会员体验
专利管家(专利管理)
工作空间(专利管理)
风险监控(情报监控)
数据分析(专利分析)
侵权分析(诉讼无效)
联系我们
交流群
官方交流:
QQ群: 891211   
微信请扫码    >>>
现在联系顾问~
热词
    • 1. 发明申请
    • SYSTEM AND METHOD FOR SOURCE IP ANTI-SPOOFING SECURITY
    • 源IP防盗安全系统和方法
    • US20090260083A1
    • 2009-10-15
    • US12392422
    • 2009-02-25
    • Ronald W. SzetoNitin JainRavindran SureshPhilip Kwan
    • Ronald W. SzetoNitin JainRavindran SureshPhilip Kwan
    • G06F7/04G06F15/18
    • H04L63/0263H04L63/101H04L63/1441H04L2463/146
    • A system and method that provides for using source IP addresses and MAC addresses in a network to provide security against attempts by users of the network to use false source IP addresses in data packets. The system and method provide for analyzing MAC addresses and source IP addresses at the datalink (layer 2) level, and to use the information derived from such analysis to block access through a port where a host device is using a false, or spoofed, source IP address in transmitted data packets. Further, the system and method provide for validating initially learned source IP addresses, and for determining whether the number of unsuccessful attempts to validate new source IP addresses exceeds a threshold level, and where the number does exceed the threshold number the system and method can provide for operation in a possible attack mode.
    • 提供在网络中使用源IP地址和MAC地址的系统和方法来提供安全性以防止网络用户在数据分组中使用虚拟源IP地址的尝试。 该系统和方法提供用于分析数据链路(层2)级别的MAC地址和源IP地址,并且使用从这种分析导出的信息阻止通过主机设备正在使用虚假或欺骗源的端口的访问 传输数据包中的IP地址。 此外,系统和方法提供用于验证初始学习的源IP地址,并且用于确定验证新的源IP地址的不成功尝试的次数是否超过阈值水平,并且其中该数量超过阈值数目,系统和方法可以提供 用于在可能的攻击模式下操作。
    • 3. 发明授权
    • System and method for source IP anti-spoofing security
    • 源IP防欺骗安全的系统和方法
    • US07516487B1
    • 2009-04-07
    • US10850505
    • 2004-05-20
    • Ronald W. SzetoNitin JainRavindran SureshPhilip Kwan
    • Ronald W. SzetoNitin JainRavindran SureshPhilip Kwan
    • G06F7/04
    • H04L63/0263H04L63/101H04L63/1441H04L2463/146
    • A system and method that provides for using source IP addresses and MAC addresses in a network to provide security against attempts by users of the network to use false source IP addresses in data packets. The system and method provide for analyzing MAC addresses and source IP addresses at the datalink (layer 2) level, and to use the information derived from such analysis to block access through a port where a host device is using a false, or spoofed, source IP address in transmitted data packets. Further, the system and method provide for validating initially learned source IP addresses, and for determining whether the number of unsuccessful attempts to validate new source IP addresses exceeds a threshold level, and where the number does exceed the threshold number the system and method can provide for operation in a possible attack mode.
    • 提供在网络中使用源IP地址和MAC地址的系统和方法来提供安全性以防止网络用户在数据分组中使用虚拟源IP地址的尝试。 该系统和方法提供用于分析数据链路(层2)级别的MAC地址和源IP地址,并且使用从这种分析导出的信息阻止通过主机设备正在使用虚假或欺骗源的端口的访问 传输数据包中的IP地址。 此外,系统和方法提供用于验证初始学习的源IP地址,并且用于确定验证新的源IP地址的不成功尝试的次数是否超过阈值水平,并且其中该数量超过阈值数目,系统和方法可以提供 用于在可能的攻击模式下操作。
    • 4. 发明申请
    • SYSTEM AND METHOD FOR PROTECTING CPU AGAINST REMOTE ACCESS ATTACKS
    • 保护CPU防范远程访问攻击的系统和方法
    • US20100333191A1
    • 2010-12-30
    • US12827235
    • 2010-06-30
    • Ronald W. SzetoPhilip KwanRaymond Wai-Kit Kwong
    • Ronald W. SzetoPhilip KwanRaymond Wai-Kit Kwong
    • H04L29/06G06F21/00
    • H04L63/0236
    • A system and method that provides for protection of a CPU of a router, by establishing a management port on a router. Hosts which are connected to a non-management ports of the router are denied access to management functions of a CPU of the router. The system and method can utilize an application specific integrated circuit, in conjunction with a CAM-ACL, which analyzes data packets received on the ports of router, and the ASIC operates to drop data packets which are directed to the CPU of the router. This system and method operates to filter data packets which may be generated in attempts to hack in to control functions of a network device, and the operation does not require that the CPU analyze all received data packets in connection with determining access to the control functions of the router.
    • 通过在路由器上建立管理端口,提供路由器的CPU保护的系统和方法。 连接到路由器的非管​​理端口的主机被拒绝访问路由器的CPU的管理功能。 该系统和方法可以结合CAM-ACL使用专用集成电路,CAM-ACL分析在路由器端口上接收的数据分组,并且ASIC操作以丢弃指向路由器的CPU的数据分组。 该系统和方法操作以过滤可能在尝试入侵以控制网络设备的功能时产生的数据分组,并且该操作不要求CPU分析所有接收到的数据分组,以确定访问控制功能 路由器
    • 5. 发明授权
    • System and method for protecting CPU against remote access attacks
    • 防止CPU远程访问攻击的系统和方法
    • US07774833B1
    • 2010-08-10
    • US10668455
    • 2003-09-23
    • Ronald W. SzetoPhilip KwanRaymond Wai-Kit Kwong
    • Ronald W. SzetoPhilip KwanRaymond Wai-Kit Kwong
    • H04L29/06G06F21/00
    • H04L63/0236
    • A system and method that provides for protection of a CPU of a router, by establishing a management port on a router. Hosts which are connected to a non-management ports of the router are denied access to management functions of a CPU of the router. The system and method can utilize an application specific integrated circuit, in conjunction with a CAM-ACL, which analyzes data packets received on the ports of router, and the ASIC operates to drop data packets which are directed to the CPU of the router. This system and method operates to filter data packets which may be generated in attempts to hack in to control functions of a network device, and the operation does not require that the CPU analyze all received data packets in connection with determining access to the control functions of the router.
    • 通过在路由器上建立管理端口,提供路由器的CPU保护的系统和方法。 连接到路由器的非管​​理端口的主机被拒绝访问路由器的CPU的管理功能。 该系统和方法可以结合CAM-ACL使用专用集成电路,CAM-ACL分析在路由器端口上接收的数据分组,并且ASIC操作以丢弃指向路由器的CPU的数据分组。 该系统和方法操作以过滤可能在尝试入侵以控制网络设备的功能时产生的数据分组,并且该操作不要求CPU分析所有接收到的数据分组,以确定访问控制功能 路由器
    • 6. 发明授权
    • System and method for protecting CPU against remote access attacks
    • 防止CPU远程访问攻击的系统和方法
    • US08893256B2
    • 2014-11-18
    • US12827235
    • 2010-06-30
    • Ronald W. SzetoPhilip KwanRaymond Wai-Kit Kwong
    • Ronald W. SzetoPhilip KwanRaymond Wai-Kit Kwong
    • H04L29/06
    • H04L63/0236
    • A system and method that provides for protection of a CPU of a router, by establishing a management port on a router. Hosts which are connected to a non-management ports of the router are denied access to management functions of a CPU of the router. The system and method can utilize an application specific integrated circuit, in conjunction with a CAM-ACL, which analyzes data packets received on the ports of router, and the ASIC operates to drop data packets which are directed to the CPU of the router. This system and method operates to filter data packets which may be generated in attempts to hack in to control functions of a network device, and the operation does not require that the CPU analyze all received data packets in connection with determining access to the control functions of the router.
    • 通过在路由器上建立管理端口,提供路由器的CPU保护的系统和方法。 连接到路由器的非管​​理端口的主机被拒绝访问路由器的CPU的管理功能。 该系统和方法可以结合CAM-ACL使用专用集成电路,CAM-ACL分析在路由器端口上接收的数据分组,并且ASIC操作以丢弃指向路由器的CPU的数据分组。 该系统和方法操作以过滤可能在尝试入侵以控制网络设备的功能时产生的数据分组,并且该操作不要求CPU分析所有接收到的数据分组,以确定访问控制功能 路由器
    • 7. 发明授权
    • Messaging system with user-friendly encryption and decryption
    • 消息系统具有用户友好的加密和解密功能
    • US08769260B1
    • 2014-07-01
    • US13443337
    • 2012-04-10
    • Philip KwanMichael Harry Palmer
    • Philip KwanMichael Harry Palmer
    • H04L29/06G06F21/00
    • G06F21/00H04L51/066H04L63/045H04L63/0471
    • Encryption of message content of an e-mail sent by way of a webmail service may be performed in response to activation of a user interface element. The message content may be encrypted using a symmetric key. A public key of a recipient of the e-mail is received from a backend service and employed to encrypt the symmetric key. The encrypted symmetric key and encrypted message content are sent to a recipient by way of the webmail service. Decryption of the encrypted message content may be performed in response to activation of another user interface element. A private key of the recipient is received from the backend service and employed to decrypt the encrypted symmetric key. The symmetric key is thereafter employed to decrypt the encrypted message content.
    • 可以响应于用户界面元素的激活来执行通过webmail服务发送的电子邮件的消息内容的加密。 消息内容可以使用对称密钥加密。 从后端服务接收电子邮件接收者的公开密钥,用于加密对称密钥。 加密的对称密钥和加密的消息内容通过webmail服务发送给接收者。 加密消息内容的解密可以响应于另一个用户界面元素的激活来执行。 从后端服务接收到接收者的私钥,并采用解密加密的对称密钥。 此后采用对称密钥来解密加密的消息内容。
    • 8. 发明授权
    • Multiple tiered network security system, method and apparatus using dynamic user policy assignment
    • 多层网络安全系统,使用动态用户策略分配的方法和装置
    • US08239929B2
    • 2012-08-07
    • US12769626
    • 2010-04-28
    • Philip KwanChi-Jui Ho
    • Philip KwanChi-Jui Ho
    • G06F21/00H04L9/32
    • H04L63/08H04L63/0876H04L63/102
    • A multiple key, multiple tiered network security system, method and apparatus provides at least three levels of security. The first level of security includes physical (MAC) address authentication of a user device being attached to the network, such as a user device being attached to a port of a network access device. The second level includes authentication of the user of the user device, such as user authentication in accordance with the IEEE 802.1x standard. The third level includes dynamic assignment of a user policy to the port based on the identity of the user, wherein the user policy is used to selectively control access to the port. The user policy may identify or include an access control list (ACL) or MAC address filter. Also, the user policy is not dynamically assigned if insufficient system resources are available to do so. Failure to pass a lower security level results in a denial of access to subsequent levels of authentication.
    • 多重密钥,多层网络安全系统,方法和装置提供至少三个层次的安全性。 第一级安全性包括附加到网络的用户设备的物理(MAC)地址认证,例如附加到网络接入设备的端口的用户设备。 第二级包括用户设备的用户的认证,例如根据IEEE 802.1x标准的用户认证。 第三级包括基于用户的身份将用户策略动态分配给端口,其中用户策略用于选择性地控制对该端口的访问。 用户策略可以标识或包括访问控制列表(ACL)或MAC地址过滤器。 此外,如果系统资源不足,则不会动态分配用户策略。 未能通过较低的安全级别导致拒绝访问后续级别的身份验证。
    • 10. 发明授权
    • Methods and system for person-to-person secure file transfer
    • 个人到个人安全文件传输的方法和系统
    • US08762712B1
    • 2014-06-24
    • US13559968
    • 2012-07-27
    • Philip KwanMichael Harry Palmer
    • Philip KwanMichael Harry Palmer
    • H04L9/00
    • H04L63/0428G06F21/606H04L9/0825H04L63/061H04L67/04H04L2463/062
    • A person-to-person secure file transfer system includes an originating computer that receives a public key of a recipient from a cloud computing system. The originating computer encrypts a file using a message key, and encrypts the message key using the public key of the recipient. The encrypted file is stored in the cloud computing system. In response to a request from a receiving computer, the cloud computing system decrypts the encrypted message key using a private key of the recipient, decrypts the encrypted file using the message key, and provides the now decrypted file to the receiving computer. In another example, the cloud computing system provides the private key of the recipient and the encrypted file to the receiving computer, which decrypts the encrypted message key using the private key of the recipient and decrypts the encrypted file using the message key.
    • 个人对个人安全文件传输系统包括从云计算系统接收接收者的公开密钥的始发计算机。 始发计算机使用消息密钥加密文件,并使用接收者的公钥加密消息密钥。 加密文件存储在云计算系统中。 响应于来自接收计算机的请求,云计算系统使用接收者的私钥对加密的消息密钥进行解密,并使用消息密钥解密加密文件,并将现在解密的文件提供给接收计算机。 在另一个例子中,云计算系统将收件人的私钥和加密的文件提供给接收计算机,接收计算机使用接收者的私钥对加密的消息密钥进行解密,并使用消息密钥解密加密的文件。