专利快速检索-快速检索全球专利，免费商用专利数据库-IPRDB

1. 发明授权

US08156325B2 Role aware network security enforcement 有权
标题翻译：角色感知网络安全执法
公开(公告)号：US08156325B2
公开(公告)日：2012-04-10
申请号：US12868696
申请日：2010-08-25
申请人： Sean Convery , David R. Oran , James Rivers , John Schnizlein , Ralph Droms , Mark Stapp
发明人： Sean Convery , David R. Oran , James Rivers , John Schnizlein , Ralph Droms , Mark Stapp
IPC分类号： H04L29/06
CPC分类号： H04L63/0263 , H04L29/12301 , H04L61/2076 , H04L63/0236 , H04L63/101 , H04L63/102 , H04L63/20 , H04W12/08
摘要： Generating a binding between a source address and one or more roles of a user accessing the network and distributing the binding to a filter node. The source address is currently assigned to the device. The binding may be generated by one or more nodes on an ingress path used during authentication of the user. The binding may be distributed to the filter node on demand or without any request from the filter node. Responsive to a determination that the user is associated with a new source address, a new binding is generated to associate a new source address with the one or more roles for the user. The new binding is distributed to the filter node. Another aspect is a method of enforcing a role based security policy at a filter node, using bindings of source addresses to roles.
摘要翻译：在源地址和访问网络的用户的一个或多个角色之间生成绑定，并将绑定分发到过滤器节点。源地址当前分配给设备。绑定可以由用户认证期间使用的入口路径上的一个或多个节点生成。绑定可以根据需要分配到过滤节点，也可以不经过过滤器节点的任何请求。响应于确定用户与新的源地址相关联，生成新的绑定以将新的源地址与用户的一个或多个角色相关联。新的绑定被分发到过滤器节点。另一方面是在过滤器节点上使用源地址绑定到角色来实施基于角色的安全策略的方法。

2. 发明申请

US20100322241A1 ROLE AWARE NETWORK SECURITY ENFORCEMENT 有权
标题翻译：角色网络安全执行
公开(公告)号：US20100322241A1
公开(公告)日：2010-12-23
申请号：US12868696
申请日：2010-08-25
申请人： Sean CONVERY , David R. Oran , James Rivers , John Schnizlein , Ralph Droms , Mark Stapp
发明人： Sean CONVERY , David R. Oran , James Rivers , John Schnizlein , Ralph Droms , Mark Stapp
IPC分类号： H04L12/56
CPC分类号： H04L63/0263 , H04L29/12301 , H04L61/2076 , H04L63/0236 , H04L63/101 , H04L63/102 , H04L63/20 , H04W12/08
摘要： Generating a binding between a source address and one or more roles of a user accessing the network and distributing the binding to a filter node. The source address is currently assigned to the device. The binding may be generated by one or more nodes on an ingress path used during authentication of the user. The binding may be distributed to the filter node on demand or without any request from the filter node. Responsive to a determination that the user is associated with a new source address, a new binding is generated to associate a new source address with the one or more roles for the user. The new binding is distributed to the filter node. Another aspect is a method of enforcing a role based security policy at a filter node, using bindings of source addresses to roles.
摘要翻译：在源地址和访问网络的用户的一个或多个角色之间生成绑定，并将绑定分发到过滤器节点。源地址当前分配给设备。绑定可以由用户认证期间使用的入口路径上的一个或多个节点生成。绑定可以根据需要分配到过滤节点，也可以不经过过滤器节点的任何请求。响应于确定用户与新的源地址相关联，生成新的绑定以将新的源地址与用户的一个或多个角色相关联。新的绑定被分发到过滤器节点。另一方面是在过滤器节点上使用源地址绑定到角色来实施基于角色的安全策略的方法。

3. 发明授权

US07814311B2 Role aware network security enforcement 有权
标题翻译：角色感知网络安全执法
公开(公告)号：US07814311B2
公开(公告)日：2010-10-12
申请号：US11373727
申请日：2006-03-10
申请人： Sean Convery , David R. Oran , James Rivers , John Schnizlein , Ralph Droms , Mark Stapp
发明人： Sean Convery , David R. Oran , James Rivers , John Schnizlein , Ralph Droms , Mark Stapp
IPC分类号： H04L29/06
CPC分类号： H04L63/0263 , H04L29/12301 , H04L61/2076 , H04L63/0236 , H04L63/101 , H04L63/102 , H04L63/20 , H04W12/08
摘要： Generating a binding between a source address and one or more roles of a user accessing the network and distributing the binding to a filter node. The source address is currently assigned to the device. The binding may be generated by one or more nodes on an ingress path used during authentication of the user. The binding may be distributed to the filter node on demand or without any request from the filter node. Responsive to a determination that the user is associated with a new source address, a new binding is generated to associate a new source address with the one or more roles for the user. The new binding is distributed to the filter node. Another aspect is a method of enforcing a role based security policy at a filter node, using bindings of source addresses to roles.
摘要翻译：在源地址和访问网络的用户的一个或多个角色之间生成绑定，并将绑定分发到过滤器节点。源地址当前分配给设备。绑定可以由用户认证期间使用的入口路径上的一个或多个节点生成。绑定可以根据需要分配到过滤节点，也可以不经过过滤器节点的任何请求。响应于确定用户与新的源地址相关联，生成新的绑定以将新的源地址与用户的一个或多个角色相关联。新的绑定被分发到过滤器节点。另一方面是在过滤器节点上使用源地址绑定到角色来实施基于角色的安全策略的方法。

4. 发明申请

US20070214352A1 Role aware network security enforcement 有权
标题翻译：角色感知网络安全执法
公开(公告)号：US20070214352A1
公开(公告)日：2007-09-13
申请号：US11373727
申请日：2006-03-10
申请人： Sean Convery , David Oran , James Rivers , John Schnizlein , Ralph Droms , Mark Stapp
发明人： Sean Convery , David Oran , James Rivers , John Schnizlein , Ralph Droms , Mark Stapp
IPC分类号： H04L9/00
CPC分类号： H04L63/0263 , H04L29/12301 , H04L61/2076 , H04L63/0236 , H04L63/101 , H04L63/102 , H04L63/20 , H04W12/08
摘要： Generating a binding between a source address and one or more roles of a user accessing the network and distributing the binding to a filter node. The source address is currently assigned to the device. The binding may be generated by one or more nodes on an ingress path used during authentication of the user. The binding may be distributed to the filter node on demand or without any request from the filter node. Responsive to a determination that the user is associated with a new source address, a new binding is generated to associate a new source address with the one or more roles for the user. The new binding is distributed to the filter node. Another aspect is a method of enforcing a role based security policy at a filter node, using bindings of source addresses to roles.
摘要翻译：在源地址和访问网络的用户的一个或多个角色之间生成绑定，并将绑定分发到过滤器节点。源地址当前分配给设备。绑定可以由用户认证期间使用的入口路径上的一个或多个节点生成。绑定可以根据需要分配到过滤节点，也可以不经过过滤器节点的任何请求。响应于确定用户与新的源地址相关联，生成新的绑定以将新的源地址与用户的一个或多个角色相关联。新的绑定被分发到过滤器节点。另一方面是在过滤器节点上使用源地址绑定到角色来实施基于角色的安全策略的方法。

5. 发明授权

US08601143B2 Automated configuration of network device ports 有权
标题翻译：自动配置网络设备端口
公开(公告)号：US08601143B2
公开(公告)日：2013-12-03
申请号：US13246642
申请日：2011-09-27
申请人： Gary Dennis Vogel, Jr. , Roland Saville , Ralph Droms , Vikas Butaney
发明人： Gary Dennis Vogel, Jr. , Roland Saville , Ralph Droms , Vikas Butaney
IPC分类号： G06F15/177 , G06F15/173 , G06F15/16 , H04L12/28
CPC分类号： H04L29/12216 , G08B13/2402 , H04L29/12066 , H04L29/12801 , H04L29/12924 , H04L41/0806 , H04L41/0843 , H04L41/0883 , H04L41/12 , H04L61/1511 , H04L61/2015 , H04L61/6004 , H04L61/6063 , H04L67/1002 , H04L67/1021 , H04W4/00 , H04W8/26 , H04W28/08
摘要： Methods and devices are provided for identifying end devices and automatically configuring associated network settings. Preferred implementations of the invention do not require users to manually identify connection types (e.g., RFID, IPphone, manufacturing device, etc.) or to manually configure the network device. Accordingly, such implementations allow automatic switch configuration, even for devices that use inconsistent protocols and/or protocols that are not well known. Some methods of the invention employ DHCP options combined with traffic snooping to identify devices and automatically apply appropriate switch port configuration.
摘要翻译：提供了用于识别终端设备和自动配置相关网络设置的方法和设备。本发明的优选实现不需要用户手动识别连接类型（例如，RFID，IP电话，制造设备等）或手动配置网络设备。因此，这样的实现允许自动切换配置，即使对于使用不一致的协议和/或不熟悉的协议的设备也是如此。本发明的一些方法采用结合流量窥探的DHCP选项来识别设备并自动应用适当的交换机端口配置。

6. 发明授权

US07937494B2 Methods and apparatus for processing a DHCP request using rule-based classification 有权
标题翻译：使用基于规则的分类来处理DHCP请求的方法和装置
公开(公告)号：US07937494B2
公开(公告)日：2011-05-03
申请号：US11218128
申请日：2005-09-01
申请人： Ralph Droms , Richard Johnson , Matthew King , Richard Pruss
发明人： Ralph Droms , Richard Johnson , Matthew King , Richard Pruss
IPC分类号： H04L12/56
CPC分类号： H04L61/2015
摘要： An improved technique for processing a DHCP request from a DHCP client device is performed in a data communications device of a network (e.g., performed in a router). The technique involves receiving the DHCP request from the DHCP client device, evaluating a set of rules in response to the DHCP request to obtain a rule-based classification result, and outputting a DHCP response in response to the rule-based classification result. In some arrangements, a policy manager which is external to the data communications device plays a role in the classification process (e.g., dynamic updating of the set of rules, responding to individual queries from the data communications device when generating the rule-based classification result, etc.). Such improvements over conventional DHCP approaches enables improved flexibility and coordination of the DHCP process.
摘要翻译：在网络的数据通信设备（例如，在路由器中执行）中执行用于处理来自DHCP客户端设备的DHCP请求的改进技术。该技术涉及从DHCP客户端设备接收DHCP请求，响应于DHCP请求，对基于规则的分类结果进行评估的一组规则，并响应于基于规则的分类结果输出DHCP响应。在一些安排中，在数据通信设备外部的策略管理器在分类过程中起作用（例如，在生成基于规则的分类结果时响应来自数据通信设备的各个查询的一组规则的动态更新等）。与传统的DHCP方法相比，这种改进能够提高DHCP进程的灵活性和协调性。

7. 发明授权

US07821941B2 Automatically controlling operation of a BRAS device based on encapsulation information 有权
标题翻译：基于封装信息自动控制BRAS设备的运行
公开(公告)号：US07821941B2
公开(公告)日：2010-10-26
申请号：US11592457
申请日：2006-11-03
申请人： Avneet Singh Chhabra , Anshul Tanwar , Anand Agarwal , Krishna Sundaresan , Ralph Droms , Indrajanti Sukiman
发明人： Avneet Singh Chhabra , Anshul Tanwar , Anand Agarwal , Krishna Sundaresan , Ralph Droms , Indrajanti Sukiman
IPC分类号： G01R31/08 , G06F11/00 , G06F15/173 , G06F15/16 , G08C15/00 , H04J1/16 , H04J3/14 , H04L1/00 , H04L12/26
CPC分类号： H04L12/2856 , H04L12/2859 , H04L12/2883 , H04L29/1282 , H04L41/5003 , H04L41/509 , H04L47/10 , H04L61/2015 , H04L61/6013
摘要： A technique controls operation of a BRAS device. The technique involves extracting encapsulation information from a communications exchange between a CPE device and an external server device (e.g., a DHCP server). The communications exchange passes through the BRAS device and a DSLAM device. The technique further involves storing the encapsulation information in local memory of the BRAS device, and controlling a flow of a downstream communication passing through the BRAS device and the DSLAM device toward the CPE device based on the encapsulation information stored in the local memory of the BRAS device. Accordingly, the BRAS device is well suited for performing ATM overhead accounting as well as shaping and policing downstream traffic.
摘要翻译：一种技术控制BRAS设备的操作。该技术涉及从CPE设备和外部服务器设备（例如，DHCP服务器）之间的通信交换提取封装信息。通信交换机通过BRAS设备和DSLAM设备。该技术还包括将封装信息存储在BRAS设备的本地存储器中，并且基于存储在BRAS的本地存储器中的封装信息来控制通过BRAS设备和DSLAM设备向CPE设备的下游通信流设备。因此，BRAS设备非常适合执行ATM开销计费以及对下游流量进行整形和监管。

8. 发明申请

US20100269155A1 Method and Apparatus for Registering Auto-Configured Network Addresses Based On Connection Authentication 有权
标题翻译：基于连接认证注册自动配置网络地址的方法和装置
公开(公告)号：US20100269155A1
公开(公告)日：2010-10-21
申请号：US12826285
申请日：2010-06-29
申请人： Ralph Droms , John M. Schnizlein
发明人： Ralph Droms , John M. Schnizlein
IPC分类号： H04L29/06
CPC分类号： H04L63/08 , H04L29/1232 , H04L29/1282 , H04L61/2015 , H04L61/2092 , H04L61/6013
摘要： A method and apparatus for registering auto-configured network addresses includes receiving first data at a networking device connected to a host at a physical connection. The first data is received from a first server and indicates authentication information associated with the host. A first message is received at the networking device from the host. The first message requests configuration information and includes a logical network address for the host determined at least in part by the host. A second message is generated based on the first message and the first data. The second message is sent to a second server that registers the host by associating the logical network address with the first data.
摘要翻译：用于注册自动配置的网络地址的方法和装置包括在物理连接处连接到主机的网络设备处接收第一数据。从第一服务器接收第一数据，并指示与主机相关联的认证信息。从主机在网络设备处接收到第一条消息。第一消息请求配置信息，并且包括至少部分由主机确定的主机的逻辑网络地址。基于第一消息和第一数据生成第二消息。第二个消息被发送到通过将逻辑网络地址与第一数据相关联来登记主机的第二服务器。

9. 发明申请

US20090210522A1 Dynamic Host Configuration Protocol (DHCP) Initialization Responsive to a Loss of Network Layer Connectivity 有权
标题翻译：动态主机配置协议（DHCP）初始化响应网络层连通性的丢失
公开(公告)号：US20090210522A1
公开(公告)日：2009-08-20
申请号：US12204781
申请日：2008-09-04
申请人： Ralph Droms , Vitali Vinokour , David Delano Ward
发明人： Ralph Droms , Vitali Vinokour , David Delano Ward
IPC分类号： G06F15/177
CPC分类号： H04L61/2015 , H04L69/40
摘要： Disclosed are, inter alia, methods, apparatus, computer-storage media, mechanisms, and means associated with loss of network layer connectivity triggering Dynamic Host Configuration Protocol (DHCP) initialization. According to one embodiment, a network device connected to a network initializes one or more network communication values of the network device using DHCP. The network device monitors Network Layer (Layer 3) connectivity with a remote network device; and in response to detecting a loss of said monitored Network Layer connectivity, DHCP initialization of the network device is performed.
摘要翻译：公开了除了其他方式，设备，计算机存储介质，机制和与网络层连接的丢失相关的手段触发动态主机配置协议（DHCP）初始化。根据一个实施例，连接到网络的网络设备使用DHCP初始化网络设备的一个或多个网络通信值。网络设备监视与远程网络设备的网络层（第3层）连接; 并且响应于检测到所述所监视的网络层连通性的损失，执行网络设备的DHCP初始化。

10. 发明授权

US07502929B1 Method and apparatus for assigning network addresses based on connection authentication 有权
标题翻译：基于连接认证分配网络地址的方法和装置
公开(公告)号：US07502929B1
公开(公告)日：2009-03-10
申请号：US09981182
申请日：2001-10-16
申请人： John M. Schnizlein , Ralph Droms
发明人： John M. Schnizlein , Ralph Droms
IPC分类号： H04L9/00 , G06F17/00 , G06F15/16 , G06F15/177 , G06F15/173
CPC分类号： H04L63/083 , H04L61/2015 , H04L63/0892 , H04L63/101
摘要： Techniques for assigning a network address to a host are based on authentication for a connection between the host and an intermediate device. One approach involves receiving first data at the intermediate device from an authentication and authorization server in response to a request for authentication for the connection. The first data indicates at least some of authentication and authorization information. A configuration request message from the host is also received at the intermediate device. A second message is generated based on the configuration request message and the first data and is sent to a configuration server that provides the logical network address for the host. The configuration server provides the logical network address based on authorization and authentication information. The logical network address is thus based on the user, e.g., to limit access by the user to the Internet and other services.
摘要翻译：将网络地址分配给主机的技术基于主机和中间设备之间的连接的认证。一种方法是响应于对该连接的认证请求，从认证和授权服务器在中间设备处接收第一数据。第一数据表示至少一些认证和授权信息。来自主机的配置请求消息也在中间设备处被接收。基于配置请求消息和第一数据生成第二消息，并发送给为主机提供逻辑网络地址的配置服务器。配置服务器根据授权和认证信息提供逻辑网络地址。因此，逻辑网络地址基于用户，例如，限制用户对因特网和其他服务的访问。

你已经成功收藏专利！

检索式保存成功!

IPRDB

热门服务

关于我们

友情链接

联系方式