专利快速检索-快速检索全球专利，免费商用专利数据库-IPRDB

1. 发明授权

US07774498B1 Methods and apparatus for trusted application centric QoS provisioning 有权
标题翻译：以信任应用为中心的QoS配置的方法和设备
公开(公告)号：US07774498B1
公开(公告)日：2010-08-10
申请号：US11593289
申请日：2006-11-06
申请人： Jeffrey A. Kraemer , David James McCowan , Kerry E. Lynn , Philip J. S. Gladstone
发明人： Jeffrey A. Kraemer , David James McCowan , Kerry E. Lynn , Philip J. S. Gladstone
IPC分类号： G06F15/16 , G06F15/173
CPC分类号： H04L63/20
摘要： A security agent extends the trust barrier, or trust point, from network gateway nodes to end user devices. A security agent operable to scrutinize network traffic executes on the user device and compares QoS marking attempts with the established QoS marking policy in effect. The security agent examines network traffic attributes deterministic of connection attempts by user processes. Attempts to apply inappropriate or disallowed QoS markings, as dictated by the QoS marking policy, are detected and disallowed. Therefore, only user connections consistent with the QoS marking policy are permitted into the network. Network admission control (NAC) mechanisms ensure that the security agent is the only access point from the user device to the secure network, and the security agent communicates the establishment of the trusted access point to the network gateway, thus ensuring that the network gateway may trust service level designations emanating from the user device executing the security agent.
摘要翻译：安全代理将信任障碍或信任点从网络网关节点扩展到最终用户设备。可以在用户设备上执行检查网络流量的安全代理，并将QoS标记尝试与已建立的QoS标记策略进行比较。安全代理检查用户进程确定连接尝试的网络流量属性。检测并禁止尝试根据QoS标记策略规定应用不当或不允许的QoS标记。因此，仅允许与QoS标记策略一致的用户连接进入网络。网络准入控制（NAC）机制确保安全代理是从用户设备到安全网络的唯一接入点，安全代理将信任接入点的建立通信给网络网关，从而确保网络网关从执行安全代理的用户设备发出的信任服务级别指定。

2. 发明授权

US08595170B2 Stateful reference monitor 有权
公开(公告)号：US08595170B2
公开(公告)日：2013-11-26
申请号：US11865344
申请日：2007-10-01
申请人： Philip J. S. Gladstone , Jeffrey A. Kraemer
发明人： Philip J. S. Gladstone , Jeffrey A. Kraemer
IPC分类号： G06F11/00 , G06F12/14 , G06F12/16 , G06F7/04 , G06F17/30 , G08B23/00 , H04N7/16
CPC分类号： G06F21/60 , G06F9/468 , G06F21/552 , G06F21/554 , G06F21/62 , G06F21/6218 , G06F2221/2101 , G06F2221/2105 , G06F2221/2113 , G06F2221/2141 , G06N5/02
摘要： A Stateful Reference Monitor can be loaded into an existing commercial operating system, and then can regulate access to many different types of resources. The reference monitor maintains an updateable storage area whose contents can be used to affect access decisions, and access decisions can be based on arbitrary properties of the request.

3. 发明授权

US07979889B2 Methods and apparatus providing security to computer systems and networks 有权
标题翻译：为计算机系统和网络提供安全性的方法和设备
公开(公告)号：US07979889B2
公开(公告)日：2011-07-12
申请号：US11031212
申请日：2005-01-07
申请人： Philip J. S. Gladstone , Jeffrey A. Kraemer
发明人： Philip J. S. Gladstone , Jeffrey A. Kraemer
IPC分类号： H04L9/00
CPC分类号： H04L63/145 , G06F21/52 , G06F21/552 , G06F21/554 , G06F21/566 , G06F2221/2151 , H04L63/20
摘要： A system provides security to a computerized device by detecting a sequence of related processing operations within the computerized device and recording the sequence of related processing operations in a security history. The system identifies a security violation when a processing operation performed in the computerized device produces an undesired processing outcome that violates a security policy and subsequently detecting attempted performance of at least one processing operation that attempts to produce the undesired processing outcome that violates the security policy and in response, denies operation of the processing operation(s) within the computerized device to avoid violation of the security policy.
摘要翻译：系统通过检测计算机化设备内的相关处理操作的顺序并将相关处理操作的顺序记录在安全历史中来向计算机化设备提供安全性。当在计算机化设备中执行的处理操作产生违反安全策略的不期望的处理结果并随后检测尝试产生违反安全策略的不期望的处理结果的至少一个处理操作的尝试性能时，系统识别安全违规，作为响应，拒绝在计算机化设备内的处理操作的操作以避免违反安全策略。

4. 发明授权

US07290266B2 Access control by a real-time stateful reference monitor with a state collection training mode and a lockdown mode for detecting predetermined patterns of events indicative of requests for operating system resources resulting in a decision to allow or block activity identified in a sequence of events based on a rule set defining a processing policy 有权
标题翻译：具有状态收集训练模式和锁定模式的实时状态参考监视器的访问控制，用于检测指示操作系统资源的请求的事件的预定模式，从而导致允许或阻止基于事件序列识别的活动的决定定义处理策略的规则集
公开(公告)号：US07290266B2
公开(公告)日：2007-10-30
申请号：US10071328
申请日：2002-02-08
申请人： Philip J. S. Gladstone , Jeffrey A. Kraemer
发明人： Philip J. S. Gladstone , Jeffrey A. Kraemer
IPC分类号： G06F3/00 , G06F9/44 , G06F9/46 , G06F13/00 , G06F17/00 , G06F7/04 , G06N5/02 , G06N7/04 , H04L9/00
CPC分类号： G06F21/60 , G06F9/468 , G06F21/552 , G06F21/554 , G06F21/62 , G06F21/6218 , G06F2221/2101 , G06F2221/2105 , G06F2221/2113 , G06F2221/2141 , G06N5/02
摘要： A Stateful Reference Monitor can be loaded into an existing commercial operating system, and then can regulate access to many different types of resources. The reference monitor maintains an updateable storage area whose contents can be used to affect access decisions, and access decisions can be based on arbitrary properties of the request.
摘要翻译：有状态参考监视器可以加载到现有的商业操作系统中，然后可以调节对许多不同类型资源的访问。参考监视器维护可更新的存储区域，其内容可以用于影响访问决策，并且访问决定可以基于请求的任意属性。

5. 发明授权

US07716473B1 Methods and apparatus providing a reference monitor simulator 有权
标题翻译：提供参考监视器模拟器的方法和设备
公开(公告)号：US07716473B1
公开(公告)日：2010-05-11
申请号：US10822069
申请日：2004-04-09
申请人： Jeffrey A. Kraemer , Philip J. S. Gladstone , Alan J. Kirby , Mikhail Cherepov
发明人： Jeffrey A. Kraemer , Philip J. S. Gladstone , Alan J. Kirby , Mikhail Cherepov
IPC分类号： H04L29/06 , G06G7/48 , G06F1/00 , G06F1/04 , G06F11/00
CPC分类号： H04L63/20 , G06F21/6218
摘要： A computer-implemented system, method and apparatus for operating a reference monitor simulator is operable to recreate the operations performed by a reference monitor on a computer system. In one configuration, the system defines at least one security rule specifying whether to allow or deny a request to access at least one resource under a given set of circumstances and supplies at least one request to access a resource. The system further applies the at least one security rule in response to the at least one request to access a resource to determine whether to allow or prevent the at least one request.
摘要翻译：用于操作参考监视器模拟器的计算机实现的系统，方法和装置可操作以重建由计算机系统上的参考监视器执行的操作。在一个配置中，系统定义至少一个安全规则，其指定是否允许或拒绝在给定情况下至少访问一个资源的请求，并提供至少一个访问资源的请求。所述系统还响应于所述至少一个访问资源的请求来应用所述至少一个安全规则，以确定是允许还是阻止所述至少一个请求。

6. 发明授权

US08572381B1 Challenge protected user queries 有权
标题翻译：挑战受保护的用户查询
公开(公告)号：US08572381B1
公开(公告)日：2013-10-29
申请号：US11348069
申请日：2006-02-06
申请人： Jeffrey A. Kraemer , Philip J. S. Gladstone
发明人： Jeffrey A. Kraemer , Philip J. S. Gladstone
IPC分类号： G06F21/00
CPC分类号： G06F21/604
摘要： A method, apparatus and computer program product for providing challenge protected user queries on a local system is presented. A query is presented to a user. A response to the query is received and a determination is made whether the response is administratively less desirable than a threshold. When the response is administratively less desirable than said threshold, then a challenge is provided to the user. The response is accepted when the user responds correctly to the challenge and the response is not accepted when the user fails to correctly respond to the challenge.
摘要翻译：提出了一种用于在本地系统上提供受挑战保护的用户查询的方法，装置和计算机程序产品。向用户呈现查询。接收到对查询的响应，并确定响应是否在管理上比阈值更不理想。当响应在管理上不如所述阈值更理想时，则向用户提供挑战。当用户正确响应挑战时，接受该响应，并且当用户无法正确响应挑战时，不接受响应。

7. 发明授权

US08495743B2 Methods and apparatus providing automatic signature generation and enforcement 有权
公开(公告)号：US08495743B2
公开(公告)日：2013-07-23
申请号：US11414909
申请日：2006-05-01
申请人： Jeffrey A. Kraemer , Andrew Zawadowskiy , Philip J. S. Gladstone
发明人： Jeffrey A. Kraemer , Andrew Zawadowskiy , Philip J. S. Gladstone
IPC分类号： G06F21/00
CPC分类号： H04L63/1416 , G06F21/554 , G06F21/56 , H04L63/14 , H04L63/1433 , H04L63/1441 , H04L63/20
摘要： A system inserts at least one notifying identifier in the computer system. The at least one notifying identifier provides execution information associated with the computer system. The system receives execution information from the at least one notifying identifier, the execution information identifies details associated with a traffic flow on the computer system. The system then generates a signature based on a deterministic link provided by the execution information provided by the at least one notifying identifier. The signature is utilized to prevent further damage caused to the computer system by at least one attack.

8. 发明授权

US07516476B1 Methods and apparatus for automated creation of security policy 有权
标题翻译：用于自动创建安全策略的方法和设备
公开(公告)号：US07516476B1
公开(公告)日：2009-04-07
申请号：US10395711
申请日：2003-03-24
申请人： Jeffrey A. Kraemer , Brian F. Costello , Dan L. Grecu , Venkat R. Rangamani , Philip J. S. Gladstone , Alan J. Kirby
发明人： Jeffrey A. Kraemer , Brian F. Costello , Dan L. Grecu , Venkat R. Rangamani , Philip J. S. Gladstone , Alan J. Kirby
IPC分类号： G06F21/00 , G06F11/30
CPC分类号： G06F21/604
摘要： An automated method and apparatus for creating a security policy for one or more applications is provided. The method includes exercising the features of the one or more applications to generate behavioral data, applying a heuristic to aggregate the behavioral data into a subset of representative actions, and organizing the representative actions according to a structure defined by a template into a security policy for the one or more applications. The security policy may be downloaded to one or more workstations for deployment, and provides a safeguard to protect a computer system against cyber-terrorism.
摘要翻译：提供了一种用于为一个或多个应用创建安全策略的自动化方法和装置。该方法包括行使一个或多个应用的特征以产生行为数据，应用启发式将行为数据聚合成代表性动作的子集，以及根据由模板定义的结构将代表性动作组织到用于一个或多个应用程序。安全策略可以下载到一个或多个工作站进行部署，并提供保护计算机系统免受网络恐怖主义的威胁。

9. 发明申请

US20100225451A1 METHOD AND APPARATUS TO REDUCE DATA LOST ON PERSONAL MOBILE DEVICES 有权
标题翻译：减少个人移动设备数据丢失的方法和装置
公开(公告)号：US20100225451A1
公开(公告)日：2010-09-09
申请号：US12399022
申请日：2009-03-06
申请人： Philip J. S. Gladstone
发明人： Philip J. S. Gladstone
IPC分类号： H04Q5/22
CPC分类号： G06Q10/087 , G06Q10/08
摘要： Methods and apparatus for providing security for mobile devices are disclosed. In one embodiment, a method includes maintaining responsibility for a first item when the first item is in a first range of a first container. Maintaining responsibility for the first item includes monitoring a locator tag associated with the first item when the locator tag is within the first range. The method also includes determining when the first item is in the first range, determining if the first item is in a second range associated with a second container when the first item is not in the first range, and determining if the second container is trusted with respect to the first container if the first item is in the second range. Additionally, the method includes transferring responsibility for the first item to the second container if the second container is trusted with respect to the first container.
摘要翻译：公开了用于为移动设备提供安全性的方法和装置。在一个实施例中，一种方法包括当第一项目处于第一容器的第一范围时维护第一项目的责任。维护对第一项目的责任包括当定位器标签在第一范围内时监视与第一项目相关联的定位器标签。该方法还包括确定第一项目何时处于第一范围内，当第一项目不在第一范围内时，确定第一项目是否处于与第二容器关联的第二范围内，以及确定第二容器是否被信任如果第一个项目处于第二个范围，则相对于第一个容器。另外，如果第二容器相对于第一容器被信任，该方法包括将第一项目的责任转移到第二容器。

10. 发明授权

US5377191A Network communication system 失效
标题翻译：网络通信系统
公开(公告)号：US5377191A
公开(公告)日：1994-12-27
申请号：US604696
申请日：1990-10-26
申请人： John M. Farrell , Philip J. S. Gladstone
发明人： John M. Farrell , Philip J. S. Gladstone
IPC分类号： G06F13/00 , G06F9/46 , G06F17/22 , H04L12/58 , H04J3/24
CPC分类号： H04L12/5835 , G06F17/2264 , G06F9/542 , G06F9/546 , H04L51/066
摘要： In a network communication system passing messages between gateways via a message handling system the gateways are interfaced specifically to their respective network access units and are interfaced generically to the message handling system using routines common to all gateways. Messages are sent in protocol data units including recipient addresses which do not identify recipient gateways as such; the gateways are used transparently. The data format is CCITT 1988 X400 standard with automatic conversion to and from this format at sending and receiving gateways plus automatic document conversion. Message handling involves waiting for many services and events. The invention allows calling routines to avoid pending while waiting for events and services. Service routines, including event watching and timer routines, schedule notifications on to queues and the main processing task runs notifications off the queues by calling a run routine.
摘要翻译：在通过消息处理系统在网关之间传递消息的网络通信系统中，网关具体地与其各自的网络接入单元进行接口，并且使用与所有网关共用的例程的消息处理系统一般地进行接口连接。消息以协议数据单元发送，包括不识别接收网关的接收方地址; 网关透明地使用。数据格式为CCITT 1988 X400标准，在发送和接收网关以及自动文档转换时自动转换格式。消息处理涉及等待许多服务和事件。本发明允许呼叫例程在等待事件和服务的同时避免等待。服务例程，包括事件监视和定时器例程，将通知排队到队列，主处理任务通过调用运行例程来运行队列中的通知。

你已经成功收藏专利！

检索式保存成功!

IPRDB

热门服务

关于我们

友情链接

联系方式