专利快速检索-快速检索全球专利，免费商用专利数据库-IPRDB

1. 发明授权

US07620975B2 Internal routing protocol support for distributing encryption information 有权
标题翻译：内部路由协议支持分发加密信息
公开(公告)号：US07620975B2
公开(公告)日：2009-11-17
申请号：US11059736
申请日：2005-02-17
申请人： James N. Guichard , W. Scott Wainner , Brian E. Weis , David A. McGrew
发明人： James N. Guichard , W. Scott Wainner , Brian E. Weis , David A. McGrew
IPC分类号： G06F7/04 , G06F15/16 , G06F17/30 , H04F29/06
CPC分类号： H04L45/00 , H04L45/04 , H04L63/0428 , H04L63/065 , H04L63/102
摘要： A method and apparatus for providing routing protocol support for distributing encryption information is presented. Subnet prefixes reachable on a first customer site in an encrypted manner are identified, as are security groups the subnet prefixes belong to. An advertisement is received at a first Customer Edge (CE) device in the first customer site, the advertisement originating from a Customer (C) device in the first customer site. The advertisement indicates links, subnets to be encrypted, and security group identifiers. The prefixes and the security group identifiers are then propagated across a service provider network to a second CE device located in a second customer site. In such a manner, encryption and authentication is expanded further into a customer site, as customer devices are able to indicate to a service provider network infrastructure and other customer devices in other customer sites which local destinations require encryption/authentication.
摘要翻译：提出了一种用于提供分发加密信息的路由协议支持的方法和装置。标识第一个客户站点上加密方式的子网前缀，以及子网前缀所属的安全组。在第一客户站点的第一客户边缘（CE）设备处接收广告，该广告源自第一客户站点中的客户（C）设备。该广告指示要加密的链接，子网，以及安全组标识符。然后，前缀和安全组标识符通过服务提供商网络传播到位于第二客户站点中的第二CE设备。以这种方式，加密和认证进一步扩展到客户站点，因为客户设备能够向服务提供商指示本地目的地需要加密/认证的其他客户站点中的网络基础设施和其他客户设备。

2. 发明授权

US07509491B1 System and method for dynamic secured group communication 有权
标题翻译：动态安全群组通信的系统和方法
公开(公告)号：US07509491B1
公开(公告)日：2009-03-24
申请号：US10867266
申请日：2004-06-14
申请人： W. Scott Wainner , James N. Guichard , Brian E. Weis , David A. McGrew
发明人： W. Scott Wainner , James N. Guichard , Brian E. Weis , David A. McGrew
IPC分类号： H04L9/00
CPC分类号： H04L63/0272 , H04L9/0833 , H04L9/321 , H04L63/0435 , H04L63/065 , H04L63/08 , H04L63/164
摘要： Conventional mechanisms exist for denoting such a communications group (group) and for establishing point-to-point, or unicast, secure connections between members of the communications group. In a particular arrangement, group members employ a group key operable for multicast security for unicast communication, thus avoiding establishing additional unicast keys for each communication between group members. Since the recipient of such a unicast message may not know the source, however, the use of the group key assures the recipient that the sender is a member of the same group. Accordingly, a system which enumerates a set of subranges (subnets) included in a particular group, such as a VPN, and establishing a group key corresponding to the group applies the group key to communications from the group members in the subnet. The group key is associated with the group ID by enumerating the address prefixes corresponding to each of the subnets in the group, and examining outgoing transmissions for destination addresses matching one of the address prefixes corresponding to the group.
摘要翻译：存在用于表示这样的通信组（组）和用于在通信组的成员之间建立点对点或单播安全连接的常规机制。在特定的布置中，组成员使用可用于单播通信的组播安全性的组密钥，从而避免为组成员之间的每个通信建立附加的单播密钥。由于这样的单播消息的接收者可能不知道源，所以使用组密钥确保接收方发送者是同一组的成员。因此，枚举包括在特定组（例如VPN）中的一组子范围（子网）的系统并且建立与该组相对应的组密钥的组密钥用于从子网中的组成员进行通信。通过列举与组中的每个子网相对应的地址前缀，并且检查与对应于该组的一个地址前缀匹配的目的地地址的传出传输，组密钥与组ID相关联。

3. 发明授权

US07724732B2 Secure multipoint internet protocol virtual private networks 有权
标题翻译：安全的多点互联网协议虚拟专用网络
公开(公告)号：US07724732B2
公开(公告)日：2010-05-25
申请号：US11072086
申请日：2005-03-04
申请人： James N. Guichard , W. Scott Wainner , John J. Mullooly , Brian E. Weis
发明人： James N. Guichard , W. Scott Wainner , John J. Mullooly , Brian E. Weis
IPC分类号： H04L12/56
CPC分类号： H04L63/0272 , H04L12/18 , H04L12/4641 , H04L63/0428
摘要： A method, apparatus and computer program product for providing secure multipoint Internet Protocol Virtual Private Networks (IPVPNs) is presented. A packet lookup is performed in order to determine a next hop. A VPN label is pushed on the packet, as is an IP tunnel header. Group encryption through the use of DGVPN is further utilized. In such a manner secure connectivity and network partitioning are provided in a single solution.
摘要翻译：提出了一种用于提供安全多点互联网协议虚拟专用网（IPVPN）的方法，装置和计算机程序产品。执行分组查找以确定下一跳。 VPN标签被推送到数据包，IP隧道头也是如此。进一步利用通过使用DGVPN进行组加密。以这种方式，在单一解决方案中提供了安全的连接和网络划分。

4. 发明授权

US07613826B2 Methods and apparatus for providing multiple policies for a virtual private network 有权
标题翻译：为虚拟专用网提供多种策略的方法和装置
公开(公告)号：US07613826B2
公开(公告)日：2009-11-03
申请号：US11350991
申请日：2006-02-09
申请人： James N. Guichard , W. Scott Wainner , Brian E. Weis , Mohamed Khalid
发明人： James N. Guichard , W. Scott Wainner , Brian E. Weis , Mohamed Khalid
IPC分类号： G06F15/16
CPC分类号： H04L12/4641 , H04L45/00 , H04L45/42 , H04L45/586 , H04L47/10 , H04L47/125 , H04L47/20 , H04L63/0272
摘要： A system provides a request for a policy from a policy server, and receives the policy from the policy server. The policy indicates processing to be applied to a traffic partition passing through the device. The system configures the policy within a routing structure associated with the traffic partition for the policy in the device, and routes a stream of traffic for the routing structure in accordance with the policy for that routing structure.
摘要翻译：系统从策略服务器提供对策略的请求，并从策略服务器接收策略。该策略指示要应用于通过设备的流量分区的处理。系统在与设备中策略的流量分配相关联的路由结构中配置策略，并根据路由结构的策略为路由结构路由流量流。

5. 发明授权

US07720995B2 Conditional BGP advertising for dynamic group VPN (DGVPN) clients 有权
标题翻译：动态组VPN（DGVPN）客户端的条件BGP广告
公开(公告)号：US07720995B2
公开(公告)日：2010-05-18
申请号：US11811381
申请日：2007-06-08
申请人： W. Scott Wainner , James N. Guichard
发明人： W. Scott Wainner , James N. Guichard
IPC分类号： G06F15/173 , G06F7/04 , H04L12/56
CPC分类号： H04L63/104 , H04L63/065
摘要： In a host within a group, a method for ensuring secure communications is provided. The method involves (a) determining if a group security policy is in place for secure communication between hosts within the group, (b) if the group security policy is in place, advertising routing information to another host within the group, and (c) if the group security policy is not in place, refraining from advertising routing information to the other host. Corresponding apparatus and computer program product embodiments are also provided.
摘要翻译：在组内的主机中，提供用于确保安全通信的方法。该方法涉及（a）确定群组内的主机之间是否有安全通信的群组安全策略，（b）如果群组安全策略到位，则将路由信息通告给该群组内的其他主机，以及（c）如果组安全策略不到位，则不向其他主机广告路由信息。还提供了相应的装置和计算机程序产品实施例。

6. 发明授权

US07688829B2 System and methods for network segmentation 有权
标题翻译：网络分割的系统和方法
公开(公告)号：US07688829B2
公开(公告)日：2010-03-30
申请号：US11226011
申请日：2005-09-14
申请人： James N. Guichard , W. Scott Wainner , Saul Adler , Khalil A. Jabr , S. Scott Van de Houten
发明人： James N. Guichard , W. Scott Wainner , Saul Adler , Khalil A. Jabr , S. Scott Van de Houten
IPC分类号： H04L12/28
CPC分类号： H04L12/4641 , H04L45/50 , H04L45/66
摘要： A routing mechanism provides network segmentation preservation by route distribution with segment identification, policy distribution for a given VPN segment, and encapsulation/decapsulation for each segment using an Ethernet VLAN_ID, indicative of the VPN segment (subnetwork). Encapsulated segmentation information in a message packet identifies which routing and forwarding table is employed for the next hop. A common routing instance receives the message packets from the common interface, and indexes a corresponding VRF table from the VLAN ID, or segment identifier, indicative of the subnetwork (e.g. segment). In this manner, the routing instance receives the incoming message packet, decapsulates the VLAN ID in the incoming message packet, and indexes the corresponding VRF and policy ID from the VLAN ID, therefore employing a common routing instance over a common subinterface for a plurality of segments (subnetworks) coupled to a particular forwarding device (e.g. VPN router).
摘要翻译：路由机制通过分段识别，给定VPN段的策略分配以及使用指示VPN段（子网）的以太网VLAN_ID对每个段进行封装/解封装来提供网络分段保护。消息分组中的封装分段信息标识下一跳采用的路由和转发表。公共路由实例从公共接口接收消息包，并从指示子网（例如，段）的VLAN ID或段标识符中对相应的VRF表进行索引。以这种方式，路由实例接收到入消息包，将入局消息包中的VLAN ID解封装，并从VLAN ID中对相应的VRF和策略ID进行索引，因此在公共子接口上采用公共路由实例，耦合到特定转发设备（例如，VPN路由器）的段（子网络）。

7. 发明授权

US07516224B2 Pseudowire termination directly on a router 有权
标题翻译：伪线终止在路由器上
公开(公告)号：US07516224B2
公开(公告)日：2009-04-07
申请号：US10970014
申请日：2004-10-21
申请人： James N. Guichard , Mohammed Sayeed , Bertrand Duvivier , Daniel Tappan , W. Scott Wainner , Earl Hardin Booth, III , Christopher Metz , W. Mark Townsley , Wojciech Dec
发明人： James N. Guichard , Mohammed Sayeed , Bertrand Duvivier , Daniel Tappan , W. Scott Wainner , Earl Hardin Booth, III , Christopher Metz , W. Mark Townsley , Wojciech Dec
IPC分类号： G06F15/16
CPC分类号： H04L12/4633
摘要： A method, apparatus and computer program product for routing data within a packet-switched network using a PW wherein the PW is terminated directly on the layer-3 routing device such that certain services and applications can be utilized is presented. The method, apparatus and computer program product receives an encapsulated layer-2 Protocol Data Unit (PDU) from a pseudowire emulating a service. The encapsulation is removed from the encapsulated layer-2 PDU and a layer-2 circuit associated with the pseudowire is terminated. The circuit is treated as an interface and the PDU is forwarded based on upper layer protocol information within the PDU.
摘要翻译：一种用于使用PW在分组交换网络内路由数据的方法，装置和计算机程序产品，其中PW直接终止在第3层路由设备上，使得可以利用某些服务和应用。方法，装置和计算机程序产品从模拟服务的伪线接收封装的第二层协议数据单元（PDU）。从封装层2 PDU去除封装，并终止与伪线相关联的二层电路。该电路被视为一个接口，并且基于PDU内的上层协议信息转发PDU。

8. 发明申请

US20080307110A1 Conditional BGP advertising for dynamic group VPN (DGVPN) clients 有权
标题翻译：动态组VPN（DGVPN）客户端的条件BGP广告
公开(公告)号：US20080307110A1
公开(公告)日：2008-12-11
申请号：US11811381
申请日：2007-06-08
申请人： W. Scott Wainner , James N. Guichard
发明人： W. Scott Wainner , James N. Guichard
IPC分类号： G06F15/173
CPC分类号： H04L63/104 , H04L63/065
摘要： In a host within a group, a method for ensuring secure communications is provided. The method involves (a) determining if a group security policy is in place for secure communication between hosts within the group, (b) if the group security policy is in place, advertising routing information to another host within the group, and (c) if the group security policy is not in place, refraining from advertising routing information to the other host. Corresponding apparatus and computer program product embodiments are also provided.
摘要翻译：在组内的主机中，提供用于确保安全通信的方法。该方法涉及（a）确定群组内的主机之间是否有安全通信的群组安全策略，（b）如果群组安全策略到位，则将路由信息通告给该群组内的另一个主机，以及（c）如果组安全策略不到位，则不向其他主机广告路由信息。还提供了相应的装置和计算机程序产品实施例。

9. 发明申请

US20090185573A1 PSUEDOWIRE TERMINATION DIRECTLY ON A ROUTER 有权
标题翻译：电子邮件直接终止
公开(公告)号：US20090185573A1
公开(公告)日：2009-07-23
申请号：US12415396
申请日：2009-03-31
申请人： James N. Guichard , Mohammed Sayeed , Bertrand Duvivier , Daniel Tappan , W. Scott Wainner , Earl Hardin Booth, III , Christopher Metz , W. Mark Townsley , Wojciech Dec
发明人： James N. Guichard , Mohammed Sayeed , Bertrand Duvivier , Daniel Tappan , W. Scott Wainner , Earl Hardin Booth, III , Christopher Metz , W. Mark Townsley , Wojciech Dec
IPC分类号： H04L12/56
CPC分类号： H04L12/4633
摘要： A method, apparatus and computer program product for routing data within a packet-switched network using a PW wherein the PW is terminated directly on the layer-3 routing device such that certain services and applications can be utilized is presented. The method, apparatus and computer program product receives an encapsulated layer-2 Protocol Data Unit (PDU) from a pseudowire emulating a service. The encapsulation is removed from the encapsulated layer-2 PDU and a layer-2 circuit associated with the pseudowire is terminated. The circuit is treated as an interface and the PDU is forwarded based on upper layer protocol information within the PDU.
摘要翻译：一种用于使用PW在分组交换网络内路由数据的方法，装置和计算机程序产品，其中PW直接终止在第3层路由设备上，使得可以利用某些服务和应用。方法，装置和计算机程序产品从模拟服务的伪线接收封装的第二层协议数据单元（PDU）。从封装层2 PDU去除封装，并终止与伪线相关联的二层电路。该电路被视为一个接口，并且基于PDU内的上层协议信息转发PDU。

10. 发明授权

US07373660B1 Methods and apparatus to distribute policy information 有权
标题翻译：分发政策信息的方法和手段
公开(公告)号：US07373660B1
公开(公告)日：2008-05-13
申请号：US10649755
申请日：2003-08-26
申请人： James N. Guichard , Daniel C. Tappan , Robert Hanzl , W. Scott Wainner
发明人： James N. Guichard , Daniel C. Tappan , Robert Hanzl , W. Scott Wainner
IPC分类号： G06F17/00
CPC分类号： H04L47/10 , H04L63/0272 , H04L63/164 , H04L63/20
摘要： A first node generates and transmits a notification message including routing policy attributes such as network address information and a corresponding gateway identifier. The gateway identifier identifies a gateway in a physical network through which future generated data messages shall be forwarded to at least one host computer (e.g., any computer having an associated network address) as indicated by the network address information. A second node receiving the notification message utilizes the routing policy attributes to dynamically update its database identifying how to forward data packets. In this way, nodes (e.g., CE routers) of a network can be dynamically configured to support routing of messages based on the network address information and gateway identifier disseminated along with the notification message.
摘要翻译：第一节点生成并发送包括诸如网络地址信息和对应的网关标识符的路由策略属性的通知消息。网关标识符标识物理网络中的网关，未来生成的数据消息将被转发到至少一个主机计算机（例如，具有相关网络地址的任何计算机），如网络地址信息所示。接收到通知消息的第二节点利用路由策略属性来动态地更新其数据库，以识别如何转发数据分组。以这种方式，网络的节点（例如，CE路由器）可以被动态地配置为基于与通知消息一起分发的网络地址信息和网关标识符来支持消息的路由。

你已经成功收藏专利！

检索式保存成功!

IPRDB

热门服务

关于我们

友情链接

联系方式