Application layer security method and system,申请号NZ20020527915-传众专利搜索

首页产品黄页商标征信

会员服务注册登录

法人/股东/高管

发明名称	Application layer security method and system
摘要	A system for implementing an application security layer between an application and a distrusted computer environment comprises: means for receiving an application operation request, wherein the operation request comprises one or more parameters; an identification module for identifying the one or more parameters; and a router module for routing each of the one or more parameters to one or a plurality of application paths according to a routing scheme. A method for protecting an application from executing an illegal or harmful operation request received from a distrusted environment comprises: applying at least one pipes to an application-layer contents of an operation request to determine if the operation request is illegal or harmful to an environment of the application and preventing the application from executing an illegal or harmful operation request. The at least one pipe can be: a database driven pipe involving database operations and is aimed at finding patterns that show malicious intentions in a database request; a deterministic type pipe inspecting incoming operation requests for known vulnerability patterns. A HTML driven pipe ensures that an application operates as designed and implemented by the application owner; an application-node blocking pipe restricts remote user requests from entering application paths that are designated as restricted by an application owner; a cookie-based pipe protecting client side cookies from being modified or manipulated by the user and/or a SOAP pipe protecting web services from servicing harmful client requests or preventing requests for services that remote clients or a specific client is unauthorized to call. The pipe checks each outgoing reply for its parameters names and values, then validates the next client based on a comparison between the incoming and outgoing parameters. A pipe blocks distrusted operation requests from being forwarded to a trusted environment or zone within a trusted network. A pipe validates an incoming parameter value according to pre-defined expression rules.
申请公布号	NZ527915(A)	申请公布日期	2005.05.27
申请号	NZ20020527915	申请日期	2002.03.15
申请人	KAVADO, INC	发明人	BEN-ITZHAK, YUVAL
分类号	G06F21/20;G06F13/00;G06F21/00;H04L29/06;(IPC1-7):G06F11/30	主分类号	G06F21/20
代理机构		代理人
主权项
地址

您可能感兴趣的专利

DATA PROCESSING SYSTEM

OPTICAL FIBER SENSOR

DETECTING DEVIDE FOR FUEL RESIDUAL QUANTITY

DETECTING SYSTEM OF GAS CONCENTRATION

FLUIDIZED LAYER TYPE DISPOSING FURNACE

ROTARY COMPRESSOR

COMBUSTION GAS GENERATOR FOR FLUID PRESSURE ENGINE

EXHAUST PORT LINER IN INTERNAL-COMBUSTION ENGINE

OPERATED CYLINDER NUMBER CONTROLLING TYPE ENGINE

EXHAUST PASSAGE OF ENGINE

SUCTION SYSTEM FOR INTERNAL-COMBUSTION ENGINE

PUMP INSTALLATION METHOD

TEST SYSTEM FOR MULTI-CHANNEL VOICE RECOGNITION UNIT

VOICE LOAD DRIVER FOR VEHICLE

DOCUMENT PROCESSOR

ENGINE FIRING CONTROL CIRCUIT

PREPARATION OF CONFECTIONARY FAT

TRANSMISSION SIGNAL INSPECTION SYSTEM

MANUFACTURE OF STATOR FOR IGNITION PULSE GENERATOR OF IGNITION DISTRIBUTOR OF INTERNAL COMBUSTION ENGINE