专利快速检索-快速检索全球专利，免费商用专利数据库-IPRDB

1. 发明授权

US07549166B2 Defense mechanism for server farm 有权
标题翻译：服务器场的防御机制
公开(公告)号：US07549166B2
公开(公告)日：2009-06-16
申请号：US10313728
申请日：2002-12-05
申请人： Paul T. Baffes , John Michael Garrison , Michael Gilfix , Allan Hsu , Tyron Jerrod Stading , Ronald S. Woan , John D. Wolpert , Shawn L. Young
发明人： Paul T. Baffes , John Michael Garrison , Michael Gilfix , Allan Hsu , Tyron Jerrod Stading , Ronald S. Woan , John D. Wolpert , Shawn L. Young
IPC分类号： G06F11/00 , G06F7/04
CPC分类号： G06F21/554 , G06F2221/2127
摘要： A method and system for handling a malicious intrusion to a machine in a networked group of computers. The malicious intrusion is an unauthorized access to the machine, such as a server in a server farm. When the intrusion is detected, the machine is isolated from the rest of the server farm, and the machine is reprovisioned as a decoy system having access to only data that is ersatz or at least non-sensitive. If the intrusion is determined to be non-malicious, then the machine is functionally reconnected to the server farm, and the machine is reprovisioned to a state held before the reprovisioning of the machine as a decoy machine.
摘要翻译：一种用于处理对联网计算机组中的机器的恶意入侵的方法和系统。恶意入侵是对机器的未经授权的访问，例如服务器场中的服务器。当检测到入侵时，机器与服务器场的其余部分隔离，并且机器被重新配置为只能访问ersatz或至少不敏感的数据的诱饵系统。如果入侵被确定为非恶意的，则机器在功能上重新连接到服务器场，并且机器被重新设置为在作为诱饵机器重新配置机器之前所持有的状态。

2. 发明授权

US07389430B2 Method for providing access control to single sign-on computer networks 有权
标题翻译：为单点登录计算机网络提供访问控制的方法
公开(公告)号：US07389430B2
公开(公告)日：2008-06-17
申请号：US10313708
申请日：2002-12-05
申请人： Paul T. Baffes , John Michael Garrison , Michael Gilfix , Allan Hsu , Tyron Jerrod Stading
发明人： Paul T. Baffes , John Michael Garrison , Michael Gilfix , Allan Hsu , Tyron Jerrod Stading
IPC分类号： G06F7/04 , G06F15/16
CPC分类号： H04L63/102 , H04L63/0815
摘要： A method for providing access control to a single sign-on computer network is disclosed. A user is assigned to multiple groups within a computer network. In response to an access request by the user, the computer network determines a group pass count based on a user profile of the user. The group pass count is a number of groups in which the access request meets all their access requirements. The computer network grants the access request if the group pass count is greater than a predetermined high group pass threshold value.
摘要翻译：公开了一种用于向单点登录计算机网络提供访问控制的方法。用户被分配到计算机网络内的多个组。响应于用户的访问请求，计算机网络基于用户的用户简档确定组通过计数。组传递计数是访问请求满足其所有访问要求的一组组。如果组通过计数大于预定的高组通过阈值，则计算机网络授予访问请求。

3. 发明申请

US20080216164A1 METHOD FOR PROVIDING ACCESS CONTROL TO SINGLE SIGN-ON COMPUTER NETWORKS 有权
标题翻译：用于向单点登录计算机网络提供访问控制的方法
公开(公告)号：US20080216164A1
公开(公告)日：2008-09-04
申请号：US12104146
申请日：2008-04-16
申请人： PAUL T. BAFFES , John Michael Garrison , Michael Gilfix , Allan Hsu , Tyron Jerrod Stading
发明人： PAUL T. BAFFES , John Michael Garrison , Michael Gilfix , Allan Hsu , Tyron Jerrod Stading
IPC分类号： H04L9/32
CPC分类号： H04L63/102 , H04L63/0815
摘要： A method for providing access control to a single sign-on computer network is disclosed. A user is assigned to multiple groups within a computer network. In response to an access request by the user, the computer network determines a group pass count based on a user profile of the user. The group pass count is a number of groups in which the access request meets all their access requirements. The computer network grants the access request if the group pass count is greater than a predetermined high group pass threshold value.
摘要翻译：公开了一种用于向单点登录计算机网络提供访问控制的方法。用户被分配到计算机网络内的多个组。响应于用户的访问请求，计算机网络基于用户的用户简档确定组通过计数。组传递计数是访问请求满足其所有访问要求的一组组。如果组通过计数大于预定的高组通过阈值，则计算机网络授予访问请求。

4. 发明授权

US07702914B2 Method for providing access control to single sign-on computer networks 有权
标题翻译：为单点登录计算机网络提供访问控制的方法
公开(公告)号：US07702914B2
公开(公告)日：2010-04-20
申请号：US12104146
申请日：2008-04-16
申请人： Paul T. Baffes , John Michael Garrison , Michael Gilfix , Allan Hsu , Tyron Jerrod Stading
发明人： Paul T. Baffes , John Michael Garrison , Michael Gilfix , Allan Hsu , Tyron Jerrod Stading
IPC分类号： G06F21/00 , G06F7/04
CPC分类号： H04L63/102 , H04L63/0815
摘要： A method for providing access control to a single sign-on computer network is disclosed. A user is assigned to multiple groups within a computer network. In response to an access request by the user, the computer network determines a group pass count based on a user profile of the user. The group pass count is a number of groups in which the access request meets all their access requirements. The computer network grants the access request if the group pass count is greater than a predetermined high group pass threshold value.
摘要翻译：公开了一种用于向单点登录计算机网络提供访问控制的方法。用户被分配到计算机网络内的多个组。响应于用户的访问请求，计算机网络基于用户的用户简档确定组通过计数。组传递计数是访问请求满足其所有访问要求的一组组。如果组通过计数大于预定的高组通过阈值，则计算机网络授予访问请求。

5. 发明授权

US08229903B2 Suggesting data interpretations and patterns for updating policy documents 失效
标题翻译：建议更新政策文件的数据解释和模式
公开(公告)号：US08229903B2
公开(公告)日：2012-07-24
申请号：US10324514
申请日：2002-12-19
申请人： Paul T. Baffes , John Michael Garrison , Michael Gilfix , Allan Hsu , Tyron Jerrod Stading
发明人： Paul T. Baffes , John Michael Garrison , Michael Gilfix , Allan Hsu , Tyron Jerrod Stading
IPC分类号： G06F7/00 , G06F17/00
CPC分类号： G06F17/3061 , G06Q10/10
摘要： A system and method for utilizing data mining to generate a policy document or to revise theory within a policy document. A data base of unknown events is mined for application to the development of a system management policy document. The results of the data mining of the database of unknown events are automatically incorporated into a policy document, subject to user approval, to produce a new policy document or an updated version of an existing policy document.
摘要翻译：一种利用数据挖掘生成政策文件或在政策文件中修改理论的系统和方法。开发未知事件的数据库以应用于系统管理策略文档的开发。未知事件数据库的数据挖掘的结果将自动并入到政策文件中，并经用户批准，以生成新的策略文档或现有策略文档的更新版本。

6. 发明授权

US07941854B2 Method and system for responding to a computer intrusion 失效
标题翻译：响应计算机入侵的方法和系统
公开(公告)号：US07941854B2
公开(公告)日：2011-05-10
申请号：US10313732
申请日：2002-12-05
申请人： Paul T. Baffes , John Michael Garrison , Michael Gilfix , Allan Hsu , Tyron Jerrod Stading
发明人： Paul T. Baffes , John Michael Garrison , Michael Gilfix , Allan Hsu , Tyron Jerrod Stading
IPC分类号： G06F12/14 , G08B23/00
CPC分类号： H04L63/1408 , G06F21/316 , G06F21/552 , G06F21/554 , G06F21/566 , G06F2221/2101 , H04L63/1458
摘要： A method and system for managing an intrusion on a computer by graphically representing an intrusion pattern of a known past intrusion, and then comparing the intrusion pattern of the known intrusion with a current intrusion. The intrusion pattern may either be based on intrusion events, which are the effects of the intrusion or activities that provide a signature of the type of intrusion, or the intrusion pattern may be based on hardware topology that is affected by the intrusion. The intrusion pattern is graphically displayed with scripted responses, which in a preferred embodiment are presented in pop-up windows associated with each node in the intrusion pattern. Alternatively, the response to the intrusion may be automatic, based on a pre-determined percentage of common features in the intrusion pattern of the known past intrusion and the current intrusion.
摘要翻译：用于通过图形地表示已知过去入侵的入侵模式来管理计算机上的入侵的方法和系统，然后将已知入侵的入侵模式与当前入侵进行比较。入侵模式可以基于入侵事件，这是入侵或提供入侵类型的签名的活动的影响，或者入侵模式可能基于受入侵影响的硬件拓扑。入侵模式以图形方式显示脚本响应，其在优选实施例中以与入侵模式中的每个节点相关联的弹出窗口中呈现。或者，基于已知的过去入侵和当前入侵的入侵模式中的共同特征的预定百分比，对入侵的响应可以是自动的。

7. 发明授权

US07552472B2 Developing and assuring policy documents through a process of refinement and classification 失效
标题翻译：通过细化和分类的过程开发和确保政策文件
公开(公告)号：US07552472B2
公开(公告)日：2009-06-23
申请号：US10324502
申请日：2002-12-19
申请人： Paul T. Baffes , John Michael Garrison , Michael Gilfix , Allan Hsu , Tyron Jerrod Stading
发明人： Paul T. Baffes , John Michael Garrison , Michael Gilfix , Allan Hsu , Tyron Jerrod Stading
IPC分类号： G06F15/177
CPC分类号： H04L63/1416 , H04L63/20
摘要： A system and method for developing network policy document and assuring up-to-date monitoring and automated refinement and classification of the network policy. The system administrator defines an initial policy document that is provided as the initial symbolic classifier. The classification rules remain in human readable form throughout the process. Network system data is fed through the classifier, which labels the data according to whether a policy constraint is violated. The labels are tagged to the data. The user then reviews the labels to determine whether the classification is satisfactory. If the classification of the data is satisfactory, the label is unaltered; However, if the classification is not satisfactory, the data is re-labeled. The re-labeled data is then introduced into a refinement algorithm, which determines what policy must be modified to correct classification of network events in accordance with the re-labeling. The network administrator then inspects the resulting new policy and modifies it if necessary. An updated classifier replaces the previous classifier.
摘要翻译：一种用于开发网络策略文档并确保最新监控和网络策略的自动细化和分类的系统和方法。系统管理员定义作为初始符号分类器提供的初始策略文档。分类规则在整个过程中保持以人类可读的形式。网络系统数据通过分类器馈送，分类器根据是否违反策略约束来标记数据。标签被标记为数据。用户然后审查标签以确定分类是否令人满意。如果数据分类令人满意，则标签不变; 然而，如果分类不令人满意，则重新标记数据。然后将重新标记的数据引入到细化算法中，该算法确定根据重新标记来确定哪些策略必须被修改以校正网络事件的分类。然后，网络管理员检查生成的新策略，并在必要时对其进行修改。更新的分类器将替换以前的分类器。

8. 发明授权

US07895589B2 Dynamic data-driven application integration adapters 有权
标题翻译：动态数据驱动应用集成适配器
公开(公告)号：US07895589B2
公开(公告)日：2011-02-22
申请号：US10375815
申请日：2003-02-26
申请人： Michael Gilfix , Jerry Walter Malcolm , Foluso Olaiya Okunseinde , Tyron Jerrod Stading , Paul Stuart Williamson , Scott Lee Winters
发明人： Michael Gilfix , Jerry Walter Malcolm , Foluso Olaiya Okunseinde , Tyron Jerrod Stading , Paul Stuart Williamson , Scott Lee Winters
IPC分类号： G06F9/44 , G06F15/16
CPC分类号： H04L67/2823 , G06F9/546 , H04L29/06 , H04L67/02 , H04L67/2838 , H04L67/327 , H04L67/34 , H04L69/08 , H04L69/329
摘要： Systems and methods of application integration, including constructing an application integration adapter in dependence upon a profile including data describing the adapter, receiving instructions to alter the adapter, and altering the adapter in dependence upon the instructions. Exemplary embodiments of the invention include communicating integration messages among applications through the adapter as altered. In typical embodiments, receiving instructions to alter the adapter includes detecting changes in the adapter profile. In such embodiments, detecting changes in the adapter profile includes creating a copy of the profile, and periodically comparing the profile and the copy. In other exemplary embodiments, receiving instructions to alter the adapter includes receiving from an application an administrative integration message bearing the instructions to alter the adapter. In such embodiments, altering the adapter in dependence upon the instructions includes updating the profile.
摘要翻译：应用程序集成的系统和方法，包括根据包括描述适配器的数据的简档构建应用程序集成适配器，接收改变适配器的指令，以及根据指令改变适配器。本发明的示例性实施例包括通过适配器在应用程序之间通过改变来通信集成消息。在典型实施例中，接收改变适配器的指令包括检测适配器简档中的变化。在这样的实施例中，检测适配器简档中的变化包括创建简档的副本，并且周期性地比较简档和副本。在其他示例性实施例中，接收改变适配器的指令包括从应用程序接收带有改变适配器的指令的管理集成消息。在这样的实施例中，根据指令改变适配器包括更新配置文件。

9. 发明授权

US07386892B2 Method and apparatus for detecting password attacks using modeling techniques 有权
标题翻译：使用建模技术检测密码攻击的方法和装置
公开(公告)号：US07386892B2
公开(公告)日：2008-06-10
申请号：US10621928
申请日：2003-07-17
申请人： Michael Gilfix , Foluso Olaiya Okunseinde , Tyron Jerrod Stading
发明人： Michael Gilfix , Foluso Olaiya Okunseinde , Tyron Jerrod Stading
IPC分类号： G06F7/04 , H04K1/00
CPC分类号： G06F21/31
摘要： Provided is an apparatus and method for detecting fraudulent passwords so that computer break-in attempts can be distinguished from authorized users incorrectly entering their passwords. An actual password is mapped against a computer keyboard and the resultant data is stored in memory. The profile of an entered password is compared to the stored profile. If the profile of the entered password differs significantly from the stored profile, then the login attempt is flagged as an attempted intrusion. In one embodiment of the current invention, passwords are mapped according to the distance subsequent keystrokes are from each other. Different embodiments may have different mapping schemes. For example, mapping data may correspond to statistical data that corresponds to the likelihood that a particular character is typed by mistake when another character is intended.
摘要翻译：提供了一种用于检测欺诈口令的装置和方法，使得计算机入侵尝试可以与授权用户不正确地输入其密码区分开来。实际的密码与计算机键盘映射，结果数据存储在内存中。将输入的密码的配置文件与存储的配置文件进行比较。如果输入的密码的配置文件与存储的配置文件显着不同，则登录尝试将被标记为尝试的入侵。在本发明的一个实施例中，密码根据随后的击键彼此之间的距离被映射。不同的实施例可以具有不同的映射方案。例如，映射数据可以对应于对应于当预期另一个角色时特定字符被错误地键入的可能性的统计数据。

10. 发明申请

US20090328199A1 Apparatus for Detecting Password Attacks Using Modeling Techniques 审中-公开
标题翻译：使用建模技术检测密码攻击的装置
公开(公告)号：US20090328199A1
公开(公告)日：2009-12-31
申请号：US12111494
申请日：2008-04-29
申请人： Michael Gilfix , Foluso Olaiva Okunseinde , Tyron Jerrod Stading
发明人： Michael Gilfix , Foluso Olaiva Okunseinde , Tyron Jerrod Stading
IPC分类号： H04L9/32 , G06F12/14
CPC分类号： G06F21/31
摘要： Provided is an apparatus for detecting fraudulent passwords so that computer break-in attempts can be distinguished from authorized users incorrectly entering their passwords. An actual password is mapped against a computer keyboard and the resultant data is stored in memory. The profile of an entered password is compared to the stored profile. If the profile of the entered password differs significantly from the stored profile. then the login attempt is flagged as an attempted intrusion. In one embodiment of the current invention, passwords are mapped according to the distance subsequent keystrokes arc from each other. Different embodiments may have different mapping schemes. For example, mapping data may correspond to statistical data that corresponds to the likelihood that a particular character is typed by mistake when another character is intended.
摘要翻译：提供了一种用于检测欺诈密码的装置，使得可以将计算机入侵尝试与授权用户不正确地输入其密码区分开来。实际的密码与计算机键盘映射，结果数据存储在内存中。将输入的密码的配置文件与存储的配置文件进行比较。如果输入的密码的配置文件与存储的配置文件显着不同。那么登录尝试被标记为尝试入侵。在本发明的一个实施例中，密码根据随后击键的距离相互映射。不同的实施例可以具有不同的映射方案。例如，映射数据可以对应于对应于当预期另一个角色时特定字符被错误地键入的可能性的统计数据。

你已经成功收藏专利！

检索式保存成功!

IPRDB

热门服务

关于我们

友情链接

联系方式