专利快速检索-快速检索全球专利，免费商用专利数据库-IPRDB

1. 发明申请

US20080229095A1 METHOD AND APPARATUS FOR DYNAMICALLY SECURING VOICE AND OTHER DELAY-SENSITIVE NETWORK TRAFFIC 有权
标题翻译：用于动态安全语音和其他延迟敏感网络交通的方法和装置
公开(公告)号：US20080229095A1
公开(公告)日：2008-09-18
申请号：US12109125
申请日：2008-04-24
申请人： Ramesh Kalimuthu , Yogesh Kalley , Michael L. Sullenberger , Jan Vilhuber
发明人： Ramesh Kalimuthu , Yogesh Kalley , Michael L. Sullenberger , Jan Vilhuber
IPC分类号： G06F21/00 , H04L9/00
CPC分类号： H04L63/0272 , H04L63/164
摘要： A method comprises receiving a request for secure network traffic from a device having a private network address at a source node, obtaining the private network address of a requested destination device at a destination node from a route server based on signaling information associated with the request, obtaining the public network address of the destination node associated with the private network address, creating in response to the request a virtual circuit between the source node and the destination node based on the public network address of the destination node, and encrypting network traffic for transporting at least from the source node to the destination node through the virtual circuit. The process is dynamic in that the virtual circuit is created in response to the request. Hence, the process operates as if a fully meshed network exists but requires less provisioning and maintenance than a fully meshed network architecture. Furthermore, the process is readily scalable as if a hub and spoke network exists but is more suitable for delay-sensitive traffic, such as voice and video, than a hub and spoke network architecture.
摘要翻译：一种方法包括从源节点处的具有专用网络地址的设备接收对安全网络业务的请求，基于与该请求相关联的信令信息从路由服务器获得目的地节点上所请求的目的地设备的私有网络地址，获取与专用网络地址相关联的目的地节点的公共网络地址，根据请求，根据目的地节点的公共网络地址创建源节点和目的地节点之间的虚拟电路，并加密用于传输的网络流量至少通过虚拟电路从源节点到目的地节点。该过程是动态的，因为根据请求创建虚拟电路。因此，该过程就像完全网状网络存在一样，但需要比全网状网络架构更少的配置和维护。此外，该过程很容易扩展，就好像集线器和分支网络存在，但是比中心和分支网络架构更适合延迟敏感的业务，如语音和视频。

2. 发明授权

US07366894B1 Method and apparatus for dynamically securing voice and other delay-sensitive network traffic 有权
标题翻译：用于动态保护语音和其他延迟敏感网络流量的方法和装置
公开(公告)号：US07366894B1
公开(公告)日：2008-04-29
申请号：US10305762
申请日：2002-11-27
申请人： Ramesh Kalimuthu , Yogesh Kalley , Michael L. Sullenberger , Jan Vilhuber
发明人： Ramesh Kalimuthu , Yogesh Kalley , Michael L. Sullenberger , Jan Vilhuber
IPC分类号： H04L9/00 , G06F9/00
CPC分类号： H04L63/0272 , H04L63/164
摘要： A request is received for secure network traffic from a device having a private network address at a source node. The private network address of a requested destination device is obtained at a destination node from a route server based on signaling information associated with the request. The public network address of the destination node associated with the private network address is obtained. In response to the request, a virtual circuit is created between the source node and the destination node based on the public network address of the destination node. Network traffic is encrypted for transport at least from the source node to the destination node through the virtual circuit. Creating the virtual circuit dynamically in response to the request functions like a fully meshed network but requires less provisioning and maintenance. The process is readily scalable, as with a hub and spoke network but with less delay.
摘要翻译：从源节点处具有专用网络地址的设备接收到用于安全网络流量的请求。基于与请求相关联的信令信息，从路由服务器在目的地节点处获得所请求的目的地设备的私有网络地址。获取与专用网络地址相关联的目的地节点的公网地址。响应于该请求，基于目的地节点的公共网络地址，在源节点和目的地节点之间创建虚拟电路。网络流量被加密以至少通过虚拟电路从源节点传送到目的地节点。根据请求功能动态创建虚拟电路，如全网状网络，但需要较少的配置和维护。这个过程很容易扩展，就像中心和辐射网络一样，延迟较少。

3. 发明授权

US07917948B2 Method and apparatus for dynamically securing voice and other delay-sensitive network traffic 有权
标题翻译：用于动态保护语音和其他延迟敏感网络流量的方法和装置
公开(公告)号：US07917948B2
公开(公告)日：2011-03-29
申请号：US12109125
申请日：2008-04-24
申请人： Ramesh Kalimuthu , Yogesh Kalley , Michael L. Sullenberger , Jan Vilhuber
发明人： Ramesh Kalimuthu , Yogesh Kalley , Michael L. Sullenberger , Jan Vilhuber
IPC分类号： G06F9/00 , G06F15/16
CPC分类号： H04L63/0272 , H04L63/164
摘要： A method comprises receiving a request for secure network traffic from a device having a private network address at a source node, obtaining the private network address of a requested destination device at a destination node from a route server based on signaling information associated with the request, obtaining the public network address of the destination node associated with the private network address, creating in response to the request a virtual circuit between the source node and the destination node based on the public network address of the destination node, and encrypting network traffic for transporting at least from the source node to the destination node through the virtual circuit. The process is dynamic in that the virtual circuit is created in response to the request. Hence, the process operates as if a fully meshed network exists but requires less provisioning and maintenance than a fully meshed network architecture. Furthermore, the process is readily scalable as if a hub and spoke network exists but is more suitable for delay-sensitive traffic, such as voice and video, than a hub and spoke network architecture.
摘要翻译：一种方法包括从源节点处的具有专用网络地址的设备接收对安全网络业务的请求，基于与该请求相关联的信令信息从路由服务器获得目的地节点上所请求的目的地设备的私有网络地址，获取与专用网络地址相关联的目的地节点的公共网络地址，根据请求，根据目的地节点的公共网络地址创建源节点和目的地节点之间的虚拟电路，并加密用于传输的网络流量至少通过虚拟电路从源节点到目的地节点。该过程是动态的，因为根据请求创建虚拟电路。因此，该过程就像完全网状网络存在一样，但需要比全网状网络架构更少的配置和维护。此外，该过程很容易扩展，就好像集线器和分支网络存在，但是比中心和分支网络架构更适合延迟敏感的业务，如语音和视频。

4. 发明授权

US07447901B1 Method and apparatus for establishing a dynamic multipoint encrypted virtual private network 有权
标题翻译：用于建立动态多点加密虚拟专用网络的方法和装置
公开(公告)号：US07447901B1
公开(公告)日：2008-11-04
申请号：US10247695
申请日：2002-09-18
申请人： Michael L. Sullenberger , Jan Vilhuber
发明人： Michael L. Sullenberger , Jan Vilhuber
IPC分类号： H04L9/00
CPC分类号： H04L63/0272 , H04L63/164
摘要： A process is disclosed in which a security policy is associated with a virtual private network (VPN) interface at a first device, for example, a router. Input is received specifying an association of a VPN endpoint address to a corresponding routable network address of a second device. A message is issued to a security module at the first device, the message including the routable network address of the second device and the security policy. Encryption state information is generated for network traffic from the first device to the second device, based on the message. The process is applicable to a hub-and-spoke network architecture that utilizes a point-to-multipoint GRE tunnel and the IPsec protocol for security. The process is dynamic in that the encryption state is generated for traffic over a VPN link, in response to notification of a virtual address-to-real address mapping, i.e., the association. In an embodiment, the association is an NHRP mapping.
摘要翻译：公开了一种过程，其中安全策略与第一设备（例如路由器）处的虚拟专用网（VPN）接口相关联。接收输入，指定VPN端点地址与第二设备的对应可路由网络地址的关联。向第一设备的安全模块发出消息，该消息包括第二设备的可路由网络地址和安全策略。基于该消息，为从第一设备到第二设备的网络流量生成加密状态信息。该过程适用于使用点对多点GRE隧道和IPsec协议进行安全性的中心辐射网络架构。该过程是动态的，其中响应于虚拟地址到实际地址映射的通知，即关联，通过VPN链路为业务生成加密状态。在一个实施例中，关联是NHRP映射。

5. 发明授权

US08650394B2 Certifying the identity of a network device 有权
标题翻译：验证网络设备的身份
公开(公告)号：US08650394B2
公开(公告)日：2014-02-11
申请号：US13296069
申请日：2011-11-14
申请人： Jan Vilhuber , Max Pritikin
发明人： Jan Vilhuber , Max Pritikin
IPC分类号： H04L29/06 , G06F21/00
CPC分类号： H04L9/3263 , H04L63/0442 , H04L63/0823
摘要： According to one aspect, a method for certifying the identity of a network device. The method includes an initial step of coupling the network device to a provisioning device via a physically secure communications link. The provisioning device then certifies the identity of the network device including generating a cryptographic private key for the network device and sending the generated private key to the network device over the physically secure communications link.
摘要翻译：根据一个方面，一种用于验证网络设备的身份的方法。该方法包括通过物理上安全的通信链路将网络设备耦合到供应设备的初始步骤。配置设备然后证明网络设备的身份，包括为网络设备生成加密专用密钥，并通过物理安全通信链路将生成的专用密钥发送到网络设备。

6. 发明授权

US07849495B1 Method and apparatus for passing security configuration information between a client and a security policy server 有权
标题翻译：在客户端和安全策略服务器之间传递安全配置信息的方法和装置
公开(公告)号：US07849495B1
公开(公告)日：2010-12-07
申请号：US10226887
申请日：2002-08-22
申请人： Geoffrey Huang , Jan Vilhuber
发明人： Geoffrey Huang , Jan Vilhuber
IPC分类号： H04L9/00
CPC分类号： H04L63/062 , H04L63/02 , H04L63/102 , H04L63/20 , H04L67/34
摘要： Techniques for passing security configuration information between a security policy server and a client includes the client forming a request for security configuration information that configures the client for secure communications. The client is separated by an untrusted network from a trusted network that includes the security policy sever. A tag is generated that indicates a generic security configuration attribute. An Internet Security Association and Key Management Protocol (ISAKMP) configuration mode request message is sent to a security gateway on an edge of the trusted network connected to the untrusted network. The message includes the request in association with the tag. The gateway sends the request associated with the tag to the security policy server on the trusted network and does not interpret the request. The techniques allow client configuration extensions to be added by modifying the policy server or security client, or both, without modifying the gateway.
摘要翻译：在安全策略服务器和客户端之间传递安全配置信息的技术包括客户端形成用于配置客户机以进行安全通信的安全配置信息的请求。客户端由包含安全策略服务器的受信任网络的不可信网络分隔开。生成一个标签，指示一般的安全配置属性。互联网安全关联和密钥管理协议（ISAKMP）配置模式请求消息被发送到连接到不可信网络的可信网络的边缘上的安全网关。消息包括与标签相关联的请求。网关将与标签关联的请求发送到可信网络上的安全策略服务器，不会解释请求。这些技术允许通过修改策略服务器或安全客户端或两者来添加客户端配置扩展，而无需修改网关。

7. 发明申请

US20070220589A1 Techniques for validating public keys using AAA services 有权
标题翻译：使用AAA服务验证公钥的技术
公开(公告)号：US20070220589A1
公开(公告)日：2007-09-20
申请号：US11378577
申请日：2006-03-17
申请人： Joseph Salowey , Jan Vilhuber
发明人： Joseph Salowey , Jan Vilhuber
IPC分类号： H04L9/32
CPC分类号： H04L63/08 , H04L63/0892 , H04L63/12
摘要： Techniques for validating a first device are provided. A second device receives a first device public key and first device identification information from the first device. Validation of the first device identification information is required for a security process using a security protocol. The second device sends the first device public key and the first device identification information to an AAA server for validation. The AAA server is separate from the second device. The second device receives a response from the AAA server, the response including an indication whether the received first device identification information is validated with stored first device identification information for the first device public key. If the first device identification information is validated, an action for the security process is performed using the security protocol.
摘要翻译：提供了验证第一设备的技术。第二设备从第一设备接收第一设备公钥和第一设备标识信息。使用安全协议的安全过程需要验证第一个设备标识信息。第二设备将第一设备公钥和第一设备标识信息发送到AAA服务器进行验证。 AAA服务器与第二个设备分开。所述第二设备从所述AAA服务器接收响应，所述响应包括所接收的第一设备标识信息是否被所存储的用于所述第一设备公钥的第一设备标识信息验证的指示。如果第一设备识别信息被验证，则使用安全协议执行安全处理的动作。

8. 发明授权

US08341250B2 Networking device provisioning 有权
标题翻译：网络设备配置
公开(公告)号：US08341250B2
公开(公告)日：2012-12-25
申请号：US12475487
申请日：2009-05-30
申请人： Max Pritikin , David A. McGrew , Jan Vilhuber , Brian E. Weis
发明人： Max Pritikin , David A. McGrew , Jan Vilhuber , Brian E. Weis
IPC分类号： G06F15/177
CPC分类号： H04L41/0806 , H04L63/0823
摘要： Systems, methods and other embodiments associated with network device provisioning are described. One example method includes storing a set of device specific identification data in a network device. The example method may also include storing an association between the network device and a set of device specific provisioning data. The example method may also include providing the set of device specific provisioning data to the network device. The set of device specific provisioning data may be provided in response to receiving a provisioning data request from the network device.
摘要翻译：描述了与网络设备供应相关联的系统，方法和其他实施例。一个示例性方法包括将一组设备特定标识数据存储在网络设备中。示例性方法还可以包括存储网络设备与一组设备特定供应数据之间的关联。示例性方法还可以包括向网络设备提供设备特定供应数据集。响应于从网络设备接收供应数据请求，可以提供该设备特定供应数据集。

9. 发明授权

US08250359B2 Method and apparatus for distributing group data in a tunneled encrypted virtual private network 有权
标题翻译：在隧道加密的虚拟专用网络中分发组数据的方法和装置
公开(公告)号：US08250359B2
公开(公告)日：2012-08-21
申请号：US12760507
申请日：2010-04-14
申请人： Brian E. Weis , Jan Vilhuber , Michael Lee Sullenberger , Frederic R. P. Detienne
发明人： Brian E. Weis , Jan Vilhuber , Michael Lee Sullenberger , Frederic R. P. Detienne
IPC分类号： H04L9/00
CPC分类号： H04L12/1886 , H04L45/16 , H04L63/0428 , H04L63/065
摘要： A packet forwarding process, on a data communications device, forwards a packet to a plurality of destinations within a network from that data communications device using an “encrypt, then replicate” method. The packet forwarding process receives a packet that is to be transmitted to the plurality of destinations, and applies a security association to the packet using security information shared between the data communications device, and the plurality of destinations, to create a secured packet. The secured packet contains a header that has a source address and a destination address. The source address is inserted into the header, and then the packet forwarding process replicates the secured packet, once for each of the plurality of destinations. After replication, the destination address is inserted into the header, and the packet forwarding process transmits each replicated secured packet to each of the plurality of destinations authorized to maintain the security association.
摘要翻译：在数据通信设备上的分组转发过程使用“加密，然后复制”方法将数据包从该数据通信设备转发到网络内的多个目的地。分组转发过程接收要发送到多个目的地的分组，并且使用在数据通信设备和多个目的地之间共享的安全信息来向分组应用安全关联，以创建安全分组。安全数据包包含一个具有源地址和目标地址的报头。源地址被插入到报头中，然后分组转发过程对多个目的地中的每个目的地一次复制安全分组。在复制之后，目的地址被插入到报头中，并且分组转发过程将每个复制的安全分组传送到被授权维护安全关联的多个目的地中的每一个。

10. 发明授权

US08015594B2 Techniques for validating public keys using AAA services 有权
标题翻译：使用AAA服务验证公钥的技术
公开(公告)号：US08015594B2
公开(公告)日：2011-09-06
申请号：US11378577
申请日：2006-03-17
申请人： Joseph Salowey , Jan Vilhuber
发明人： Joseph Salowey , Jan Vilhuber
IPC分类号： H04L29/06
CPC分类号： H04L63/08 , H04L63/0892 , H04L63/12
摘要： Techniques for validating a first device are provided. A second device receives a first device public key and first device identification information from the first device. Validation of the first device identification information is required for a security process using a security protocol. The second device sends the first device public key and the first device identification information to an AAA server for validation. The AAA server is separate from the second device. The second device receives a response from the AAA server, the response including an indication whether the received first device identification information is validated with stored first device identification information for the first device public key. If the first device identification information is validated, an action for the security process is performed using the security protocol.
摘要翻译：提供了验证第一设备的技术。第二设备从第一设备接收第一设备公钥和第一设备标识信息。使用安全协议的安全过程需要验证第一个设备标识信息。第二设备将第一设备公钥和第一设备标识信息发送到AAA服务器进行验证。 AAA服务器与第二个设备分开。所述第二设备从所述AAA服务器接收响应，所述响应包括所接收的第一设备标识信息是否被所存储的用于所述第一设备公钥的所存储的第一设备标识信息验证的指示。如果第一设备识别信息被验证，则使用安全协议来执行安全处理的动作。

你已经成功收藏专利！

检索式保存成功!

IPRDB

热门服务

关于我们

友情链接

联系方式