专利快速检索-快速检索全球专利，免费商用专利数据库-IPRDB

1. 发明授权

US08554913B2 Testing policies in a network 有权
标题翻译：在网络中测试策略
公开(公告)号：US08554913B2
公开(公告)日：2013-10-08
申请号：US13162388
申请日：2011-06-16
申请人： Monty S Gill , Roger A Chickering , Charles A Bering, Jr.
发明人： Monty S Gill , Roger A Chickering , Charles A Bering, Jr.
IPC分类号： G06F15/173 , G06F11/00 , G01R31/08 , H04L12/26
CPC分类号： H04L41/0816 , H04L43/062 , H04L45/308
摘要： A device may include first logic configured to receive a data unit and to receive a network policy. The device may include second logic configured to identify how the data unit will be handled by the network policy and to generate a result that includes information about how the data unit will be handled by the network policy.
摘要翻译：设备可以包括被配置为接收数据单元并且接收网络策略的第一逻辑。设备可以包括被配置为识别数据单元将如何被网络策略处理并且生成包括关于数据单元将如何由网络策略来处理的信息的结果的第二逻辑。

2. 发明授权

US08478797B2 Atomic deletion of database data categories 有权
标题翻译：原子删除数据库数据类别
公开(公告)号：US08478797B2
公开(公告)日：2013-07-02
申请号：US13485482
申请日：2012-05-31
申请人： Clifford E. Kahn , Roger A. Chickering
发明人： Clifford E. Kahn , Roger A. Chickering
IPC分类号： G06F17/30
CPC分类号： G06F17/30348
摘要： A device maintains, in a database, a plurality of data items, each data item of the plurality of data items being associated with a respective category. The device associates, in the database, a first counter value with each data item, the first counter value indicating a number of times the respective category has been deleted from the database at a time when the data item was stored in the database. The device associates, in the database or another database, a second counter value with the respective category, the second counter value indicating a current value for a number of times the respective category has been deleted from the database. The device selectively deletes, from the database, one or more data items of the plurality of data items from the database based on the first counter values and the second counter value.
摘要翻译：一种设备在数据库中维护多个数据项，所述多个数据项中的每个数据项与相应类别相关联。所述设备在数据库中与第一计数器值与每个数据项相关联，所述第一计数器值指示在数据项存储在数据库中时相应类别已从数据库中删除的次数。该设备在数据库或另一个数据库中将具有相应类别的第二计数器值相关联，第二计数器值指示相应类别已经从数据库中删除的次数的当前值。该设备基于第一计数器值和第二计数器值从数据库中选择性地从数据库中删除多个数据项中的一个或多个数据项。

3. 发明申请

US20120144471A1 UPDATING STORED PASSWORDS 有权
标题翻译：更新存储密码
公开(公告)号：US20120144471A1
公开(公告)日：2012-06-07
申请号：US13312062
申请日：2011-12-06
申请人： Andy TSANG , Roger A. CHICKERING , Clifford E. KAHN , Jeffrey C. VENABLE, SR.
发明人： Andy TSANG , Roger A. CHICKERING , Clifford E. KAHN , Jeffrey C. VENABLE, SR.
IPC分类号： G06F21/00
CPC分类号： H04L63/083 , G06F17/30097 , H04L9/3226 , H04L9/3236 , H04L63/126 , H04L67/02 , H04L67/42
摘要： A device may include an authentication server and a server. The authentication server may receive a first form of a password from a client in accordance with an authentication protocol, and authenticate the client based on a comparison of the first form to a value derived from a second form of the password stored in a password database. The comparison fails when the first form is not comparable to a value derived from the second form. The server may establish a secure connection to the client, receive a plain-text password from the client over the secure connection, authenticate the client by comparing a value derived from the plain-text password with a value derived from the second form, and update the password database with a third form of the password that permits the authentication server to successfully authenticate the client when the authentication server receives the first form.
摘要翻译：设备可以包括认证服务器和服务器。验证服务器可以根据认证协议从客户端接收第一形式的密码，并且基于第一形式与从密码数据库中存储的密码的第二形式导出的值的比较来认证客户端。当第一种形式与从第二种形式得出的值不相称时，比较失败。服务器可以建立到客户端的安全连接，通过安全连接从客户端接收明文密码，通过将从纯文本密码导出的值与从第二种形式导出的值进行比较来验证客户端，并更新密码数据库具有第三种形式的密码，允许认证服务器在认证服务器接收到第一个表单时成功验证客户端。

4. 发明授权

US08185642B1 Communication policy enforcement in a data network 有权
标题翻译：数据网络中的通信策略实施
公开(公告)号：US08185642B1
公开(公告)日：2012-05-22
申请号：US11281905
申请日：2005-11-18
申请人： Theron Tock , Roger A. Chickering
发明人： Theron Tock , Roger A. Chickering
IPC分类号： H04L9/00 , H04L9/32
CPC分类号： H04L63/0227 , H04L63/102 , H04L63/126
摘要： A device is configured to receive authorization information from a first network device and to receive a request that data units sent to a destination device contain authorization information, where the request is received from a second network device. The device is configured to assemble authorized data units by associating the authorization information with content intended for a destination device, where the content can be exchanged with the destination device during authorized communication. The device is configured to provide at least one of the authorized data units to the second network device so that the second network device can establish the authorized communication between the device and the destination device.
摘要翻译：设备被配置为从第一网络设备接收授权信息并且接收发送到目的地设备的数据单元包含授权信息的请求，其中从第二网络设备接收到请求。该设备被配置为通过将授权信息与旨在用于目的地设备的内容相关联来组装授权数据单元，其中可以在授权通信期间内容与目的地设备交换。该设备被配置为向第二网络设备提供至少一个授权数据单元，使得第二网络设备可以在设备和目的地设备之间建立授权的通信。

5. 发明申请

US20110153854A1 SESSION MIGRATION BETWEEN NETWORK POLICY SERVERS 审中-公开
标题翻译：网络政策服务器之间的会议迁移
公开(公告)号：US20110153854A1
公开(公告)日：2011-06-23
申请号：US12651081
申请日：2009-12-31
申请人： Roger A. Chickering
发明人： Roger A. Chickering
IPC分类号： G06F15/16
CPC分类号： H04L63/0815 , H04L63/20 , H04L67/146
摘要： A policy device grants access to a client device, without authenticating the client device, when the client device provides a session identifier to the policy device that was previously granted to the client device by a second policy device upon authenticating the client device by the second policy device. In one example, a policy device includes a network interface that receives a session identifier from a client device, wherein the policy device comprises an individually administered autonomous policy server, and an authorization module that grants the client device access to a network protected by the policy device based on the session identifier without authenticating the client device by the policy device. In this manner, the client device need not provide authentication information multiple times within a short time span, and the policy device can deallocate resources when a session migrates to a second policy device.
摘要翻译：当客户端设备在由第二策略认证客户端设备时，由第二策略设备向先前授予客户机设备的策略设备提供会话标识符时，策略设备授权对客户端设备的访问，而不验证客户端设备设备。在一个示例中，策略设备包括从客户端设备接收会话标识符的网络接口，其中策略设备包括单独管理的自治策略服务器，以及授权模块，其授权客户端设备访问受策略保护的网络设备基于会话标识符，而不通过策略设备认证客户端设备。以这种方式，客户端设备不需要在短时间内多次提供认证信息，并且策略设备可以在会话迁移到第二策略设备时释放资源。

6. 发明授权

US10057239B2 Session migration between network policy servers 有权
公开(公告)号：US10057239B2
公开(公告)日：2018-08-21
申请号：US12651081
申请日：2009-12-31
申请人： Roger A. Chickering
发明人： Roger A. Chickering
IPC分类号： G06F15/16 , H04L29/06 , H04L29/08
CPC分类号： H04L63/0815 , H04L63/20 , H04L67/146
摘要： A policy device grants access to a client device, without authenticating the client device, when the client device provides a session identifier to the policy device that was previously granted to the client device by a second policy device upon authenticating the client device by the second policy device. In one example, a policy device includes a network interface that receives a session identifier from a client device, wherein the policy device comprises an individually administered autonomous policy server, and an authorization module that grants the client device access to a network protected by the policy device based on the session identifier without authenticating the client device by the policy device. In this manner, the client device need not provide authentication information multiple times within a short time span, and the policy device can deallocate resources when a session migrates to a second policy device.

7. 发明授权

US08806605B1 Provisioning network access through a firewall 有权
标题翻译：通过防火墙配置网络访问
公开(公告)号：US08806605B1
公开(公告)日：2014-08-12
申请号：US12013126
申请日：2008-01-11
申请人： Roger A. Chickering
发明人： Roger A. Chickering
IPC分类号： G06F15/16
CPC分类号： H04L63/02 , H04L63/0227 , H04L63/08 , H04L63/10
摘要： A method may include determining one or more rules and communicating the one or more rules to a firewall, where the firewall receives a data unit and determines, based on the one or more rules, whether to forward the data unit to a destination address; receiving a redirection of a device from the firewall when the firewall determines not to forward the data unit to the destination address; receiving an indication that the firewall did not forward the data unit to the destination address; and determining a new rule to allow the firewall to forward the data unit to the destination address and communicating the new rule to the firewall; and redirecting the device to the destination address.
摘要翻译：方法可以包括确定一个或多个规则并将一个或多个规则传送到防火墙，其中防火墙接收数据单元并且基于一个或多个规则确定是否将数据单元转发到目的地地址; 当防火墙确定不将数据单元转发到目的地址时，从防火墙接收设备的重定向; 接收到防火墙未将数据单元转发到目标地址的指示; 并确定新的规则以允许防火墙将数据单元转发到目的地地址并将新规则传送到防火墙; 并将设备重定向到目标地址。

8. 发明授权

US08776209B1 Tunneling session detection to provide single-sign on (SSO) functionality for a VPN gateway 有权
标题翻译：隧道会话检测，为VPN网关提供单点登录（SSO）功能
公开(公告)号：US08776209B1
公开(公告)日：2014-07-08
申请号：US13416786
申请日：2012-03-09
申请人： Kartik Kumar , Ankur Agrawal , Roger A. Chickering , James Wood , Vamsi K. Anne
发明人： Kartik Kumar , Ankur Agrawal , Roger A. Chickering , James Wood , Vamsi K. Anne
IPC分类号： H04L29/06 , G06F21/00
CPC分类号： H04L63/0815 , G06F21/31 , H04L63/0272
摘要： A VPN gateway is described that provides single sign-on (SSO) functionality with respect to remote users who have established tunneling sessions with the VPN gateway and who attempt to access a protected resource. The VPN gateway may receive, from a client device, a security assertion request that includes a request for a security assertion to be made by the VPN gateway with respect to a user of a private network associated with the VPN gateway, determine whether the security assertion request was received via a tunneling session established for the user between the client device and the VPN gateway, and issue a security assertion for the user in response to determining that the security assertion request was received via the tunneling session. In this way, a VPN gateway may act as an SSO identity provider for users that have an established tunneling session with the gateway.
摘要翻译：描述了一种VPN网关，其针对已经与VPN网关建立隧道会话以及尝试访问受保护资源的远程用户提供单点登录（SSO）功能。 VPN网关可以从客户端设备接收安全断言请求，该安全断言请求包括关于VPN网关对与VPN网关相关联的专用网络的用户进行安全断言的请求，确定安全性断言通过在客户端设备和VPN网关之间为用户建立的隧道会话接收到请求，并且响应于确定通过隧道会话接收到安全断言请求，为用户发出安全断言。以这种方式，VPN网关可以作为与网关建立隧道会话的用户的SSO身份提供者。

9. 发明授权

US08627447B1 Provisioning layer three access for agentless devices 有权
标题翻译：无代理设备的配置层三次访问
公开(公告)号：US08627447B1
公开(公告)日：2014-01-07
申请号：US11857084
申请日：2007-09-18
申请人： Roger A. Chickering
发明人： Roger A. Chickering
IPC分类号： H04L29/06
CPC分类号： H04L63/08 , H04L63/0263 , H04L63/104 , H04L63/20
摘要： A method may include obtaining a layer two identification of an endpoint that is seeking access to a network, the endpoint omitting an agent to communicate a layer three address of the endpoint to a policy node, applying one or more authentication rules based on the layer two identification of the endpoint, assigning the layer three address to the endpoint, learning, by the policy node, the layer three address of the endpoint, and provisioning layer three access for the endpoint to the network based on the learned layer three address.
摘要翻译：方法可以包括获得正在寻求对网络的访问的端点的第二层标识，所述端点省略代理将所述端点的第三层地址传送到策略节点，应用基于所述第二层的一个或多个认证规则识别端点，将第三层地址分配给端点，由策略节点学习端点的第三层地址，以及基于学习层三地址的端点到网络的配置层三次接入。

10. 发明授权

US08291468B1 Translating authorization information within computer networks 有权
标题翻译：在计算机网络中翻译授权信息
公开(公告)号：US08291468B1
公开(公告)日：2012-10-16
申请号：US12475230
申请日：2009-05-29
申请人： Roger A. Chickering
发明人： Roger A. Chickering
IPC分类号： G06F17/00
CPC分类号： H04L63/0884 , H04L63/0815
摘要： In general, techniques are described for translating authorization information within computer networks. For example, a first network device of a computer network may receive authentication information from an endpoint device requesting access to the computer network. The first network device authenticates the endpoint device based on this authentication information and stores authorization information in accordance with a first vendor-specific authorization data model. The first network device stores and applies an export translation policy to translate this information from the vendor-specific data model to a vendor-neutral authorization data model, which it then publishes to an intermediate storage device that implements the vendor-neutral data model. A second network device of the computer network may store an import translation policy to translate this same authorization information from the vendor-neutral authorization data model to a different vendor-specific data model. In this manner, the techniques facilitate translation of authorization information within computer networks.
摘要翻译：通常，描述了用于在计算机网络内翻译授权信息的技术。例如，计算机网络的第一网络设备可以从请求接入计算机网络的端点设备接收认证信息。第一网络设备基于该认证信息认证端点设备，并且根据第一供应商特定的授权数据模型存储授权信息。第一个网络设备存储并应用导出转换策略，将该信息从供应商特定的数据模型转换为供应商中立的授权数据模型，然后将其发布到实现供应商中立数据模型的中间存储设备。计算机网络的第二网络设备可以存储导入转换策略，以将相同的授权信息从供应商中立的授权数据模型转换为不同的供应商特定的数据模型。以这种方式，这些技术有助于计算机网络内的授权信息的翻译。

你已经成功收藏专利！

检索式保存成功!

IPRDB

热门服务

关于我们

友情链接

联系方式