专利快速检索-快速检索全球专利，免费商用专利数据库-IPRDB

1. 发明授权

US07647635B2 System and method to resolve an identity interactively 有权
标题翻译：以交互方式解析身份的系统和方法
公开(公告)号：US07647635B2
公开(公告)日：2010-01-12
申请号：US11592473
申请日：2006-11-02
申请人： Lee Chen , John Chiong , Philip Kwan
发明人： Lee Chen , John Chiong , Philip Kwan
IPC分类号： G06F11/30 , G06F15/173
CPC分类号： H04L63/1416 , G06F21/6263 , G06F2221/2105 , G06F2221/2129 , G06F2221/2151 , H04L63/1433
摘要： A system and method for resolving an identity includes a security console, which displays security information regarding a secure network. The security information includes at least a first identity used to access the secure network. An operator selects the first identity, and the security console sends it to a resolver. The resolver connects with an identity server to find an access session record with an identity matching the first identity. A second identity is extracted from this record, and the resolver returns a result that includes the second identity. The security console displays the second identity; The first identity can be a user identity of a user, where the second identity is corresponding host identity, or vise versa. In this manner, an efficient interface to security information is provided to an operator, where the operator may resolve a user/host identity to a host/user identity interactively.
摘要翻译：用于解决身份的系统和方法包括安全控制台，其显示关于安全网络的安全信息。安全信息至少包括用于访问安全网络的第一身份。操作员选择第一个身份，安全控制台将其发送到解析器。解析器与身份服务器连接，以查找具有与第一身份匹配的身份的访问会话记录。从该记录中提取第二个身份，解析器返回包含第二个身份的结果。安全控制台显示第二个身份; 第一身份可以是用户的用户身份，其中第二身份是相应的主机身份，反之亦然。以这种方式，向运营商提供对安全信息的有效接口，其中运营商可以交互地将用户/主机身份解析为主机/用户身份。

2. 发明申请

US20080109887A1 System and method to resolve an identity interactively 有权
标题翻译：以交互方式解析身份的系统和方法
公开(公告)号：US20080109887A1
公开(公告)日：2008-05-08
申请号：US11592473
申请日：2006-11-02
申请人： Lee Chen , John Chiong , Philip Kwan
发明人： Lee Chen , John Chiong , Philip Kwan
IPC分类号： G06F7/04
CPC分类号： H04L63/1416 , G06F21/6263 , G06F2221/2105 , G06F2221/2129 , G06F2221/2151 , H04L63/1433
摘要： A system and method for resolving an identity includes a security console, which displays security information regarding a secure network. The security information includes at least a first identity used to access the secure network. An operator selects the first identity, and the security console sends it to a resolver. The resolver connects with an identity server to find an access session record with an identity matching the first identity. A second identity is extracted from this record, and the resolver returns a result that includes the second identity. The security console displays the second identity; The first identity can be a user identity of a user, where the second identity is corresponding host identity, or vise versa. In this manner, an efficient interface to security information is provided to an operator, where the operator may resolve a user/host identity to a host/user identity interactively.
摘要翻译：用于解决身份的系统和方法包括安全控制台，其显示关于安全网络的安全信息。安全信息至少包括用于访问安全网络的第一身份。操作员选择第一个身份，安全控制台将其发送到解析器。解析器与身份服务器连接，以查找具有与第一身份匹配的身份的访问会话记录。从该记录中提取第二个身份，解析器返回包含第二个身份的结果。安全控制台显示第二个身份; 第一身份可以是用户的用户身份，其中第二身份是相应的主机身份，反之亦然。以这种方式，向运营商提供对安全信息的有效接口，其中运营商可以交互地将用户/主机身份解析为主机/用户身份。

3. 发明授权

US08769260B1 Messaging system with user-friendly encryption and decryption 有权
标题翻译：消息系统具有用户友好的加密和解密功能
公开(公告)号：US08769260B1
公开(公告)日：2014-07-01
申请号：US13443337
申请日：2012-04-10
申请人： Philip Kwan , Michael Harry Palmer
发明人： Philip Kwan , Michael Harry Palmer
IPC分类号： H04L29/06 , G06F21/00
CPC分类号： G06F21/00 , H04L51/066 , H04L63/045 , H04L63/0471
摘要： Encryption of message content of an e-mail sent by way of a webmail service may be performed in response to activation of a user interface element. The message content may be encrypted using a symmetric key. A public key of a recipient of the e-mail is received from a backend service and employed to encrypt the symmetric key. The encrypted symmetric key and encrypted message content are sent to a recipient by way of the webmail service. Decryption of the encrypted message content may be performed in response to activation of another user interface element. A private key of the recipient is received from the backend service and employed to decrypt the encrypted symmetric key. The symmetric key is thereafter employed to decrypt the encrypted message content.
摘要翻译：可以响应于用户界面元素的激活来执行通过webmail服务发送的电子邮件的消息内容的加密。消息内容可以使用对称密钥加密。从后端服务接收电子邮件接收者的公开密钥，用于加密对称密钥。加密的对称密钥和加密的消息内容通过webmail服务发送给接收者。加密消息内容的解密可以响应于另一个用户界面元素的激活来执行。从后端服务接收到接收者的私钥，并采用解密加密的对称密钥。此后采用对称密钥来解密加密的消息内容。

4. 发明授权

US08239929B2 Multiple tiered network security system, method and apparatus using dynamic user policy assignment 有权
标题翻译：多层网络安全系统，使用动态用户策略分配的方法和装置
公开(公告)号：US08239929B2
公开(公告)日：2012-08-07
申请号：US12769626
申请日：2010-04-28
申请人： Philip Kwan , Chi-Jui Ho
发明人： Philip Kwan , Chi-Jui Ho
IPC分类号： G06F21/00 , H04L9/32
CPC分类号： H04L63/08 , H04L63/0876 , H04L63/102
摘要： A multiple key, multiple tiered network security system, method and apparatus provides at least three levels of security. The first level of security includes physical (MAC) address authentication of a user device being attached to the network, such as a user device being attached to a port of a network access device. The second level includes authentication of the user of the user device, such as user authentication in accordance with the IEEE 802.1x standard. The third level includes dynamic assignment of a user policy to the port based on the identity of the user, wherein the user policy is used to selectively control access to the port. The user policy may identify or include an access control list (ACL) or MAC address filter. Also, the user policy is not dynamically assigned if insufficient system resources are available to do so. Failure to pass a lower security level results in a denial of access to subsequent levels of authentication.
摘要翻译：多重密钥，多层网络安全系统，方法和装置提供至少三个层次的安全性。第一级安全性包括附加到网络的用户设备的物理（MAC）地址认证，例如附加到网络接入设备的端口的用户设备。第二级包括用户设备的用户的认证，例如根据IEEE 802.1x标准的用户认证。第三级包括基于用户的身份将用户策略动态分配给端口，其中用户策略用于选择性地控制对该端口的访问。用户策略可以标识或包括访问控制列表（ACL）或MAC地址过滤器。此外，如果系统资源不足，则不会动态分配用户策略。未能通过较低的安全级别导致拒绝访问后续级别的身份验证。

5. 发明申请

US20090307773A1 SYSTEM AND METHOD FOR ARP ANTI-SPOOFING SECURITY 有权
标题翻译：用于ARP防垃圾邮件安全的系统和方法
公开(公告)号：US20090307773A1
公开(公告)日：2009-12-10
申请号：US12478216
申请日：2009-06-04
申请人： Philip Kwan
发明人： Philip Kwan
IPC分类号： G06F11/00
CPC分类号： H04L63/1408 , H04L61/103 , H04L63/0236 , H04L63/101 , H04L63/1466
摘要： A system and method that provides for copying ARP replies, and generating data packets which include the ARP reply, and other information such as an identification of the port on the ARP reply was received. These data packets are then transmitted to an ARP collector which stores the ARP reply and port information. The ARP collector then uses this stored information, and analyzes future data packets relative to the stored information to detect occurrences of ARP spoofing. The ARP collector further provides for generating alerts and taking security actions when ARP reply spoofing is detected.
摘要翻译：接收到一种系统和方法，用于复制ARP应答，生成包含ARP应答的数据包，以及其他信息，如ARP应答端口的标识。然后将这些数据包发送到存储ARP应答和端口信息的ARP收集器。 ARP收集器然后使用这个存储的信息，并分析与存储的信息相关的未来数据包，以检测ARP欺骗的发生。 ARP收发器进一步提供在检测到ARP回复欺骗时产生警报并采取安全措施。

6. 发明申请

US20090260083A1 SYSTEM AND METHOD FOR SOURCE IP ANTI-SPOOFING SECURITY 有权
标题翻译：源IP防盗安全系统和方法
公开(公告)号：US20090260083A1
公开(公告)日：2009-10-15
申请号：US12392422
申请日：2009-02-25
申请人： Ronald W. Szeto , Nitin Jain , Ravindran Suresh , Philip Kwan
发明人： Ronald W. Szeto , Nitin Jain , Ravindran Suresh , Philip Kwan
IPC分类号： G06F7/04 , G06F15/18
CPC分类号： H04L63/0263 , H04L63/101 , H04L63/1441 , H04L2463/146
摘要： A system and method that provides for using source IP addresses and MAC addresses in a network to provide security against attempts by users of the network to use false source IP addresses in data packets. The system and method provide for analyzing MAC addresses and source IP addresses at the datalink (layer 2) level, and to use the information derived from such analysis to block access through a port where a host device is using a false, or spoofed, source IP address in transmitted data packets. Further, the system and method provide for validating initially learned source IP addresses, and for determining whether the number of unsuccessful attempts to validate new source IP addresses exceeds a threshold level, and where the number does exceed the threshold number the system and method can provide for operation in a possible attack mode.
摘要翻译：提供在网络中使用源IP地址和MAC地址的系统和方法来提供安全性以防止网络用户在数据分组中使用虚拟源IP地址的尝试。该系统和方法提供用于分析数据链路（层2）级别的MAC地址和源IP地址，并且使用从这种分析导出的信息阻止通过主机设备正在使用虚假或欺骗源的端口的访问传输数据包中的IP地址。此外，系统和方法提供用于验证初始学习的源IP地址，并且用于确定验证新的源IP地址的不成功尝试的次数是否超过阈值水平，并且其中该数量超过阈值数目，系统和方法可以提供用于在可能的攻击模式下操作。

7. 发明授权

US08893256B2 System and method for protecting CPU against remote access attacks 有权
标题翻译：防止CPU远程访问攻击的系统和方法
公开(公告)号：US08893256B2
公开(公告)日：2014-11-18
申请号：US12827235
申请日：2010-06-30
申请人： Ronald W. Szeto , Philip Kwan , Raymond Wai-Kit Kwong
发明人： Ronald W. Szeto , Philip Kwan , Raymond Wai-Kit Kwong
IPC分类号： H04L29/06
CPC分类号： H04L63/0236
摘要： A system and method that provides for protection of a CPU of a router, by establishing a management port on a router. Hosts which are connected to a non-management ports of the router are denied access to management functions of a CPU of the router. The system and method can utilize an application specific integrated circuit, in conjunction with a CAM-ACL, which analyzes data packets received on the ports of router, and the ASIC operates to drop data packets which are directed to the CPU of the router. This system and method operates to filter data packets which may be generated in attempts to hack in to control functions of a network device, and the operation does not require that the CPU analyze all received data packets in connection with determining access to the control functions of the router.
摘要翻译：通过在路由器上建立管理端口，提供路由器的CPU保护的系统和方法。连接到路由器的非管理端口的主机被拒绝访问路由器的CPU的管理功能。该系统和方法可以结合CAM-ACL使用专用集成电路，CAM-ACL分析在路由器端口上接收的数据分组，并且ASIC操作以丢弃指向路由器的CPU的数据分组。该系统和方法操作以过滤可能在尝试入侵以控制网络设备的功能时产生的数据分组，并且该操作不要求CPU分析所有接收到的数据分组，以确定访问控制功能路由器

8. 发明授权

US08762712B1 Methods and system for person-to-person secure file transfer 有权
标题翻译：个人到个人安全文件传输的方法和系统
公开(公告)号：US08762712B1
公开(公告)日：2014-06-24
申请号：US13559968
申请日：2012-07-27
申请人： Philip Kwan , Michael Harry Palmer
发明人： Philip Kwan , Michael Harry Palmer
IPC分类号： H04L9/00
CPC分类号： H04L63/0428 , G06F21/606 , H04L9/0825 , H04L63/061 , H04L67/04 , H04L2463/062
摘要： A person-to-person secure file transfer system includes an originating computer that receives a public key of a recipient from a cloud computing system. The originating computer encrypts a file using a message key, and encrypts the message key using the public key of the recipient. The encrypted file is stored in the cloud computing system. In response to a request from a receiving computer, the cloud computing system decrypts the encrypted message key using a private key of the recipient, decrypts the encrypted file using the message key, and provides the now decrypted file to the receiving computer. In another example, the cloud computing system provides the private key of the recipient and the encrypted file to the receiving computer, which decrypts the encrypted message key using the private key of the recipient and decrypts the encrypted file using the message key.
摘要翻译：个人对个人安全文件传输系统包括从云计算系统接收接收者的公开密钥的始发计算机。始发计算机使用消息密钥加密文件，并使用接收者的公钥加密消息密钥。加密文件存储在云计算系统中。响应于来自接收计算机的请求，云计算系统使用接收者的私钥对加密的消息密钥进行解密，并使用消息密钥解密加密文件，并将现在解密的文件提供给接收计算机。在另一个例子中，云计算系统将收件人的私钥和加密的文件提供给接收计算机，接收计算机使用接收者的私钥对加密的消息密钥进行解密，并使用消息密钥解密加密的文件。

9. 发明授权

US08681800B2 System, method and apparatus for providing multiple access modes in a data communications network 有权
标题翻译：用于在数据通信网络中提供多种接入模式的系统，方法和装置
公开(公告)号：US08681800B2
公开(公告)日：2014-03-25
申请号：US13461519
申请日：2012-05-01
申请人： Philip Kwan
发明人： Philip Kwan
IPC分类号： H04L12/28
CPC分类号： H04L63/10 , H04L63/08
摘要： A system, method and apparatus for providing multiple access modes in a data communications network includes a network access device having a plurality of input ports, a plurality of output ports, and a switching fabric for routing data received on the plurality of input ports to at least one of the plurality of output ports. Control logic within the network access device is adapted to determine whether a user device coupled to one of the plurality of input ports supports a user authentication protocol used by a host network. If the user authentication protocol is not supported, then the input port to which the network access device is coupled is placed in a semi-authorized access state that limits access to a pre-configured network accessible via the host network.
摘要翻译：一种用于在数据通信网络中提供多种接入模式的系统，方法和装置，包括具有多个输入端口，多个输出端口和交换结构的网络接入设备，用于将在多个输入端口上接收的数据路由到多个输出端口中的至少一个。网络接入设备内的控制逻辑适于确定耦合到多个输入端口之一的用户设备是否支持主机网络使用的用户认证协议。如果不支持用户认证协议，则将网络接入设备耦合到的输入端口置于半授权访问状态，该访问状态限制对经由主机网络可访问的预配置网络的访问。

10. 发明申请

US20120011584A1 SYSTEM AND METHOD FOR ARP ANTI-SPOOFING SECURITY 有权
标题翻译：用于ARP防垃圾邮件安全的系统和方法
公开(公告)号：US20120011584A1
公开(公告)日：2012-01-12
申请号：US13184748
申请日：2011-07-18
申请人： Philip Kwan
发明人： Philip Kwan
IPC分类号： G06F21/00
CPC分类号： H04L63/1408 , H04L61/103 , H04L63/0236 , H04L63/101 , H04L63/1466
摘要： A system and method that provides for copying ARP replies, and generating data packets which include the ARP reply, and other information such as an identification of the port on the ARP reply was received. These data packets are then transmitted to an ARP collector which stores the ARP reply and port information. The ARP collector then uses this stored information, and analyzes future data packets relative to the stored information to detect occurrences of ARP spoofing. The ARP collector further provides for generating alerts and taking security actions when ARP reply spoofing is detected.
摘要翻译：接收到一种系统和方法，用于复制ARP应答，生成包含ARP应答的数据包，以及其他信息，如ARP应答端口的标识。然后将这些数据包发送到存储ARP应答和端口信息的ARP收集器。 ARP收集器然后使用这个存储的信息，并分析与存储的信息相关的未来数据包，以检测ARP欺骗的发生。 ARP收发器进一步提供在检测到ARP回复欺骗时产生警报并采取安全措施。

你已经成功收藏专利！

检索式保存成功!

IPRDB

热门服务

关于我们

友情链接

联系方式