公开(公告)号：US20070074018A1

公开(公告)日：2007-03-29

申请号：US11534604

申请日：2006-09-22

Applicant: John Edwards

Inventor： John Edwards

IPC: H04L9/00

CPC classification number: H04L67/2804 ,  H04L63/0281 ,  H04L63/0428

Abstract: Methods and systems for communicating information between computer networks in which the information to be communicated is required at one location (e.g. for processing) but only available at another location. The information may be absent deliberately (for privacy reasons) or may simply be unavailable as an artefact of the computer network(s) involved. The required information, such as the internal client IP address, is inserted into the outgoing network communication in a manner that does not to materially affect the normal transit or utility of the network communication (e.g. as custom headers). The information is preferably inserted in an encrypted form, so that it may pass over a public network and be invulnerable to unauthorised scrutiny.

Abstract translation: 用于在计算机网络之间传送信息的方法和系统，其中在一个位置（例如用于处理）需要传送的信息，但是仅在另一个位置可用。 这些信息可能会因为隐私原因而被故意地存在，或者可能仅仅作为所涉及的计算机网络的伪影而不可用。 所需的信息（例如内部客户端IP地址）以不影响网络通信的正常转接或效用（例如，作为自定义报头）的方式被插入到传出网络通信中。 该信息优选地以加密的形式插入，使得它可以通过公共网络并且不受未经授权的审查的侵害。

公开(公告)号：US08255465B2

公开(公告)日：2012-08-28

申请号：US11534604

申请日：2006-09-22

Applicant: John Edwards

Inventor： John Edwards

IPC: G06F15/16 ,  G06F13/00 ,  G06F11/00

CPC classification number: H04L67/2804 ,  H04L63/0281 ,  H04L63/0428

Abstract: Methods and systems for communicating information between computer networks in which the information to be communicated is required at one location (e.g. for processing) but only available at another location. The information may be absent deliberately (for privacy reasons) or may simply be unavailable as an artifact of the computer network(s) involved. The required information, such as the internal client IP address, is inserted into the outgoing network communication in a manner that does not to materially affect the normal transit or utility of the network communication (e.g. as custom headers). The information is preferably inserted in an encrypted form, so that it may pass over a public network and be invulnerable to unauthorised scrutiny.

Abstract translation: 用于在计算机网络之间传送信息的方法和系统，其中在一个位置（例如用于处理）需要传送的信息，但是仅在另一个位置可用。 这些信息可能会因为隐私原因而故意不存在，或者可能无法用作所涉及的计算机网络的工件。 所需的信息（例如内部客户端IP地址）以不影响网络通信的正常转接或效用（例如，作为自定义报头）的方式被插入到传出网络通信中。 该信息优选地以加密的形式插入，使得它可以通过公共网络并且不受未经授权的审查的侵害。

公开(公告)号：US08689331B2

公开(公告)日：2014-04-01

申请号：US12636599

申请日：2009-12-11

Applicant: Bryan Feeney ,  Steven Poulson ,  John Edwards

Inventor： Bryan Feeney ,  Steven Poulson ,  John Edwards

IPC: G06F21/00

CPC classification number: G06F21/563

Abstract: The invention provides methods and systems for detecting exploits. A received file is examined to determine whether or not it corresponds to any of one or more predetermined models of normal file types. If the received file does not correspond to any of the one or more predetermined models of normal file types, it is flagged as a potential exploit.

Abstract translation: 本发明提供了用于检测漏洞的方法和系统。 检查接收到的文件以确定其是否对应于正常文件类型的一个或多个预定模型中的任何一个。 如果接收到的文件与普通文件类型的一个或多个预定模型中的任何一个不对应，则将其标记为潜在漏洞。

公开(公告)号：US08312143B2

公开(公告)日：2012-11-13

申请号：US11549567

申请日：2006-10-13

Applicant: Ivan Litovski ,  John Edwards

Inventor： Ivan Litovski ,  John Edwards

IPC: G06F15/173

CPC classification number: H04L67/34 ,  H04L63/0272 ,  H04L63/0823 ,  H04L67/14 ,  H04L69/24

Abstract: The invention provides systems and methods for securely transmitting data between a roaming computer and a managed network service over a shared public network. A secure connection is created between the roaming computer and a server computer that hosts or acts as a secure gateway to the managed network service. The connection is set up and established by a client agent installed on the roaming computer and a connection component of the managed service on the server computer. The client agent and the connection component of the managed service operate, on an initial request from the roaming computer to the managed service to negotiate the secure connection using certificate-based client authentication. The client certificate preferably includes user-specific attributes that can be extracted by the connection component and made available to the managed service to apply processing rules specific to the user.

Abstract translation: 本发明提供了通过共享公共网络在漫游计算机和被管理网络服务之间安全地传输数据的系统和方法。 在漫游计算机和托管或充当到受管网络服务的安全网关的服务器计算机之间创建安全连接。 连接由安装在漫游计算机上的客户端代理和服务器计算机上的受管服务的连接组件设置和建立。 被管理服务的客户端代理和连接组件在从漫游计算机到被管理服务的初始请求下操作，以使用基于证书的客户端认证来协商安全连接。 客户端证书优选地包括可由连接组件提取并使其可用于被管理服务以应用用户特定的处理规则的用户特定属性。

公开(公告)号：US20130067098A1

公开(公告)日：2013-03-14

申请号：US13648442

申请日：2012-10-10

Applicant: SCANSAFE LIMITED

Inventor： Ivan Litovski ,  John Edwards

IPC: G06F15/16

CPC classification number: H04L67/34 ,  H04L63/0272 ,  H04L63/0823 ,  H04L67/14 ,  H04L69/24

Abstract: The invention provides systems and methods for securely transmitting data between a roaming computer and a managed network service over a shared public network. A secure connection is created between the roaming computer and a server computer that hosts or acts as a secure gateway to the managed network service. The connection is set up and established by a client agent installed on the roaming computer and a connection component of the managed service on the server computer. The client agent and the connection component of the managed service operate, on an initial request from the roaming computer to the managed service to negotiate the secure connection using certificate-based client authentication. The client certificate preferably includes user-specific attributes that can be extracted by the connection component and made available to the managed service to apply processing rules specific to the user.

Abstract translation: 本发明提供了通过共享公共网络在漫游计算机和被管理网络服务之间安全地传输数据的系统和方法。 在漫游计算机和托管或充当到受管网络服务的安全网关的服务器计算机之间创建安全连接。 连接由安装在漫游计算机上的客户端代理和服务器计算机上的受管服务的连接组件设置和建立。 被管理服务的客户端代理和连接组件在从漫游计算机到被管理服务的初始请求下操作，以使用基于证书的客户端认证来协商安全连接。 客户端证书优选地包括可由连接组件提取并使其可用于被管理服务以应用用户特定的处理规则的用户特定属性。

公开(公告)号：US20100162400A1

公开(公告)日：2010-06-24

申请号：US12636599

申请日：2009-12-11

Applicant: Bryan Feeney ,  Steven Poulson ,  John Edwards

Inventor： Bryan Feeney ,  Steven Poulson ,  John Edwards

IPC: G06F11/00

CPC classification number: G06F21/563

Abstract: The invention provides methods and systems for detecting exploits. A received file is examined to determine whether or not it corresponds to any of one or more predetermined models of normal file types. If the received file does not correspond to any of the one or more predetermined models of normal file types, it is flagged as a potential exploit.

Abstract translation: 本发明提供了用于检测漏洞的方法和系统。 检查接收到的文件以确定其是否对应于正常文件类型的一个或多个预定模型中的任何一个。 如果接收到的文件与普通文件类型的一个或多个预定模型中的任何一个不对应，则将其标记为潜在漏洞。

公开(公告)号：US20100082979A1

公开(公告)日：2010-04-01

申请号：US12565671

申请日：2009-09-23

Applicant: John EDWARDS

Inventor： John EDWARDS

IPC: G06F15/16 ,  H04L9/32 ,  G06F15/177

CPC classification number: H04L67/2804 ,  H04L63/0428 ,  H04L63/083

Abstract: Methods and systems provide for sharing information between computer networks in which the information to be shared is required at one location (e.g. for the provision of a data-processing service) but is only available at a separate location. The information may be deliberately absent (e.g. for privacy reasons) or may be unavailable as an artifact of the computer network(s) involved. For the provision of a data-processing service, where several different devices on one network may service contiguous requests from a client device on another network according to a load-balancing strategy, data is propagated once only through the service network. Network communication software is subsequently amended to provide the minimal information necessary for a device on the service network to retrieve the information pertinent to the client device and necessary for its service. Therefore, a web-based single sign-on scheme can operate over HTTP to authorize data-processing services, such as web-filtering services.

Abstract translation: 方法和系统提供在计算机网络之间共享信息，其中在一个位置需要共享信息（例如用于提供数据处理服务），但是仅在单独的位置可用。 该信息可能故意缺席（例如出于隐私的原因），或者可能不可用作为所涉及的计算机网络的工件。 对于提供数据处理服务，其中一个网络上的若干不同设备可以根据负载平衡策略来服务于来自另一网络上的客户端设备的连续请求，数据仅通过服务网络传播一次。 随后修改网络通信软件，以便为服务网络上的设备提供必要的最少信息，以检索与客户端设备相关的信息，并为其服务所必需。 因此，基于Web的单点登录方案可以通过HTTP进行操作，以授权诸如Web过滤服务之类的数据处理服务。

公开(公告)号：US20070088834A1

公开(公告)日：2007-04-19

申请号：US11549567

申请日：2006-10-13

Applicant: Ivan Litovski ,  John Edwards

Inventor： Ivan Litovski ,  John Edwards

IPC: G06F15/16

CPC classification number: H04L67/34 ,  H04L63/0272 ,  H04L63/0823 ,  H04L67/14 ,  H04L69/24

Abstract: The invention provides systems and methods for securely transmitting data between a roaming computer and a managed network service over a shared public network. A secure connection is created between the roaming computer and a server computer that hosts or acts as a secure gateway to the managed network service. The connection is set up and established by a client agent installed on the roaming computer and a connection component of the managed service on the server computer. The client agent and the connection component of the managed service operate, on an initial request from the roaming computer to the managed service to negotiate the secure connection using certificate-based client authentication. The client certificate preferably includes user-specific attributes that can be extracted by the connection component and made available to the managed service to apply processing rules specific to the user.

Abstract translation: 本发明提供了通过共享公共网络在漫游计算机和被管理网络服务之间安全地传输数据的系统和方法。 在漫游计算机和托管或充当到受管网络服务的安全网关的服务器计算机之间创建安全连接。 连接由安装在漫游计算机上的客户端代理和服务器计算机上的受管服务的连接组件设置和建立。 被管理服务的客户端代理和连接组件在从漫游计算机到被管理服务的初始请求下操作，以使用基于证书的客户端认证来协商安全连接。 客户端证书优选地包括可由连接组件提取并使其可用于被管理服务以应用用户特定的处理规则的用户特定属性。