专利快速检索-快速检索全球专利，免费商用专利数据库-IPRDB

1. 发明授权

US07503068B2 Secure ISN generation 有权
标题翻译：安全的ISN生成
公开(公告)号：US07503068B2
公开(公告)日：2009-03-10
申请号：US10779950
申请日：2004-02-13
申请人： Sanjay Kaniyar , Art Shelest , Nk Srinivas , Scott K. Holden
发明人： Sanjay Kaniyar , Art Shelest , Nk Srinivas , Scott K. Holden
IPC分类号： H04L9/00
CPC分类号： H04L47/34 , H04L63/1458
摘要： An initial sequence number generator is provided that prevents the local server from being attacked while maintaining reliable data transfer. A random intermediate value is created that is unique to each connection identifier and is combined with a random value created from a global counter to generate the initial sequence number. The counter capable of monotonically increasing by both a fixed and variable amount for ensuring that the same connection identifier does not have data collisions from competing sequence numbers within a predetermined period of time, and also to ensures randomness of the initial sequence number on a per connection basis for preventing attacks on the local server.
摘要翻译：提供了初始序列号生成器，其防止本地服务器在保持可靠的数据传输的同时受到攻击。创建对每个连接标识符唯一的随机中间值，并与从全局计数器创建的随机值组合以生成初始序列号。该计数器能够通过固定和可变量单调增加，以确保相同的连接标识符在预定时间段内没有来自竞争序列号的数据冲突，并且还确保每个连接上的初始序列号的随机性防止对本地服务器的攻击的基础。

2. 发明授权

US07380006B2 Method for automatic tuning of TCP receive window based on a determined bandwidth 有权
标题翻译：基于确定的带宽自动调整TCP接收窗口的方法
公开(公告)号：US07380006B2
公开(公告)日：2008-05-27
申请号：US09736988
申请日：2000-12-14
申请人： Nk Srinivas , Art Shelest , Peter S. Ford
发明人： Nk Srinivas , Art Shelest , Peter S. Ford
IPC分类号： G06F15/16 , G06F15/173
CPC分类号： H04L47/27 , H04L1/1832 , H04L47/10 , H04L47/193 , H04L69/16 , H04L69/163
摘要： A method and system are directed at automatically tuning a TCP receive window (RWIN). The size of the RWIN may be determined by attributes of a network card. One attribute used to size the RWIN is the speed of the adapter card. The adapter speed is readily available by polling the network card. Once the speed is known, the size of the RWIN is selected from a table and is automatically set. Alternatively, the size of the RWIN may be determined by a formula.
摘要翻译：方法和系统针对自动调整TCP接收窗口（RWIN）。 RWIN的大小可以由网卡的属性确定。用于调整RWIN大小的一个属性是适配卡的速度。适配器速度可以通过轮询网卡来获得。一旦知道速度，就从表中选择RWIN的大小，并自动设置。或者，RWIN的大小可以由公式确定。

3. 发明授权

US06745360B1 Method and system for controlling the rate of acknowledgment of communication packets 有权
标题翻译：控制通信包确认速率的方法和系统
公开(公告)号：US06745360B1
公开(公告)日：2004-06-01
申请号：US09548712
申请日：2000-04-13
申请人： Nk Srinivas , Art Shelest
发明人： Nk Srinivas , Art Shelest
IPC分类号： H04L116
CPC分类号： H04L1/1671 , H04L1/1685 , H04L29/06 , H04L69/16 , H04L69/163
摘要： A method and system for controlling the rate of acknowledgment of communication packets is provided in which a sender determines whether or not an acknowledgment is required from a receiver, and if an acknowledgment is required, transmits a packet that is marked to indicate that an acknowledgment is required. There are many different ways in which a packet may be marked, including generating the packet so that it is shorter than a standard length, inserting an optional field, or inserting a value into the packet header. When TCP is being used for communication, the TCP segments may be marked by clearing the ACK bit of the TCP header. Two or more computers that are engaged in or about to engage in packet-based communication may also inform one another of their respective abilities to send and receive marked packets by transmitting capability packets to one another.
摘要翻译：提供了一种用于控制通信分组的确认速率的方法和系统，其中发送方确定是否需要来自接收方的确认，并且如果需要确认，则发送标记为指示确认为需要。可以有许多不同的方式来标记分组，包括生成分组，使得它比标准长度短，插入可选字段，或者在分组报头中插入一个值。当TCP用于通信时，可以通过清除TCP报头的ACK位来标记TCP段。从事或即将进行基于分组的通信的两台或多台计算机也可以通过彼此发送和接收标记的分组的能力彼此通知彼此的能力分组。

4. 发明申请

US20050198509A1 Secure ISN generation 有权
标题翻译：安全的ISN生成
公开(公告)号：US20050198509A1
公开(公告)日：2005-09-08
申请号：US10779950
申请日：2004-02-13
申请人： Sanjay Kaniyar , Art Shelest , Nk Srinivas , Scott Holden
发明人： Sanjay Kaniyar , Art Shelest , Nk Srinivas , Scott Holden
IPC分类号： H04L9/00
CPC分类号： H04L47/34 , H04L63/1458
摘要： An initial sequence number generator is provided that prevents the local server from being attacked while maintaining reliable data transfer. A random intermediate value is created that is unique to each connection identifier and is combined with a random value created from a global counter to generate the initial sequence number. The counter capable of monotonically increasing by both a fixed and variable amount for ensuring that the same connection identifier does not have data collisions from competing sequence numbers within a predetermined period of time, and also to ensures randomness of the initial sequence number on a per connection basis for preventing attacks on the local server.
摘要翻译：提供了初始序列号生成器，其防止本地服务器在保持可靠的数据传输的同时受到攻击。创建对每个连接标识符唯一的随机中间值，并与从全局计数器创建的随机值组合以生成初始序列号。该计数器能够通过固定和可变量单调增加，以确保相同的连接标识符在预定时间段内没有来自竞争序列号的数据冲突，并且还确保每个连接上的初始序列号的随机性防止对本地服务器的攻击的基础。

5. 发明授权

US07725586B2 Method for advance negotiation of computer settings 有权
标题翻译：计算机设置提前协商的方法
公开(公告)号：US07725586B2
公开(公告)日：2010-05-25
申请号：US11699182
申请日：2007-01-29
申请人： Art Shelest , Christian Huitema
发明人： Art Shelest , Christian Huitema
IPC分类号： G06F15/16 , G01R31/08
CPC分类号： G06F9/44505
摘要： A method to negotiate computer settings in advance is presented. A prediction is made to determine if the computer setting will be needed, and if needed, whether a value outside of a normal range of values will be needed. A value for the computer setting that is outside of the normal range of values is determined and the value is set to the outside value. A value within the normal range of values is used if it was predicted that there is no need for a value outside of the normal range of values.
摘要翻译：提出了一种提前协商计算机设置的方法。进行预测以确定是否需要计算机设置，并且如果需要，是否需要在正常值范围之外的值。确定超出正常值范围的计算机设置的值，并将该值设置为外部值。如果预测不需要在正常值范围之外的值，则使用在正常范围内的值。

6. 发明授权

US07698548B2 Communications traffic segregation for security purposes 有权
标题翻译：为安全起见，通信业务隔离
公开(公告)号：US07698548B2
公开(公告)日：2010-04-13
申请号：US11297717
申请日：2005-12-08
申请人： Art Shelest , Eran Yariv , David Abzarian
发明人： Art Shelest , Eran Yariv , David Abzarian
IPC分类号： H04L29/06
CPC分类号： H04L63/1408 , H04L63/1441
摘要： Technology for applying a communications traffic security policy in which a distinct communications traffic flow is segregated based upon a security value; whereby the communications traffic security policy include one or both of a detection and an enforcement policy. The detection policy may include determining whether the segregated communications traffic flow involves malware; and, the enforcement policy may include a malware policy.
摘要翻译：基于安全值分配不同通信业务流的通信业务安全策略的应用技术; 由此通信交通安全策略包括检测和执行策略中的一个或两个。检测策略可以包括确定分离的通信业务流是否涉及恶意软件; 并且执法政策可能包括恶意软件策略。

7. 发明授权

US07591010B2 Method and system for separating rules of a security policy from detection criteria 有权
标题翻译：将安全策略的规则与检测标准分开的方法和系统
公开(公告)号：US07591010B2
公开(公告)日：2009-09-15
申请号：US11039637
申请日：2005-01-19
申请人： Art Shelest , Scott A. Field , Subhashini Raghunathan
发明人： Art Shelest , Scott A. Field , Subhashini Raghunathan
IPC分类号： G06F9/00 , G06F15/16 , G06F17/00
CPC分类号： G06F21/55
摘要： A method and system that enables a security policy to separate developer-provided detection criteria from an administrator-provided custom policy is provided. The security system allows a developer of detection criteria to provide a signature file containing the signatures that are available for use by a security policy. The security system also allows an administrator of a computer system to specify a custom policy that uses the signatures of the signature file. The developer may distribute the signature file to host computer systems independently of the administrator's distribution of the rules of the custom policy to the host computer systems. When a security enforcement event occurs at the host computer system, the security system applies the rules of the security policy to the event.
摘要翻译：提供了一种使安全策略能够将开发人员提供的检测标准与管理员提供的自定义策略分开的方法和系统。安全系统允许检测标准的开发者提供包含可由安全策略使用的签名的签名文件。安全系统还允许计算机系统的管理员指定使用签名文件签名的自定义策略。开发人员可以将签名文件分发到主机计算机系统，而不管管理员将自定义策略的规则分发给主机系统。当主机计算机系统发生安全执行事件时，安全系统将安全策略的规则应用于事件。

8. 发明申请

US20050005165A1 Method of assisting an application to traverse a firewall 有权
标题翻译：协助应用程序穿越防火墙的方法
公开(公告)号：US20050005165A1
公开(公告)日：2005-01-06
申请号：US10603648
申请日：2003-06-25
申请人： Dennis Morgan , Alexandru Gavrilescu , Jonathan Burstein , Art Shelest , David LeBlanc
发明人： Dennis Morgan , Alexandru Gavrilescu , Jonathan Burstein , Art Shelest , David LeBlanc
IPC分类号： G06F21/20 , G06F11/00 , G06F13/00 , G06F15/00 , H04L29/06 , H04L9/00
CPC分类号： H04L63/0227 , H04L63/0218 , H04L63/029
摘要： A method for a firewall-aware application to communicate its expectations to a firewall without requiring the firewall to change its policy or compromise network security. An application API is provided for applications to inform a firewall or firewalls of the application's needs, and a firewall API is provided that informs the firewall or firewalls of the application's needs. An interception module watches for connect and listen attempts by applications and services to the network stack on the local computer. The interception module traps these attempts and determines what user is making the attempt, what application or service is making the attempt, and conducts a firewall policy look-up to determine whether the user and/or application or service are allowed to connect to the network. If so, the interception module may instruct the host and/or edge firewall to configure itself for the connection being requested.
摘要翻译：防火墙感知应用程序将其期望传达到防火墙的方法，而不需要防火墙更改其策略或损害网络安全性。为应用程序提供应用程序API以通知防火墙或防火墙应用程序的需求，并提供防火墙API，通知防火墙或防火墙应用程序的需求。拦截模块监视应用程序和服务对本地计算机上的网络堆栈的连接和监听尝试。拦截模块捕获这些尝试，并确定用户正在进行的尝试，什么应用程序或服务正在进行尝试，并进行防火墙策略查找，以确定是否允许用户和/或应用程序或服务连接到网络。如果是这样，则拦截模块可以指示主机和/或边缘防火墙为正在请求的连接配置自身。

9. 发明授权

US07305705B2 Reducing network configuration complexity with transparent virtual private networks 有权
标题翻译：透明虚拟专用网络降低网络配置复杂度
公开(公告)号：US07305705B2
公开(公告)日：2007-12-04
申请号：US10611832
申请日：2003-06-30
申请人： Art Shelest , Christian Huitema
发明人： Art Shelest , Christian Huitema
IPC分类号： G06F15/16
CPC分类号： H04L63/0272 , H04L9/3218 , H04L63/029 , H04L63/0442 , H04L63/08 , H04L63/083 , H04L63/0853 , H04L63/1458 , H04L63/166 , H04L2209/56 , H04L2209/76 , H04L2209/80
摘要： A firewall acts as a transparent gateway to a server within a private network by initiating an unsolicited challenge to a client to provide authentication credentials. After receiving the client's credentials, the firewall verifies the authentication credentials and establishes a secure channel for accessing the server. Data destined for the server from the client may be forwarded through the firewall using the secure channel. The firewall may sign, or otherwise indicate that data forwarded to the server is from a client that the firewall has authenticated. The firewall also may provide some level of authentication to the client. While connected to the server, the client may access other servers external to the private network without having the data associated with the other servers pass through the private network. The firewall reduces configuration information that a client otherwise must maintain to access various private network servers.
摘要翻译：防火墙通过向客户端发起未经请求的挑战来提供认证凭据，作为私有网络中的服务器的透明网关。在收到客户端凭据后，防火墙会验证身份验证凭据，并建立一个用于访问服务器的安全通道。从客户端发往服务器的数据可以使用安全通道通过防火墙转发。防火墙可以签署或以其他方式指示转发到服务器的数据来自防火墙已经认证的客户端。防火墙还可以向客户端提供一定程度的认证。当连接到服务器时，客户端可以访问专用网络外部的其他服务器，而不会使与其他服务器相关联的数据通过专用网络。防火墙可以减少客户端必须维护的配置信息，以访问各种专用网络服务器。

10. 发明申请

US20060282876A1 Conditional activation of security policies 有权
公开(公告)号：US20060282876A1
公开(公告)日：2006-12-14
申请号：US11150819
申请日：2005-06-09
申请人： Art Shelest , Carl Ellison
发明人： Art Shelest , Carl Ellison
IPC分类号： G06F17/00
CPC分类号： G06F21/6218
摘要： A conditional activation system distributes a security policy to the computer systems of an enterprise. Upon receiving a security policy at a computer system, the computer system may install the received security policy without activation. When a security policy is installed without activation, it is loaded onto a computer system but is not used to process security enforcement events. The computer system may then determine whether a security policy activation criterion has been satisfied and, if so, activate the security policy.

你已经成功收藏专利！

检索式保存成功!

IPRDB

热门服务

关于我们

友情链接

联系方式