专利快速检索-快速检索全球专利，免费商用专利数据库-IPRDB

1. 发明授权

US08214889B2 Selective auto-revocation of firewall security settings 有权
标题翻译：选择性地自动撤销防火墙安全设置
公开(公告)号：US08214889B2
公开(公告)日：2012-07-03
申请号：US11592778
申请日：2006-11-03
申请人： Pradeep Bahl , Gerardo Diaz Cuellar , Rajesh Dadhia
发明人： Pradeep Bahl , Gerardo Diaz Cuellar , Rajesh Dadhia
IPC分类号： G06F21/00
CPC分类号： H04L63/0263 , H04L63/1416
摘要： Management of security firewall settings in a networked computing environment is described. One example embodiment includes applying security settings and exceptions to the security settings based on network class for network communication, and upon detection of an event, revoking at least one exception for at least one network in a specified class.
摘要翻译：描述了网络计算环境中的安全防火墙设置的管理。一个示例性实施例包括基于用于网络通信的网络类别对安全设置应用安全设置和异常，并且在检测到事件时，撤销指定类中的至少一个网络的至少一个异常。

2. 发明申请

US20080109890A1 Selective auto-revocation of firewall security settings 有权
标题翻译：选择性地自动撤销防火墙安全设置
公开(公告)号：US20080109890A1
公开(公告)日：2008-05-08
申请号：US11592778
申请日：2006-11-03
申请人： Pradeep Bahl , Gerardo Diaz Cuellar , Rajesh Dadhia
发明人： Pradeep Bahl , Gerardo Diaz Cuellar , Rajesh Dadhia
IPC分类号： G06F17/00
CPC分类号： H04L63/0263 , H04L63/1416
摘要： Management of security firewall settings in a networked computing environment is described. One example embodiment includes applying security settings and exceptions to the security settings based on network class for network communication, and upon detection of an event, revoking at least one exception for at least one network in a specified class.
摘要翻译：描述了网络计算环境中的安全防火墙设置的管理。一个示例性实施例包括基于用于网络通信的网络类别对安全设置应用安全设置和异常，并且在检测到事件时，撤销指定类中的至少一个网络的至少一个异常。

3. 发明授权

US08099774B2 Dynamic updating of firewall parameters 有权
标题翻译：动态更新防火墙参数
公开(公告)号：US08099774B2
公开(公告)日：2012-01-17
申请号：US11589513
申请日：2006-10-30
申请人： David Abzarian , Gerardo Diaz Cuellar , Eran Yariv
发明人： David Abzarian , Gerardo Diaz Cuellar , Eran Yariv
IPC分类号： G06F9/00 , H04L29/06
CPC分类号： H04L63/0263
摘要： The dynamic updating of firewall parameters is described. One exemplary embodiment includes receiving a policy rule that includes a reference to a predefined container that specifies a permissible value range of at least one firewall parameter allowable under the policy rule, receiving a firewall parameter value, and populating the predefined container with the firewall parameter value if the firewall parameter value is within the permissible value range, thereby updating the policy rule.
摘要翻译：描述了防火墙参数的动态更新。一个示例性实施例包括接收包括对预定义容器的引用的策略规则，其指定策略规则允许的至少一个防火墙参数的允许值范围，接收防火墙参数值，以及使用防火墙参数值填充预定义容器如果防火墙参数值在允许的值范围内，则更新策略规则。

4. 发明申请

US20090006847A1 Filtering kernel-mode network communications 有权
标题翻译：过滤内核模式网络通信
公开(公告)号：US20090006847A1
公开(公告)日：2009-01-01
申请号：US11823861
申请日：2007-06-28
申请人： David Abzarian , Salahuddin Khan , Eran Yariv , Gerardo Diaz Cuellar
发明人： David Abzarian , Salahuddin Khan , Eran Yariv , Gerardo Diaz Cuellar
IPC分类号： H04L9/00 , G06F17/00 , G06F21/00
CPC分类号： H04L63/10 , G06F21/74 , H04L63/02 , H04L63/0227 , H04L63/0263 , H04L63/04 , H04L63/0428 , H04L63/20
摘要： Some embodiments of the invention are directed to techniques for determining whether a process on a computer system that is sending or receiving data, or is attempting to send or receive data, with another computer system is executing in kernel mode or user mode and providing an indicator of this determination to a security engine. In some embodiments, such an indication is provided to a security engine (e.g., a firewall) that implements a security policy based at least in part on whether the sending or receiving process is in kernel mode or user mode, and filter communications based on a process' operating mode. This enables a security engine to maintain security policies of greater specificity and thus improve security of a computer system.
摘要翻译：本发明的一些实施例涉及用于确定计算机系统上正在发送或接收数据或正试图与另一计算机系统发送或接收数据的过程在内核模式或用户模式下执行的技术，并提供指示符对安全引擎的这种决定。在一些实施例中，这样的指示被提供给至少部分地基于发送或接收进程是处于内核模式还是用户模式来实现安全策略的安全引擎（例如，防火墙），以及基于过程“操作模式。这使安全引擎能够保持更高特异性的安全策略，从而提高计算机系统的安全性。

5. 发明申请

US20080282336A1 Firewall control with multiple profiles 有权
标题翻译：具有多个配置文件的防火墙控制
公开(公告)号：US20080282336A1
公开(公告)日：2008-11-13
申请号：US11891379
申请日：2007-08-10
申请人： Gerardo Diaz Cuellar , David Abzarian
发明人： Gerardo Diaz Cuellar , David Abzarian
IPC分类号： G06F9/00
CPC分类号： H04L63/0263 , H04L63/20
摘要： A networked computer with a software firewall that may be configured for any of a number of network contexts may be quickly configured with an appropriate set of rules for a current network context. The computer has multiple profiles, each containing rules applicable to a different network context. When a change in network context is detected, a difference between the profile for the current context and the profile with which the firewall was previously configured is determined. These differences are applied to quickly reconfigure the firewall without blocking, even temporarily, communications that are allowed in the previously configured and current profiles. Additionally, when the networked computer is connected to multiple networks simultaneously, an appropriate profile may be selected.
摘要翻译：具有软件防火墙的联网计算机可以被配置用于许多网络环境中的任何一个，可以用当前网络上下文的适当的规则集来快速配置。计算机具有多个配置文件，每个配置文件包含适用于不同网络环境的规则。当检测到网络上下文的变化时，确定当前上下文的配置文件与先前配置了防火墙的配置文件之间的区别。这些差异适用于快速重新配置防火墙，而不会阻塞（甚至暂时的）先前配置的和当前配置文件中允许的通信。此外，当联网计算机同时连接到多个网络时，可以选择适当的配置文件。

6. 发明授权

US08266685B2 Firewall installer 有权
标题翻译：防火墙安装程序
公开(公告)号：US08266685B2
公开(公告)日：2012-09-11
申请号：US11804409
申请日：2007-05-18
申请人： David Abzarian , Eran Yariv , Emanuel Paleologu , Gerardo Diaz Cuellar , Ian Carbaugh
发明人： David Abzarian , Eran Yariv , Emanuel Paleologu , Gerardo Diaz Cuellar , Ian Carbaugh
IPC分类号： H04L29/06
CPC分类号： H04L63/0263 , G06F8/61 , G06F9/44505 , G06F21/57 , H04L41/0806 , H04L41/082
摘要： Embodiments of the invention are directed to a firewall installer that receives a set of configuration instructions for configuring a firewall in a declarative format that describes one or more rules to be implemented by the firewall, and that automatically configures the firewall. Providing a firewall installer that is capable of configuring a firewall based upon declarative input rather than procedural process-oriented input facilitates administration of a firewall by allowing an administrator to specify desired firewall configuration at a higher, declarative level and frees the administrator from the need to specify procedures for implementing configuration changes in the firewall. In one embodiment of the invention, the firewall installer can receive and store input for configuring a firewall even when the firewall is not running, such that the firewall executes on those configuration changes when it next comes online.
摘要翻译：本发明的实施例涉及一种防火墙安装程序，其接收一组配置指令，用于以说明性格式配置防火墙，该声明性格式描述要由防火墙实现的一个或多个规则，并且自动配置防火墙。提供能够基于声明性输入而不是过程性过程导向输入配置防火墙的防火墙安装程序，通过允许管理员以更高的声明级别指定所需的防火墙配置，从而有助于管理防火墙，并释放管理员不需要指定在防火墙中实现配置更改的过程。在本发明的一个实施例中，防火墙安装者可以接收和存储用于配置防火墙的输入，即使在防火墙未运行时，防火墙安装者也可以接收和存储用于配置防火墙的输入，使得防火墙在下一次联机时对这些配置更改执行。

7. 发明申请

US20090007219A1 Determining a merged security policy for a computer system 有权
标题翻译：确定计算机系统的合并安全策略
公开(公告)号：US20090007219A1
公开(公告)日：2009-01-01
申请号：US11823837
申请日：2007-06-28
申请人： David Abzarian , Gerardo Diaz Cuellar , Mark Vayman , Eran Yariv
发明人： David Abzarian , Gerardo Diaz Cuellar , Mark Vayman , Eran Yariv
IPC分类号： G06F17/00
CPC分类号： H04L63/20 , G06F21/577 , H04L63/0263
摘要： Embodiments of the invention described herein are directed to a mechanism for determining whether at least one operation will be effective in view of at least one security policy. In exemplary implementations, determining whether at least one operation will be effective in view of at least one security policy may comprise determining a merged security policy for a computer system by merging security policies for the computer system from two or more sources. The security policies may be security policies set by a user and/or an administrator of the computer system, may be security policies of a computer network to which the computer system is connected, or may be security policies of one or more other computer systems that are above the computer system in a computer network hierarchy.
摘要翻译：本文描述的本发明的实施例涉及用于根据至少一个安全策略来确定至少一个操作是否有效的机制。在示例性实现中，鉴于至少一个安全策略确定至少一个操作是否有效可以包括通过从两个或更多个源合并计算机系统的安全策略来确定计算机系统的合并安全策略。安全策略可以是由用户和/或计算机系统的管理员设置的安全策略，可以是计算机系统连接到的计算机网络的安全策略，或者可以是一个或多个其他计算机系统的安全策略，在计算机网络层次结构中的计算机系统之上。

8. 发明授权

US08819164B2 Versioning management 有权
标题翻译：版本管理
公开(公告)号：US08819164B2
公开(公告)日：2014-08-26
申请号：US11897890
申请日：2007-08-31
申请人： David Abzarian , Gerardo Diaz Cuellar
发明人： David Abzarian , Gerardo Diaz Cuellar
IPC分类号： G06F15/16
CPC分类号： H04L67/025 , G06F8/71 , G06F9/44536 , H04L67/34
摘要： Versioning management provides for efficient and effective handling of varying policy versions, client versions and client platform versions in one system. Software version negotiation provides for simplified, secure policy management in an environment supporting varying versions of the same software product. In conjunction with parameter stripping, which resolves differences among varying minor versions of a software policy, software version negotiation allows for management tools of one version to manage client software, clients and/or client platforms of another version. Policy schema translation, in conjunction with parameter stripping as needed, provides a mechanism for converting policies that normally would be impossible to interpret on varying clients and/or client platforms to policy versions that can be understood by these clients and/or client platforms. Version targeting allows an administrator to push a policy to specific clients and/or client platforms to, among other things, address identified security issues or to provide version specific application enablement or enhancement. Together, these various versioning management methodologies simplify administration of a system consisting of varying policy versions, client versions and/or client platform versions while enhancing the flexibility of the system to apply policy throughout the system or any portion thereof.
摘要翻译：版本管理提供了在一个系统中有效和有效地处理各种策略版本，客户端版本和客户端平台版本。软件版本协商在支持不同版本的相同软件产品的环境中提供简化，安全的策略管理。结合参数剥离，其解决了软件策略的不同次要版本之间的差异，软件版本协商允许一个版本的管理工具来管理另一版本的客户端软件，客户端和/或客户端平台。根据需要，策略模式转换与参数剥离一起提供了一种机制，用于将通常不可能将不同客户端和/或客户端平台解释的策略转换为这些客户端和/或客户端平台可以理解的策略版本。版本定位允许管理员将策略推送到特定客户端和/或客户端平台，以便特别处理已识别的安全问题或提供特定于版本的应用程序启用或增强。总而言之，这些各种版本管理方法简化了由不同策略版本，客户端版本和/或客户端平台版本组成的系统的管理，同时增强了系统在整个系统或其任何部分应用策略的灵活性。

9. 发明授权

US08392981B2 Software firewall control 有权
标题翻译：软件防火墙控制
公开(公告)号：US08392981B2
公开(公告)日：2013-03-05
申请号：US11801298
申请日：2007-05-09
申请人： David Abzarian , Gerardo Diaz Cuellar
发明人： David Abzarian , Gerardo Diaz Cuellar
IPC分类号： H04L29/06
CPC分类号： H04L63/0227 , G06F9/45512 , H04L63/0263 , H04L63/107
摘要： A software firewall that may be simply configured using rules specified for types of network interfaces rather than individual network interfaces. The network types may be specified with type identifiers that have a readily understandable meaning to a user, facilitating ease of configuring the firewall. The network types could include, for example, wired, wireless and remote access. A rule specified based on a network type can be translated to firewall filters for network interfaces of that network type. The translation may be performed automatically and may be updated based on network location awareness information.
摘要翻译：可以使用为网络接口类型而不是单个网络接口指定的规则简单配置软件防火墙。可以使用具有对用户容易理解的含义的类型标识符来指定网络类型，便于配置防火墙。网络类型可以包括例如有线，无线和远程访问。基于网络类型指定的规则可以转换为该网络类型的网络接口的防火墙过滤器。可以自动执行翻译，并且可以基于网络位置感知信息更新翻译。

10. 发明授权

US08166534B2 Incorporating network connection security levels into firewall rules 有权
标题翻译：将网络连接安全级别纳入防火墙规则
公开(公告)号：US08166534B2
公开(公告)日：2012-04-24
申请号：US11804423
申请日：2007-05-18
申请人： Eran Yariv , Gerardo Diaz Cuellar , David Abzarian
发明人： Eran Yariv , Gerardo Diaz Cuellar , David Abzarian
IPC分类号： H04L29/06
CPC分类号： H04L63/0227 , H04L63/126
摘要： Embodiments of the present invention are directed to establishing and/or implementing firewall rules that may employ parameters based on connection security levels for a connection between devices. A firewall may thus provide greater granularity of security and integrate more closely with other security methods to provide better overall security with fewer conflicts.
摘要翻译：本发明的实施例涉及建立和/或实施防火墙规则，其可以基于用于设备之间的连接的连接安全级别来采用参数。因此，防火墙可以提供更大的安全性粒度，并与其他安全方法更紧密地集成，以更少的冲突提供更好的整体安全性。

你已经成功收藏专利！

检索式保存成功!

IPRDB

热门服务

关于我们

友情链接

联系方式