专利快速检索-快速检索全球专利，免费商用专利数据库-IPRDB

1. 发明申请

US20050147037A1 Scan detection 审中-公开
标题翻译：扫描检测
公开(公告)号：US20050147037A1
公开(公告)日：2005-07-07
申请号：US11025983
申请日：2005-01-03
申请人： Uriel Maimon , Alon Kantor , Oded Dov
发明人： Uriel Maimon , Alon Kantor , Oded Dov
IPC分类号： G06F11/30 , G06F15/16 , H04L1/00 , H04L29/06
CPC分类号： H04L63/1425
摘要： A method for detecting a scan in network connections, each connection to a respective destination determined by a destination key and a destination parameter. For each of the connections, an active-connection entry is logged in a first table. The active-connection entry includes the destination key and the destination parameter. For each destination key entered in the first table, each active-connection entry is counted by: (i) entering in a second table a new-connection entry including the destination key, and (ii) assigning to the new-connection entry a use value; the use value equals a number of the active-connection entries with the destination key. A scan event is generated when the use value exceeds a previously determined new-connection-threshold. If the scan is an “address scan”, the destination key is a destination port and the destination parameter is a destination address (IP); and if the scan is a “port scan” then the destination key is a destination address and the destination parameter is a destination port.
摘要翻译：一种用于检测网络连接中的扫描的方法，每个连接到由目的地密钥和目的地参数确定的相应目的地。对于每个连接，活动连接条目记录在第一个表中。活动连接条目包括目的地密钥和目的地参数。对于在第一表中输入的每个目的地密钥，每个活动连接条目通过以下方式进行计数：（i）在第二表中输入包括目的地密钥的新连接条目，以及（ii）向新连接条目分配使用值; 使用值等于具有目的地密钥的活动连接条目的数量。当使用值超过先前确定的新连接阈值时，生成扫描事件。如果扫描是“地址扫描”，则目的地密钥是目的地端口，目的地参数是目的地址（IP）; 并且如果扫描是“端口扫描”，则目的地密钥是目的地址，目的地参数是目的地端口。

2. 发明申请

US20060274642A1 Fail open high availability 审中-公开
标题翻译：打开高可用性失败
公开(公告)号：US20060274642A1
公开(公告)日：2006-12-07
申请号：US11140913
申请日：2005-06-01
申请人： Moshe Litvin , Gil Harari , Alon Kantor
发明人： Moshe Litvin , Gil Harari , Alon Kantor
IPC分类号： H04L12/26
CPC分类号： H04L41/0654 , H04L43/0811 , H04L45/24
摘要： A system and method for providing high availability for data communications between two data networks. The system comprises at least two network modules for operatively connecting two data networks. Each network module includes a first and a second network interfaces. The network modules are interconnected using the first network interfaces. The data networks are connected respectively to the second network interfaces. A security or service module is included between the first and second network interfaces in each network module to provide security or otherwise a network service. Upon failure of one of the network modules, its two network interfaces are interconnected, thereby maintaining data traffic between the two network interfaces and between the two data networks.
摘要翻译：一种用于为两个数据网络之间的数据通信提供高可用性的系统和方法。该系统包括用于可操作地连接两个数据网络的至少两个网络模块。每个网络模块包括第一和第二网络接口。网络模块使用第一个网络接口互连。数据网络分别连接到第二个网络接口。在每个网络模块中的第一和第二网络接口之间包括安全或服务模块，以提供安全性或以其他方式提供网络服务。一个网络模块故障时，其两个网络接口互连，从而保持两个网络接口之间和两个数据网络之间的数据流量。

3. 发明申请

US20100161830A1 METHODS FOR AUTOMATIC CATEGORIZATION OF INTERNAL AND EXTERNAL COMMUNICATION FOR PREVENTING DATA LOSS 有权
标题翻译：用于自动分类内部和外部通信以防止数据丢失的方法
公开(公告)号：US20100161830A1
公开(公告)日：2010-06-24
申请号：US12340830
申请日：2008-12-22
申请人： Tomer Noy , Alon Kantor , Uri Bialik , Yoav Kirsch
发明人： Tomer Noy , Alon Kantor , Uri Bialik , Yoav Kirsch
IPC分类号： G06F15/173
CPC分类号： H04L51/12 , H04L12/185 , H04L43/026 , H04L63/0227 , H04L63/104 , Y02D50/30
摘要： Disclosed are methods for automatic categorization of internal and external communication, the method including the steps of: defining groups of entities that transmit data; monitoring data flow of the groups; extracting the data, from the data flow, for learning traffic-flow characteristics of the groups; classifying the data into group flows; upon the data being transmitted, checking the data to determine whether the data is designated as group-internal; and blocking data traffic for data that is group-internal. Preferably, the step of monitoring includes assigning data weights to the data using Bayesian methods. Most preferably, the step of classifying includes classifying the data using Bayesian methods for evaluating the data weights. Preferably, the step of blocking includes blocking data traffic between members of two or more groups. Preferably, the method further includes the step of: enabling an authorized entity to unblock the data traffic.
摘要翻译：公开了用于内部和外部通信的自动分类的方法，所述方法包括以下步骤：定义传送数据的实体组; 监测组的数据流; 从数据流中提取数据，用于学习组的流量特征; 将数据分类为组流; 在发送数据时，检查数据以确定数据是否被指定为组内部; 并阻止组内部数据的数据流量。优选地，监视步骤包括使用贝叶斯方法向数据分配数据权重。最优选地，分类步骤包括使用贝叶斯方法对数据进行分类以评估数据权重。优选地，阻塞步骤包括阻止两个或更多个组的成员之间的数据业务。优选地，该方法还包括以下步骤：使授权实体能够解除数据业务的阻塞。

4. 发明申请

US20100125637A1 METHODS AND SYSTEMS FOR USING A VAULT SERVER IN CONJUNCTION WITH A CLIENT-SIDE RESTRICTED-EXECUTION VAULT-MAIL ENVIRONMENT 有权
标题翻译：使用连接客户端限制执行恶意邮件环境的维护服务器的方法和系统
公开(公告)号：US20100125637A1
公开(公告)日：2010-05-20
申请号：US12273567
申请日：2008-11-19
申请人： Oded GONDA , Ofer Raz , Alon Kantor , Uri Bialik , Yoav Kirsch
发明人： Oded GONDA , Ofer Raz , Alon Kantor , Uri Bialik , Yoav Kirsch
IPC分类号： G06F15/16
CPC分类号： H04L12/583 , G06Q10/107 , H04L51/063 , H04L51/12 , H04L51/34 , H04L63/08 , H04L63/20
摘要： Disclosed are methods, media, and vault servers for providing a secure messaging system using vault servers in conjunction with client-side restricted-execution vault-mail environments. Methods include the steps of upon activating a vault-mail message containing sensitive content, removing the content from the vault-mail message; placing the content on a vault server; creating a link in the vault-mail message to the content on the vault server; sending the vault-mail message to a designated recipient; and upon activating the link, allowing the content to be only viewed in a restricted-execution session of a client application, wherein the restricted-execution session does not allow the content to be altered, copied, stored, printed, forwarded, or otherwise executed. Preferably, the activation of the vault-mail message is performed by a network-security gateway, and can be performed on a per-message basis. Preferably, the activation of the link requires user authentication which may be designated during activation of the vault-mail message on a per-message basis based on said content. Preferably, the restricted-execution session enforces a security policy.
摘要翻译：公开了方法，媒体和保管库服务器，用于使用保管库服务器与客户端受限执行的保管库邮件环境一起提供安全邮件系统。方法包括以下步骤：激活包含敏感内容的保管箱邮件消息，从文件库邮件消息中移除内容; 将内容放置在保管库服务器上; 在保管库邮件消息中创建一个到保管库服务器上的内容的链接; 将保险库邮件发送给指定的收件人; 并且在激活链接时，允许仅在客户端应用的受限执行会话中观看内容，其中，限制执行会话不允许改变，复制，存储，打印，转发或以其他方式执行内容。优选地，保险库邮件消息的激活由网络安全网关执行，并且可以基于每个消息来执行。优选地，链接的激活需要用户认证，其可以在基于所述内容的基于每个消息的激活邮箱消息期间被指定。优选地，限制执行会话强制执行安全策略。

5. 发明授权

US09130777B2 Methods and systems for using a vault server in conjunction with a client-side restricted-execution vault-mail environment 有权
标题翻译：使用保管库服务器与客户端受限执行的保管库邮件环境结合使用的方法和系统
公开(公告)号：US09130777B2
公开(公告)日：2015-09-08
申请号：US12273567
申请日：2008-11-19
申请人： Oded Gonda , Ofer Raz , Alon Kantor , Uri Bialik , Yoav Kirsch
发明人： Oded Gonda , Ofer Raz , Alon Kantor , Uri Bialik , Yoav Kirsch
IPC分类号： H04L12/58 , G06Q10/10 , H04L29/06
CPC分类号： H04L12/583 , G06Q10/107 , H04L51/063 , H04L51/12 , H04L51/34 , H04L63/08 , H04L63/20
摘要： Disclosed are methods, media, and vault servers for providing a secure messaging system using vault servers in conjunction with client-side restricted-execution vault-mail environments. Methods include the steps of upon activating a vault-mail message containing sensitive content, removing the content from the vault-mail message; placing the content on a vault server; creating a link in the vault-mail message to the content on the vault server; sending the vault-mail message to a designated recipient; and upon activating the link, allowing the content to be only viewed in a restricted-execution session of a client application, wherein the restricted-execution session does not allow the content to be altered, copied, stored, printed, forwarded, or otherwise executed. Preferably, the activation of the vault-mail message is performed by a network-security gateway, and can be performed on a per-message basis. Preferably, the activation of the link requires user authentication which may be designated during activation of the vault-mail message on a per-message basis based on said content. Preferably, the restricted-execution session enforces a security policy.
摘要翻译：公开了方法，媒体和保管库服务器，用于使用保管库服务器与客户端受限执行的保管库邮件环境一起提供安全邮件系统。方法包括以下步骤：激活包含敏感内容的保管箱邮件消息，从文件库邮件消息中移除内容; 将内容放置在保管库服务器上; 在保管库邮件消息中创建一个到保管库服务器上的内容的链接; 将保险库邮件发送给指定的收件人; 并且在激活链接时，允许仅在客户端应用的受限执行会话中观看内容，其中，限制执行会话不允许改变，复制，存储，打印，转发或以其他方式执行内容。优选地，保险库邮件消息的激活由网络安全网关执行，并且可以基于每个消息来执行。优选地，链接的激活需要用户认证，其可以在基于所述内容的基于每个消息的激活邮箱消息期间被指定。优选地，限制执行会话强制执行安全策略。

6. 发明授权

US08254698B2 Methods for document-to-template matching for data-leak prevention 有权
标题翻译：用于数据泄露预防的文档到模板匹配的方法
公开(公告)号：US08254698B2
公开(公告)日：2012-08-28
申请号：US12417030
申请日：2009-04-02
申请人： Alon Kantor , Liran Antebi , Yoav Kirsch , Uri Bialik
发明人： Alon Kantor , Liran Antebi , Yoav Kirsch , Uri Bialik
IPC分类号： G06K9/62 , G06K9/64 , G06K9/68 , G06F7/00 , G06F17/30 , G06F11/00
CPC分类号： G06K9/6201
摘要： The present invention discloses methods for document-to-template matching for data-leak prevention (DLP), the methods including the steps of: providing a document as a stream of characters; splitting the stream into a plurality of serialized data lines; calculating a hash value for each serialized data line; checking for each hash value in a hash map of a template set; determining a similarity match to a particular template based on a predefined threshold of template hash values, of the template set, being found in the stream; and based on the similarity match, executing a DLP security policy for the document. Preferably, the template set is extracted from documents manually prepared by a security administrator. Preferably, each template in the template set is deduced automatically from a plurality of documents.
摘要翻译：本发明公开了一种用于数据泄露预防（DLP）的文件到模板匹配的方法，所述方法包括以下步骤：将文档提供为字符流; 将流分解成多个串行数据线; 计算每个序列化数据行的哈希值; 检查模板集的散列图中的每个哈希值; 基于在流中找到的模板集合的模板哈希值的预定义阈值来确定与特定模板的相似性匹配; 并基于相似性匹配，为文档执行DLP安全策略。优选地，从由安全管理员手动准备的文档中提取模板集。优选地，模板集合中的每个模板自动地从多个文档中推导出来。

7. 发明授权

US08051187B2 Methods for automatic categorization of internal and external communication for preventing data loss 有权
标题翻译：内部和外部通信自动分类以防止数据丢失的方法
公开(公告)号：US08051187B2
公开(公告)日：2011-11-01
申请号：US12340830
申请日：2008-12-22
申请人： Tomer Noy , Alon Kantor , Uri Bialik , Yoav Kirsch
发明人： Tomer Noy , Alon Kantor , Uri Bialik , Yoav Kirsch
IPC分类号： G06F13/00
CPC分类号： H04L51/12 , H04L12/185 , H04L43/026 , H04L63/0227 , H04L63/104 , Y02D50/30
摘要： Disclosed are methods for automatic categorization of internal and external communication, the method including the steps of: defining groups of entities that transmit data; monitoring data flow of the groups; extracting the data, from the data flow, for learning traffic-flow characteristics of the groups; classifying the data into group flows; upon the data being transmitted, checking the data to determine whether the data is designated as group-internal; and blocking data traffic for data that is group-internal. Preferably, the step of monitoring includes assigning data weights to the data using Bayesian methods. Most preferably, the step of classifying includes classifying the data using Bayesian methods for evaluating the data weights. Preferably, the step of blocking includes blocking data traffic between members of two or more groups. Preferably, the method further includes the step of: enabling an authorized entity to unblock the data traffic.
摘要翻译：公开了用于内部和外部通信的自动分类的方法，所述方法包括以下步骤：定义传送数据的实体组; 监测组的数据流; 从数据流中提取数据，用于学习组的流量特征; 将数据分类为组流; 在发送数据时，检查数据以确定数据是否被指定为组内部; 并阻止组内部数据的数据流量。优选地，监视步骤包括使用贝叶斯方法向数据分配数据权重。最优选地，分类步骤包括使用贝叶斯方法对数据进行分类以评估数据权重。优选地，阻塞步骤包括阻止两个或更多个组的成员之间的数据业务。优选地，该方法还包括以下步骤：使授权实体能够解除数据业务的阻塞。

你已经成功收藏专利！

检索式保存成功!

IPRDB

热门服务

关于我们

友情链接

联系方式