-
公开(公告)号:GB2356765B
公开(公告)日:2003-09-24
申请号:GB0019673
申请日:2000-08-11
Applicant: IBM
Inventor: GENTY DENISE MARIE , MCBREARTY GERALD FRANCIS , MULLEN SHAWN PATRICK , SHIEH JOHNNY MENG-HAN , UNNKRISHNAN RAMACHANDRAN
Abstract: A method and system for an algorithm-based network snoop avoider is provided. A first data processing system and a second data processing system communicate on a physical network by transmitting data packets on the network using a virtual private network (VPN). Data packets are transmitted through a first VPN tunnel between the first data processing system with a first network address terminating a first end of the VPN tunnel and the second data processing system with a second network address terminating a second end of the first VPN tunnel. The VPN is automatically reconfigured to use alternate addresses on the network for the tunnel endpoints by automatically determining, in accordance with a predetermined algorithm, a third network address and a fourth network address and by automatically assigning the third network address to the first data processing system and the fourth network address to the second data processing system. Data packets may then be transmitted through a second VPN tunnel in which a first end of the second VPN tunnel is terminated by the first data processing system using the third network address and a second end of the second VPN tunnel is terminated by the second data processing system using the fourth network address. The data packets may be transmitted using Internet Protocol (IP), and a portion of the network may include the Internet.
-
公开(公告)号:BR0005790A
公开(公告)日:2001-11-27
申请号:BR0005790
申请日:2000-11-22
Applicant: IBM
Inventor: CRONK MATTHEW SLADE , MCBREARTY GERALD FRANCIS , PATRICKMULLEN SHAWN , SHIEH JOHNNY MENG-HAN
Abstract: A method and system for running, on different computers at the same time, multiple operating systems from the same shared system resource is provided. This is accomplished, for example, by using persistent elemental disk reservations. Each machine reads the master boot record without reservation to determine the partition of the operating system to be booted. Each machine then makes an elemental exclusive write persistent reservation for accessing the operating system boot partition. This is followed by each machine making another elemental exclusive write persistent reservation for accessing the operating system partition itself. Each machine is assigned a different operating system partition even if they are running the same operating system. The unique reservation key for these reservations is created from at least on of a Processor ID, a Cluster ID, a Multiple Processor partition ID, a Non-Uniform Memory Access complex ID, and/or a Non-Uniform Memory Access node ID.
-
公开(公告)号:CA2307296A1
公开(公告)日:2000-12-03
申请号:CA2307296
申请日:2000-05-01
Applicant: IBM
Inventor: SHIEH JOHNNY MENG-HAN , MCBREARTY GERALD FRANCIS , MADDALOZZO JOHN JR
Abstract: There is provided a user friendly display interface system for the interactive handling and sorting out of windows in complex window hierarchical graphical user interfaces. The system provides for the storage of a hierarchy of windows which are displayable to overlap each other in a selected order whereby a plurality of said windows are partially visible. Apparatus is provided for displaying on a display screen a plurality of these partially overlapping windows. A different audio identifier is provided and stored for each of these windows. Further apparatus is provided for moving around and positioning a pointing device, such as a cursor on the display screen, in combination with means responsive to the pointing device for announcing the audio identifier for each window which said pointing device enters. The pointing device may be a user controlled cursor, a stylus or even a finger in touch sensitive display systems. The audio identifier may conveniently be the name in the title bar of the window.
-
公开(公告)号:CA2783394C
公开(公告)日:2019-03-05
申请号:CA2783394
申请日:2010-12-08
Applicant: IBM
Inventor: MULLEN SHAWN PATRICK , SHIEH JOHNNY MENG-HAN , MURILLO JESSICA CAROL , MCBREARTY GERALD FRANCIS , KEOHANE SUSANN MARIE
Abstract: Provided are techniques for to enable a virtual input/output server (VIOS) to establish cryptographically secure signals with target LPARs to detect an imposter or spoofing LPAR. The secure signal, or "heartbeat," may be configured as an Internet Key Exchange/Internet Protocol Security (IKE/IPSec) encapsulated packet (ESP) connection or tunnel. Within the tunnel, the VIOS pings each target LPAR and, if a heartbeat is interrupted, the VIOS makes a determination as to whether the tunnel is broken, the corresponding LPAR is down or a media access control (MAC) spoofing attack is occurring. The determination is made by sending a heartbeat that is designed to fail unless the heartbeat is received by a spoofing device.
-
公开(公告)号:CA2698317C
公开(公告)日:2017-02-28
申请号:CA2698317
申请日:2008-09-22
Applicant: IBM
Inventor: KEOHANE SUSANN MARIE , MCBREARTY GERALD FRANCIS , MULLEN SHAWN PATRICK , MURILLO JESSICA CAROL , SHIEH JOHNNY MENG-HAN
IPC: H04L45/122
Abstract: A computer implemented method, data processing system, and computer program product for discovering an unauthorized router in a network. The process in the illustrative embodiments first obtains a physical address of a suspected router or destination device. A data packet is created which comprises at least a destination media access control field, a destination internet protocol field, and a time-to-live field, wherein the destination media access control field comprises the physical address of the destination device, wherein the destination internet protocol field comprises a bogus internet protocol address, and wherein the time-to-live field comprises a value indicating the data packet has exceeded a time limit. The data packet is sent to the destination device using the physical address in the destination media access control field. If a time exceeded message is received from the destination device, the destination device is determined to be enabled for routing.
-
Patent Agency Ranking
公开(公告)号:MX2009011403A
公开(公告)日:2009-11-05
申请号:MX2009011403
申请日:2008-04-16
Applicant: IBM
Inventor: KEOHANE SUSANN MARIE , MCBREARTY GERALD FRANCIS , MULLEN SHAWN PATRICK , MURILLO JESSICA CAROL , SHIEH JOHNNY MENG-HAN
Abstract: Se describe un método implementado por computadora, aparato y producto de computadora para la protección de barrido de puertos. Un paquete de datos de respuesta que tiene un encabezado de protocolo de control de transmisión modificado es generado para formar un paquete de datos de respuesta modificado en respuesta a la detección de un barrido de puertos. El paquete de datos de respuesta modificados producirá alguna respuesta de un receptor del paquete de datos modificado. El paquete de datos de respuesta es enviado a una primera dirección de protocolo de Internet asociada con el barrido de puertos. Una segunda dirección de protocolo de Internet es identificada de un encabezado de respuesta al paquete de datos de respuesta modificado. La segunda dirección de protocolo de Internet es una dirección de promotor de Internet de una fuente de barrido de puertos. Todo el tráfico de red de la segunda dirección de protocolo de Internet puede ser bloqueado para impedir un ataque sobre cualesquier puertos abiertos de la fuente del barrido de puertos.
-
公开(公告)号:CA2481682C
公开(公告)日:2009-05-19
申请号:CA2481682
申请日:2002-10-28
Applicant: IBM
Inventor: SHIEH JOHNNY MENG-HAN , MULLEN SHAWN PATRICK , MCBREARTY GERALD FRANCIS , TESAURO JAMES STANLEY
Abstract: The present invention involves the recognition that since an eavesdropper listening adjacent to a wireless LAN is likely to be mobile and operating on a short time cycle, he himself is likely to be wirelessly transmitting his tes t message. Consequently, the present invention provides the combination of apparatus for eavesdropping within an area layer adjacent to and surrounding the LAN area periphery for potential wireless transmissions of an intruder having a lower frequency within a level below the LAN frequency and addresse d to the network location of any one of the computer terminals in the LAN; and an implementation responsive to said eavesdropping means for changing the encryption code of said encrypted wireless transmission upon the eavesdroppi ng detection of a wireless transmission of said lower frequency addressed to a network location of one of the terminals in said LAN. There is the recogniti on that there are several factors contributing to the success of the process of the invention. It is likely that the intruder must send his message at a low er frequency than the 2.4 GHz frequency of the LAN area transmissions because t he intruder will probably have to reach a base station tower over a longer distance or range than the adjacent target wireless LAN facility. This insur es thatthe eavesdropping of the present invention will be at a lower frequency and, thus, not interfered with by the transmissions within the LAN.
-
公开(公告)号:DE10052311B4
公开(公告)日:2006-10-26
申请号:DE10052311
申请日:2000-10-21
Applicant: IBM
Inventor: GENTY DENISE MARIE , MCBREARTY GERALD FRANCIS , MULLEN SHAWN PATRICK , SHIEH JOHNNY MENG-HAN , UNNIKRISHNAN RAMACHANDRAN
Abstract: Disclosed is a system and method for enhancing the security and reliability of virtual private network (VPN) connections by manually exchanging secondary configuration information. If a compromise is detected on a main VPN tunnel, a new VPN tunnel can be created by the system administrators using the secondary configuration, stymieing attempted security violations and providing nearly continuous service to the users. A compromise may be indicative of a security breach or other problem with the VPN. The main VPN tunnel may be abandoned or fed with false data to confuse would-be intruders if the compromise is a security compromise.
-
公开(公告)号:AT339733T
公开(公告)日:2006-10-15
申请号:AT04727590
申请日:2004-04-15
Applicant: IBM
Inventor: KEOHANE SUSANN MARIE , MCBREARTY GERALD FRANCIS , MULLEN SHAWN PATRICK , MURILLO JESSICA KELLEY , SHIEH JOHNNY MENG-HAN
Abstract: A security protocol that dynamically implements enhanced mount security of a filesystem when access to sensitive files on a networked filesystem is requested. When the user of a client system attempts to access a specially-tagged sensitive file, the server hosting the filesystem executes a software code that terminates the current mount and re-configures the server ports to accept a re-mount from the client via a more secure port. The server re-configured server port is provided the IP address of the client and matches the IP address during the re-mount operation. The switch to a secure mount is completed in a seamless manner so that authorized users are allowed to access sensitive files without bogging down the server with costly encryption and other resource-intensive security features. No significant delay is experienced by the user, while the sensitive file is shielded from un-authorized capture during transmission to the client system.
-
20.发明专利
-
-
-
-
-
-
-
-
-
Search Results
42
records
(took 0.02 seconds)
