专利快速检索-快速检索全球专利，免费商用专利数据库-IPRDB

1. 发明授权

US07376828B1 Method and apparatus for using incompletely trusted service provider point-to-point networks 有权
标题翻译：使用不完全信任的服务提供商点对点网络的方法和装置
公开(公告)号：US07376828B1
公开(公告)日：2008-05-20
申请号：US10188499
申请日：2002-07-01
申请人： Eric Voit , Pratima Sethi , Jan Vilhuber
发明人： Eric Voit , Pratima Sethi , Jan Vilhuber
IPC分类号： H04L9/00
CPC分类号： H04L63/0428
摘要： A method and apparatus for using a service provider network that supports point-to-point channels is disclosed. One or more encryption parameters are associated with a channel from among a set of one or more predefined point-to-point channels provided by the service provider to connect customer points for a customer different than the service provider. Payloads for a particular flow of one or more data packets directed through the channel are encrypted at a first customer point, using the set of encryption parameters associated with the particular channel, to generate a set of one or more encrypted payloads. The encrypted payloads are inserted in the particular flow sent through the channel of the service provider network. The encrypted payloads are decrypted at a second customer point connected to the first customer point by the channel.
摘要翻译：公开了一种使用支持点到点信道的服务提供商网络的方法和装置。一个或多个加密参数与由服务提供商提供的一个或多个预定义点对点通道的集合中的信道相关联，以连接不同于服务提供商的客户的客户点。通过信道引导的一个或多个数据分组的特定流的有效载荷使用与特定信道相关联的一组加密参数在第一客户点进行加密，以生成一组一个或多个加密的有效载荷。加密的有效载荷被插入到通过服务提供商网络的信道发送的特定流中。加密的有效载荷在通过信道连接到第一客户点的第二客户点解密。

2. 发明授权

US08650394B2 Certifying the identity of a network device 有权
标题翻译：验证网络设备的身份
公开(公告)号：US08650394B2
公开(公告)日：2014-02-11
申请号：US13296069
申请日：2011-11-14
申请人： Jan Vilhuber , Max Pritikin
发明人： Jan Vilhuber , Max Pritikin
IPC分类号： H04L29/06 , G06F21/00
CPC分类号： H04L9/3263 , H04L63/0442 , H04L63/0823
摘要： According to one aspect, a method for certifying the identity of a network device. The method includes an initial step of coupling the network device to a provisioning device via a physically secure communications link. The provisioning device then certifies the identity of the network device including generating a cryptographic private key for the network device and sending the generated private key to the network device over the physically secure communications link.
摘要翻译：根据一个方面，一种用于验证网络设备的身份的方法。该方法包括通过物理上安全的通信链路将网络设备耦合到供应设备的初始步骤。配置设备然后证明网络设备的身份，包括为网络设备生成加密专用密钥，并通过物理安全通信链路将生成的专用密钥发送到网络设备。

3. 发明授权

US07849495B1 Method and apparatus for passing security configuration information between a client and a security policy server 有权
标题翻译：在客户端和安全策略服务器之间传递安全配置信息的方法和装置
公开(公告)号：US07849495B1
公开(公告)日：2010-12-07
申请号：US10226887
申请日：2002-08-22
申请人： Geoffrey Huang , Jan Vilhuber
发明人： Geoffrey Huang , Jan Vilhuber
IPC分类号： H04L9/00
CPC分类号： H04L63/062 , H04L63/02 , H04L63/102 , H04L63/20 , H04L67/34
摘要： Techniques for passing security configuration information between a security policy server and a client includes the client forming a request for security configuration information that configures the client for secure communications. The client is separated by an untrusted network from a trusted network that includes the security policy sever. A tag is generated that indicates a generic security configuration attribute. An Internet Security Association and Key Management Protocol (ISAKMP) configuration mode request message is sent to a security gateway on an edge of the trusted network connected to the untrusted network. The message includes the request in association with the tag. The gateway sends the request associated with the tag to the security policy server on the trusted network and does not interpret the request. The techniques allow client configuration extensions to be added by modifying the policy server or security client, or both, without modifying the gateway.
摘要翻译：在安全策略服务器和客户端之间传递安全配置信息的技术包括客户端形成用于配置客户机以进行安全通信的安全配置信息的请求。客户端由包含安全策略服务器的受信任网络的不可信网络分隔开。生成一个标签，指示一般的安全配置属性。互联网安全关联和密钥管理协议（ISAKMP）配置模式请求消息被发送到连接到不可信网络的可信网络的边缘上的安全网关。消息包括与标签相关联的请求。网关将与标签关联的请求发送到可信网络上的安全策略服务器，不会解释请求。这些技术允许通过修改策略服务器或安全客户端或两者来添加客户端配置扩展，而无需修改网关。

4. 发明申请

US20070220589A1 Techniques for validating public keys using AAA services 有权
标题翻译：使用AAA服务验证公钥的技术
公开(公告)号：US20070220589A1
公开(公告)日：2007-09-20
申请号：US11378577
申请日：2006-03-17
申请人： Joseph Salowey , Jan Vilhuber
发明人： Joseph Salowey , Jan Vilhuber
IPC分类号： H04L9/32
CPC分类号： H04L63/08 , H04L63/0892 , H04L63/12
摘要： Techniques for validating a first device are provided. A second device receives a first device public key and first device identification information from the first device. Validation of the first device identification information is required for a security process using a security protocol. The second device sends the first device public key and the first device identification information to an AAA server for validation. The AAA server is separate from the second device. The second device receives a response from the AAA server, the response including an indication whether the received first device identification information is validated with stored first device identification information for the first device public key. If the first device identification information is validated, an action for the security process is performed using the security protocol.
摘要翻译：提供了验证第一设备的技术。第二设备从第一设备接收第一设备公钥和第一设备标识信息。使用安全协议的安全过程需要验证第一个设备标识信息。第二设备将第一设备公钥和第一设备标识信息发送到AAA服务器进行验证。 AAA服务器与第二个设备分开。所述第二设备从所述AAA服务器接收响应，所述响应包括所接收的第一设备标识信息是否被所存储的用于所述第一设备公钥的第一设备标识信息验证的指示。如果第一设备识别信息被验证，则使用安全协议执行安全处理的动作。

5. 发明授权

US08341250B2 Networking device provisioning 有权
标题翻译：网络设备配置
公开(公告)号：US08341250B2
公开(公告)日：2012-12-25
申请号：US12475487
申请日：2009-05-30
申请人： Max Pritikin , David A. McGrew , Jan Vilhuber , Brian E. Weis
发明人： Max Pritikin , David A. McGrew , Jan Vilhuber , Brian E. Weis
IPC分类号： G06F15/177
CPC分类号： H04L41/0806 , H04L63/0823
摘要： Systems, methods and other embodiments associated with network device provisioning are described. One example method includes storing a set of device specific identification data in a network device. The example method may also include storing an association between the network device and a set of device specific provisioning data. The example method may also include providing the set of device specific provisioning data to the network device. The set of device specific provisioning data may be provided in response to receiving a provisioning data request from the network device.
摘要翻译：描述了与网络设备供应相关联的系统，方法和其他实施例。一个示例性方法包括将一组设备特定标识数据存储在网络设备中。示例性方法还可以包括存储网络设备与一组设备特定供应数据之间的关联。示例性方法还可以包括向网络设备提供设备特定供应数据集。响应于从网络设备接收供应数据请求，可以提供该设备特定供应数据集。

6. 发明授权

US08250359B2 Method and apparatus for distributing group data in a tunneled encrypted virtual private network 有权
标题翻译：在隧道加密的虚拟专用网络中分发组数据的方法和装置
公开(公告)号：US08250359B2
公开(公告)日：2012-08-21
申请号：US12760507
申请日：2010-04-14
申请人： Brian E. Weis , Jan Vilhuber , Michael Lee Sullenberger , Frederic R. P. Detienne
发明人： Brian E. Weis , Jan Vilhuber , Michael Lee Sullenberger , Frederic R. P. Detienne
IPC分类号： H04L9/00
CPC分类号： H04L12/1886 , H04L45/16 , H04L63/0428 , H04L63/065
摘要： A packet forwarding process, on a data communications device, forwards a packet to a plurality of destinations within a network from that data communications device using an “encrypt, then replicate” method. The packet forwarding process receives a packet that is to be transmitted to the plurality of destinations, and applies a security association to the packet using security information shared between the data communications device, and the plurality of destinations, to create a secured packet. The secured packet contains a header that has a source address and a destination address. The source address is inserted into the header, and then the packet forwarding process replicates the secured packet, once for each of the plurality of destinations. After replication, the destination address is inserted into the header, and the packet forwarding process transmits each replicated secured packet to each of the plurality of destinations authorized to maintain the security association.
摘要翻译：在数据通信设备上的分组转发过程使用“加密，然后复制”方法将数据包从该数据通信设备转发到网络内的多个目的地。分组转发过程接收要发送到多个目的地的分组，并且使用在数据通信设备和多个目的地之间共享的安全信息来向分组应用安全关联，以创建安全分组。安全数据包包含一个具有源地址和目标地址的报头。源地址被插入到报头中，然后分组转发过程对多个目的地中的每个目的地一次复制安全分组。在复制之后，目的地址被插入到报头中，并且分组转发过程将每个复制的安全分组传送到被授权维护安全关联的多个目的地中的每一个。

7. 发明授权

US08015594B2 Techniques for validating public keys using AAA services 有权
标题翻译：使用AAA服务验证公钥的技术
公开(公告)号：US08015594B2
公开(公告)日：2011-09-06
申请号：US11378577
申请日：2006-03-17
申请人： Joseph Salowey , Jan Vilhuber
发明人： Joseph Salowey , Jan Vilhuber
IPC分类号： H04L29/06
CPC分类号： H04L63/08 , H04L63/0892 , H04L63/12
摘要： Techniques for validating a first device are provided. A second device receives a first device public key and first device identification information from the first device. Validation of the first device identification information is required for a security process using a security protocol. The second device sends the first device public key and the first device identification information to an AAA server for validation. The AAA server is separate from the second device. The second device receives a response from the AAA server, the response including an indication whether the received first device identification information is validated with stored first device identification information for the first device public key. If the first device identification information is validated, an action for the security process is performed using the security protocol.
摘要翻译：提供了验证第一设备的技术。第二设备从第一设备接收第一设备公钥和第一设备标识信息。使用安全协议的安全过程需要验证第一个设备标识信息。第二设备将第一设备公钥和第一设备标识信息发送到AAA服务器进行验证。 AAA服务器与第二个设备分开。所述第二设备从所述AAA服务器接收响应，所述响应包括所接收的第一设备标识信息是否被所存储的用于所述第一设备公钥的所存储的第一设备标识信息验证的指示。如果第一设备识别信息被验证，则使用安全协议来执行安全处理的动作。

8. 发明申请

US20100205428A1 Method and Apparatus for Distributing Group Data In A Tunneled Encrypted Virtual Private Network 有权
标题翻译：在隧道加密虚拟专用网中分配组数据的方法和装置
公开(公告)号：US20100205428A1
公开(公告)日：2010-08-12
申请号：US12760507
申请日：2010-04-14
申请人： Brian E. Weis , Jan Vilhuber , Michael Lee Sullenberger , Frederic R.P. Detienne
发明人： Brian E. Weis , Jan Vilhuber , Michael Lee Sullenberger , Frederic R.P. Detienne
IPC分类号： H04L9/00
CPC分类号： H04L12/1886 , H04L45/16 , H04L63/0428 , H04L63/065
摘要： A packet forwarding process, on a data communications device, forwards a packet to a plurality of destinations within a network from that data communications device using an “encrypt, then replicate” method. The packet forwarding process receives a packet that is to be transmitted to the plurality of destinations, and applies a security association to the packet using security information shared between the data communications device, and the plurality of destinations, to create a secured packet. The secured packet contains a header that has a source address and a destination address. The source address is inserted into the header, and then the packet forwarding process replicates the secured packet, once for each of the plurality of destinations. After replication, the destination address is inserted into the header, and the packet forwarding process transmits each replicated secured packet to each of the plurality of destinations authorized to maintain the security association.
摘要翻译：在数据通信设备上的分组转发过程使用“加密，然后复制”方法将数据包从该数据通信设备转发到网络内的多个目的地。分组转发过程接收要发送到多个目的地的分组，并且使用在数据通信设备和多个目的地之间共享的安全信息来向分组应用安全关联，以创建安全分组。安全数据包包含一个具有源地址和目标地址的报头。源地址被插入到报头中，然后分组转发过程对多个目的地中的每个目的地一次复制安全分组。在复制之后，目的地址被插入到报头中，并且分组转发过程将每个复制的安全分组传送到被授权维护安全关联的多个目的地中的每一个。

9. 发明申请

US20080222413A1 METHOD AND APPARATUS FOR INTEGRATED PROVISIONING OF A NETWORK DEVICE WITH CONFIGURATION INFORMATION AND IDENTITY CERTIFICATION 有权
标题翻译：具有配置信息和身份认证的网络设备集成提供的方法和装置
公开(公告)号：US20080222413A1
公开(公告)日：2008-09-11
申请号：US12126219
申请日：2008-05-23
申请人： Jan Vilhuber , Max Pritikin
发明人： Jan Vilhuber , Max Pritikin
IPC分类号： H04L9/00
CPC分类号： H04L9/3263 , H04L63/0442 , H04L63/0823
摘要： According to one aspect, a provisioning server comprises a configuration module that configures a network device and an identification certification module that certifies the identity of the network device. With use of the provisioning server, the network device does not require configuration with network connectivity in order to obtain its certified identity. In one embodiment, configuration module configures the device for operation at the device's point of deployment in a network. In one embodiment, the identity certification module is configured to generate a digital certificate for the network device and the configuration module is configured to automatically configure the network device based on its digital certificate. The provisioning server is coupled to the network device with a secure communication link. As a result, a more trusted network device is ultimately deployed into its network of operation.
摘要翻译：根据一个方面，供应服务器包括配置模块，其配置网络设备和认证网络设备的身份的识别认证模块。使用配置服务器，网络设备不需要配置网络连接才能获得其认证的身份。在一个实施例中，配置模块将设备配置为在设备的网络部署点操作。在一个实施例中，身份认证模块被配置为生成用于网络设备的数字证书，并且配置模块被配置为基于其数字证书自动配置网络设备。配置服务器通过安全通信链路耦合到网络设备。因此，更可靠的网络设备最终部署到其操作网络中。

10. 发明授权

US08261318B2 Method and apparatus for passing security configuration information between a client and a security policy server 有权
标题翻译：在客户端和安全策略服务器之间传递安全配置信息的方法和装置
公开(公告)号：US08261318B2
公开(公告)日：2012-09-04
申请号：US12888289
申请日：2010-09-22
申请人： Geoffrey Huang , Jan Vilhuber
发明人： Geoffrey Huang , Jan Vilhuber
IPC分类号： H04L9/00
CPC分类号： H04L63/062 , H04L63/02 , H04L63/102 , H04L63/20 , H04L67/34
摘要： Techniques for passing security configuration information between a security policy server and a client includes the client forming a request for security configuration information that configures the client for secure communications. The client is separated by an untrusted network from a trusted network that includes the security policy sever. A tag is generated that indicates a generic security configuration attribute. An Internet Security Association and Key Management Protocol (ISAKMP) configuration mode request message is sent to a security gateway on an edge of the trusted network connected to the untrusted network. The message includes the request in association with the tag. The gateway sends the request associated with the tag to the security policy server on the trusted network and does not interpret the request. The techniques allow client configuration extensions to be added by modifying the policy server or security client, or both, without modifying the gateway.
摘要翻译：在安全策略服务器和客户端之间传递安全配置信息的技术包括客户端形成用于配置客户机以进行安全通信的安全配置信息的请求。客户端由包含安全策略服务器的受信任网络的不可信网络分隔开。生成一个标签，指示一般的安全配置属性。互联网安全关联和密钥管理协议（ISAKMP）配置模式请求消息被发送到连接到不可信网络的可信网络的边缘上的安全网关。消息包括与标签相关联的请求。网关将与标签关联的请求发送到可信网络上的安全策略服务器，不会解释请求。这些技术允许通过修改策略服务器或安全客户端或两者来添加客户端配置扩展，而无需修改网关。

你已经成功收藏专利！

检索式保存成功!

IPRDB

热门服务

关于我们

友情链接

联系方式