , H04L61/2007 , H04L61/2076 , H04L61/2092 , H04L61/30 , H04L61/6004 , H04L63/0272 , H04L63/04 , H04L63/0407 , H04L63/0421 , H04L63/0428 , H04L63/0435 , H04L63/1441 , H04L63/1491 , H04L69/14 , H04M3/42008
摘要： A plurality of computer nodes communicates using seemingly random IP source and destination addresses and (optionally) a seemingly random discriminator field. Data packets matching criteria defined by a moving window of valid addresses are accepted for further processing, while those that do not meet the criteria are rejected. In addition to “hopping” of IP addresses and discriminator fields, hardware addresses such as Media Access Control addresses can be hopped. The hopped addresses are generated by random number generators having non-repeating sequence lengths that are easily determined a-priori, which can quickly jump ahead in sequence by an arbitrary number of random steps and which have the property that future random numbers are difficult to guess without knowing the random number generator's parameters. Synchronization techniques can be used to re-establish synchronization between sending and receiving nodes.

8. 发明授权

US5485409A Automated penetration analysis system and method 失效
标题翻译：自动渗透分析系统及方法
公开(公告)号：US5485409A
公开(公告)日：1996-01-16
申请号：US875945
申请日：1992-04-30
申请人： Sarbari Gupta , Virgil D. Gligor
发明人： Sarbari Gupta , Virgil D. Gligor
IPC分类号： G06F1/00 , G06F21/00 , H04L9/00 , G06F13/00
CPC分类号： G06F21/577
摘要： The present invention provides a penetration-analysis method, which (1) provides a systematic approach to penetration analysis, (2) enables the verification of penetration-resistance properties, and (3) is amenable to automation. An Automated Penetration Analysis (APA) tool is provided, to support the penetration analysis method. The penetration-analysis system and method is based on a theory of penetration-resistant computer systems, a model of penetration analysis, and a unified representation of penetration patterns. The theory consists of the Hypothesis of Penetration-Resistant Systems and a set of design properties that characterize resistance to penetration. The penetration-analysis model defines a set of states, a state-invariant for penetration resistance, and a set of rules that can be applied for analyzing the penetration vulnerability of a system. An interpretation of the Hypothesis of Penetration-Resistant Systems within a given system provides the Hypothesis of Penetration Patterns, which enables the present invention to define a unified representation for a large set of penetration instances as missing check patterns.
摘要翻译：本发明提供了一种穿透分析方法，其中（1）提供了渗透分析的系统方法，（2）能够验证穿透阻力特性，以及（3）易于自动化。提供了自动穿透分析（APA）工具，以支持渗透分析方法。渗透分析系统和方法基于渗透性计算机系统的理论，穿透分析的模型和渗透模式的统一表示。该理论包括穿透抵抗系统的假设和一组表征抗穿透性的设计属性。渗透分析模型定义了一组状态，即渗透阻力的状态不变性，以及可用于分析系统渗透脆弱性的一组规则。在给定系统内对穿透系统的假设的解释提供了渗透模式的假设，这使得本发明能够将大量穿透实例的统一表示定义为缺失检查模式。

9. 发明授权

US08832778B2 Methods and apparatuses for user-verifiable trusted path in the presence of malware 有权
标题翻译：存在恶意软件的用户可验证信任路径的方法和设备
公开(公告)号：US08832778B2
公开(公告)日：2014-09-09
申请号：US13389212
申请日：2010-06-29
申请人： Jonathan M. McCune , Adrian M. Perrig , Anupam Datta , Virgil D. Gligor , Ning Qu
发明人： Jonathan M. McCune , Adrian M. Perrig , Anupam Datta , Virgil D. Gligor , Ning Qu
IPC分类号： G06F21/00 , G06F21/57
CPC分类号： G06F21/57 , G06F21/85
摘要： An apparatus and method for establishing a trusted path between a user interface and a trusted executable, wherein the trusted path includes a hypervisor and a driver shim. The method includes measuring an identity of the hypervisor; comparing the measurement of the identity of the hypervisor with a policy for the hypervisor; measuring an identity of the driver shim; comparing the measurement of the identity of the driver shim with a policy for the driver shim; measuring an identity of the user interface; comparing the measurement of the identity of the user interface with a policy for the user interface; and providing a human-perceptible indication of whether the identity of the hypervisor, the identity of the driver shim, and the identity of the user interface correspond with the policy for the hypervisor, the policy for the driver shim, and the policy for the user interface, respectively.
摘要翻译：一种用于在用户界面和可信赖可执行程序之间建立可信路径的装置和方法，其中所述可信路径包括管理程序和驱动器垫片。该方法包括测量管理程序的身份; 将管理程序的身份的测量与管理程序的策略进行比较; 测量驾驶员垫片的身份; 将驾驶员垫片的身份的测量与驾驶员垫片的策略进行比较; 测量用户界面的身份; 将用户界面的身份的测量与用户界面的策略进行比较; 以及提供关于虚拟机管理程序的身份，驱动程序垫片的身份以及用户界面的身份是否符合管理程序的策略，驱动程序垫片的策略以及用户策略的人为可察觉的指示界面。

10. 发明申请

US20110307693A1 Agile Network Protocol For Secure Communications With Assured System Availability 审中-公开
标题翻译：用于安全通信的敏捷网络协议，确保系统可用性
公开(公告)号：US20110307693A1
公开(公告)日：2011-12-15
申请号：US13155039
申请日：2011-06-07
申请人： Edmund Colby Munger , Vincent J. Sabio , Robert Dunham Short, III , Virgil D. Gligor , Douglas Charles Schmidt
发明人： Edmund Colby Munger , Vincent J. Sabio , Robert Dunham Short, III , Virgil D. Gligor , Douglas Charles Schmidt
IPC分类号： H04L9/14
CPC分类号： H04L61/2539 , H04L9/065 , H04L29/12216 , H04L29/12301 , H04L29/1232 , H04L29/12801 , H04L45/20 , H04L45/24 , H04L61/2007 , H04L61/2076 , H04L61/2092 , H04L61/30 , H04L61/6004 , H04L63/0272 , H04L63/04 , H04L63/0407 , H04L63/0421 , H04L63/0428 , H04L63/0435 , H04L63/1441 , H04L63/1491 , H04L69/14 , H04M3/42008
摘要： A plurality of computer nodes communicates using seemingly random IP source and destination addresses and (optionally) a seemingly random discriminator field. Data packets matching criteria defined by a moving window of valid addresses are accepted for further processing, while those that do not meet the criteria are rejected. In addition to “hopping” of IP addresses and discriminator fields, hardware addresses such as Media Access Control addresses can be hopped. The hopped addresses are generated by random number generators having non-repeating sequence lengths that are easily determined a-priori, which can quickly jump ahead in sequence by an arbitrary number of random steps and which have the property that future random numbers are difficult to guess without knowing the random number generator's parameters. Synchronization techniques can be used to re-establish synchronization between sending and receiving nodes.
摘要翻译：多个计算机节点使用看似随意的IP源和目的地址和（可选地）看似随机的鉴别符字段进行通信。由有效地址的移动窗口定义的数据包匹配条件被接受进一步处理，而不符合标准的数据包将被拒绝。除了IP地址和鉴别字段的“跳”之外，还可以跳过媒体访问控制地址等硬件地址。跳跃地址由具有非重复序列长度的随机数生成器产生，其可以先前容易地确定，其可以通过任意数量的随机步骤快速地向前跳跃，并且具有将来随机数难以猜测的性质不知道随机数生成器的参数。同步技术可用于重新建立发送和接收节点之间的同步。

你已经成功收藏专利！

检索式保存成功!

IPRDB

热门服务

关于我们

友情链接

联系方式