-
公开(公告)号:CA2481682C
公开(公告)日:2009-05-19
申请号:CA2481682
申请日:2002-10-28
Applicant: IBM
Inventor: SHIEH JOHNNY MENG-HAN , MULLEN SHAWN PATRICK , MCBREARTY GERALD FRANCIS , TESAURO JAMES STANLEY
Abstract: The present invention involves the recognition that since an eavesdropper listening adjacent to a wireless LAN is likely to be mobile and operating on a short time cycle, he himself is likely to be wirelessly transmitting his tes t message. Consequently, the present invention provides the combination of apparatus for eavesdropping within an area layer adjacent to and surrounding the LAN area periphery for potential wireless transmissions of an intruder having a lower frequency within a level below the LAN frequency and addresse d to the network location of any one of the computer terminals in the LAN; and an implementation responsive to said eavesdropping means for changing the encryption code of said encrypted wireless transmission upon the eavesdroppi ng detection of a wireless transmission of said lower frequency addressed to a network location of one of the terminals in said LAN. There is the recogniti on that there are several factors contributing to the success of the process of the invention. It is likely that the intruder must send his message at a low er frequency than the 2.4 GHz frequency of the LAN area transmissions because t he intruder will probably have to reach a base station tower over a longer distance or range than the adjacent target wireless LAN facility. This insur es thatthe eavesdropping of the present invention will be at a lower frequency and, thus, not interfered with by the transmissions within the LAN.
-
公开(公告)号:DE10052311B4
公开(公告)日:2006-10-26
申请号:DE10052311
申请日:2000-10-21
Applicant: IBM
Inventor: GENTY DENISE MARIE , MCBREARTY GERALD FRANCIS , MULLEN SHAWN PATRICK , SHIEH JOHNNY MENG-HAN , UNNIKRISHNAN RAMACHANDRAN
Abstract: Disclosed is a system and method for enhancing the security and reliability of virtual private network (VPN) connections by manually exchanging secondary configuration information. If a compromise is detected on a main VPN tunnel, a new VPN tunnel can be created by the system administrators using the secondary configuration, stymieing attempted security violations and providing nearly continuous service to the users. A compromise may be indicative of a security breach or other problem with the VPN. The main VPN tunnel may be abandoned or fed with false data to confuse would-be intruders if the compromise is a security compromise.
-
公开(公告)号:AT339733T
公开(公告)日:2006-10-15
申请号:AT04727590
申请日:2004-04-15
Applicant: IBM
Inventor: KEOHANE SUSANN MARIE , MCBREARTY GERALD FRANCIS , MULLEN SHAWN PATRICK , MURILLO JESSICA KELLEY , SHIEH JOHNNY MENG-HAN
Abstract: A security protocol that dynamically implements enhanced mount security of a filesystem when access to sensitive files on a networked filesystem is requested. When the user of a client system attempts to access a specially-tagged sensitive file, the server hosting the filesystem executes a software code that terminates the current mount and re-configures the server ports to accept a re-mount from the client via a more secure port. The server re-configured server port is provided the IP address of the client and matches the IP address during the re-mount operation. The switch to a secure mount is completed in a seamless manner so that authorized users are allowed to access sensitive files without bogging down the server with costly encryption and other resource-intensive security features. No significant delay is experienced by the user, while the sensitive file is shielded from un-authorized capture during transmission to the client system.
-
24.发明专利
公开(公告)号:CA2439441A1
公开(公告)日:2002-09-26
申请号:CA2439441
申请日:2002-03-04
Applicant: IBM
Inventor: MULLEN SHAWN PATRICK , VENKATARAMAN GUHA PRASAD
Abstract: Encryption is provided in wireless personal palm type computer devices for Internet transmitted documents despite the limited data processing and memor y functions in such devices. The palm type device initially encrypts only a portion of a text document which is then wirelessly transmitted to the serve r computer which normally functions as the Web server, i.e. the server through which Web computer terminals are wired or connected into the Web. This Web server then further encrypts the received text document and then further transmits this further encrypted document to a terminal in said network. Preferably, the further encryption in the server involves two steps: decrypting the lower level encryption (necessitated by the limited CPU and memory resources in the palm device) to restore the text document at the server before the server may then re-encrypt the whole document using a high er level conventional 128 bit Web encryption protocols such as SSL.
-
公开(公告)号:CA2630664C
公开(公告)日:2014-03-18
申请号:CA2630664
申请日:2006-10-09
Applicant: IBM
Inventor: BROWN TRISTAN ANTHONY , MULLEN SHAWN PATRICK , VENKATSUBRA VENKAT
IPC: H04L29/06
Abstract: A mechanism is provided for identifying a snooping device in a network environment. A snoop echo response extractor generates an echo request packet with a bogus MAC address that will only be received by a snooping device. The snoop echo response extractor also uses an IP address that will cause the snooping device to respond to the echo request. Non-snooping devices discard the echo request packet. Upon receiving the response packet, the snooping device is identified.
-
Patent Agency Ranking
公开(公告)号:CA2672528C
公开(公告)日:2013-06-25
申请号:CA2672528
申请日:2008-04-16
Applicant: IBM
Inventor: KEOHANE SUSANN MARIE , MCBREARTY GERALD FRANCIS , MULLEN SHAWN PATRICK , MURILLO JESSICA CAROL , SHIEH JOHNNY MENG-HAN
Abstract: A computer implemented method, apparatus, and computer program product for port scan protection. A reply data packet having a modified transmission control protocol header is generated to form a modified reply data packet, in response to detecting a port scan. The modified reply data packet will illicit a response from a recipient of the modified data packet. The reply data packet is sent to a first Internet protocol address associated with the port scan. A second Internet protocol address is identified from a header of the response to the modified reply data packet. The second Internet protocol address is an actual Internet protocol address of a source of the port scan. All network traffic from the second Internet protocol address may be blocked to prevent an attack on any open ports from the source of the port scan.
-
公开(公告)号:CA2525249C
公开(公告)日:2011-03-29
申请号:CA2525249
申请日:2004-04-15
Applicant: IBM
Inventor: KEOHANE SUSANN MARIE , MCBREARTY GERALD FRANCIS , MULLEN SHAWN PATRICK , MURILLO JESSICA KELLEY , SHIEH JOHNNY MENG-HAN
Abstract: A security protocol that dynamically implements enhanced mount security of a filesystem when access to sensitive files on a networked filesystem is requested. When the user of a client system attempts to access a specially-tagged sensitive file, the server hosting the filesystem executes a software code that terminates the current mount and reconfigures the server ports to accept a re-mount from the client via a more secure port. The server reconfigured server port is provided the IP address of the client and matches the IP address during the re-mount operation. The switch to a secure mount is completed in a seamless manner so that authorized users are allowed to access sensitive files without bogging down the server with costly encryption and other resource-intensive security features. No significant delay is experienced by the user, while the sensitive file is shielded from unauthorized capture during transmission to the client system.
-
公开(公告)号:DE602008003560D1
公开(公告)日:2010-12-30
申请号:DE602008003560
申请日:2008-04-16
Applicant: IBM
-
公开(公告)号:DE60208810T2
公开(公告)日:2006-08-31
申请号:DE60208810
申请日:2002-10-28
Applicant: IBM
Inventor: MCBREARTY GERALD FRANCIS , MULLEN SHAWN PATRICK , SHIEH JOHNNY MENG-HAN , TESAURO JAMES STANLEY
Abstract: Apparatus for eavesdropping within an area layer adjacent to and surrounding a LAN area periphery for potential wireless transmissions of an intruder having a lower frequency within a level below the LAN frequency; and an implementation responsive to said eavesdropping apparatus for changing the encryption code of said encrypted wireless transmission upon the eavesdropping detection of a wireless transmission of said lower frequency addressed to a network location of one of the terminals in said LAN.
-
公开(公告)号:AT316313T
公开(公告)日:2006-02-15
申请号:AT02772566
申请日:2002-10-28
Applicant: IBM
Inventor: MCBREARTY GERALD FRANCIS , MULLEN SHAWN PATRICK , SHIEH JOHNNY MENG-HAN , TESAURO JAMES STANLEY
Abstract: Apparatus for eavesdropping within an area layer adjacent to and surrounding a LAN area periphery for potential wireless transmissions of an intruder having a lower frequency within a level below the LAN frequency; and an implementation responsive to said eavesdropping apparatus for changing the encryption code of said encrypted wireless transmission upon the eavesdropping detection of a wireless transmission of said lower frequency addressed to a network location of one of the terminals in said LAN.
-
-
-
-
-
-
-
-
-
Search Results
46
records
(took 0.019 seconds)
