专利快速检索-快速检索全球专利，免费商用专利数据库-IPRDB

1. 发明申请

US20100199344A1 REDUNDANCY DETECTION AND RESOLUTION AND PARTIAL ORDER DEPENDENCY QUANTIFICATION IN ACCESS CONTROL LISTS 有权
标题翻译：冗余检测和解决方案和部分订单依赖性访问控制列表中的数量
公开(公告)号：US20100199344A1
公开(公告)日：2010-08-05
申请号：US12634984
申请日：2009-12-10
申请人： Yibei Ling , Aditya Naidu , Rajesh Talpade
发明人： Yibei Ling , Aditya Naidu , Rajesh Talpade
IPC分类号： G06F21/00
CPC分类号： H04L63/0263 , G06F21/604 , G06F2221/2141 , H04L63/101
摘要： Aspects of the invention pertain to analyzing and modifying access control lists that are used in computer networks. Access control lists may have many individual entries that indicate whether information can be passed between certain devices in a computer network. The access control lists may include redundant or conflicting entries. An aspect of the invention converts an order-dependent control list into an order-free equivalent. Redundant entries are identified and removed without adversely affecting the access control list. Redundancy may be identified by evaluating the volume contraction ratio, which is the ratio of the volume of spin-off entries to specific original entry in the access control list. This ratio reflects the extent of order-dependent impact on that entry in a given access control list.
摘要翻译：本发明的方面涉及分析和修改在计算机网络中使用的访问控制列表。访问控制列表可以具有指示信息是否可以在计算机网络中的某些设备之间传递的许多单独条目。访问控制列表可以包括冗余或冲突条目。本发明的一个方面将订单相关的控制列表转换成无订购的等价物。识别和删除冗余条目，而不会对访问控制列表造成不利影响。冗余可以通过评估体积收缩率来确定，该收缩率是分离项的数量与访问控制列表中的特定原始条目的比率。该比率反映了在给定的访问控制列表中对该条目的订单相关影响的程度。

2. 发明申请

US20100199346A1 SYSTEM AND METHOD FOR DETERMINING SYMANTIC EQUIVALENCE BETWEEN ACCESS CONTROL LISTS 审中-公开
标题翻译：用于确定访问控制列表之间的协调等效性的系统和方法
公开(公告)号：US20100199346A1
公开(公告)日：2010-08-05
申请号：US12634975
申请日：2009-12-10
申请人： Yibei Ling , Aditya Naidu , Rajesh Talpade
发明人： Yibei Ling , Aditya Naidu , Rajesh Talpade
IPC分类号： G06F9/32
CPC分类号： H04L63/0263
摘要： Aspects of the invention pertain to analyzing and modifying access control lists that are used in computer networks. Access control lists may have many individual rules that indicate whether information can be passed between certain devices in a computer network. The access control lists may include redundant or conflicting rules. An aspect of the invention determines whether two or more access control lists are equivalent or not. Order-dependent access control lists are converted into order-independent access control lists, which enable checking of semantic equivalence of different access control lists. Upon conversion to an order-independent access control list, lower-precedence rules in the order-free list are checked for overlap with a current higher precedence entry. If overlap exists, existing order-free rules are modified so that spinoff rules have no overlap with the current entry. This is done while maintaining semantic equivalence.
摘要翻译：本发明的方面涉及分析和修改在计算机网络中使用的访问控制列表。访问控制列表可以具有许多单独的规则，其指示信息是否可以在计算机网络中的某些设备之间传递。访问控制列表可以包括冗余或冲突的规则。本发明的一个方面确定两个或更多个访问控制列表是否等同。依赖订单的访问控制列表转换成独立于访问控制列表，可以检查不同访问控制列表的语义等价性。在转换为与订单无关的访问控制列表时，将检查无订单列表中的较低优先级规则与当前较高优先级条目的重叠。如果存在重叠，则修改现有的无订单规则，以便分拆规则与当前条目不重叠。这是在保持语义等同性的同时完成的。

3. 发明授权

US08719913B2 Redundancy detection and resolution and partial order dependency quantification in access control lists 有权
标题翻译：访问控制列表中的冗余检测和分辨率以及部分顺序依赖性量化
公开(公告)号：US08719913B2
公开(公告)日：2014-05-06
申请号：US12634984
申请日：2009-12-10
申请人： Yibei Ling , Aditya Naidu , Rajesh Talpade
发明人： Yibei Ling , Aditya Naidu , Rajesh Talpade
IPC分类号： H04L29/06 , G06F17/00 , G06F9/00 , G06F15/16 , G06F7/04
CPC分类号： H04L63/0263 , G06F21/604 , G06F2221/2141 , H04L63/101
摘要： Aspects of the invention pertain to analyzing and modifying access control lists that are used in computer networks. Access control lists may have many individual entries that indicate whether information can be passed between certain devices in a computer network. The access control lists may include redundant or conflicting entries. An aspect of the invention converts an order-dependent control list into an order-free equivalent. Redundant entries are identified and removed without adversely affecting the access control list. Redundancy may be identified by evaluating the volume contraction ratio, which is the ratio of the volume of spin-off entries to specific original entry in the access control list. This ratio reflects the extent of order-dependent impact on that entry in a given access control list.
摘要翻译：本发明的方面涉及分析和修改在计算机网络中使用的访问控制列表。访问控制列表可以具有指示信息是否可以在计算机网络中的某些设备之间传递的许多单独条目。访问控制列表可以包括冗余或冲突条目。本发明的一个方面将订单相关的控制列表转换成无订购的等价物。识别和删除冗余条目，而不会对访问控制列表造成不利影响。冗余可以通过评估体积收缩率来确定，该收缩率是分离项的数量与访问控制列表中的特定原始条目的比率。该比率反映了在给定的访问控制列表中对该条目的订单相关影响的程度。

4. 发明申请

US20110283348A1 SYSTEM AND METHOD FOR DETERMINING FIREWALL EQUIVALENCE, UNION, INTERSECTION AND DIFFERENCE 审中-公开
标题翻译：用于确定防火等级，联合，交互和差异的系统和方法
公开(公告)号：US20110283348A1
公开(公告)日：2011-11-17
申请号：US12779069
申请日：2010-05-13
申请人： Yibei Ling , Aditya Naidu , Rajesh Talpade
发明人： Yibei Ling , Aditya Naidu , Rajesh Talpade
IPC分类号： G06F21/00
CPC分类号： H04L63/0263
摘要： Aspects of the invention pertain to integrated compliance analysis of multiple firewalls and access control lists for network segregation and partitioning. Access control lists may have many individual rules that indicate whether information can be passed between certain devices in a computer network. The access control lists in different firewalls in different network segments within a given network may overlap or have inconsistent rules. Aspects of the invention generate differences between firewalls, analyze equivalency of firewalls, generate the intersection (if any) between a pair of firewalls, and generate the union (if any) between firewalls. Such information provides an integrated analysis of multiple interrelated firewalls, including inbound and outbound access control lists for such firewalls, and may be used to manage firewall operation within the network to ensure consistent operation and maintain network security. It also addresses a wide range of security questions that arise when dealing with multiple firewalls.
摘要翻译：本发明的方面涉及用于网络隔离和分区的多个防火墙和访问控制列表的集成合规性分析。访问控制列表可以具有许多单独的规则，其指示信息是否可以在计算机网络中的某些设备之间传递。给定网络内不同网段的不同防火墙中的访问控制列表可能重叠或具有不一致的规则。本发明的方面在防火墙之间产生差异，分析防火墙的等效性，在一对防火墙之间生成交集（如果有的话），并在防火墙之间生成联合（如果有的话）。这些信息提供了多个相互关联的防火墙的集成分析，包括这种防火墙的入站和出站访问控制列表，可用于管理网络中的防火墙操作，以确保一致的操作和维护网络安全。它还解决了处理多个防火墙时出现的各种安全问题。

5. 发明授权

US07962635B2 Systems and methods for single session management in load balanced application server clusters 有权
标题翻译：负载平衡应用服务器集群中单个会话管理的系统和方法
公开(公告)号：US07962635B2
公开(公告)日：2011-06-14
申请号：US12631881
申请日：2009-12-07
申请人： Aditya Naidu , Rajesh Talpade , Harshad Tanna , Sabine Winchell
发明人： Aditya Naidu , Rajesh Talpade , Harshad Tanna , Sabine Winchell
IPC分类号： G06F15/16
CPC分类号： H04L67/1027 , H04L67/1002 , H04L67/14 , H04L67/143 , H04L67/146
摘要： Aspects of the invention pertain to user session management in load balanced clusters. Multiple application servers communicate with a central data server to ensure there is a single session per user ID. The central data server maintains a user session index and a parameter table. Each time a network access is attempted using a given user ID, a load balancer assigns the session to one of the application servers. The assigned application server queries the central data server to determine whether a session status for the user's login ID is inactive or active. If inactive, a new, unique value is assigned as the session number. If active, the session number is evaluated to determine whether multiple sessions exist. In this case, one of the sessions is terminated to ensure a single session per user ID. Preferably, the terminated session is the earlier session.
摘要翻译：本发明的方面涉及负载平衡集群中的用户会话管理。多个应用程序服务器与中央数据服务器进行通信，以确保每个用户ID都有一个会话。中央数据服务器维护用户会话索引和参数表。每次尝试使用给定的用户ID进行网络访问时，负载均衡器会将会话分配给其中一个应用程序服务器。分配的应用程序服务器查询中央数据服务器，以确定用户登录ID的会话状态是否处于非活动状态。如果不活动，则会将新的唯一值分配为会话号。如果激活，则会对会话编号进行评估，以确定是否存在多个会话。在这种情况下，其中一个会话终止，以确保每个用户ID的单个会话。优选地，终止的会话是较早的会话。

6. 发明申请

US20100217860A1 SYSTEMS AND METHODS FOR SINGLE SESSION MANAGEMENT IN LOAD BALANCED APPLICATION SERVER CLUSTERS 有权
标题翻译：负载平衡应用服务器集群中的单个管理的系统和方法
公开(公告)号：US20100217860A1
公开(公告)日：2010-08-26
申请号：US12631881
申请日：2009-12-07
申请人： Aditya Naidu , Rajesh Talpade , Harshad Tanna , Sabine Winchell
发明人： Aditya Naidu , Rajesh Talpade , Harshad Tanna , Sabine Winchell
IPC分类号： G06F15/173
CPC分类号： H04L67/1027 , H04L67/1002 , H04L67/14 , H04L67/143 , H04L67/146
摘要： Aspects of the invention pertain to user session management in load balanced clusters. Multiple application servers communicate with a central data server to ensure there is a single session per user ID. The central data server maintains a user session index and a parameter table. Each time a network access is attempted using a given user ID, a load balancer assigns the session to one of the application servers. The assigned application server queries the central data server to determine whether a session status for the user's login ID is inactive or active. If inactive, a new, unique value is assigned as the session number. If active, the session number is evaluated to determine whether multiple sessions exist. In this case, one of the sessions is terminated to ensure a single session per user ID. Preferably, the terminated session is the earlier session.
摘要翻译：本发明的方面涉及负载平衡集群中的用户会话管理。多个应用程序服务器与中央数据服务器进行通信，以确保每个用户ID都有一个会话。中央数据服务器维护用户会话索引和参数表。每次尝试使用给定的用户ID进行网络访问时，负载均衡器会将会话分配给其中一个应用程序服务器。分配的应用程序服务器查询中央数据服务器，以确定用户登录ID的会话状态是否处于非活动状态。如果不活动，将分配一个新的唯一值作为会话号。如果激活，则会对会话编号进行评估，以确定是否存在多个会话。在这种情况下，其中一个会话终止，以确保每个用户ID的单个会话。优选地，终止的会话是较早的会话。

7. 发明申请

US20100042605A1 VERSIONING RELATIONAL DATABASE DISJOINT RECORDS 审中-公开
标题翻译：版本关系数据库DISROINT RECORDS
公开(公告)号：US20100042605A1
公开(公告)日：2010-02-18
申请号：US12533676
申请日：2009-07-31
申请人： Yuu-heng Cheng , Alexander Poylisher , Aditya Naidu , Rajesh Talpade , Shrirang Gadgil
发明人： Yuu-heng Cheng , Alexander Poylisher , Aditya Naidu , Rajesh Talpade , Shrirang Gadgil
IPC分类号： G06F17/30 , G06F12/00
CPC分类号： G06F16/219 , G06F16/2456
摘要： An inventive system and method for versioning relational database disjoint records comprises a relational database, configuration files translated into query files, and a version control system, wherein each query file is stored and checked into the version control system, updating a version number of the query file. Each query file comprises a set of query statements. Query files are retrieved from the version control system based on the version number or an independent data item, and put into the database for analysis. In one embodiment, one of the configuration files comprises a configuration of a device, such as a router, a switch, a firewall, or a medical record. The method comprises acquiring configuration files, changing the configuration files into query files and storing the query files, and checking each query file into a version control system, wherein the checking in updates a version number of the query file.
摘要翻译：用于版本化关系数据库不相交记录的创新系统和方法包括关系数据库，转换成查询文件的配置文件和版本控制系统，其中每个查询文件被存储并检查到版本控制系统中，更新查询的版本号文件。每个查询文件都包含一组查询语句。基于版本号或独立数据项从版本控制系统检索查询文件，并将其放入数据库进行分析。在一个实施例中，配置文件之一包括诸如路由器，交换机，防火墙或医疗记录之类的设备的配置。该方法包括：获取配置文件，将配置文件更改为查询文件并存储查询文件，并将每个查询文件检查到版本控制系统中，其中检查更新查询文件的版本号。

8. 发明申请

US20130125235A1 Method, Apparatus and Program for Detecting Spoofed Network Traffic 有权
标题翻译：用于检测欺骗性网络流量的方法，装置和程序
公开(公告)号：US20130125235A1
公开(公告)日：2013-05-16
申请号：US13295553
申请日：2011-11-14
申请人： Ravichander Vaidyanathan , Abhrajit Ghosh , Aditya Naidu , Akira Yamada , Ayumu Kubota , Yukiko Sawaya , Yutaka Miyake
发明人： Ravichander Vaidyanathan , Abhrajit Ghosh , Aditya Naidu , Akira Yamada , Ayumu Kubota , Yukiko Sawaya , Yutaka Miyake
IPC分类号： G06F21/20
CPC分类号： G06F21/00 , H04L63/1466
摘要： A method, an apparatus and a program for detecting spoofed Internet Protocol (IP) traffic directed to a network having a plurality of autonomous systems (AS) is provided. The method comprises receiving an incoming packet through an AS, the incoming packet containing a source IP address and a destination IP address, acquiring a corresponding source and destination IP address prefixes, converting the corresponding source and destination IP address prefixes into a source AS number and a destination AS number, determining if the incoming packet arrived from an unexpected source based upon the corresponding destination IP address prefix and the converted source and destination AS number using an unexpected pair tuple table generated from network routing information and generating an alert indicating that the incoming packet is not allowed to enter the network.
摘要翻译：提供了一种用于检测针对具有多个自治系统（AS）的网络的欺骗性因特网协议（IP）流量的方法，装置和程序。该方法包括：通过AS接收输入的分组，该分组包含源IP地址和目的IP地址，获取相应的源和目的IP地址前缀，将相应的源和目的IP地址前缀转换为源AS号，目的AS号码，根据网络路由信息生成表示基于相应的目的地IP地址前缀和转换后的源和目的地AS号码，确定传入分组是否从意外的源到达，并产生一个警报，数据包不允许进入网络。

9. 发明授权

US08925079B2 Method, apparatus and program for detecting spoofed network traffic 有权
标题翻译：用于检测欺骗性网络流量的方法，装置和程序
公开(公告)号：US08925079B2
公开(公告)日：2014-12-30
申请号：US13295553
申请日：2011-11-14
申请人： Ravichander Vaidyanathan , Abhrajit Ghosh , Aditya Naidu , Akira Yamada , Ayumu Kubota , Yukiko Sawaya , Yutaka Miyake
发明人： Ravichander Vaidyanathan , Abhrajit Ghosh , Aditya Naidu , Akira Yamada , Ayumu Kubota , Yukiko Sawaya , Yutaka Miyake
IPC分类号： G06F11/00 , G06F12/14 , G06F12/16 , G08B23/00 , G06F15/173
CPC分类号： G06F21/00 , H04L63/1466
摘要： A method, an apparatus and a program for detecting spoofed Internet Protocol (IP) traffic directed to a network having a plurality of autonomous systems (AS) is provided. The method comprises receiving an incoming packet through an AS, the incoming packet containing a source IP address and a destination IP address, acquiring a corresponding source and destination IP address prefixes, converting the corresponding source and destination IP address prefixes into a source AS number and a destination AS number, determining if the incoming packet arrived from an unexpected source based upon the corresponding destination IP address prefix and the converted source and destination AS number using an unexpected pair tuple table generated from network routing information and generating an alert indicating that the incoming packet is not allowed to enter the network.
摘要翻译：提供了一种用于检测针对具有多个自治系统（AS）的网络的欺骗性因特网协议（IP）流量的方法，装置和程序。该方法包括：通过AS接收输入的分组，该分组包含源IP地址和目的IP地址，获取相应的源和目的IP地址前缀，将相应的源和目的IP地址前缀转换为源AS号，目的AS号码，根据网络路由信息生成表示基于相应的目的地IP地址前缀和转换后的源和目的地AS号码，确定传入分组是否从意外的源到达，并产生一个警报，数据包不允许进入网络。

你已经成功收藏专利！

检索式保存成功!

IPRDB

热门服务

关于我们

友情链接

联系方式