专利快速检索-快速检索全球专利，免费商用专利数据库-IPRDB

1. 发明授权

US07400591B2 Method of creating an address and a discontiguous mask for a network security policy area 有权
标题翻译：为网络安全策略区域创建地址和不连续掩码的方法
公开(公告)号：US07400591B2
公开(公告)日：2008-07-15
申请号：US11142643
申请日：2005-06-01
申请人： John Melvin Brawn , Brian Jemes , Stephen F. Froelich
发明人： John Melvin Brawn , Brian Jemes , Stephen F. Froelich
IPC分类号： G06F15/177
CPC分类号： H04L61/2061 , H04L29/12283 , H04L29/12801 , H04L45/02 , H04L45/025 , H04L45/30 , H04L61/6004
摘要： A method of creating a discontiguous address plan for an enterprise is provided which includes determining a hierarchy of routing optimization for an enterprise, determining a number of route advertisement aggregation points at each level of the hierarchy, determining a number of network security policy areas for the enterprise, and determining a number of addresses for each of the network security policy areas. The number of addresses is rounded up to a power of the address scheme base number to produce a plurality of rounded addresses. The method further includes allocating an address range for each of the plurality of rounded addresses so that a starting address of the address range begins on a power of the base number and determining a size of the plurality of address ranges. The size of the plurality of address ranges is rounded up to a power of the base number to produce the size of a repeating policy pattern. The method further includes assigning an instance of the repeating policy pattern to each of the route advertisement aggregation points at each hierarchy, and determining an address and a mask for each of the network security policy areas in the repeating policy pattern.
摘要翻译：提供了一种为企业创建不连续的地址计划的方法，其包括确定企业的路由优化的层级，确定层级的每个级别的路由通告聚合点的数量，确定用于该层次的网络安全策略区域的数量企业，并确定每个网络安全策略领域的多个地址。地址数被四舍五入为地址方案基数的幂，以产生多个舍入地址。该方法还包括为多个舍入地址中的每一个分配地址范围，使得地址范围的起始地址以基本号码的功率开始，并确定多个地址范围的大小。多个地址范围的大小被舍入到基数的幂，以产生重复策略模式的大小。该方法还包括将重复策略模式的实例分配给每个层级的每个路由通告聚合点，以及确定重复策略模式中每个网络安全策略区域的地址和掩码。

2. 发明申请

US20070016637A1 Bitmap network masks 审中-公开
标题翻译：位图网络掩码
公开(公告)号：US20070016637A1
公开(公告)日：2007-01-18
申请号：US11184696
申请日：2005-07-18
申请人： John Brawn , Brian Jemes
发明人： John Brawn , Brian Jemes
IPC分类号： G06F15/16
CPC分类号： H04L63/0272 , H04L47/2441 , H04L63/101
摘要： A bitmap network mask is described for use in network functions such as data packet forwarding, access control list processing, and policy application determination. The bitmap network mask can be applied to a random collection of network parameters if desired. In one format, the bitmap network mask includes a mask sequence of entries in which each entry corresponds to a network parameter covered by the bitmap network mask and one or more indexing parameters for locating an entry in the mask sequence.
摘要翻译：描述了位图网络掩码用于网络功能，如数据包转发，访问控制列表处理和策略应用程序确定。如果需要，位图网络掩码可以应用于网络参数的随机集合。在一种格式中，位图网络掩码包括条目的掩码序列，其中每个条目对应于由位图网络掩码覆盖的网络参数和用于定位掩码序列中的条目的一个或多个索引参数。

3. 发明授权

US07263719B2 System and method for implementing network security policies on a common network infrastructure 有权
标题翻译：在公共网络基础设施上实施网络安全策略的系统和方法
公开(公告)号：US07263719B2
公开(公告)日：2007-08-28
申请号：US09726072
申请日：2000-11-29
申请人： Brian Jemes , John Melvin Brawn , Joseph Garcia , Michael Milligan , John M. Pape , Jeff Hansell
发明人： Brian Jemes , John Melvin Brawn , Joseph Garcia , Michael Milligan , John M. Pape , Jeff Hansell
IPC分类号： G06F15/16
CPC分类号： H04L63/0227 , H04L29/06 , H04L29/12283 , H04L29/12801 , H04L61/2061 , H04L61/6004 , H04L63/104 , H04L63/1466 , H04L69/40
摘要： A secure network is provided which includes a plurality of network bubbles having a plurality of bubble partitions. Each bubble partition has at least one network device configured to transmit and receive data. All the network devices that belong to or correspond to a particular network bubble have the same network security policy. The secure network also includes a plurality of network control points, which has one or more network control point devices having at least one interface. Each bubble partition is connected to at least one network control point. The network control point is used to provide a connection between at least two network devices. Each network control point device is configured to enforce the network security policy of all the network bubbles that are connected to it. During the transmission of data from one network device to another network device, one or more network control points are traversed.
摘要翻译：提供一种安全网络，其包括具有多个气泡分隔件的多个网络气泡。每个气泡分区具有至少一个被配置为发送和接收数据的网络设备。属于或对应于特定网络泡沫的所有网络设备具有相同的网络安全策略。安全网络还包括多个网络控制点，其具有一个或多个具有至少一个接口的网络控制点设备。每个气泡分区连接至少一个网络控制点。网络控制点用于提供至少两个网络设备之间的连接。每个网络控制点设备被配置为强制连接到它的所有网络泡沫的网络安全策略。在从一个网络设备传输到另一个网络设备的过程中，遍历一个或多个网络控制点。

4. 发明申请

US20060230431A1 System and method for implementing a private virtual backbone on a common network infrastructure 有权
标题翻译：在公共网络基础设施上实现私有虚拟骨干网的系统和方法
公开(公告)号：US20060230431A1
公开(公告)日：2006-10-12
申请号：US11094989
申请日：2005-03-31
申请人： Brian Jemes , John Brawn , Farid Filsoof
发明人： Brian Jemes , John Brawn , Farid Filsoof
IPC分类号： H04L9/00
CPC分类号： H04L63/0227 , H04L63/102
摘要： A network security system is provided comprising a plurality of network bubbles wherein each bubble includes bubble members configured to transmit and receive data. Bubbles have network security policies that may be enforced by a plurality of network control point devices. The system further includes a private virtual backbone configured to interconnect the plurality of network control points connected to known bubbles. The privacy of the private virtual backbone is maintained by an inter-bubble device and/or set of two network control points. The inter-bubble device and set of control points enforce the network security policies of any connected bubble and relay data packets between address spaces. The private virtual backbone may operate in private address space. The system also includes an instance-specific virtual backbone that interconnects only bubble partitions from the same network bubble, thus simplifying the enforcement of a network security policy.
摘要翻译：提供了一种网络安全系统，其包括多个网络气泡，其中每个气泡包括配置成发送和接收数据的气泡构件。气泡具有可由多个网络控制点装置执行的网络安全策略。该系统还包括配置成互连连接到已知气泡的多个网络控制点的专用虚拟主干。私有虚拟骨干网的隐私由一个泡沫间设备和/或一组两个网络控制点来维护。气泡间设备和控制点集合强制地址空间之间任何连接的气泡和中继数据分组的网络安全策略。私有虚拟骨干网可以在专用地址空间中操作。该系统还包括一个特定于实例的虚拟骨干网，只将泡沫分区与相同的网络泡沫相互连接，从而简化了网络安全策略的实施。

5. 发明申请

US20050232165A1 System and method of aggregating discontiguous address ranges into addresses and masks using a plurality of repeating address blocks 有权
标题翻译：使用多个重复地址块将不连续地址范围聚合成地址和掩码的系统和方法
公开(公告)号：US20050232165A1
公开(公告)日：2005-10-20
申请号：US11142643
申请日：2005-06-01
申请人： John Brawn , Brian Jemes , Stephen Froelich
发明人： John Brawn , Brian Jemes , Stephen Froelich
IPC分类号： H04L12/56 , H04L29/12 , H04L12/28
CPC分类号： H04L61/2061 , H04L29/12283 , H04L29/12801 , H04L45/02 , H04L45/025 , H04L45/30 , H04L61/6004
摘要： A method of creating a discontiguous address plan for an enterprise is provided which includes determining a hierarchy of routing optimization for an enterprise, determining a number of route advertisement aggregation points at each level of the hierarchy, determining a number of network security policy areas for the enterprise, and determining a number of addresses for each of the network security policy areas. The number of addresses is rounded up to a power of the address scheme base number to produce a plurality of rounded addresses. The method further includes allocating an address range for each of the plurality of rounded addresses so that a starting address of the address range begins on a power of the base number and determining a size of the plurality of address ranges. The size of the plurality of address ranges is rounded up to a power of the base number to produce the size of a repeating policy pattern. The method further includes assigning an instance of the repeating policy pattern to each of the route advertisement aggregation points at each hierarchy, and determining an address and a mask for each of the network security policy areas in the repeating policy pattern.
摘要翻译：提供了一种为企业创建不连续的地址计划的方法，其包括确定企业的路由优化的层级，确定层级的每个级别的路由通告聚合点的数量，确定用于该层次的网络安全策略区域的数量企业，并确定每个网络安全策略领域的多个地址。地址数被四舍五入为地址方案基数的幂，以产生多个舍入地址。该方法还包括为多个舍入地址中的每一个分配地址范围，使得地址范围的起始地址以基本号码的功率开始，并确定多个地址范围的大小。多个地址范围的大小被舍入到基数的幂，以产生重复策略模式的大小。该方法还包括将重复策略模式的实例分配给每个层级的每个路由通告聚合点，以及确定重复策略模式中每个网络安全策略区域的地址和掩码。

6. 发明授权

US08578441B2 Enforcing network security policies with packet labels 有权
标题翻译：使用分组标签强制实施网络安全策略
公开(公告)号：US08578441B2
公开(公告)日：2013-11-05
申请号：US10896676
申请日：2004-07-22
申请人： Vincent Giles , Brian Jemes
发明人： Vincent Giles , Brian Jemes
IPC分类号： H04L29/06
CPC分类号： H04L63/0218 , H04L63/0263 , H04L69/16 , H04L69/161
摘要： A secured network is disclosed configured to carry data, comprising a plurality of network bubbles and a plurality of network control points, wherein each network bubble comprises one or more bubble partitions and each bubble partition comprises at least one networked device configured to transmit and receive data, and all of the network devices corresponding to at least one of the plurality of network bubbles have a common network security policy. At least one network control point, such as a router, is provided with a marker module arranged to mark outgoing packets with a label corresponding to the network bubble from which the packets originate that can be used to enforce the network security policy of the at least one network bubble.
摘要翻译：公开了一种安全网络，其被配置为承载包括多个网络泡沫和多个网络控制点的数据，其中每个网络气泡包括一个或多个气泡分区，并且每个气泡分区包括配置成发送和接收数据的至少一个网络设备并且与多个网络气泡中的至少一个相对应的所有网络设备具有公共网络安全策略。至少一个网络控制点（例如路由器）被提供有标记模块，该标记模块被布置为使用与从其起源的网络气泡相对应的标签来标记输出分组，标签模块可以用于强制至少该网络安全策略一个网络泡沫。

7. 发明授权

US07376965B2 System and method for implementing a bubble policy to achieve host and network security 有权
标题翻译：实现泡沫政策以实现主机和网络安全的系统和方法
公开(公告)号：US07376965B2
公开(公告)日：2008-05-20
申请号：US09861986
申请日：2001-05-14
申请人： Brian Jemes , John Melvin Brawn , Leif Buch-Pedersen
发明人： Brian Jemes , John Melvin Brawn , Leif Buch-Pedersen
IPC分类号： G06F15/177 , G06F15/173
CPC分类号： H04L63/0218 , H04L29/06 , H04L29/12283 , H04L29/12801 , H04L61/2061 , H04L61/6004 , H04L63/0227 , H04L63/0263 , H04L63/104 , H04L69/40
摘要： A method of creating a structured access list template, which includes dividing an access list template into a plurality of sections, creating an inbound local rule group for the bubble, creating an outbound local rule group for the bubble, creating an inbound remote rule group for the bubble, and creating an outbound remote rule group for the bubble. A method of creating an access list for each of the plurality of bubble boundary devices, which includes creating an address table that includes a plurality of addresses corresponding to devices in a bubble partition, creating a protocol table that includes a list of network services and whether each of the network services are granted or denied access to the bubble partition, creating an access list template using the address table and the protocol table, generating an access list from the access list template, and providing the access list to one of the plurality of bubble boundary devices.
摘要翻译：一种创建结构化访问列表模板的方法，包括将访问列表模板划分为多个区段，为泡沫创建入站本地规则组，为泡沫创建出站本地规则组，为入口远程规则组创建入口远程规则组，气泡，并为气泡创建出站远程规则组。一种为多个气泡边界设备中的每一个创建访问列表的方法，其包括创建包括与气泡分区中的设备相对应的多个地址的地址表，创建包括网络服务列表的协议表以及是否每个网络服务被授予或拒绝访问气泡分区，使用地址表和协议表创建访问列表模板，从访问列表模板生成访问列表，并将访问列表提供给多个气泡边界装置。

8. 发明授权

US07020718B2 System and method of aggregating discontiguous address ranges into addresses and masks using a plurality of repeating address blocks 失效
公开(公告)号：US07020718B2
公开(公告)日：2006-03-28
申请号：US09855862
申请日：2001-05-14
申请人： John Melvin Brawn , Brian Jemes , Stephen F. Froelich
发明人： John Melvin Brawn , Brian Jemes , Stephen F. Froelich
IPC分类号： G06F15/173 , G06F15/16 , G06F12/14 , G06F12/10
CPC分类号： H04L61/2061 , H04L29/12283 , H04L29/12801 , H04L45/02 , H04L45/025 , H04L45/30 , H04L61/6004
摘要： A method of creating a discontiguous address plan for an enterprise is provided which includes determining a hierarchy of routing optimization for an enterprise, determining a number of route advertisement aggregation points at each level of the hierarchy, determining a number of network security policy areas for the enterprise, and determining a number of addresses for each of the network security policy areas. The number of addresses is rounded up to a power of the address scheme base number to produce a plurality of rounded addresses. The method further includes allocating an address range for each of the plurality of rounded addresses so that a starting address of the address range begins on a power of the base number and determining a size of the plurality of address ranges. The size of the plurality of address ranges is rounded up to a power of the base number to produce the size of a repeating policy pattern. The method further includes assigning an instance of the repeating policy pattern to each of the route advertisement aggregation points at each hierarchy, and determining an address and a mask for each of the network security policy areas in the repeating policy pattern.

9. 发明申请

US20060021001A1 Method and apparatus for implementing security policies in a network 有权
标题翻译：在网络中实施安全策略的方法和装置
公开(公告)号：US20060021001A1
公开(公告)日：2006-01-26
申请号：US10896676
申请日：2004-07-22
申请人： Vincent Giles , Brian Jemes
发明人： Vincent Giles , Brian Jemes
IPC分类号： G06F17/00
CPC分类号： H04L63/0218 , H04L63/0263 , H04L69/16 , H04L69/161
摘要： A secured network is disclosed configured to carry data, comprising a plurality of network bubbles and a plurality of network control points, wherein each network bubble comprises one or more bubble partitions and each bubble partition comprises at least one networked device configured to transmit and receive data, and all of the network devices corresponding to at least one of the plurality of network bubbles have a common network security policy. At least one network control point, such as a router, is provided with a marker module arranged to mark outgoing packets with a label corresponding to the network bubble from which the packets originate that can be used to enforce the network security policy of the at least one network bubble.
摘要翻译：公开了一种安全网络，其被配置为承载包括多个网络泡沫和多个网络控制点的数据，其中每个网络气泡包括一个或多个气泡分区，并且每个气泡分区包括配置成发送和接收数据的至少一个网络设备并且与多个网络气泡中的至少一个相对应的所有网络设备具有公共网络安全策略。至少一个网络控制点（例如路由器）被提供有标记模块，该标记模块被布置为使用与从其起源的网络气泡相对应的标签来标记输出分组，标签模块可以用于强制至少该网络安全策略一个网络泡沫。

你已经成功收藏专利！

检索式保存成功!

IPRDB

热门服务

关于我们

友情链接

联系方式