专利快速检索-快速检索全球专利，免费商用专利数据库-IPRDB

1. 发明申请

WO2010014917A1 VERSIONING RELATIONAL DATABASE DISJOINT RECORDS 审中-公开
标题翻译：版本关系数据库DISROINT RECORDS
公开(公告)号：WO2010014917A1
公开(公告)日：2010-02-04
申请号：PCT/US2009/052429
申请日：2009-07-31
申请人： TELCORDIA TECHNOLOGIES, INC. , CHENG, Yuu-heng , POYLISHER, Alexander , GADGIL, Shrirang , NAIDU, Aditya , TALPADE, Rajesh
发明人： CHENG, Yuu-heng , POYLISHER, Alexander , GADGIL, Shrirang , NAIDU, Aditya , TALPADE, Rajesh
IPC分类号： G06F17/30
CPC分类号： G06F17/30309 , G06F17/30498
摘要： An inventive system and method for versioning relational database disjoint records comprises a relational database, configuration files translated into query files, and a version control system, wherein each query file is stored and checked into the version control system, updating a version number of the query file. Each query file comprises a set of query statements. Query files are retrieved from the version control system based on the version number or an independent data item, and put into the database for analysis. In one embodiment, one of the configuration files comprises a configuration of a device, such as a router, a switch, a firewall, or a medical record. The method comprises acquiring configuration files, changing the configuration files into query files and storing the query files, and checking each query file into a version control system, wherein the checking in updates a version number of the query file.
摘要翻译：用于版本化关系数据库不相交记录的创新系统和方法包括关系数据库，转换成查询文件的配置文件和版本控制系统，其中每个查询文件被存储并检查到版本控制系统中，更新查询的版本号文件。每个查询文件都包含一组查询语句。基于版本号或独立数据项从版本控制系统检索查询文件，并将其放入数据库进行分析。在一个实施例中，配置文件之一包括诸如路由器，交换机，防火墙或医疗记录之类的设备的配置。该方法包括获取配置文件，将配置文件更改为查询文件并存储查询文件，并将每个查询文件检查到版本控制系统中，其中检查更新查询文件的版本号。

2. 发明申请

WO2008105829A3 IP NETWORK VULNERABILITY AND POLICY COMPLIANCE ASSESSMENT BY IP DEVICE ANALYSIS 审中-公开
公开(公告)号：WO2008105829A3
公开(公告)日：2008-09-04
申请号：PCT/US2007/019844
申请日：2007-09-12
申请人： TELCORDIA TECHNOLOGIES, INC. , TALPADE, Rajesh , NARAIN, Sanjai , CHENG, Alice , POYLISHER, Alexander
发明人： TALPADE, Rajesh , NARAIN, Sanjai , CHENG, Alice , POYLISHER, Alexander
IPC分类号： G06F17/00
摘要： Customizable software provides assurances about the ability of an IP network to satisfy security, regulatory and availability requirements by comprehensive vulnerability and compliance assessment of IP networks through automated analysis of configurations of devices such as routers, switches, and firewalls. The solution comprises three main approaches for testing of IP device configurations to eliminate errors that result in vulnerabilities or requirements compliance issues. The first approach involves checking the configurations of devices for conformance to Best-Current-Practices provided by vendors and organizations. Also this includes checks of compliance with regulations. The secon approach includes reading device configurations and collecting beliefs about network administrator intent. An inference engine checks for consistency using previously accumulated beliefs. The third approach addresses the multiple device/protocol issue by including an understanding of high-level service and security requirements about the specific IP network under test from the network administrators.

3. 发明申请

WO2010088600A1 SYSTEM AND METHOD FOR DETERMINING SYMANTIC EQUIVALENCE BETWEEN ACCESS CONTROL LISTS 审中-公开
标题翻译：用于确定访问控制列表之间的协调等效性的系统和方法
公开(公告)号：WO2010088600A1
公开(公告)日：2010-08-05
申请号：PCT/US2010/022731
申请日：2010-02-01
申请人： TELCORDIA TECHNOLOGIES, INC. , LING, Yibei , NAIDU, Aditya , TALPADE, Rajesh
发明人： LING, Yibei , NAIDU, Aditya , TALPADE, Rajesh
IPC分类号： G06F15/173
CPC分类号： H04L63/0263
摘要： Aspects of the invention pertain to analyzing and modifying access control lists that are used in computer networks. Access control lists may have many individual rules that indicate whether information can be passed between certain devices in a computer network. The access control lists may include redundant or conflicting rules. An aspect of the invention determines whether two or more access control lists are equivalent or not. Order-dependent access control lists are converted into order-independent access control lists, which enable checking of semantic equivalence of different access control lists. Upon conversion to an order- independent access control list, lower-precedence rules in the order- free list are checked for overlap with a current higher precedence entry. If overlap exists, existing order- free rules are modified so that spinoff rules have no overlap with the current entry. This is done while maintaining semantic equivalence.
摘要翻译：本发明的方面涉及分析和修改在计算机网络中使用的访问控制列表。访问控制列表可以具有许多单独的规则，其指示信息是否可以在计算机网络中的某些设备之间传递。访问控制列表可以包括冗余或冲突的规则。本发明的一个方面确定两个或更多个访问控制列表是否等同。依赖订单的访问控制列表转换成独立于访问控制列表，可以检查不同访问控制列表的语义等价性。在转换为与订单无关的访问控制列表时，将检查无订单列表中的较低优先级规则与当前较高优先级条目的重叠。如果存在重叠，则修改现有的无订单规则，以便分支规则与当前条目不重叠。这是在保持语义等同性的同时完成的。

4. 发明申请

WO2011143029A1 SYSTEM AND METHOD FOR DETERMINING FIREWALL EQUIVALENCE, UNION, INTERSECTION AND DIFFERENCE 审中-公开
标题翻译：用于确定防火等级，联合，交互和差异的系统和方法
公开(公告)号：WO2011143029A1
公开(公告)日：2011-11-17
申请号：PCT/US2011/035150
申请日：2011-05-04
申请人： TELCORDIA TECHNOLOGIES, INC. , LING, Yibel , NAIDU, Aditya , TALPADE, Rajesh
发明人： LING, Yibel , NAIDU, Aditya , TALPADE, Rajesh
IPC分类号： G06F11/00
CPC分类号： H04L63/0263
摘要： Aspects of the invention pertain to integrated compliance lists for analysis network control lists may of multiple firewalls and access segregation and partitioning, have many individual rules that control access indicate whether information can be passed between certain devices in a computer network. The access control lists in different firewalls in different network segments within a given network may overlap or have inconsistent rules. Aspects of the invention generate differences between firewalls analyze equivalency of firewalls, generate the intersection between a pair of firewalls and generate the union between firewalls. Such information provides an integrated analysis of multiple interrelated firewalls including inbound and outbound access control lists for such firewalls and may be used to manage firewall operation within the network to ensure consistent operation and maintain network security. It also addresses a wide range of security questions that arise when dealing with multiple firewalls.
摘要翻译：本发明的方面涉及用于分析多个防火墙和访问分离和分区的网络控制列表的集成合规性列表，具有控制访问的许多单独的规则指示信息是否可以在计算机网络中的某些设备之间传递。给定网络内不同网段的不同防火墙中的访问控制列表可能重叠或具有不一致的规则。本发明的方面在防火墙之间产生差异，分析防火墙的等效性，生成一对防火墙之间的交集，并在防火墙之间生成联合。这样的信息提供了对多个相互关联的防火墙的综合分析，包括这种防火墙的入站和出站访问控制列表，并可用于管理网络中的防火墙操作，以确保一致的操作和维护网络安全。它还解决了处理多个防火墙时出现的各种安全问题。

5. 发明申请

WO2010099030A1 SYSTEMS AND METHODS FOR SINGLE SESSION MANAGEMENT IN LOAD BALANCED APPLICATION SERVER CLUSTERS 审中-公开
标题翻译：负载平衡应用服务器集群中的单个管理的系统和方法
公开(公告)号：WO2010099030A1
公开(公告)日：2010-09-02
申请号：PCT/US2010/024640
申请日：2010-02-19
申请人： TELCORDIA TECHNOLOGIES, INC. , NAIDU, Aditya , TALPADE, Rajesh , TANNA, Harshad , WINCHELL, Sabine
发明人： NAIDU, Aditya , TALPADE, Rajesh , TANNA, Harshad , WINCHELL, Sabine
IPC分类号： G06F15/16
CPC分类号： H04L67/1027 , H04L67/1002 , H04L67/14 , H04L67/143 , H04L67/146
摘要： Aspects of the invention pertain to user session management in load balanced clusters. Multiple application servers communicate with a central data server to ensure there is a single session per user ID. The central data server maintains a user session index and a parameter table. Each time a network access is attempted using a given user ID, a load balancer assigns the session to one of the application servers. The assigned application server queries the central data server to determine whether a session status for the user's login ID is inactive or active. If inactive, a new, unique value is assigned as the session number. If active, the session number is evaluated to determine whether multiple sessions exist. In this case, one of the sessions is terminated to ensure a single session per user ID. Preferably, the terminated session is the earlier session.
摘要翻译：本发明的方面涉及负载平衡集群中的用户会话管理。多个应用程序服务器与中央数据服务器进行通信，以确保每个用户ID都有一个会话。中央数据服务器维护用户会话索引和参数表。每次尝试使用给定的用户ID进行网络访问时，负载均衡器会将会话分配给其中一个应用程序服务器。分配的应用程序服务器查询中央数据服务器，以确定用户登录ID的会话状态是否处于非活动状态。如果不活动，将分配一个新的唯一值作为会话号。如果激活，则会对会话编号进行评估，以确定是否存在多个会话。在这种情况下，其中一个会话终止，以确保每个用户ID的单个会话。优选地，终止的会话是较早的会话。

6. 发明申请

WO2004070535A2 MITIGATING DENIAL OF SERVICE ATTACKS 审中-公开
标题翻译：减轻服务攻击难度
公开(公告)号：WO2004070535A2
公开(公告)日：2004-08-19
申请号：PCT/US2004/002271
申请日：2004-01-27
申请人： TELCORDIA TECHNOLOGIES, INC.
发明人： TALPADE, Rajesh , MADHANI, Sunil , MOUCHTARIS, Petros , WONG, Larry
IPC分类号： G06F
CPC分类号： H04L63/0227 , H04L63/1458
摘要： Service attacks, such as denial of service and distributed denial of service attacks, of a customer network are detected and subsequently mitigated by the Internet Service Provider (ISP) that services the customer network. A sensor examines the traffic entering the customer network for attack traffic. When an attack is detected, the sensor notifies an analysis engine within the ISP network to mitigate the attack. The analysis engine configures a filter router to advertise new routing information to the border and edge routers of the ISP network. The new routing information instructs the border and edge routers to reroute attack traffic and non-attack traffic destined for the customer network to the filter router. At the filter router, the attack traffic and non-attack traffic are automatically filtered to remove the attack traffic. The non-attack traffic is passed back onto the ISP network for routing towards the customer network.
摘要翻译：检测到客户网络的服务攻击（如拒绝服务和分布式拒绝服务攻击），并随后由为客户网络服务的互联网服务提供商（ISP）进行缓解。传感器检查进入客户网络的流量是否存在攻击流量。当检测到攻击时，传感器通知ISP网络中的分析引擎以减轻攻击。分析引擎配置过滤器路由器向ISP网络的边界和边缘路由器发布新的路由信息。新的路由信息指示边界路由器和边缘路由器将去往客户网络的攻击流量和非攻击流量重新路由到过滤路由器。在过滤路由器上，会自动过滤攻击流量和非攻击流量，以消除攻击流量。非攻击流量被传回到ISP网络，用于路由到客户网络。

你已经成功收藏专利！

检索式保存成功!

IPRDB

热门服务

关于我们

友情链接

联系方式