Patent application number | Description | Published |
20080235799 | Network Attack Signature Generation - Described is a technique for detecting attacks on a data communications network having a plurality of addresses for assignment to data processing systems in the network. The technique involves identifying data traffic on the network originating at any assigned address and addressed to any unassigned address. Any data traffic so identified is inspected for data indicative of an attack. On detection of data indicative of an attack, an alert signal is generated. | 09-25-2008 |
20080313469 | STATELESS METHODS FOR RESOURCE HIDING AND ACCESS CONTROL SUPPORT BASED ON URI ENCRYPTION - An apparatus and method are disclosed for enabling controlled access to resources at a resource provider server. The invention may encrypt or decrypt a portion of a uniform resource identifier (URI), according to a stateless method for hiding resources and/or providing access control support. Upon receipt of a URI having an encrypted portion, the invention decrypts the encrypted portion using a predetermined key to obtain a decrypted segment, extracts additional information from the decrypted segment and forms a decrypted URI, before the decrypted URI is forwarded to a resource producer server. The invention may also encrypt a URI from a resource provider server before it is sent to a client in response to a client request. | 12-18-2008 |
20090037583 | DETECTION AND CONTROL OF PEER-TO-PEER COMMUNICATION - A method and apparatus are provided for detecting peer-to-peer communication on a data communication network, between an internal client machine within an internal address space and an external client machine. The method includes routing all messages addressed to internal client machines to an analysis device. The analysis device identifies messages pertaining to peer-to-peer communication and identifies the internal client machine to which the messages of a specified nature were addressed. The analysis device terminates the connection with the external client machine if the establishing of the peer-to-peer communication is in violation of a pre-determined internal network rule. | 02-05-2009 |
20090070870 | Detecting network attacks - Described is a technique for detecting attacks on a data communications network having a plurality of addresses for assignment to data processing systems in the network. The technique involves identifying data traffic on the network originating at any assigned address and addressed to any unassigned address. Any data traffic so identified is inspected for data indicative of an attack. On detection of data indicative of an attack, an alert signal is generated. | 03-12-2009 |
20090144419 | IP NETWORK MANAGEMENT - Methods and apparatus are provided for managing an IP network interconnecting a plurality of network hosts ( | 06-04-2009 |
20090287706 | PRIVACY AND CONFIDENTIALITY PRESERVING REPORTING OF URLS - A method of preserving privacy and confidentiality in a system where information is associated with an existing web page having an address. The method includes receiving a store command from a first user system, the store command including at least a database key and information to be associated with the web page, wherein the database key was created by performing a cryptographic hash function on the address of the web page; storing the information at a location in a storage database; associating the location with the database key; receiving a retrieve command from a second user system, the retrieve command including the database key calculated by the second user system; retrieving stored information from one or more locations in the database associated with the database key; and transmitting the stored information to the second user system. | 11-19-2009 |
20090313136 | Stateless Methods for Resource Hiding and Access Control Support Based on URI Encryption - An apparatus and method are disclosed for enabling controlled access to resources at a resource provider server. The invention may encrypt or decrypt a portion of a uniform resource identifier (URI), according to a stateless method for hiding resources and/or providing access control support. Upon receipt of a URI having an encrypted portion, the invention decrypts the encrypted portion using a predetermined key to obtain a decrypted segment, extracts additional information from the decrypted segment and forms a decrypted URI, before the decrypted URI is forwarded to a resource producer server. The invention may also encrypt a URI from a resource provider server before it is sent to a client in response to a client request. | 12-17-2009 |
20090319530 | MECHANISM FOR UNEQUIVOCALLY REFERENCING CONTENT IN WEB 2.0 APPLICATIONS - A method is provided for referencing content by generating a bound uniform resource locator. Content is selected, a fragment identifier is calculated for the content, and the content is normalized. A content digest of the normalized content is calculated. A content binding document is assembled in which the content binding document comprises: an original URL to the content, the fragment identifier, the name of a method for normalizing the content, the name of a method for calculating the content digest, and the content digest. A content binding document digest is calculated. A bound universal resource locator is generated that contains the content binding document digest and the name of the method that was used to calculate the content binding document digest. The content binding document is stored using its digest as a file name or database key, and the content binding document can be retrieved using the bound universal resource locator. | 12-24-2009 |
20090319794 | SEMANTIC DIGITAL SIGNATURES - A method is provided for adding intended meaning to digital signatures. A message, being base content, is received to be signed. Assertions, ontologies, and description of a reasoner are adjoined to the message. Ontologies are a formal specification of vocabulary and rules used to state the assertions. The reasoner validates the assertions against the corresponding ontologies. A compound message is formed including the message, the assertions, the ontologies, and the reasoner. The compound message is signed using a cryptographic digital signature, where the assertions indicate an intended meaning of the digital signature. During verification of semantic signatures, a digital signature is received for a compound message, where the compound message includes assertions, ontologies, and reasoner. The digital signature is verified, and the compound message structure is checked for semantic signature conformance. In response to proper verification, the reasoner is utilized to verify a conformance of the assertions to the ontologies. | 12-24-2009 |
20100235342 | TAGGING SYSTEM USING INTERNET SEARCH ENGINE - A method of acquiring tags using web search includes receiving a search query in a search engine, processing the search query and returning a list of candidate resources corresponding to the search query, determining a candidate resource out of the list of candidate resources, extracting tags from the search query, and tagging the candidate resource with the extracted tags. | 09-16-2010 |
20120096548 | NETWORK ATTACK DETECTION - A method and apparatus are provided for detecting attacks on a data communication network. The apparatus includes a router with a mechanism for monitoring return messages addressed to an originating user system local to the router. The mechanism includes a message checker for identifying a return message of a specified nature and a rerouter for temporarily routing subsequent messages from the originating user system to the intrusion detection sensor. | 04-19-2012 |