专利快速检索-快速检索全球专利，免费商用专利数据库-IPRDB

1. 发明申请

US20150143111A1 METHODS AND DEVICES FOR SECURING KEYS FOR A NONSECURED, DISTRIBUTED ENVIRONMENT WITH APPLICATIONS TO VIRTUALIZATION AND CLOUD-COMPUTING SECURITY AND MANAGEMENT 有权
标题翻译：用于安全应用于虚拟化和云计算安全和管理的非特定分布式环境的方法和设备
公开(公告)号：US20150143111A1
公开(公告)日：2015-05-21
申请号：US13820815
申请日：2012-11-28
申请人： Gilad Parann-Nissany , Yaron Sheffer
发明人： Gilad Parann-Nissany , Yaron Sheffer
IPC分类号： H04L29/06 , H04L9/08 , G06F21/72 , G06F21/60 , G06F21/62
CPC分类号： H04L63/06 , G06F21/602 , G06F21/6218 , G06F21/72 , G06F2221/2111 , G06F2221/2149 , H04L9/008 , H04L9/0822 , H04L9/085 , H04L9/0894 , H04L67/10 , H04L2463/062
摘要： The present invention discloses methods and devices for securing keys for a non-secure computing-environment. Methods include the steps of: providing a security-key framework which is adapted, upon receiving an encryption request for protecting a secret item, for repetitively encrypting the secret item with each of a set of N location-specific secure-keys, wherein each location-specific secure-key corresponds to a respective encryption location, to create an encrypted item; wherein the locations are regions of memory located in computing resources operationally connected to the computing-environment; and concealing through encryption at least one location-specific secure-key such that the concealing is configured: to prevent at least one location-specific secure-key from ever being known in an unconcealed form on any computing resource in any computing-environment during the encrypting; and to allow mathematical operations, performed as part of the encrypting and concealing, to be performed while at least one location-specific secure-key is in its concealed form.
摘要翻译：本发明公开了用于保护用于非安全计算环境的密钥的方法和设备。方法包括以下步骤：提供一种安全密钥框架，该安全密钥框架在接收到用于保护秘密项目的加密请求时适于用一组N个特定位置的安全密钥中的每一个重复地加密秘密项目，其中每个位置特定的安全密钥对应于相应的加密位置，以创建加密的项目; 其中所述位置是位于与所述计算环境可操作地连接的计算资源中的存储器区域; 以及通过加密隐藏至少一个特定于位置的安全密钥，使得所述隐藏被配置为：在所述计算环境期间，在任何计算环境中的任何计算资源上防止至少一个特定于位置的安全密钥以未隐藏的形式被知道加密; 并允许作为加密和隐藏的一部分执行的数学运算，同时至少一个位置特定的安全密钥处于其隐蔽形式。

2. 发明授权

US10885167B1 Intrusion detection based on anomalies in access patterns 有权
公开(公告)号：US10885167B1
公开(公告)日：2021-01-05
申请号：US16119339
申请日：2018-08-31
申请人： Shir Meir Lador , Gleb Keselman , Noa Haas , Liron Hayman , Yaron Sheffer , Tzvika Barenholz , Noah Eyal Altman , Shimon Shahar , Asaf Brill
发明人： Shir Meir Lador , Gleb Keselman , Noa Haas , Liron Hayman , Yaron Sheffer , Tzvika Barenholz , Noah Eyal Altman , Shimon Shahar , Asaf Brill
IPC分类号： G06F21/00 , G06F21/31 , G06N5/04 , G06F21/55 , G06N20/00
摘要： A method for detecting an unauthorized activity on a computer system involves obtaining current time stamps for a first type of access event related to the computer system, determining a current count of the first type of access event using the current time stamps, and predicting an expected count of the first type of access event using a current count of time stamps and a predictive model. The method further involves obtaining an actual count of the first type of access event, executing a first comparison of the actual count with the expected count, determining, based on a test comprising the first comparison, that the unauthorized access to the computer system occurred, and issuing an alert indicating the unauthorized activity occurred.

3. 发明授权

US08713666B2 Methods and devices for enforcing network access control utilizing secure packet tagging 有权
标题翻译：使用安全数据包标签强制执行网络访问控制的方法和设备
公开(公告)号：US08713666B2
公开(公告)日：2014-04-29
申请号：US12056462
申请日：2008-03-27
申请人： Kirill Motil , Almog Cohen , Yaron Sheffer
发明人： Kirill Motil , Almog Cohen , Yaron Sheffer
IPC分类号： H04L29/06
CPC分类号： H04L63/0245 , H04L63/1441 , H04L63/164
摘要： Disclosed are methods, devices, and media for enforcing network access control, the method including the steps of: extracting a packet signature from a packet (or packet fragment) received from a network; storing the packet signature and the packet in a buffer; computing a buffer signature using a per-endpoint secret key; determining whether the packet signature and the buffer signature are identical; and upon determining the packet signature and the buffer signature are identical, transmitting the packet to a protocol stack. Preferably, the step of extracting includes extracting the packet signature from a field (e.g. identification field) of a header of the packet. Preferably, the method further includes the step of: upon determining the packet signature and the buffer signature are not identical, discarding the packet. Methods for receiving a packet from a protocol stack, and transmitting the packet to a network are disclosed as well.
摘要翻译：公开了用于执行网络访问控制的方法，设备和媒体，该方法包括以下步骤：从从网络接收的分组（或分组片段）中提取分组签名; 将分组签名和分组存储在缓冲器中; 使用每端点秘密密钥计算缓冲区签名; 确定分组签名和缓冲器签名是否相同; 并且在确定分组签名和缓冲器签名是相同的时，将分组发送到协议栈。优选地，提取步骤包括从分组报头的字段（例如标识字段）中提取分组签名。优选地，该方法还包括以下步骤：在确定分组签名并且缓冲器签名不相同时，丢弃分组。还公开了从协议栈接收分组并将分组发送到网络的方法。

4. 发明申请

US20090249466A1 METHODS AND DEVICES FOR ENFORCING NETWORK ACCESS CONTROL UTILIZING SECURE PACKET TAGGING 有权
标题翻译：使用安全分组标签执行网络访问控制的方法和设备
公开(公告)号：US20090249466A1
公开(公告)日：2009-10-01
申请号：US12056462
申请日：2008-03-27
申请人： Kirill MOTIL , Almog Cohen , Yaron Sheffer
发明人： Kirill MOTIL , Almog Cohen , Yaron Sheffer
IPC分类号： G06F17/00 , G06F15/16 , H04L9/32
CPC分类号： H04L63/0245 , H04L63/1441 , H04L63/164
摘要： Disclosed are methods, devices, and media for enforcing network access control, the method including the steps of: extracting a packet signature from a packet (or packet fragment) received from a network; storing the packet signature and the packet in a buffer; computing a buffer signature using a per-endpoint secret key; determining whether the packet signature and the buffer signature are identical; and upon determining the packet signature and the buffer signature are identical, transmitting the packet to a protocol stack. Preferably, the step of extracting includes extracting the packet signature from a field (e.g. identification field) of a header of the packet. Preferably, the method further includes the step of: upon determining the packet signature and the buffer signature are not identical, discarding the packet. Methods for receiving a packet from a protocol stack, and transmitting the packet to a network are disclosed as well.
摘要翻译：公开了用于执行网络访问控制的方法，设备和媒体，该方法包括以下步骤：从从网络接收的分组（或分组片段）中提取分组签名; 将分组签名和分组存储在缓冲器中; 使用每端点秘密密钥计算缓冲区签名; 确定分组签名和缓冲器签名是否相同; 并且在确定分组签名和缓冲器签名是相同的时，将分组发送到协议栈。优选地，提取步骤包括从分组报头的字段（例如标识字段）中提取分组签名。优选地，该方法还包括以下步骤：在确定分组签名并且缓冲器签名不相同时，丢弃分组。还公开了从协议栈接收分组并将分组发送到网络的方法。

5. 发明授权

US08161188B2 Devices and methods for providing network access control utilizing traffic-regulation hardware 有权
标题翻译：使用交通规则硬件提供网络访问控制的设备和方法
公开(公告)号：US08161188B2
公开(公告)日：2012-04-17
申请号：US12114778
申请日：2008-05-04
申请人： Oded Gonda , Yaron Sheffer
发明人： Oded Gonda , Yaron Sheffer
IPC分类号： G06F15/173
CPC分类号： H04L63/0227 , H04L63/0218
摘要： Disclosed are devices and methods for providing network access control utilizing traffic-regulation hardware, the device including: at least one client-side port for operationally connecting to a client system; at least one network-side port for operationally connecting to a network; a logic module for regulating network traffic, based on device-related data, between the ports, the logic module including: a memory unit for storing and loading the device-related data; and a CPU for processing the device-related data; and at least one relay, between at least one respective client-side port and at least one respective network-side port, configured to open upon receiving a respective network-access-denial command from the logic module. Preferably, the logic module is configured to maintain an open-relay line-rate when at least one relay is open, and to maintain a closed-relay line-rate when at least one relay is closed.
摘要翻译：公开了利用交通管制硬件提供网络访问控制的设备和方法，该设备包括：用于操作地连接到客户端系统的至少一个客户端端口; 至少一个用于操作地连接到网络的网络侧端口; 逻辑模块，用于根据设备相关的数据，在端口之间调节网络流量，所述逻辑模块包括：用于存储和加载所述设备相关数据的存储器单元; 以及用于处理设备相关数据的CPU; 以及至少一个中继站，在至少一个相应的客户侧端口和至少一个相应的网络侧端口之间，被配置为在从逻辑模块接收到相应的网络访问拒绝命令时打开。优选地，逻辑模块被配置为当至少一个继电器断开时维持开路继电器线路速率，并且当至少一个继电器闭合时保持闭路继电器线路速率。

6. 发明申请

US20090276538A1 DEVICES AND METHODS FOR PROVIDING NETWORK ACCESS CONTROL UTILIZING TRAFFIC-REGULATION HARDWARE 有权
标题翻译：使用交通规则硬件提供网络访问控制的设备和方法
公开(公告)号：US20090276538A1
公开(公告)日：2009-11-05
申请号：US12114778
申请日：2008-05-04
申请人： Oded Gonda , Yaron Sheffer
发明人： Oded Gonda , Yaron Sheffer
IPC分类号： G06F15/16
CPC分类号： H04L63/0227 , H04L63/0218
摘要： Disclosed are devices and methods for providing network access control utilizing traffic-regulation hardware, the device including: at least one client-side port for operationally connecting to a client system; at least one network-side port for operationally connecting to a network; a logic module for regulating network traffic, based on device-related data, between the ports, the logic module including: a memory unit for storing and loading the device-related data; and a CPU for processing the device-related data; and at least one relay, between at least one respective client-side port and at least one respective network-side port, configured to open upon receiving a respective network-access-denial command from the logic module. Preferably, the logic module is configured to maintain an open-relay line-rate when at least one relay is open, and to maintain a closed-relay line-rate when at least one relay is closed.
摘要翻译：公开了利用交通管制硬件提供网络访问控制的设备和方法，该设备包括：用于操作地连接到客户端系统的至少一个客户端端口; 至少一个用于操作地连接到网络的网络侧端口; 逻辑模块，用于根据设备相关的数据，在端口之间调节网络流量，所述逻辑模块包括：用于存储和加载所述设备相关数据的存储器单元; 以及用于处理设备相关数据的CPU; 以及至少一个中继站，在至少一个相应的客户侧端口和至少一个相应的网络侧端口之间，被配置为在从逻辑模块接收到相应的网络访问拒绝命令时打开。优选地，逻辑模块被配置为当至少一个继电器断开时维持开路继电器线路速率，并且当至少一个继电器闭合时保持闭路继电器线路速率。

你已经成功收藏专利！

检索式保存成功!

IPRDB

热门服务

关于我们

友情链接

联系方式