专利快速检索-快速检索全球专利，免费商用专利数据库-IPRDB

1. 发明申请

WO2016183358A1 IDENTIFYING PHISHING COMMUNICATIONS USING TEMPLATES 审中-公开
标题翻译：使用模板识别通信通信
公开(公告)号：WO2016183358A1
公开(公告)日：2016-11-17
申请号：PCT/US2016/032175
申请日：2016-05-12
申请人： GOOGLE INC.
发明人： BENDERSKY, Mike , PUEYO, Luis Garcia , PURANIK, Kashyap Ramesh , SAIKIA, Amitabh , YANG, Jie , CARTRIGHT, Marc-Allen
IPC分类号： H04L29/06
CPC分类号： H04L63/1483 , H04L63/0254 , H04L63/1425 , H04L63/20
摘要： Methods, apparatus, systems, and computer-readable media are provided for determining whether electronic communications are attempts at phishing. In various implementations, a potentially-deceptive electronic communication may be matched to one or more templates of a plurality of templates in a database. Each template may represent content shared among a cluster of electronic communications sent by a trustworthy entity. In various implementations, it may be determined that an address associated with the electronic communication is not affiliated with one or more trustworthy entities associated with the one or more matched templates. In various implementations, the electronic communication may be classified as a phishing attempt based on the determining.
摘要翻译：提供了方法，装置，系统和计算机可读介质，用于确定电子通信是否是网络钓鱼的尝试。在各种实现中，可能欺骗性的电子通信可以与数据库中的多个模板的一个或多个模板相匹配。每个模板可以表示由可信赖实体发送的电子通信集群之间共享的内容。在各种实现中，可以确定与电子通信相关联的地址不隶属于与一个或多个匹配模板相关联的一个或多个可信赖实体。在各种实现中，电子通信可以被分类为基于确定的网络钓鱼尝试。

2. 发明申请

WO2016182656A1 TECHNOLOGIES FOR SECURE BOOTSTRAPPING OF VIRTUAL NETWORK FUNCTIONS 审中-公开
标题翻译：用于安全虚拟网络功能的技术
公开(公告)号：WO2016182656A1
公开(公告)日：2016-11-17
申请号：PCT/US2016/026888
申请日：2016-04-11
申请人： INTEL CORPORATION
发明人： SOOD, Kapil , WALKER, Jesse
IPC分类号： H04L29/06 , H04L29/12
CPC分类号： G06F21/575 , G06F9/4416 , G06F9/45533 , G06F9/45558 , G06F21/10 , G06F21/53 , G06F2009/45587 , G06F2009/45595 , G06F2221/034 , H04L9/14 , H04L9/30 , H04L9/3247 , H04L63/0209 , H04L63/0227 , H04L63/0254 , H04L63/06 , H04L63/08 , H04L63/101 , H04L63/1408 , H04L63/1441 , H04L63/20 , H04L63/205
摘要： Technologies for bootstrapping virtual network functions in a network functions virtualization (NFV) network architecture include a virtual network function (VNF) bootstrap service (VBS) in secure network communication with a VBS agent of a VNF instance. The VBS agent is configured to execute a secure VNF bootstrap capture protocol in the NFV network architecture. Accordingly, the VBS agent can be configured to register with the VBS via secure communications transmitted between the VBS and the VBS agent. The secure communications include transmitting a security quote from a TEE of a platform on which the VNF instance is instantiated and a security credential request to the VBS, as well as receiving a security credential in response to validating the security quote and the security credential request. Other embodiments are described and claimed.
摘要翻译：在网络功能虚拟化（NFV）网络架构中引导虚拟网络功能的技术包括与VNF实例的VBS代理进行安全网络通信的虚拟网络功能（VNF）引导服务（VBS）。 VBS代理被配置为在NFV网络架构中执行安全的VNF引导捕获协议。因此，VBS代理可以被配置为通过在VBS和VBS代理之间传输的安全通信来向VBS注册。安全通信包括从VBS实例的平台的TEE发送安全报价以及向VBS发送安全凭证请求，以及响应于验证安全报价和安全凭证请求而接收安全凭证。描述和要求保护其他实施例。

3. 发明申请

WO2016162749A1 SYSTEM AND METHOD FOR VIRTUAL INTERFACES AND ADVANCED SMART ROUTING IN A GLOBAL VIRTUAL NETWORK 审中-公开
标题翻译：虚拟接口的系统和方法以及全球虚拟网络中的高级智能路由
公开(公告)号：WO2016162749A1
公开(公告)日：2016-10-13
申请号：PCT/IB2016/000531
申请日：2016-04-07
申请人： UMBRA TECHNOLOGIES LTD. , ORE, Carlos, Eduardo , SAINT-MARTIN, Thibaud Auguste, Bernard Jean
发明人： ORE, Carlos, Eduardo , SAINT-MARTIN, Thibaud Auguste, Bernard Jean , RUBENSTEIN, Joseph, E.
IPC分类号： H04L12/715 , H04L29/06 , H04L12/707 , H04L12/703
CPC分类号： H04L12/465 , H04L12/4633 , H04L12/4641 , H04L45/22 , H04L45/28 , H04L45/302 , H04L45/64 , H04L63/0218 , H04L63/0236 , H04L63/0254 , H04L63/0263 , H04L63/0272
摘要： Systems and methods for connecting devices via a virtual global network are disclosed. In one embodiment the network system may comprise an endpoint device including a tunnel manager and a first virtual interface, an access point server including at least one tunnel listener and a second virtual interface. One or more tunnels are formed connecting the tunnel managers and tunnel listeners. The virtual interfaces provide a logical point of access to the one or more tunnels.
摘要翻译：公开了通过虚拟全局网络连接设备的系统和方法。在一个实施例中，网络系统可以包括包括隧道管理器和第一虚拟接口的端点设备，包括至少一个隧道侦听器和第二虚拟接口的接入点服务器。形成连接隧道管理器和隧道侦听器的一个或多个隧道。虚拟接口提供对一个或多个隧道的逻辑访问点。

4. 发明申请

WO2016162748A1 MULTI-PERIMETER FIREWALL IN THE CLOUD 审中-公开
标题翻译：多云多云防火墙
公开(公告)号：WO2016162748A1
公开(公告)日：2016-10-13
申请号：PCT/IB2016/000528
申请日：2016-04-07
申请人： UMBRA TECHNOLOGIES LTD. , ORE, Carlos, Eduardo
发明人： ORE, Carlos, Eduardo , RUBENSTEIN, Joseph, E.
IPC分类号： H04L29/06 , H04L12/703 , H04L12/715 , H04L12/707
CPC分类号： H04L12/465 , H04L12/4633 , H04L12/4641 , H04L45/22 , H04L45/28 , H04L45/302 , H04L45/64 , H04L63/0218 , H04L63/0236 , H04L63/0254 , H04L63/0263 , H04L63/0272
摘要： Systems and methods for providing multi-perimeter firewalls via a virtual global network are disclosed. In one embodiment the network system may comprise an egress ingress point in communication with a first access point server, a second access point server in communication with the first access point server, an endpoint device in communication with the second access point server, a first firewall in communication with the first access point server, and a second firewall in communication with the second access point server. The first and second firewalls may prevent traffic from passing through their respective access point servers. The first and second may be in communication with each other and exchange threat information.
摘要翻译：公开了通过虚拟全球网络提供多边防火墙的系统和方法。在一个实施例中，网络系统可以包括与第一接入点服务器通信的出口入口点，与第一接入点服务器通信的第二接入点服务器，与第二接入点服务器通信的端点设备，第一防火墙与第一接入点服务器通信，以及与第二接入点服务器通信的第二防火墙。第一和第二防火墙可能会阻止流量通过其各自的接入点服务器。第一和第二个可能彼此通信并交换威胁信息。

5. 发明申请

WO2016148874A1 METHODS AND SYSTEMS FOR PROVIDING SECURITY TO DISTRIBUTED MICROSERVICES 审中-公开
标题翻译：用于向分布式微型器件提供安全保护的方法和系统
公开(公告)号：WO2016148874A1
公开(公告)日：2016-09-22
申请号：PCT/US2016/019882
申请日：2016-02-26
申请人： VARMOUR NETWORKS, INC.
发明人： SHIEH, Choung-Yaw Michael , WOOLWARD, Marc
IPC分类号： G06F15/16
CPC分类号： H04L63/0254 , H04L63/0263 , H04L63/10
摘要： Systems for providing security to distributed microservices are provided herein. In some embodiments, a system includes a plurality of microservices, each of the plurality of microservices having a plurality of distributed microservice components. At least a portion of the distributed microservice components execute on different physical or virtual servers in a data center or a cloud. The system also includes a plurality of logical security boundaries, with each of the plurality of logical security boundaries being created by a plurality of enforcement points positioned in association with the plurality of distributed microservice components. Each of plurality of microservices is bounded by one of the plurality of logical security boundaries.
摘要翻译：本文提供了为分布式微服务提供安全性的系统。在一些实施例中，系统包括多个微服务器，多个微服务器中的每一个具有多个分布式微服务组件。分布式微服务组件的至少一部分在数据中心或云中的不同物理或虚拟服务器上执行。该系统还包括多个逻辑安全边界，多个逻辑安全边界中的每一个由与多个分布式微服务组件相关联地定位的多个执行点创建。多个微服务中的每一个由多个逻辑安全边界中的一个界限。

6. 发明申请

WO2016128265A1 TRAFFIC SHAPE OBFUSCATION WHEN USING AN ENCRYPTED NETWORK CONNECTION 审中-公开
标题翻译：使用加密网络连接时的交通形状障碍
公开(公告)号：WO2016128265A1
公开(公告)日：2016-08-18
申请号：PCT/EP2016/052230
申请日：2016-02-03
申请人： INTERNATIONAL BUSINESS MACHINES CORPORATION , IBM DEUTSCHLAND GMBH
发明人： SEUL, Matthias , SOLYAKOV, Artem
IPC分类号： H04L29/06 , H04K1/02 , H04L9/00
CPC分类号： H04L63/1408 , G06F21/606 , G06F2221/2125 , H04K1/02 , H04L9/002 , H04L45/20 , H04L63/0254 , H04L63/0272 , H04L63/029 , H04L63/0414 , H04L63/0428 , H04L2209/08
摘要： According to one exemplary embodiment, a method for obfuscating a traffic pattern associated with a plurality of network traffic within a tunnel connection is provided. The method may include detecting the tunnel connection. The method may also include analyzing a connection environment associated with the detected tunnel connection. The method may then include determining a packet handling technique based on the analyzed connection environment, whereby the packet handling technique provides a way for creating a noise packet that will be discarded by a network stack at a target node or before the target node. The method may include determining a noise strategy based on the determined packet handling technique. The method may also include sending a plurality of noise packets into the tunnel connection based on the determined noise strategy to obfuscate the traffic pattern.
摘要翻译：根据一个示例性实施例，提供了一种用于模糊与隧道连接内的多个网络业务相关联的业务模式的方法。该方法可以包括检测隧道连接。该方法还可以包括分析与检测到的隧道连接相关联的连接环境。该方法然后可以包括基于所分析的连接环境确定分组处理技术，由此分组处理技术提供用于创建将由目标节点处的网络堆栈或目标节点之前丢弃的噪声分组的方式。该方法可以包括基于确定的分组处理技术确定噪声策略。该方法还可以包括基于确定的噪声策略将多个噪声分组发送到隧道连接中以模糊业务模式。

7. 发明申请

WO2016118518A1 ROLLING SECURITY PLATFORM 审中-公开
标题翻译：滚动安全平台
公开(公告)号：WO2016118518A1
公开(公告)日：2016-07-28
申请号：PCT/US2016/013944
申请日：2016-01-19
申请人： ENZOO, INC.
发明人： PIKE, Robert
IPC分类号： G06F11/00 , G06F12/14
CPC分类号： H04L63/10 , G06F21/57 , G06F21/6218 , H04L63/0254 , H04L63/0263 , H04L63/0846 , H04L63/102 , H04L63/108 , H04L63/1408 , H04L63/1416 , H04L63/1441 , H04L63/1466 , H04L63/20 , H04L67/148 , H04L67/42
摘要： A method of rolling security for a system that includes multiple server groups, such as a first server group of one or more servers and a second server group of one or more servers. The method includes repeatedly initiating rebuilding of the first server group of one or more servers. The method also includes repeatedly initiating rebuilding of the second server group of one or more servers. The rebuilding of the first server group of one or more servers is staggered in time from the rebuilding of the second server group of one or more servers. The servers may be physical servers or virtual machines. Rolling security may also be applied to software containers, computing devices within a data center, and computing devices outside of a data center.
摘要翻译：一种滚动包括多个服务器组的系统的安全性的方法，例如一个或多个服务器的第一服务器组和一个或多个服务器的第二服务器组。该方法包括重复启动一个或多个服务器的第一服务器组的重建。该方法还包括重复地启动一个或多个服务器的第二服务器组的重建。重新构建一个或多个服务器的第一个服务器组，从重新构建一个或多个服务器的第二个服务器组的时间开始交错。这些服务器可能是物理服务器或虚拟机。滚动安全性也可以应用于软件容器，数据中心内的计算设备以及数据中心之外的计算设备。

8. 发明申请

WO2016001917A3 SYSTEM AND METHOD OF GENERATING A SECURED COMMUNICATION LAYER 审中-公开
标题翻译：产生安全通信层的系统和方法
公开(公告)号：WO2016001917A3
公开(公告)日：2016-03-31
申请号：PCT/IL2015050669
申请日：2015-06-30
申请人： FIRMITAS CYBER SOLUTIONS ISRAEL LTD
发明人： KEINI GIL , SHAFT RAMI
IPC分类号： G06F7/04 , H04L9/32
CPC分类号： H04L63/20 , G06F21/52 , H04L63/0254 , H04L63/0263 , H04L63/101 , H04L63/1408 , H04L63/1416 , H04L63/1441
摘要： Techniques for generating a secure communication layer for a certain software application in a computer system are disclosed. The certain application is configured and operable to exchange data via a communication interface using a specific protocol implementation. A communication protocol model is generated for the specific protocol implementation based on input data about the specific communication protocol and being associated at least in part with functioning of the certain application. The generated communication protocol model is used for generating a dedicated protection layer component corresponding to the specific communication protocol, wherein the dedicated protection layer component is capable of analyzing communication traffic data associated with the certain application and validating communication traffic data addressed to the certain application and complying with the generated protocol model.
摘要翻译：公开了一种用于为计算机系统中的某个软件应用生成安全通信层的技术。特定应用被配置和操作以通过使用特定协议实现的通信接口来交换数据。基于关于特定通信协议的输入数据并且至少部分地与某些应用的功能相关联地，为特定协议实现生成通信协议模型。生成的通信协议模型用于生成对应于特定通信协议的专用保护层组件，其中专用保护层组件能够分析与特定应用相关联的通信业务数据，并验证寻址到特定应用的通信业务数据，符合生成的协议模型。

9. 发明申请

WO2015175007A1 METHOD TO ENABLE DEEP PACKET INSPECTION (DPI) IN OPENFLOW-BASED SOFTWARE DEFINED NETWORK (SDN) 审中-公开
标题翻译：在基于开放式软件定义网络（SDN）中启用深度分组检测（DPI）的方法
公开(公告)号：WO2015175007A1
公开(公告)日：2015-11-19
申请号：PCT/US2014/045312
申请日：2014-07-02
申请人： DELL SOFTWARE INC.
发明人： LING, Hui , CHEN, Zhong
IPC分类号： H04L1/00
CPC分类号： H04L63/0254 , H04L43/028 , H04L45/38 , H04L45/42 , H04L61/2007 , H04L63/0245 , H04L63/1408 , H04L63/1441 , H04L67/10 , H04L69/22
摘要： The present invention relates to a method and system for performing deep packet inspection of messages transmitted through a network switch in a Software Defined Network (SDN). Embodiments of the invention include a network switch, a controller, and a firewall in a software defined networking environment. In the present invention, the network switch is a simple network switch that is physically separate from the controller and the firewall. The invention may include a plurality of physically distinct network switches communicating with one or more controllers and firewalls. In certain instances, communications between the network switch, the controller, and the firewall are performed using the Open Flow standard communication protocol.
摘要翻译：本发明涉及一种用于对通过软件定义网络（SDN）中的网络交换机传送的消息进行深度分组检查的方法和系统。本发明的实施例包括在软件定义的联网环境中的网络交换机，控制器和防火墙。在本发明中，网络交换机是与控制器和防火墙物理分离的简单网络交换机。本发明可以包括与一个或多个控制器和防火墙通信的多个物理上不同的网络交换机。在某些情况下，使用Open Flow标准通信协议执行网络交换机，控制器和防火墙之间的通信。

10. 发明申请

WO2015108514A1 SECURITY AND ACCESS CONTROL 审中-公开
标题翻译：安全和访问控制
公开(公告)号：WO2015108514A1
公开(公告)日：2015-07-23
申请号：PCT/US2014/011652
申请日：2014-01-15
申请人： HEWLETT-PACKARD DEVELOPMENT COMPANY, L.P.
发明人： LASWELL, Matthew , LU, Wei
IPC分类号： G06F21/30 , G06F15/16
CPC分类号： H04L63/0254 , G06F21/554 , H04L63/105 , H04L63/205 , H04L67/02 , H04L67/10
摘要： According to an example, security and access control may include receiving traffic that is related to an application tier of a plurality of application tiers, and that is to be routed to another application tier or within the application tier. The attributes of the traffic related to the application tier may be analyzed, and based on the analysis, an application related to the traffic and a type of the traffic may be determined. The type of the traffic may be compared to a policy related to the application to determine whether the traffic is valid traffic or invalid traffic. Based on a determination that the traffic is valid traffic, the valid traffic may be forwarded to an intended destination. Further, based on a determination that the traffic is invalid traffic, the invalid traffic may be forwarded to a predetermined destination or blocked.
摘要翻译：根据一个示例，安全性和访问控制可以包括接收与多个应用层的应用层相关的流量，并且被路由到另一个应用层或应用层内。可以分析与应用层相关的流量的属性，并且基于分析，可以确定与流量相关的应用和流量的类型。可以将流量的类型与与应用相关的策略进行比较，以确定流量是有效流量还是无效流量。基于流量是有效流量的确定，可以将有效流量转发到预期的目的地。此外，基于业务是无效业务的确定，无效业务可以转发到预定目的地或被阻止。

你已经成功收藏专利！

检索式保存成功!

IPRDB

热门服务

关于我们

友情链接

联系方式