专利快速检索-快速检索全球专利，免费商用专利数据库-IPRDB

1. 发明申请

US20090276204A1 METHOD AND SYSTEM FOR POLICY SIMULATION 有权
标题翻译：政策模拟方法与系统
公开(公告)号：US20090276204A1
公开(公告)日：2009-11-05
申请号：US12432186
申请日：2009-04-29
申请人： Srinivas Kumar , Vijayashree S. Bettadapura
发明人： Srinivas Kumar , Vijayashree S. Bettadapura
IPC分类号： G06F21/00 , G06F9/00
CPC分类号： H04L63/0227
摘要： A method and system for managing access to resources on a secured network is disclosed. The method includes reading packet information in respective packets of a packet communication received at a security node and applying one of the plurality of access rules. The method also includes determining whether the security node is to block the respective packets and/or the packet communication from reaching a resource on the secured network based on the applied access rule. If the security node is to block the respective packets and/or the packet communication, it is determined whether the applied access rule is a simulated access rule. Responsive to the applied access rule being a simulated access rule, the respective packets and/or the packet communication are passed towards the resource on the secured network and a log event is generated that indicates the security node blocked the respective packets and/or the packet communication.
摘要翻译：公开了一种用于管理对安全网络上的资源的访问的方法和系统。该方法包括在安全节点处接收的分组通信的各个分组中读取分组信息，并应用多个接入规则之一。该方法还包括基于所应用的访问规则来确定安全节点是否阻止各个分组和/或分组通信到达安全网络上的资源。如果安全节点要阻止相应的分组和/或分组通信，则确定所应用的访问规则是否是模拟访问规则。响应于作为模拟访问规则的应用访问规则，相应的分组和/或分组通信被传递到安全网络上的资源，并且生成指示安全节点阻止相应分组和/或分组的日志事件通讯。

2. 发明授权

US08943575B2 Method and system for policy simulation 有权
标题翻译：政策模拟方法与系统
公开(公告)号：US08943575B2
公开(公告)日：2015-01-27
申请号：US12432186
申请日：2009-04-29
申请人： Srinivas Kumar , Vijayashree S. Bettadapura
发明人： Srinivas Kumar , Vijayashree S. Bettadapura
IPC分类号： G06F9/00 , H04L29/06
CPC分类号： H04L63/0227
摘要： A method and system for managing access to resources on a secured network is disclosed. The method includes reading packet information in respective packets of a packet communication received at a security node and applying one of the plurality of access rules. The method also includes determining whether the security node is to block the respective packets and/or the packet communication from reaching a resource on the secured network based on the applied access rule. If the security node is to block the respective packets and/or the packet communication, it is determined whether the applied access rule is a simulated access rule. Responsive to the applied access rule being a simulated access rule, the respective packets and/or the packet communication are passed towards the resource on the secured network and a log event is generated that indicates the security node blocked the respective packets and/or the packet communication.
摘要翻译：公开了一种用于管理对安全网络上的资源的访问的方法和系统。该方法包括在安全节点处接收的分组通信的各个分组中读取分组信息，并应用多个接入规则之一。该方法还包括基于所应用的访问规则来确定安全节点是否阻止各个分组和/或分组通信到达安全网络上的资源。如果安全节点要阻止相应的分组和/或分组通信，则确定所应用的访问规则是否是模拟访问规则。响应于作为模拟访问规则的应用访问规则，相应的分组和/或分组通信被传递到安全网络上的资源，并且生成指示安全节点阻止相应分组和/或分组的日志事件通讯。

3. 发明授权

US09240945B2 Access, priority and bandwidth management based on application identity 有权
标题翻译：基于应用程序身份的访问，优先级和带宽管理
公开(公告)号：US09240945B2
公开(公告)日：2016-01-19
申请号：US12406613
申请日：2009-03-18
申请人： Srinivas Kumar , Vijayashree S. Bettadapura , Shadab Munam Shah
发明人： Srinivas Kumar , Vijayashree S. Bettadapura , Shadab Munam Shah
IPC分类号： G06F15/16 , H04L12/801 , H04L12/833 , H04L29/06
CPC分类号： H04L47/10 , H04L47/2458 , H04L63/0227 , H04L63/102
摘要： A method or system for managing packet flow is disclosed. The packets each include an inserted application identifier identifying a registered application. The method includes receiving packets destined for one or more resources, determining, by a packet processor, the inserted application identifier for each of the respective packets received and managing the packet flow of each received packet sent from a security node based at least in part on the inserted application identifier of the received packet.
摘要翻译：公开了一种用于管理分组流的方法或系统。这些分组各自包括标识注册的应用的插入的应用标识符。该方法包括接收目的地为一个或多个资源的分组，由分组处理器确定所接收的每个分组的插入的应用标识符，并至少部分地基于从安全节点发送的每个接收分组的分组流管理所接收的分组的插入的应用标识符。

4. 发明申请

US20090241170A1 ACCESS, PRIORITY AND BANDWIDTH MANAGEMENT BASED ON APPLICATION IDENTITY 有权
标题翻译：基于应用程序标识的访问，优先级和带宽管理
公开(公告)号：US20090241170A1
公开(公告)日：2009-09-24
申请号：US12406613
申请日：2009-03-18
申请人： Srinivas Kumar , Vijayashree S. Bettadapura , Shadab Munam Shah
发明人： Srinivas Kumar , Vijayashree S. Bettadapura , Shadab Munam Shah
IPC分类号： G06F15/16 , H04J1/16 , G06F17/30 , G06F15/173
CPC分类号： H04L47/10 , H04L47/2458 , H04L63/0227 , H04L63/102
摘要： A method or system for managing packet flow is disclosed. The packets each include an inserted application identifier identifying a registered application. The method includes receiving packets destined for one or more resources, determining, by a packet processor, the inserted application identifier for each of the respective packets received and managing the packet flow of each received packet sent from a security node based at least in part on the inserted application identifier of the received packet.
摘要翻译：公开了一种用于管理分组流的方法或系统。这些分组各自包括标识注册的应用的插入的应用标识符。该方法包括接收目的地为一个或多个资源的分组，由分组处理器确定所接收的每个分组的插入的应用标识符，并至少部分地基于从安全节点发送的每个接收分组的分组流管理所接收的分组的插入的应用标识符。

5. 发明授权

US08990573B2 System and method for using variable security tag location in network communications 有权
标题翻译：在网络通信中使用可变安全标签位置的系统和方法
公开(公告)号：US08990573B2
公开(公告)日：2015-03-24
申请号：US12267850
申请日：2008-11-10
申请人： Srinivas Kumar , Vijayashree S. Bettadapura
发明人： Srinivas Kumar , Vijayashree S. Bettadapura
IPC分类号： H04L9/32 , H04L29/06
CPC分类号： H04L63/0272 , H04L29/06102 , H04L29/0653 , H04L63/105 , H04L63/166 , H04L63/20
摘要： A method of packet security management to ensure a secure connection from one network node to another. The method includes creating a security tag for each packet in a network session, selecting one of a number of possible tag locations within the packet, inserting the security tag at that location, transmitting the tagged packets from a sending node to the receiving node, authenticating the packets' security tags at the receiving node, and dropping non-authenticated packets. The method also includes determining best possible tag locations when sending a packet and locating a security tag when receiving a packet.
摘要翻译：一种分组安全管理的方法，以确保从一个网络节点到另一个网络节点的安全连接。该方法包括为网络会话中的每个分组创建安全标签，选择分组内的多个可能的标签位置中的一个，在该位置插入安全标签，将标记的分组从发送节点传送到接收节点，认证接收节点上的报文安全标签，丢弃非认证报文。该方法还包括在发送分组时确定最佳可能的标签位置并在接收分组时定位安全标签。

6. 发明申请

US20090144818A1 SYSTEM AND METHOD FOR USING VARIABLE SECURITY TAG LOCATION IN NETWORK COMMUNICATIONS 有权
标题翻译：在网络通信中使用可变安全标签位置的系统和方法
公开(公告)号：US20090144818A1
公开(公告)日：2009-06-04
申请号：US12267850
申请日：2008-11-10
申请人： Srinivas Kumar , Vijayashree S. Bettadapura
发明人： Srinivas Kumar , Vijayashree S. Bettadapura
IPC分类号： G06F21/00
CPC分类号： H04L63/0272 , H04L29/06102 , H04L29/0653 , H04L63/105 , H04L63/166 , H04L63/20
摘要： A method of packet security management to ensure a secure connection from one network node to another. The method includes creating a security tag for each packet in a network session, selecting one of a number of possible tag locations within the packet, inserting the security tag at that location, transmitting the tagged packets from a sending node to the receiving node, authenticating the packets' security tags at the receiving node, and dropping non-authenticated packets. The method also includes determining best possible tag locations when sending a packet and locating a security tag when receiving a packet.
摘要翻译：一种分组安全管理的方法，以确保从一个网络节点到另一个网络节点的安全连接。该方法包括为网络会话中的每个分组创建安全标签，选择分组内的多个可能的标签位置中的一个，在该位置插入安全标签，将标记的分组从发送节点传送到接收节点，认证接收节点上的报文安全标签，丢弃非认证报文。该方法还包括在发送分组时确定最佳可能的标签位置并在接收分组时定位安全标签。

7. 发明申请

US20190229026A1 Ceramic- based Fan - Out Wafer Level Packaging 审中-公开
公开(公告)号：US20190229026A1
公开(公告)日：2019-07-25
申请号：US15876215
申请日：2018-01-22
申请人： Ananda H. Kumar , Srinivas Kumar , Tue Nguyen
发明人： Ananda H. Kumar , Srinivas Kumar , Tue Nguyen
IPC分类号： H01L23/15 , H01L21/48 , H01L23/498 , H01L23/522 , H01L23/00 , H01L23/31 , H05K3/46 , H01L23/64
摘要： Ceramic boards with thermal expansion similar to that of silicon can be used to support semiconductor chips in a fan out wafer level packaging process. The ceramic board can include sintered ceramic sheets with embedded vias and interconnect lines, together with passive components such as resistors, capacitors and inductors.

8. 发明授权

US12015721B1 System and method for dynamic retrieval of certificates with remote lifecycle management 有权
公开(公告)号：US12015721B1
公开(公告)日：2024-06-18
申请号：US18377866
申请日：2023-10-09
申请人： Srinivas Kumar
发明人： Srinivas Kumar
IPC分类号： H04L9/32 , H04L9/08
CPC分类号： H04L9/3263 , H04L9/0825 , H04L9/3247
摘要： The method provides for dynamic retrieval of certificates, with remote, secure, and scalable lifecycle management. It enables importing, creating, renewing, rekeying, and retrieving leaf certificates and associated private keys, assigning to registered devices, and acquiring by applications executing on registered devices with device two-factor authentication. It is an agentless method to achieve device protection, application security, and data protection with data authenticity and confidentiality in intra-device, inter-device, device-to-edge, and device-to-cloud secure communications. It helps Transport Layer Security and Internet Key Exchange enabled applications retrieve leaf certificates and the associated private key, and verify certificates, programmatically for certificate-based authentication during protocol handshake, with policy-based authorization of trusted applications. It enables applications and command line utilities retrieve and use leaf certificates for mutual authentication, data signing with digital signatures, and key unwrapping. It further enables dynamic retrieval of trusted intermediate and root certificates.

9. 发明授权

US08990948B2 Systems and methods for orchestrating runtime operational integrity 有权
标题翻译：用于协调运行时运行完整性的系统和方法
公开(公告)号：US08990948B2
公开(公告)日：2015-03-24
申请号：US13559707
申请日：2012-07-27
申请人： Srinivas Kumar , Dennis Pollutro
发明人： Srinivas Kumar , Dennis Pollutro
IPC分类号： G06F11/00 , G06F21/51 , G06F21/56 , H04L29/06
CPC分类号： H04L63/1441 , G06F21/51 , G06F21/52 , G06F21/564 , H04L63/0209 , H04L63/1408 , H04L63/1425 , H04L63/145 , H04L67/10
摘要： Instrumented networks and platforms having target subjects (devices, transactions, services, users, organizations) are disclosed. A security orchestration service generates runtime operational integrity profiles representing and identifying a level of threat or contextual trustworthiness, at near real time, of subjects and applications on the instrumented target platform. Systems and methods use a graphical user interface (GUI) console to orchestrate operational integrity of a platform. In an embodiment, a method presents a data center-level runtime operational integrity dashboard and remediation controls for infected systems in a display of a platform having a network trust agent, an endpoint trust agent, and a trust orchestrator. The method receives runtime integrity metrics for trust vectors and displays risk indicators based on the confidence level of received integrity metrics in the GUI. The method provides remediation controls for threat containment and risk mitigation and displays remediation status and progress results and malware analytics in the GUI.
摘要翻译：公开了具有目标科目（设备，交易，服务，用户，组织）的仪器网络和平台。安全编排服务生成运行时操作完整性配置文件，用于表示并识别仪器化目标平台上的主题和应用程序的近乎实时的威胁级别或上下文可信性级别。系统和方法使用图形用户界面（GUI）控制台来协调平台的操作完整性。在一个实施例中，一种方法为具有网络信任代理，端点信任代理和信任管理器的平台的显示器中的受感染系统呈现数据中心级运行时操作完整性仪表板和修复控制。该方法接收信任向量的运行时完整性指标，并根据GUI中接收到的完整性指标的置信水平显示风险指标。该方法提供了威胁遏制和风险缓解的补救控制，并在GUI中显示修复状态和进度结果和恶意软件分析。

10. 发明授权

US08910241B2 Computer security system 有权
标题翻译：计算机安全系统
公开(公告)号：US08910241B2
公开(公告)日：2014-12-09
申请号：US12163292
申请日：2008-06-27
申请人： Dennis Vance Pollutro , Kiet Tuan Tran , Srinivas Kumar
发明人： Dennis Vance Pollutro , Kiet Tuan Tran , Srinivas Kumar
IPC分类号： G06F7/04 , G06F12/14 , H04L29/06 , G06F21/62 , G06F21/31 , G06F21/33
CPC分类号： H04L63/10 , G06F21/31 , G06F21/335 , G06F21/6218 , G06F2221/2101 , G06F2221/2117 , G06F2221/2119 , H04L63/0227 , H04L63/067 , H04L63/0838 , H04L63/104 , H04L63/164
摘要： A method of packet management for restricting access to a resource of a computer system. The method includes identifying client parameters and network parameters, as a packet management information, used to determine access to the resource, negotiating a session key between client and server devices, generating a session ID based on at least the negotiated session key, inserting the packet management information and the session ID into each information packet sent from the client device to the server device, monitoring packet management information in each information packet from the client device, and filtering out respective information packets sent to the server device from the client device when the monitored packet management information indicates that access to the resource is restricted.
摘要翻译：一种用于限制对计算机系统的资源的访问的分组管理的方法。该方法包括：识别客户端参数和网络参数，作为用于确定对资源的访问，协商客户端和服务器设备之间的会话密钥的分组管理信息，基于至少协商的会话密钥生成会话ID，插入分组管理信息和会话ID发送到从客户端设备发送到服务器设备的每个信息分组中，监视来自客户端设备的每个信息分组中的分组管理信息，并且当客户端设备发送到服务器设备时，从客户端设备过滤掉相应的信息分组受监视的分组管理信息指示对资源的访问受到限制。

你已经成功收藏专利！

检索式保存成功!

IPRDB

热门服务

关于我们

友情链接

联系方式