专利快速检索-快速检索全球专利，免费商用专利数据库-IPRDB

11. 发明授权

US08095788B2 Method and apparatus for integrated provisioning of a network device with configuration information and identity certification 有权
标题翻译：具有配置信息和身份认证的网络设备的集成供应的方法和装置
公开(公告)号：US08095788B2
公开(公告)日：2012-01-10
申请号：US12126219
申请日：2008-05-23
申请人： Jan Vilhuber , Max Pritikin
发明人： Jan Vilhuber , Max Pritikin
IPC分类号： H04L29/06
CPC分类号： H04L9/3263 , H04L63/0442 , H04L63/0823
摘要： According to one aspect, a provisioning server comprises a configuration module that configures a network device and an identification certification module that certifies the identity of the network device. With use of the provisioning server, the network device does not require configuration with network connectivity in order to obtain its certified identity. In one embodiment, configuration module configures the device for operation at the device's point of deployment in a network. In one embodiment, the identity certification module is configured to generate a digital certificate for the network device and the configuration module is configured to automatically configure the network device based on its digital certificate. The provisioning server is coupled to the network device with a secure communication link. As a result, a more trusted network device is ultimately deployed into its network of operation.
摘要翻译：根据一个方面，供应服务器包括配置模块，其配置网络设备和认证网络设备的身份的识别认证模块。使用配置服务器，网络设备不需要配置网络连接才能获得其认证的身份。在一个实施例中，配置模块将设备配置为在设备的网络部署点操作。在一个实施例中，身份认证模块被配置为生成用于网络设备的数字证书，并且配置模块被配置为基于其数字证书自动配置网络设备。配置服务器通过安全通信链路耦合到网络设备。因此，更可靠的网络设备最终部署到其操作网络中。

12. 发明授权

US07426636B1 Compact secure data communication method 有权
标题翻译：紧凑的数据通信方式
公开(公告)号：US07426636B1
公开(公告)日：2008-09-16
申请号：US10453237
申请日：2003-06-02
申请人： David A. McGrew , Jan Vilhuber
发明人： David A. McGrew , Jan Vilhuber
IPC分类号： H04L9/00
CPC分类号： H04L69/04 , H04L9/3236 , H04L63/0272 , H04L63/164 , H04L69/22 , H04L2209/30
摘要： A compact secure data communication method is disclosed. In one embodiment, a compact security protocol provides cryptographic services on IP, UDP, and TCP packets with minimal bandwidth degradation due to encapsulation overhead. The disclosed protocol may be used, for example, in converged networks that carry both voice-over-IP and data traffic in and wireless networks, in which it is imperative to minimize per-packet overhead. The disclosed protocol provides as much security as possible, by authenticating the uncompressed headers rather than the compressed headers.
摘要翻译：公开了一种紧凑的安全数据通信方法。在一个实施例中，紧凑的安全协议由于封装开销而在具有最小带宽劣化的IP，UDP和TCP分组上提供加密服务。公开的协议可以用于例如承载IP和数据业务的融合网络中，并且无线网络中的数据流量必须最小化，因此最小化每分组开销。所公开的协议通过认证未经压缩的报头而不是压缩报头来提供尽可能多的安全性。

13. 发明授权

US06981029B1 System and method for processing a request for information in a network 有权
标题翻译：用于处理网络中的信息请求的系统和方法
公开(公告)号：US06981029B1
公开(公告)日：2005-12-27
申请号：US09907836
申请日：2001-07-17
申请人： Louis F. Menditto , Barron C. Housel , Tzu-Ming Tsang , Mauro Zallocco , Gaurang K. Shah , Jan Vilhuber , Anurag Bhargava , Pranav K. Tiwari , Robert M. Batz , Scott W. Brim
发明人： Louis F. Menditto , Barron C. Housel , Tzu-Ming Tsang , Mauro Zallocco , Gaurang K. Shah , Jan Vilhuber , Anurag Bhargava , Pranav K. Tiwari , Robert M. Batz , Scott W. Brim
IPC分类号： G06F15/16 , H04L29/12
CPC分类号： H04L29/12113 , G06F21/10 , H04L29/12594 , H04L61/1541 , H04L61/30 , H04L67/1002 , H04L67/1008 , H04L67/1014 , H04L67/1021 , H04L67/1029 , H04L67/1031 , H04L67/2842
摘要： An information service provider network includes a content gateway to process requests for information from a client terminal. The content gateway includes a router for receiving a request for information from the client terminal. The request includes a domain name and additional content. The router forwards the request according to the domain name to a selected one of a plurality of processors to further process the request. The selected one of the plurality of processors identifies an information source to satisfy the request in response to the additional content of the request.
摘要翻译：信息服务提供商网络包括内容网关，用于处理来自客户终端的信息请求。内容网关包括用于从客户终端接收对信息的请求的路由器。该请求包括域名和附加内容。路由器根据域名将请求转发到多个处理器中的一个，以进一步处理该请求。多个处理器中的所选择的一个处理器响应于请求的附加内容来识别信息源以满足请求。

14. 发明授权

US06968389B1 System and method for qualifying requests in a network 有权
标题翻译：在网络中对请求进行限定的系统和方法
公开(公告)号：US06968389B1
公开(公告)日：2005-11-22
申请号：US09908217
申请日：2001-07-17
申请人： Louis F. Menditto , Barron C. Housel , Tzu-Ming Tsang , Mauro Zallocco , Gaurang K. Shah , Jan Vilhuber , Anurag Bhargava , Pranav K. Tiwari , Robert M. Batz , Scott W. Brim
发明人： Louis F. Menditto , Barron C. Housel , Tzu-Ming Tsang , Mauro Zallocco , Gaurang K. Shah , Jan Vilhuber , Anurag Bhargava , Pranav K. Tiwari , Robert M. Batz , Scott W. Brim
IPC分类号： G06F13/00 , H04L12/24 , H04L29/08 , H04L29/12
CPC分类号： H04L41/0893 , H04L29/12066 , H04L41/5003 , H04L41/5022 , H04L41/5029 , H04L61/1511 , H04L67/1002 , H04L67/322
摘要： An information service provider network includes a content gateway to process requests for information from a client terminal. The content gateway includes a router for receiving a domain name server query from an originator associated with a request for information. The router including a database defining a relationship between domain names and addresses associated with accelerated servicing of requests. The router determines whether the domain name of the domain name server query is indexed in the database. The domain name is qualified in response to the domain name being in the database. If qualified, the router sends an address to the originator of the query corresponding in the database to the domain name. The address is to a processor associated with the router that performs accelerated services on the request.
摘要翻译：信息服务提供商网络包括内容网关，用于处理来自客户终端的信息请求。内容网关包括用于从与信息请求相关联的发起者接收域名服务器查询的路由器。该路由器包括定义域名与加速服务请求相关联的地址之间的关系的数据库。路由器确定域名服务器查询的域名是否在数据库中被索引。域名对数据库中的域名进行限定。如果合格，则路由器向数据库中对应的查询的发起者发送一个地址到域名。地址是一个与路由器相关联的处理器，可根据请求执行加速服务。

15. 发明授权

US07761702B2 Method and apparatus for distributing group data in a tunneled encrypted virtual private network 有权
标题翻译：在隧道加密的虚拟专用网络中分发组数据的方法和装置
公开(公告)号：US07761702B2
公开(公告)日：2010-07-20
申请号：US11107532
申请日：2005-04-15
申请人： Brian E. Weis , Jan Vilhuber , Michael Lee Sullenberger , Frederic R.P. Detienne
发明人： Brian E. Weis , Jan Vilhuber , Michael Lee Sullenberger , Frederic R.P. Detienne
IPC分类号： H04L9/00
CPC分类号： H04L12/1886 , H04L45/16 , H04L63/0428 , H04L63/065
摘要： A packet forwarding process, on a data communications device, forwards a packet to a plurality of destinations within a network from that data communications device using an “encrypt then replicate” method. The packet forwarding process receives a packet that is to be transmitted to the plurality of destinations, and applies a security association to the packet using security information shared between the data communications device, and the plurality of destinations, to create a secured packet. The secured packet contains a header that has a source address and a destination address. The source address is inserted into the header, and then the packet forwarding process replicates the secured packet, once for each of the plurality of destinations. After replication, the destination address is inserted into the header, and the packet forwarding process transmits each replicated secured packet to each of the plurality of destinations authorized to maintain the security association.
摘要翻译：在数据通信设备上的分组转发过程使用“加密然后复制”方法将数据包从该数据通信设备转发到网络内的多个目的地。分组转发过程接收要发送到多个目的地的分组，并且使用在数据通信设备和多个目的地之间共享的安全信息来向分组应用安全关联，以创建安全分组。安全数据包包含一个具有源地址和目标地址的报头。源地址被插入到报头中，然后分组转发过程对多个目的地中的每个目的地一次复制安全分组。在复制之后，目的地址被插入到报头中，并且分组转发过程将每个复制的安全分组传送到被授权维护安全关联的多个目的地中的每一个。

16. 发明授权

US07502836B1 System and method for processing a request for information in a network 有权
标题翻译：用于处理网络中的信息请求的系统和方法
公开(公告)号：US07502836B1
公开(公告)日：2009-03-10
申请号：US11268824
申请日：2005-11-08
申请人： Louis F. Menditto , Barron C. Housel , Tzu-Ming Tsang , Mauro Zallocco , Gaurang K. Shah , Jan Vilhuber , Anurag Bhargava , Pranav K. Tiwari , Robert M. Batz , Scott W. Brim
发明人： Louis F. Menditto , Barron C. Housel , Tzu-Ming Tsang , Mauro Zallocco , Gaurang K. Shah , Jan Vilhuber , Anurag Bhargava , Pranav K. Tiwari , Robert M. Batz , Scott W. Brim
IPC分类号： G06F15/16
CPC分类号： H04L29/12113 , G06F21/10 , H04L29/12594 , H04L61/1541 , H04L61/30 , H04L67/1002 , H04L67/1008 , H04L67/1014 , H04L67/1021 , H04L67/1029 , H04L67/1031 , H04L67/2842
摘要： An information service provider network includes a content gateway to process requests for information from a client terminal. The content gateway includes a router for receiving a request for information from the client terminal. The request includes a domain name and additional content. The router forwards the request according to the domain name to a selected one of a plurality of processors to further process the request. The selected one of the plurality of processors identifies an information source to satisfy the request in response to the additional content of the request.
摘要翻译：信息服务提供商网络包括内容网关，用于处理来自客户终端的信息请求。内容网关包括用于从客户终端接收对信息的请求的路由器。该请求包括域名和附加内容。路由器根据域名将请求转发到多个处理器中的一个，以进一步处理该请求。多个处理器中的所选择的一个处理器响应于请求的附加内容来识别信息源以满足请求。

17. 发明申请

US20080229095A1 METHOD AND APPARATUS FOR DYNAMICALLY SECURING VOICE AND OTHER DELAY-SENSITIVE NETWORK TRAFFIC 有权
标题翻译：用于动态安全语音和其他延迟敏感网络交通的方法和装置
公开(公告)号：US20080229095A1
公开(公告)日：2008-09-18
申请号：US12109125
申请日：2008-04-24
申请人： Ramesh Kalimuthu , Yogesh Kalley , Michael L. Sullenberger , Jan Vilhuber
发明人： Ramesh Kalimuthu , Yogesh Kalley , Michael L. Sullenberger , Jan Vilhuber
IPC分类号： G06F21/00 , H04L9/00
CPC分类号： H04L63/0272 , H04L63/164
摘要： A method comprises receiving a request for secure network traffic from a device having a private network address at a source node, obtaining the private network address of a requested destination device at a destination node from a route server based on signaling information associated with the request, obtaining the public network address of the destination node associated with the private network address, creating in response to the request a virtual circuit between the source node and the destination node based on the public network address of the destination node, and encrypting network traffic for transporting at least from the source node to the destination node through the virtual circuit. The process is dynamic in that the virtual circuit is created in response to the request. Hence, the process operates as if a fully meshed network exists but requires less provisioning and maintenance than a fully meshed network architecture. Furthermore, the process is readily scalable as if a hub and spoke network exists but is more suitable for delay-sensitive traffic, such as voice and video, than a hub and spoke network architecture.
摘要翻译：一种方法包括从源节点处的具有专用网络地址的设备接收对安全网络业务的请求，基于与该请求相关联的信令信息从路由服务器获得目的地节点上所请求的目的地设备的私有网络地址，获取与专用网络地址相关联的目的地节点的公共网络地址，根据请求，根据目的地节点的公共网络地址创建源节点和目的地节点之间的虚拟电路，并加密用于传输的网络流量至少通过虚拟电路从源节点到目的地节点。该过程是动态的，因为根据请求创建虚拟电路。因此，该过程就像完全网状网络存在一样，但需要比全网状网络架构更少的配置和维护。此外，该过程很容易扩展，就好像集线器和分支网络存在，但是比中心和分支网络架构更适合延迟敏感的业务，如语音和视频。

18. 发明授权

US07366894B1 Method and apparatus for dynamically securing voice and other delay-sensitive network traffic 有权
标题翻译：用于动态保护语音和其他延迟敏感网络流量的方法和装置
公开(公告)号：US07366894B1
公开(公告)日：2008-04-29
申请号：US10305762
申请日：2002-11-27
申请人： Ramesh Kalimuthu , Yogesh Kalley , Michael L. Sullenberger , Jan Vilhuber
发明人： Ramesh Kalimuthu , Yogesh Kalley , Michael L. Sullenberger , Jan Vilhuber
IPC分类号： H04L9/00 , G06F9/00
CPC分类号： H04L63/0272 , H04L63/164
摘要： A request is received for secure network traffic from a device having a private network address at a source node. The private network address of a requested destination device is obtained at a destination node from a route server based on signaling information associated with the request. The public network address of the destination node associated with the private network address is obtained. In response to the request, a virtual circuit is created between the source node and the destination node based on the public network address of the destination node. Network traffic is encrypted for transport at least from the source node to the destination node through the virtual circuit. Creating the virtual circuit dynamically in response to the request functions like a fully meshed network but requires less provisioning and maintenance. The process is readily scalable, as with a hub and spoke network but with less delay.
摘要翻译：从源节点处具有专用网络地址的设备接收到用于安全网络流量的请求。基于与请求相关联的信令信息，从路由服务器在目的地节点处获得所请求的目的地设备的私有网络地址。获取与专用网络地址相关联的目的地节点的公网地址。响应于该请求，基于目的地节点的公共网络地址，在源节点和目的地节点之间创建虚拟电路。网络流量被加密以至少通过虚拟电路从源节点传送到目的地节点。根据请求功能动态创建虚拟电路，如全网状网络，但需要较少的配置和维护。这个过程很容易扩展，就像中心和辐射网络一样，延迟较少。

19. 发明授权

US07234063B1 Method and apparatus for generating pairwise cryptographic transforms based on group keys 有权
公开(公告)号：US07234063B1
公开(公告)日：2007-06-19
申请号：US10229347
申请日：2002-08-27
申请人： Mark Baugher , David McGrew , Jan Vilhuber , Brian Weis
发明人： Mark Baugher , David McGrew , Jan Vilhuber , Brian Weis
IPC分类号： H04L9/00 , G06F21/20
CPC分类号： H04L9/0833 , H04L9/0891 , H04L63/065 , H04L63/068
摘要： Group key management techniques are applied to generating pair-wise keys for point-to-point secure communication applications. Nodes participating in a secure communication group each receive a group key and associated policy information. When a first node wishes to establish a secure point-to-point connection to a second node, the first node derives a pairwise key from the group key and policy information, for example, by hashing the group key and information identifying the two nodes. As a result, a pairwise key is generated without exchanging negotiation messages among the two nodes and without expensive asymmetric cryptographic computation approaches.

20. 发明授权

US06748543B1 Validating connections to a network system 有权
标题翻译：验证与网络系统的连接
公开(公告)号：US06748543B1
公开(公告)日：2004-06-08
申请号：US10251588
申请日：2002-09-20
申请人： Jan Vilhuber
发明人： Jan Vilhuber
IPC分类号： G06F1130
CPC分类号： H04L63/0815 , G06F21/577 , G06F21/604 , H04L63/083 , H04L63/10
摘要： A mechanism for authenticating multiple connections to a network server is disclosed. A client establishes a first connection to the server. In establishing the first connection, the client provides authentication information and authorization information, and in response the server assigns first access privileges to the client. When the client requests a second connection, the server receives authentication information from the client, and assigns limited access privileges to the client. The server associates the first connection with the second connection and the client. The server automatically associates the first access privileges with the second connection, without requiring the client to provide authorization information for the second connection.
摘要翻译：公开了一种用于认证到网络服务器的多个连接的机制。客户端建立到服务器的第一个连接。在建立第一个连接时，客户端提供认证信息和授权信息，响应时服务器向客户端分配首次访问权限。当客户端请求第二个连接时，服务器从客户端接收认证信息，并为客户端分配有限的访问权限。服务器将第一个连接与第二个连接和客户端相关联。服务器自动将第一个访问权限与第二个连接相关联，而不要求客户端提供第二个连接的授权信息。

你已经成功收藏专利！

检索式保存成功!

IPRDB

热门服务

关于我们

友情链接

联系方式