知搜-全球专利检索

  1. Login
  2. Sign Up

Search Results

10 records (took 0.018 seconds)

    Method for performing TLS/SSL inspection based on verified subject name
    1.
    发明授权
    Method for performing TLS/SSL inspection based on verified subject name 有权

    公开(公告)号:US11411924B2

    公开(公告)日:2022-08-09

    申请号:US16226661

    申请日:2018-12-20

    Applicant: CHECK POINT SOFTWARE TECHNOLOGIES LTD.

    Inventor: Pavel Isaev Idan Sayag Alexey Volodin Tamir Zegman

    IPC: H04L9/40 H04L9/32

    Abstract: Methods and systems for processing cryptographically secured connections by a gateway, between a client and a server, are performed. Upon receiving TCP and TLS/SSL handshakes associated with a client side connection, from a client (client computer) to the gateway, a probing connection is established. The probing connection completes the handshakes, and based on the completion of the handshakes, the gateway renders a decision, to bypass, block or inspect, the connections between the client and the server, allowing or not allowing data to pass through the connections between the client and the server.

    LOCATION-AWARE RATE-LIMITING METHOD FOR MITIGATION OF DENIAL-OF-SERVICE ATTACKS
    2.
    发明申请
    LOCATION-AWARE RATE-LIMITING METHOD FOR MITIGATION OF DENIAL-OF-SERVICE ATTACKS 有权
    用于减轻服务质量攻击的定位速率限制方法

    公开(公告)号:US20140351878A1

    公开(公告)日:2014-11-27

    申请号:US13900576

    申请日:2013-05-23

    Applicant: Check Point Software Technologies Ltd.

    Inventor: Tamir Zegman Ofer Barkai

    IPC: H04L29/06

    CPC classification number: H04L63/0227 H04L43/106 H04L63/1458

    Abstract: A network component has a set of one or more rules, each of which has a match component and an action component. If an incoming packet maps to the match component of a rule, then the packet is handled according to the rule's action component. If the rule also includes a limit component, then if the packet maps to the rule's match component, a family history of the rule is updated, and the packet is handled according to the rule's action component only if the rule's family history satisfies the rule's limit component.

    Abstract translation: 网络组件具有一组一个或多个规则,每个规则具有匹配组件和动作组件。 如果传入的分组映射到规则的匹配组件,则根据规则的动作组件来处理该分组。 如果规则还包含限制组件,则如果分组映射到规则的匹配组件,则更新规则的家族历史,并且仅当规则的家族历史满足规则的限制时才根据规则的动作组件来处理分组 零件。

    Penalty box for mitigation of denial-of-service attacks
    9.
    发明授权
    Penalty box for mitigation of denial-of-service attacks 有权
    减轻拒绝服务攻击的惩罚方案

    公开(公告)号:US08844019B2

    公开(公告)日:2014-09-23

    申请号:US13682754

    申请日:2012-11-21

    Applicant: Check Point Software Technologies Ltd.

    Inventor: Ofer Barkai Dorit Dor Tamir Zegman

    IPC: H04L29/06

    CPC classification number: H04L63/0281 H04L63/0227 H04L63/1425 H04L63/1458

    Abstract: A security gateway of a computer network receives incoming packets at one or more network interfaces. One or more security functions are applied to the packets. Reports of security function violations are recorded. The reports include the source addresses of the packets, the times that the packets were received, and descriptions of the violations. The descriptions include weights, and if the sum of the weights, for packets of a common source address that are received within a first time interval, exceeds a threshold, subsequent packets from that source address are dropped. Alternatively, in a “monitor only” mode, the common source address is logged but packets are not dropped. Optionally, encrypted packets and/or packets received at some network interfaces but not at other network interfaces are not dropped.

    Abstract translation: 计算机网络的安全网关在一个或多个网络接口处接收传入的分组。 一个或多个安全功能被应用于分组。 记录安全功能违规的报告。 这些报告包括报文的源地址,接收报文的时间以及违规的描述。 描述包括权重,并且如果在第一时间间隔内接收到的公共源地址的分组的权重之和超过阈值,则来自该源地址的后续分组被丢弃。 或者,在“仅监视”模式下,记录公共源地址,但不会丢弃数据包。 可选地,在一些网络接口而不是在其他网络接口处接收到的加密分组和/或分组不被丢弃。

    PENALTY BOX FOR MITIGATION OF DENIAL-OF-SERVICE ATTACKS
    10.
    发明申请
    PENALTY BOX FOR MITIGATION OF DENIAL-OF-SERVICE ATTACKS 有权
    罚X。。。。。。。。。。。。。。。

    公开(公告)号:US20140143850A1

    公开(公告)日:2014-05-22

    申请号:US13682754

    申请日:2012-11-21

    Applicant: CHECK POINT SOFTWARE TECHNOLOGIES LTD.

    Inventor: Ofer Barkai Dorit Dor Tamir Zegman

    IPC: H04L29/06

    CPC classification number: H04L63/0281 H04L63/0227 H04L63/1425 H04L63/1458

    Abstract: A security gateway of a computer network receives incoming packets at one or more network interfaces. One or more security functions are applied to the packets. Reports of security function violations are recorded. The reports include the source addresses of the packets, the times that the packets were received, and descriptions of the violations. The descriptions include weights, and if the sum of the weights, for packets of a common source address that are received within a first time interval, exceeds a threshold, subsequent packets from that source address are dropped. Alternatively, in a “monitor only” mode, the common source address is logged but packets are not dropped. Optionally, encrypted packets and/or packets received at some network interfaces but not at other network interfaces are not dropped.

    Abstract translation: 计算机网络的安全网关在一个或多个网络接口处接收传入的分组。 一个或多个安全功能被应用于分组。 记录安全功能违规的报告。 这些报告包括报文的源地址,接收报文的时间以及违规的描述。 描述包括权重,并且如果在第一时间间隔内接收到的公共源地址的分组的权重之和超过阈值,则来自该源地址的后续分组被丢弃。 或者,在“仅监视”模式下,记录公共源地址,但不会丢弃数据包。 可选地,在一些网络接口而不是在其他网络接口处接收到的加密分组和/或分组不被丢弃。

Patent Agency Ranking