专利快速检索-快速检索全球专利，免费商用专利数据库-IPRDB

1. 发明申请

WO2017112491A3 STATELESS ACCESS STRATUM SECURITY FOR CELLULAR INTERNET OF THINGS 审中-公开
标题翻译：用于无线蜂窝互联网的无状态接入层安全
公开(公告)号：WO2017112491A3
公开(公告)日：2017-08-03
申请号：PCT/US2016066702
申请日：2016-12-14
申请人： QUALCOMM INC
发明人： LEE SOO BUM , PALANIGOUNDER ANAND , ESCOTT ADRIAN EDWARD
IPC分类号： H04L29/06 , H04L9/08 , H04L9/14 , H04L12/24 , H04L29/08 , H04W4/00 , H04W12/04 , H04W12/10 , H04W88/16
CPC分类号： H04L63/0428 , G06F2221/2151 , H04L9/0822 , H04L9/14 , H04L41/08 , H04L63/062 , H04L63/123 , H04L63/1458 , H04L63/16 , H04L63/205 , H04L67/12 , H04W12/04 , H04W12/10 , H04W88/16
摘要： Aspects of security schemes (e.g., integrity protection, encryption, or both) are described. A measure of access stratum security can be realized without overhead associated with establishing and/or maintaining the per-cellular-device access stratum security context at a Cellular Internet of Things (CIoT) base station (C-BS). A gateway (e.g., a CIoT Serving Gateway Node (C-SGN)) may derive a first key. The first key may be only known to the C-SGN. The C-SGN may derive a second key from the first key and a parameter unique to the C-BS. The C-SGN may also derive a third key from the second key and an identity of a cellular device. The C-SGN may send the second and third keys to the C-BS and cellular device, respectively. Small data messages encrypted and/or integrity protected by the cellular device may be decrypted and/or verified by the C-BS.
摘要翻译：描述了安全方案的各个方面（例如，完整性保护，加密或二者）。可以在无蜂窝物联网（C-BS）基站（C-BS）上建立和/或维护每个蜂窝设备接入层安全上下文的开销的情况下实现接入层安全性的度量。网关（例如，CIoT服务网关节点（C-SGN））可以导出第一密钥。第一把钥匙可能只有C-SGN才知道。 C-SGN可以从第一密钥和C-BS特有的参数中导出第二密钥。 C-SGN还可以从第二密钥和蜂窝设备的身份导出第三密钥。 C-SGN可以分别将第二和第三密钥发送到C-BS和蜂窝设备。由蜂窝设备加密和/或完整性保护的小数据消息可以由C-BS解密和/或验证。

2. 发明申请

WO2015065556A3 METHOD AND APPARATUS FOR OPTIMIZING HYPERTEXT TRANSFER PROTOCOL (HTTP) UNIFORM RESOURCE LOCATOR (URL) FILTERING 审中-公开
标题翻译：优化超文本传输协议（HTTP）统一资源定位符（URL）过滤的方法和设备
公开(公告)号：WO2015065556A3
公开(公告)日：2015-11-19
申请号：PCT/US2014049400
申请日：2014-08-01
申请人： A 10 NETWORKS INC , JIANG XUYANG , ISHII TAKAAKI , NORO MASATAKA
发明人： JIANG XUYANG , ISHII TAKAAKI , NORO MASATAKA
IPC分类号： G06F21/00
CPC分类号： H04L63/0281 , G06F17/30887 , G06F17/30896 , G06F21/128 , H04L63/0245 , H04L63/0254 , H04L63/0263 , H04L63/08 , H04L63/105 , H04L63/16 , H04L63/168 , H04L63/20 , H04L67/02 , H04L67/42
摘要： A method for handling hyper-text transfer protocol ("HTTP") requests from client devices is disclosed. The method comprises receiving an HTTP request from a client device to connect to a des tination server. It further comprises extracting a plurality of HTTP headers from the HTTP request using a gateway device in accordance with a user defined configuration to create a subset of the request. Next, it comprises forwarding the subset to an external security device from the gateway device to perform URL policy processing using the request. Finally, it comprises based on a recei ved result of the URL pol icy processing, transmitting the client request to the destination server.
摘要翻译：公开了一种用于处理来自客户端设备的超文本传输协议（“HTTP”）请求的方法。该方法包括接收来自客户端设备的HTTP请求以连接到指定服务器。它还包括根据用户定义的配置使用网关设备从HTTP请求中提取多个HTTP头部以创建请求的子集。接下来，它包括将该子集从网关设备转发到外部安全设备以使用该请求来执行URL策略处理。最后，它基于URL策略处理的接收结果，将客户端请求发送到目标服务器。

3. 发明申请

WO2015065556A2 METHOD AND APPARATUS FOR OPTIMIZING HYPERTEXT TRANSFER PROTOCOL (HTTP) UNIFORM RESOURCE LOCATOR (URL) FILTERING 审中-公开
标题翻译：优化超文本传输协议（HTTP）均匀资源定位器（URL）过滤的方法和设备
公开(公告)号：WO2015065556A2
公开(公告)日：2015-05-07
申请号：PCT/US2014/049400
申请日：2014-08-01
申请人： A 10 NETWORKS, INCORPORATED , JIANG, Xuyang , ISHII, Takaaki , NORO, Masataka
发明人： JIANG, Xuyang , ISHII, Takaaki , NORO, Masataka
IPC分类号： H04L29/06
CPC分类号： H04L63/0281 , G06F17/30887 , G06F17/30896 , G06F21/128 , H04L63/0245 , H04L63/0254 , H04L63/0263 , H04L63/08 , H04L63/105 , H04L63/16 , H04L63/168 , H04L63/20 , H04L67/02 , H04L67/42
摘要： A method for handling hyper-text transfer protocol ("HTTP") requests from client devices is disclosed. The method comprises receiving an HTTP request from a client device to connect to a des tination server. It further comprises extracting a plurality of HTTP headers from the HTTP request using a gateway device in accordance with a user defined configuration to create a subset of the request. Next, it comprises forwarding the subset to an external security device from the gateway device to perform URL policy processing using the request. Finally, it comprises based on a recei ved result of the URL pol icy processing, transmitting the client request to the destination server.
摘要翻译：公开了一种用于处理来自客户端设备的超文本传输协议（“HTTP”）请求的方法。该方法包括接收来自客户端设备的HTTP请求以连接到设备服务器。其还包括根据用户定义的配置从HTTP请求中使用网关设备提取多个HTTP头部以创建请求的子集。接下来，其包括将该子集转发到来自网关设备的外部安全设备，以使用该请求执行URL策略处理。最后，它包含基于URL policy处理的接收结果，将客户端请求发送到目标服务器。

4. 发明申请

WO2014210246A1 ROOTKIT DETECTION BY USING HARDWARE RESOURCES TO DETECT INCONSISTENCIES IN NETWORK TRAFFIC 审中-公开
标题翻译：通过使用硬件资源检测网络流量中的不良情况的ROOTKIT检测
公开(公告)号：WO2014210246A1
公开(公告)日：2014-12-31
申请号：PCT/US2014/044227
申请日：2014-06-26
申请人： MCAFEE, INC. , BEN-SHALOM, Omer , NAYSHTUT, Alex , MUTTIK, Igor
发明人： BEN-SHALOM, Omer , NAYSHTUT, Alex , MUTTIK, Igor
IPC分类号： H04L12/26 , H04L12/24
CPC分类号： H04L63/1416 , G06F21/50 , G06F21/55 , G06F21/552 , G06F21/554 , G06F21/556 , H04L63/0227 , H04L63/12 , H04L63/14 , H04L63/1408 , H04L63/1425 , H04L63/145 , H04L63/16
摘要： A technique allows detection of covert malware that attempts to hide network traffic. By monitoring network traffic both in a secure trusted environment and in an operating system environment, then comparing the monitor data, attempts to hide network traffic can be detected, allowing the possibility of performing rehabilitative actions on the computer system to locate and remove the malware hiding the network traffic.
摘要翻译：一种技术允许检测隐藏恶意软件，试图隐藏网络流量。通过监视安全受信任环境和操作系统环境中的网络流量，可以对监视数据进行比较，可以检测到隐藏网络流量的尝试，从而允许在计算机系统上执行恢复操作，以定位和删除恶意软件隐藏网络流量。

5. 发明申请

WO2014047147A1 CERTIFYING SERVER SIDE WEB APPLICATIONS AGAINST SECURITY VULNERABILITIES 审中-公开
标题翻译：认证服务器端WEB应用程序防范安全漏洞
公开(公告)号：WO2014047147A1
公开(公告)日：2014-03-27
申请号：PCT/US2013/060360
申请日：2013-09-18
申请人： INTERNATIONAL BUSINESS MACHINES CORPORATION
发明人： GUARNIERI, Salvatore, A. , PISTOIA, Marco , TRIPP, Omer
IPC分类号： G06F11/00
CPC分类号： H04L63/1433 , G06F21/577 , H04L63/105 , H04L63/107 , H04L63/16 , H04L63/20
摘要： Methods for server security verification include acquiring a public key associated with a received report that includes an indication regarding the presence of a vulnerability for each vulnerability, the report having been generated at a server (204); decrypting the received report using the public key (210); determining a level of server-side security based on the decrypted report using a processor (212); and reconfiguring a browser at the client responsive to the determined level of server-side security (316).
摘要翻译：用于服务器安全验证的方法包括获取与所接收的报告相关联的公钥，其包括关于每个漏洞的存在的指示，所述报告已经在服务器（204）处生成; 使用公钥（210）解密所接收的报告; 使用处理器（212）确定基于所述解密报告的服务器端安全级别; 以及响应于所确定的服务器端安全级别，在客户端重新配置浏览器（316）。

6. 发明申请

WO2013165779A1 SYSTEMS AND METHODS FOR IMPLEMENTING MOVING TARGET TECHNOLOGY IN LEGACY HARDWARE 审中-公开
标题翻译：用于在LEGACY HARDWARE中实现移动目标技术的系统和方法
公开(公告)号：WO2013165779A1
公开(公告)日：2013-11-07
申请号：PCT/US2013/037976
申请日：2013-04-24
申请人： HARRIS CORPORATION
发明人： SMITH, Wayne B. , POWERS, Charles , LIN, Ellen K. , DOWIN, Christopher T. , SHARPE, Ryan E.
IPC分类号： H04L29/06 , H04L29/12
CPC分类号： H04L61/2539 , H04L41/12 , H04L41/145 , H04L63/0414 , H04L63/1441 , H04L63/16 , H04L63/20
摘要： Systems (1900) and methods (2300, 2400) for use in a network node (1901-1903). The methods involve: receiving a Data Communication ("DC") from Data Link Layer Software ("DLLS"); identifying an IDentity Parameter ("IDP") contained in DC which comprises a False Value ("FV") specifying false information about the node or DC; obtaining a True Value ("TV") specifying true information about the node or DC; replacing the FV with the TV to generate a modified DC; and forwarding the modified DC to Network Layer Software ("NLS"). The methods also involve: receiving a Data Unit ("DU") from NLS comprising a Transport Layer Header ("TLH") and a Network Layer Header ("NLH") including TVs specifying true information about the node or FDU; obtaining a FV which specifies false information about the node or FDU; replacing a TV of DU with the FV so as to form a Modified Data Unit ("MDU"); and forwarding MDU to DLLS.
摘要翻译：用于网络节点（1901-1903）的系统（1900）和方法（2300,2400）。该方法包括：从数据链路层软件（“DLLS”）接收数据通信（“DC”）; 识别包含在DC中的身份参数（“IDP”），其包括指定关于节点或DC的虚假信息的假值（“FV”）; 获取一个真值（“TV”），指定关于节点或DC的真实信息; 用电视代替FV，生成修改后的DC; 并将修改的DC转发到网络层软件（“NLS”）。所述方法还包括：从包括传输层报头（“TLH”）和包括指定关于节点或FDU的真实信息的TV的网络层报头（“NLH”）的NLS接收数据单元（“DU”）; 获得指定关于节点或FDU的虚假信息的FV; 用FV替换DU的电视，形成修改数据单元（“MDU”）; 并将MDU转发到DLLS。

7. 发明申请

WO2013149041A1 ENHANCING IPSEC PERFORMANCE AND SECURITY AGAINST EAVESDROPPING 审中-公开
标题翻译：提高IPSEC的性能和安全性对EAVESDROPPING
公开(公告)号：WO2013149041A1
公开(公告)日：2013-10-03
申请号：PCT/US2013/034415
申请日：2013-03-28
申请人： HUAWEI TECHNOLOGIES CO., LTD. , FUTUREWEI TECHNOLOGIES, INC.
发明人： SONG, Jifei , YI, Xiaoyong , ZHANG, Xiangyang
IPC分类号： H04L29/06
CPC分类号： H04L63/16 , H04L63/0485 , H04L63/06 , H04L63/164 , H04L63/18
摘要： A network element (NE) comprising a memory device configured to store instructions, and a processor configured to execute the instructions by dividing a first plurality of data packets of a data flow into a first plurality of sub-flows, and causing the first plurality of sub-flows to be transmitted to a second NE via a network, wherein the first plurality of sub-flows are transmitted using a first Internet Protocol Security (IPsec) security association (SA) cluster comprising a plurality of parallel sub-SAs. The disclosure also includes a NE comprising a processor configured to create an IPsec SA cluster comprising a first plurality of sub-SAs between the NE and a second NE using an internet key exchange (IKE) or an IKEv2, wherein the first sub-SAs are unidirectional, and wherein the first sub-SAs are configured to transport a first plurality of data packets in a common direction.
摘要翻译：一种网络元件（NE），包括被配置为存储指令的存储器件，以及被配置为通过将数据流的第一多个数据分组划分成第一多个子流来执行指令的处理器，并且使得所述第一多个经由网络发送到第二NE的子流，其中使用包括多个并行子SA的第一互联网协议安全（IPsec）安全关联（SA）群集来发送所述第一多个子流。本发明还包括一种包括处理器的网元，所述处理器被配置为使用互联网密钥交换（IKE）或IKEv2来创建包括NE和第二NE之间的第一多个子SA的IPsec SA簇，其中所述第一子SA是单向，并且其中所述第一子SA被配置为在公共方向上传输第一多个数据分组。

8. 发明申请

WO2008004174A3 ESTABLISHING A SECURE AUTHENTICATED CHANNEL 审中-公开
标题翻译：建立一个安全的认证通道
公开(公告)号：WO2008004174A3
公开(公告)日：2008-03-06
申请号：PCT/IB2007052565
申请日：2007-07-02
申请人： KONINKL PHILIPS ELECTRONICS NV , NIKOV VENTZISLAV
发明人： NIKOV VENTZISLAV
IPC分类号： H04L12/22 , H04L9/32
CPC分类号： H04L63/0428 , H04L63/0869 , H04L63/16 , H04L63/162 , H04L63/168
摘要： A communication system has at least two communication devices (10,20) each accommodating an application (12,22). Establishing a secure authenticated channel between applications is achieved by first executing a link layer protocol (81) for establishing, on a link layer, an unauthenticated secure channel between the communication devices by exchanging link layer protocol messages. Subsequently an authentication protocol (82) is executed for establishing, on an application layer, authentication between the applications. The authentication protocol includes transferring an authentication message from a first application, processing the authentication message into a secure authentication message, transferring the secure authentication message to the second communication device via the unauthenticated secure channel, verifying the secure authentication message, and transferring the secure authentication message to the second application.
摘要翻译：通信系统具有至少两个通信设备（10,20），每个通信设备（10,20）各自容纳应用（12,22）。通过首先执行链路层协议（81），通过交换链路层协议消息，在链路层上建立通信设备之间的未经认证的安全通道，从而实现在应用之间建立安全的认证通道。随后执行认证协议（82），用于在应用层上建立应用之间的认证。认证协议包括从第一应用传输认证消息，将认证消息处理成安全认证消息，经由未认证安全通道将安全认证消息传输到第二通信设备，验证安全认证消息，并且传输安全认证消息给第二个应用程序。

9. 发明申请

WO2008004174A2 ESTABLISHING A SECURE AUTHENTICATED CHANNEL 审中-公开
标题翻译：建立安全认证通道
公开(公告)号：WO2008004174A2
公开(公告)日：2008-01-10
申请号：PCT/IB2007/052565
申请日：2007-07-02
申请人： KONINKLIJKE PHILIPS ELECTRONICS N.V. , NIKOV, Ventzislav
发明人： NIKOV, Ventzislav
IPC分类号： H04L12/22 , H04L9/32
CPC分类号： H04L63/0428 , H04L63/0869 , H04L63/16 , H04L63/162 , H04L63/168
摘要： A communication system has at least two communication devices (10,20) each accommodating an application (12,22). Establishing a secure authenticated channel between applications is achieved by first executing a link layer protocol (81) for establishing, on a link layer, an unauthenticated secure channel between the communication devices by exchanging link layer protocol messages. Subsequently an authentication protocol (82) is executed for establishing, on an application layer, authentication between the applications. The authentication protocol includes transferring an authentication message from a first application, processing the authentication message into a secure authentication message, transferring the secure authentication message to the second communication device via the unauthenticated secure channel, verifying the secure authentication message, and transferring the secure authentication message to the second application.
摘要翻译：通信系统具有每个容纳应用（12,22）的至少两个通信设备（10,20）。通过首先执行链路层协议（81），通过交换链路层协议消息在链路层上建立通信设备之间的未认证的安全信道来实现应用之间的安全认证信道。随后，执行认证协议（82），以在应用层上建立应用之间的认证。认证协议包括从第一应用传送认证消息，将认证消息处理成安全认证消息，经由未经认证的安全信道将安全认证消息传送到第二通信设备，验证安全认证消息，以及传送安全认证消息给第二个应用程序。

10. 发明申请

WO2004042533A2 END-TO-END SERVICE QUALITY FOR LATENCY-INTENSIVE INTERNET PROTOCOL (IP) APPLICATIONS IN A HETEROGENEOUS, MULTI-VENDOR ENVIRONMENT 审中-公开
标题翻译：针对互联网互联网协议（IP）应用在异质性，多供应商环境中的端到端服务质量
公开(公告)号：WO2004042533A2
公开(公告)日：2004-05-21
申请号：PCT/US2003/035024
申请日：2003-11-03
申请人： PROMINENCE NETWORKS, INC. , NAG, S
发明人： NAG, S
IPC分类号： G06F
CPC分类号： H04L29/06027 , H04L47/18 , H04L47/2416 , H04L47/31 , H04L47/41 , H04L47/70 , H04L47/724 , H04L47/801 , H04L47/822 , H04L47/825 , H04L47/828 , H04L63/0428 , H04L63/16 , H04L65/1009 , H04L65/1043 , H04L65/1069 , H04L65/608 , H04L65/80 , Y02D50/30
摘要： Apparatus and methods are provided for delivering end-to-end Quality of Service (QoS) over Internet Protocol (IP) networks. According to one embodiment, a portion of available bandwidth between a first and second network device is reserved as a Quality of Service (QoS0 resource pool for real-time communication sessions among users of a fist and second user community. The first network device is communicatively coupled with a packet network and associated with the first user community. The second network device is communicatively coupled with the packet network and associated with the second user community. End-to-End application QoS is provided between the first and second user communities by selectively admitting real-time communication sessions between the first user community and the second user community based upon currently available resources associated with the QoS resource pool and multiplexing the real-time communication sessions over a reservation protocol session between the first and second network devices.
摘要翻译：提供了用于通过因特网协议（IP）网络提供端到端服务质量（QoS）的装置和方法。根据一个实施例，第一和第二网络设备之间的可用带宽的一部分被保留为服务质量（QoS0资源池，用于第一和第二用户群体的用户之间的实时通信会话），第一网络设备是通信的耦合到分组网络并与第一用户社区相关联，第二网络设备与分组网络通信耦合并与第二用户社区相关联。通过选择性地在第一和第二用户社区之间提供端到端应用QoS 基于与QoS资源池相关联的当前可用资源，在第一和第二用户社区之间接纳实时通信会话，并通过第一和第二网络设备之间的预留协议会话复用实时通信会话。

你已经成功收藏专利！

检索式保存成功!

IPRDB

热门服务

关于我们

友情链接

联系方式