专利快速检索-快速检索全球专利，免费商用专利数据库-IPRDB

1. 发明申请

US20120222087A1 APPLICATION BASED INTRUSION DETECTION 有权
标题翻译：基于应用的入侵检测
公开(公告)号：US20120222087A1
公开(公告)日：2012-08-30
申请号：US13469357
申请日：2012-05-11
申请人： Lap T. Huynh , Linwood H. Overby, JR.
发明人： Lap T. Huynh , Linwood H. Overby, JR.
IPC分类号： G06F21/00 , G06F11/00 , G06F17/00
CPC分类号： G06F21/554
摘要： Intrusion detection is performed by communicating an initialization request from an intrusion detection system enabled application to an intrusion module to begin intrusion detection. Also, a request is communicated to a policy transfer agent to provide an intrusion detection system policy specifically configured for the application. The application identifies where in the application code the intrusion detection system policy is to be checked against an incoming or outgoing communication. Information obtained by the application program is selectively evaluated against information in the intrusion detection system policy. A conditional response is made based upon information in the intrusion detection system policy if an intrusion associated with the application program is detected.
摘要翻译：通过将初始化请求从入侵检测系统启用的应用程序传送到入侵模块以开始入侵检测来执行入侵检测。而且，请求被传送给策略传输代理，以提供专门为应用配置的入侵检测系统策略。该应用程序在应用程序代码中识别入侵检测系统策略要根据传入或传出通信进行检查。根据入侵检测系统策略中的信息选择性地评估由应用程序获得的信息。如果检测到与应用程序相关联的入侵，则基于入侵检测系统策略中的信息进行条件响应。

2. 发明申请

US20120198542A1 Shared Security Device 审中-公开
标题翻译：共享安全设备
公开(公告)号：US20120198542A1
公开(公告)日：2012-08-02
申请号：US13423788
申请日：2012-03-19
申请人： Lap T. Huynh , Constantinos Kassimis , Jeffrey A. Lucovsky , Linwood H. Overby, JR. , Jerry W. Stevens
发明人： Lap T. Huynh , Constantinos Kassimis , Jeffrey A. Lucovsky , Linwood H. Overby, JR. , Jerry W. Stevens
IPC分类号： G06F21/00 , G06F15/16
CPC分类号： H04L63/0227 , H04W4/00 , H04W8/26
摘要： A mechanism is provided for sharing one or more security appliances. A trusted system component associated with an application of a plurality of applications in a logically partitioned data processing system sets a destination address of a received packet to an address of a security appliance shared by the plurality of applications. The trusted system component sends the received packet to the security appliance. The trusted system component receives a response from the security appliance. The trusted system component determines whether the response indicates permitting the received packet to proceed to the intended recipient. The trusted system component sends the received packet to the recipient in response to the response indicating permitting the received packet to proceed.
摘要翻译：提供了一种用于共享一个或多个安全设备的机制。与逻辑分区数据处理系统中的多个应用的应用相关联的可信系统组件将接收到的分组的目的地地址设置为由多个应用共享的安全设备的地址。可信系统组件将接收到的数据包发送到安全设备。可信系统组件接收来自安全设备的响应。可信系统组件确定响应是否指示允许接收到的分组进行到预期接收者。可信系统组件响应于指示允许所接收的分组继续进行的响应，将接收的分组发送给接收者。

3. 发明申请

US20110126194A1 SHARED SECURITY DEVICE 审中-公开
标题翻译：共享安全设备
公开(公告)号：US20110126194A1
公开(公告)日：2011-05-26
申请号：US12624762
申请日：2009-11-24
申请人： Lap T. Huynh , Constantinos Kassimis , Jeffrey A. Lucovsky , Linwood H. Overby, JR. , Jerry W. Stevens
发明人： Lap T. Huynh , Constantinos Kassimis , Jeffrey A. Lucovsky , Linwood H. Overby, JR. , Jerry W. Stevens
IPC分类号： G06F21/00 , G06F9/455
CPC分类号： H04L63/0227 , H04W4/00 , H04W8/26
摘要： A mechanism is provided for sharing one or more security appliances. A trusted system component associated with an application of a plurality of applications in a logically partitioned data processing system sets a destination address of a received packet to an address of a security appliance shared by the plurality of applications. The trusted system component sends the received packet to the security appliance. The trusted system component receives a response from the security appliance. The trusted system component determines whether the response indicates permitting the received packet to proceed to the intended recipient. The trusted system component sends the received packet to the recipient in response to the response indicating permitting the received packet to proceed.
摘要翻译：提供了一种用于共享一个或多个安全设备的机制。与逻辑分区数据处理系统中的多个应用的应用相关联的可信系统组件将接收到的分组的目的地地址设置为由多个应用共享的安全设备的地址。可信系统组件将接收到的数据包发送到安全设备。可信系统组件接收来自安全设备的响应。可信系统组件确定响应是否指示允许接收到的分组进行到预期接收者。可信系统组件响应于指示允许所接收的分组继续进行的响应，将接收的分组发送给接收者。

4. 发明申请

US20100071025A1 SECURING LIVE MIGRATION OF A VIRTUAL MACHINE WITHIN A SERVICE LANDSCAPE 有权
标题翻译：维护虚拟机在服务环境中的实时移动
公开(公告)号：US20100071025A1
公开(公告)日：2010-03-18
申请号：US12210249
申请日：2008-09-15
申请人： Wesley M. Devine , Sivaram Gottimukkala , Lap T. Huynh , Dinakaran Joseph , Michael S. Law , Linwood H. Overby, JR.
发明人： Wesley M. Devine , Sivaram Gottimukkala , Lap T. Huynh , Dinakaran Joseph , Michael S. Law , Linwood H. Overby, JR.
IPC分类号： H04L9/00 , G06F21/00 , G06F9/455
CPC分类号： G06F9/45558 , G06F9/4856 , G06F2009/4557
摘要： In an embodiment of the invention, a method for secure live migration of a virtual machine (VM) in a virtualized computing environment can include selecting a VM in a secure virtualized computing environment for live migration to a different virtualized computing environment and blocking data communications with the selected VM and other VMs in the secure virtualized computing environment. The selected VM can be live migrated to the different virtualized computing environment and the VM cna be restarted in the different virtualized computing environment. Notably, a secure communicative link can be established between the restarted VM and at least one other of the VMs in the secure virtualized computing environment. Finally, data communications between the restarted VM and the at least one other of the VMs can be enabled over the secure communicative link.
摘要翻译：在本发明的一个实施例中，用于虚拟计算环境中的虚拟机（VM）的安全实时迁移的方法可以包括在安全虚拟化计算环境中选择虚拟机，以便实时迁移到不同的虚拟化计算环境并阻止与安全虚拟化计算环境中选定的虚拟机和其他虚拟机。所选择的虚拟机可以实时迁移到不同的虚拟化计算环境中，并且在不同的虚拟化计算环境中重新启动VM。值得注意的是，可以在重新启动的VM和安全虚拟化计算环境中的至少另一个VM之间建立安全的通信链路。最后，可以通过安全通信链路来启用重新启动的VM与至少另一个VM之间的数据通信。

5. 发明申请

US20090169005A1 SELECTIVELY LOADING SECURITY ENFORCEMENT POINTS WTH SECURITY ASSOCIATION INFORMATION 有权
标题翻译：选择性加载安全执行要点WTH SECURITY ASSOCIATION信息
公开(公告)号：US20090169005A1
公开(公告)日：2009-07-02
申请号：US11964503
申请日：2007-12-26
申请人： Christopher Meyer , Wuchieh J. Jong , Linwood H. Overby, JR.
发明人： Christopher Meyer , Wuchieh J. Jong , Linwood H. Overby, JR.
IPC分类号： H04L9/00
CPC分类号： H04L63/0428 , H04L63/062 , H04L63/164
摘要： A method, network element, and computer storage program product, are provided for selectively loading a communication network security enforcement point (“SEP”) with security association (“SA”) information for inspection of encrypted data in a secure, end-to-end communications path. At least one encrypted data packet is received. It is determined that SA information for decrypting the at least one encrypted data packet fails to exist locally at the SEP. A request is sent to a communication network key server for SA information associated with the at least one encrypted data packet. The SA information associated with the at least one encrypted data packet is received from the communication network key server.
摘要翻译：提供了一种方法，网络元件和计算机存储程序产品，用于选择性地加载具有安全关联（SA））信息的通信网络安全执行点（“SEP”），以便在安全的端对端终端通信路径。至少接收一个加密的数据包。确定在SEP处本地存在用于解密至少一个加密数据分组的SA信息不存在。向通信网络密钥服务器发送与所述至少一个加密数据分组相关联的SA信息的请求。从通信网络密钥服务器接收与该至少一个加密数据分组相关联的SA信息。

6. 发明申请

US20110239290A1 SECURE SHARING OF TRANSPORT LAYER SECURITY SESSION KEYS WITH TRUSTED ENFORCEMENT POINTS 有权
标题翻译：运输层安全会议安全交流钥匙与实际执行点
公开(公告)号：US20110239290A1
公开(公告)日：2011-09-29
申请号：US13158388
申请日：2011-06-11
申请人： David G. Kuehr-McLaren , Linwood H. Overby, JR.
发明人： David G. Kuehr-McLaren , Linwood H. Overby, JR.
IPC分类号： G06F9/00 , G06F15/16 , H04L9/08
CPC分类号： H04L63/166
摘要： Embodiments of the present invention address deficiencies of the art in respect to security enforcement point operability in a TLS secured communications path and provide a novel and non-obvious method, system and computer program product for the secure sharing of TLS session keys with trusted enforcement points. In one embodiment of the invention, a method for securely sharing TLS session keys with trusted enforcement points can be provided. The method can include conducting a TLS handshake with a TLS client to extract and decrypt a session key for a TLS session with the TLS client traversing at least one security enforcement point. The method further can include providing the session key to a communicatively coupled key server for distribution to the at least one security enforcement point. Finally, the method can include engaging in secure communications with the TLS client over the TLS session.
摘要翻译：本发明的实施例解决了在TLS安全通信路径中的安全执行点可操作性方面本领域的缺陷，并提供了一种新颖且不显眼的方法，系统和计算机程序产品，用于与可信执行点安全共享TLS会话密钥。在本发明的一个实施例中，可以提供一种用可靠执行点安全地共享TLS会话密钥的方法。该方法可以包括与TLS客户端进行TLS握手，以提取和解密与TLS客户端穿过至少一个安全执行点的TLS会话的会话密钥。该方法还可以包括将会话密钥提供给通信耦合的密钥服务器以分发给至少一个安全执行点。最后，该方法可以包括通过TLS会话与TLS客户端进行安全通信。

7. 发明申请

US20110219442A1 Policy-Based Security Certificate Filtering 有权
标题翻译：基于策略的安全证书筛选
公开(公告)号：US20110219442A1
公开(公告)日：2011-09-08
申请号：US13111907
申请日：2011-05-19
申请人： Roy F. Brabson , Barry Mosakowski , Linwood H. Overby, JR.
发明人： Roy F. Brabson , Barry Mosakowski , Linwood H. Overby, JR.
IPC分类号： H04L9/32 , G06F21/00
CPC分类号： H04L63/0823 , G06F21/33 , H04L9/3265 , H04L63/0227 , H04L63/12 , H04L63/166 , H04L2209/80
摘要： Policy filtering services are built into security processing of an execution environment for resolving how to handle a digital security certificate of a communicating entity without requiring a local copy of a root certificate that is associated with the entity through a certificate authority (“CA”) chain. Policy may be specified using a set of rules (or other policy format) indicating conditions for certificate filtering. This filtering is preferably invoked during handshaking, upon determining that a needed root CA certificate is not available. In one approach, the policy uses rules specifying conditions under which a certificate is permitted (i.e., treated as if it is validated) and other rules specifying conditions under which a certificate is blocked (i.e., treated as if it is invalid). Preferably, policy rules are evaluated and enforced in order of most-specific to least-specific.
摘要翻译：策略过滤服务内置在执行环境的安全处理中，用于解决如何处理通信实体的数字安全证书，而不需要通过证书颁发机构（“CA”）链与实体关联的根证书的本地副本。可以使用指示证书筛选条件的一组规则（或其他策略格式）来指定策略。在确定所需的根CA证书不可用时，优选地在握手期间调用该过滤。在一种方法中，策略使用规则来规定允许证书的条件（即被视为已被验证）以及指定证书被阻止的条件的其他规则（即被视为无效）。优选地，按照大多数特定到最小特定的顺序来评估和执行策略规则。

8. 发明申请

US20090025078A1 SECURE SHARING OF TRANSPORT LAYER SECURITY SESSION KEYS WITH TRUSTED ENFORCEMENT POINTS 失效
标题翻译：运输层安全会议安全交流钥匙与实际执行点
公开(公告)号：US20090025078A1
公开(公告)日：2009-01-22
申请号：US11778396
申请日：2007-07-16
申请人： David G. Kuehr-McLaren , Linwood H. Overby, JR.
发明人： David G. Kuehr-McLaren , Linwood H. Overby, JR.
IPC分类号： G06F9/00
CPC分类号： H04L63/166
摘要： Embodiments of the present invention address deficiencies of the art in respect to security enforcement point operability in a TLS secured communications path and provide a novel and non-obvious method, system and computer program product for the secure sharing of TLS session keys with trusted enforcement points. In one embodiment of the invention, a method for securely sharing TLS session keys with trusted enforcement points can be provided. The method can include conducting a TLS handshake with a TLS client to extract and decrypt a session key for a TLS session with the TLS client traversing at least one security enforcement point. The method further can include providing the session key to a communicatively coupled key server for distribution to the at least one security enforcement point. Finally, the method can include engaging in secure communications with the TLS client over the TLS session.
摘要翻译：本发明的实施例解决了在TLS安全通信路径中关于安全执行点可操作性的本领域的缺陷，并提供了一种新颖且非显而易见的方法，系统和计算机程序产品，用于与可信执行点安全共享TLS会话密钥。在本发明的一个实施例中，可以提供一种用可靠执行点安全地共享TLS会话密钥的方法。该方法可以包括与TLS客户端进行TLS握手，以提取和解密与TLS客户端穿过至少一个安全执行点的TLS会话的会话密钥。该方法还可以包括将会话密钥提供给通信耦合的密钥服务器以分发给至少一个安全执行点。最后，该方法可以包括通过TLS会话与TLS客户端进行安全通信。

你已经成功收藏专利！

检索式保存成功!

IPRDB

热门服务

关于我们

友情链接

联系方式