专利快速检索-快速检索全球专利，免费商用专利数据库-IPRDB

1. 发明授权

US07730521B1 Authentication device initiated lawful intercept of network traffic 有权
标题翻译：认证设备启动合法拦截网络流量
公开(公告)号：US07730521B1
公开(公告)日：2010-06-01
申请号：US10947729
申请日：2004-09-23
申请人： Suresh R. Thesayi , Mathias Kokot , Derek Harkness , Margaret Zielinski , Thomas M. Mistretta , Dan Bergman , Paul Raison
发明人： Suresh R. Thesayi , Mathias Kokot , Derek Harkness , Margaret Zielinski , Thomas M. Mistretta , Dan Bergman , Paul Raison
IPC分类号： H04L29/06
CPC分类号： H04L63/1408 , H04L43/18 , H04L63/08 , H04L63/306
摘要： A device associated with the authentication of a user on a network, i.e., an “authentication device,” initiates lawful interception of network traffic associated with the user. The authentication device communicates with a network service device, such as an edge router, providing network access or other services to the user to enable and disable monitoring of the network user. The authentication device may issue intercept requests to the network service device upon authenticating the network user during login or at any time while the network user's session is in progress. Upon receiving an intercept request from the authentication device, the network service device mirrors data packets flowing to and from the network user for which interception has been designated. The mirrored packets are sent to an analyzer, which analyzes the packets and provides packet analysis information to a law enforcement agency.
摘要翻译：与网络上的用户认证相关联的设备，即“认证设备”，发起与用户相关联的网络流量的合法拦截。认证装置与诸如边缘路由器的网络服务设备通信，向用户提供网络接入或其他服务，以启用和禁用对网络用户的监控。验证设备可以在登录期间验证网络用户时或在网络用户的会话进行期间的任何时间向网络服务设备发出拦截请求。当从认证装置接收到拦截请求时，网络服务设备镜像流向和来自网络用户的已经被指定了拦截的数据包。镜像数据包被发送到分析器，分析器分析数据包，并向执法机构提供数据包分析信息。

2. 发明授权

US08548132B1 Lawful intercept trigger support within service provider networks 有权
标题翻译：在服务提供商网络中合法拦截触发器支持
公开(公告)号：US08548132B1
公开(公告)日：2013-10-01
申请号：US12695845
申请日：2010-01-28
申请人： Margaret Zielinski , Paul Raison
发明人： Margaret Zielinski , Paul Raison
IPC分类号： H04M11/00
CPC分类号： H04M7/006 , G06Q10/06 , G06Q10/10 , G06Q50/18 , H04L43/028 , H04L43/18 , H04L63/00 , H04L63/30 , H04M3/2281
摘要： The invention is directed to techniques for initiating lawful intercept of packets associated with subscriber sessions on a network device of a service provider network based on identification triggers. A law enforcement agency may send an intercept request for a subscriber to an administration device of the service provider network. The administration device may then configure one or more identification triggers for the subscriber based on the intercept request. The techniques described herein initiate lawful intercept when one or more subscriber sessions on a network device match the one or more identification triggers. The techniques described herein include configuring trigger rules that include identification triggers for subscribers on a network device via a command line interface (CLI) of the network device. In addition, the techniques described herein include configuring identification triggers in a subscriber profile on an authentication device connected to a network device.
摘要翻译：本发明涉及用于基于识别触发来启动与服务提供商网络的网络设备上的订户会话相关联的分组的合法拦截的技术。执法机构可以向用户提供对服务提供商网络的管理设备的拦截请求。然后，管理设备可以基于拦截请求来为用户配置一个或多个标识触发。当网络设备上的一个或多个订户会话与一个或多个标识触发相匹配时，本文描述的技术启动合法拦截。本文描述的技术包括通过网络设备的命令行界面（CLI）配置包括网络设备上的订户的标识触发的触发规则。此外，本文描述的技术包括在连接到网络设备的认证设备上的订户简档中配置标识触发。

3. 发明授权

US08224961B1 Network tunnel termination device selection using weighted load balancing 有权
标题翻译：使用加权负载平衡的网络隧道终端设备选择
公开(公告)号：US08224961B1
公开(公告)日：2012-07-17
申请号：US12191058
申请日：2008-08-13
申请人： Margaret Zielinski , Paul Raison , Paul Howard
发明人： Margaret Zielinski , Paul Raison , Paul Howard
IPC分类号： G06F15/173 , G06F15/16
CPC分类号： H04L47/10 , H04L12/2856 , H04L12/2872 , H04L12/4633 , H04L47/125 , H04L63/0272 , H04L67/1002 , H04L67/1008 , H04L2212/00
摘要： Techniques are described for load balancing subscriber sessions across tunnel termination devices. A network device is described, for example, that includes a tunneling module that load balances subscriber sessions across a plurality of tunnel termination devices based on weightings associated with the tunnel termination devices. The weightings may be assigned to the tunnel termination devices by a user, or may be calculated by the network device based on resource constraints associated with the tunnel termination devices. The network device may calculate the weightings, for example, based on a maximum number of subscriber sessions supported by each of the tunnel termination devices. As one example, the techniques may be applied to load balance Point-to-Point (PPP) subscriber sessions across L2TP Network Servers (LNSs).
摘要翻译：描述了跨隧道终端设备负载平衡用户会话的技术。描述了例如包括隧道模块的网络设备，所述隧道模块基于与隧道终端设备相关联的加权来跨多个隧道终端设备负载平衡用户会话。加权可以由用户分配给隧道终端设备，或者可以由网络设备基于与隧道终端设备相关联的资源约束来计算。网络设备可以例如基于由每个隧道终端设备支持的最大用户会话数来计算加权。作为一个示例，这些技术可以应用于跨L2TP网络服务器（LNS）的负载平衡点对点（PPP）用户会话。

4. 发明授权

US07487243B1 Network tunnel termination device selection using weighted load balancing 有权
标题翻译：使用加权负载平衡的网络隧道终端设备选择
公开(公告)号：US07487243B1
公开(公告)日：2009-02-03
申请号：US10652672
申请日：2003-08-29
申请人： Margaret Zielinski , Paul Raison , Paul Howard
发明人： Margaret Zielinski , Paul Raison , Paul Howard
IPC分类号： G06F15/16 , G06F15/177 , H04L12/28 , H04L12/26 , H04J3/16
CPC分类号： H04L47/10 , H04L12/2856 , H04L12/2872 , H04L12/4633 , H04L47/125 , H04L63/0272 , H04L67/1002 , H04L67/1008 , H04L2212/00
摘要： Techniques are described for load balancing subscriber sessions across tunnel termination devices. A network device is described, for example, that includes a tunneling module that load balances subscriber sessions across a plurality of tunnel termination devices based on weightings associated with the tunnel termination devices. The weightings may be assigned to the tunnel termination devices by a user, or may be calculated by the network device based on resource constraints associated with the tunnel termination devices. The network device may calculate the weightings, for example, based on a maximum number of subscriber sessions supported by each of the tunnel termination devices. As one example, the techniques may be applied to load balance Point-to-Point (PPP) subscriber sessions across L2TP Network Servers (LNSs).
摘要翻译：描述了跨隧道终端设备负载平衡用户会话的技术。描述了例如包括隧道模块的网络设备，所述隧道模块基于与隧道终端设备相关联的加权来跨多个隧道终端设备负载平衡用户会话。加权可以由用户分配给隧道终端设备，或者可以由网络设备基于与隧道终端设备相关联的资源约束来计算。网络设备可以例如基于由每个隧道终端设备支持的最大用户会话数来计算加权。作为一个示例，这些技术可以应用于跨L2TP网络服务器（LNS）的负载平衡点对点（PPP）用户会话。

5. 发明授权

US07657011B1 Lawful intercept trigger support within service provider networks 有权
标题翻译：在服务提供商网络中合法拦截触发器支持
公开(公告)号：US07657011B1
公开(公告)日：2010-02-02
申请号：US11414974
申请日：2006-05-01
申请人： Margaret Zielinski , Paul Raison
发明人： Margaret Zielinski , Paul Raison
IPC分类号： H04M11/00
CPC分类号： H04M7/006 , G06Q10/06 , G06Q10/10 , G06Q50/18 , H04L43/028 , H04L43/18 , H04L63/00 , H04L63/30 , H04M3/2281
摘要： The invention is directed to techniques for initiating lawful intercept of packets associated with subscriber sessions on a network device of a service provider network based on identification triggers. A law enforcement agency may send an intercept request for a subscriber to an administration device of the service provider network. The administration device may then configure one or more identification triggers for the subscriber based on the intercept request. The techniques described herein initiate lawful intercept when one or more subscriber sessions on a network device match the one or more identification triggers. The techniques described herein include configuring trigger rules that include identification triggers for subscribers on a network device via a command line interface (CLI) of the network device. In addition, the techniques described herein include configuring identification triggers in a subscriber profile on an authentication device connected to a network device.
摘要翻译：本发明涉及用于基于识别触发来启动与服务提供商网络的网络设备上的订户会话相关联的分组的合法拦截的技术。执法机构可以向用户提供对服务提供商网络的管理设备的拦截请求。然后，管理设备可以基于拦截请求来为用户配置一个或多个标识触发。当网络设备上的一个或多个订户会话与一个或多个标识触发相匹配时，本文描述的技术启动合法拦截。本文描述的技术包括通过网络设备的命令行界面（CLI）配置包括网络设备上的订户的标识触发的触发规则。此外，本文描述的技术包括在连接到网络设备的认证设备上的订户简档中配置标识触发。

6. 发明授权

US09253019B1 Fault tolerance for authentication, authorization, and accounting (AAA) functionality 有权
标题翻译：认证，授权和计费（AAA）功能的容错
公开(公告)号：US09253019B1
公开(公告)日：2016-02-02
申请号：US13416864
申请日：2012-03-09
申请人： Aleksey Romanov , Paul Raison
发明人： Aleksey Romanov , Paul Raison
IPC分类号： H04L29/08 , H04L29/12
CPC分类号： H04L41/0672 , H04L29/12509 , H04L61/203 , H04L61/2517 , H04L61/2567 , H04L63/08 , H04L63/0892 , H04L67/1008 , H04L67/142 , H04L67/145 , H04W4/50
摘要： An example network access device (NAD) includes a network interface to send and receive packets with an authentication, authorization, and accounting (AAA) server, and a subscriber management service unit (SMSU). The SMSU is configured to, responsive to determining that the AAA server is not reachable by the NAD, send a message from the NAD to the AAA server using the network interface, wherein the message directs the AAA server to send a discovery request message to the NAD, receive the discovery request message from the AAA server using the network interface, wherein the discovery request message includes a request for information about a plurality of subscriber sessions, and generate a discovery response message that includes information about at least a portion of the plurality of subscriber sessions, and send the discovery response message to the network access device using the network interface.
摘要翻译：示例性网络接入设备（NAD）包括用认证，授权和计费（AAA）服务器以及订户管理服务单元（SMSU）发送和接收分组的网络接口。 SMSU被配置为响应于确定AAA服务器不能由NAD访问，使用网络接口将消息从NAD发送到AAA服务器，其中消息指示AAA服务器发送发现请求消息到 NAD，使用网络接口从AAA服务器接收发现请求消息，其中发现请求消息包括关于多个订户会话的信息的请求，并且生成包括关于多个订户会话的至少一部分的信息的发现响应消息的用户会话，并使用网络接口将发现响应消息发送到网络接入设备。

7. 发明授权

US08555347B2 Dynamic host configuration protocol (DHCP) authentication using challenge handshake authentication protocol (CHAP) challenge 有权
标题翻译：动态主机配置协议（DHCP）认证使用质询握手认证协议（CHAP）挑战
公开(公告)号：US08555347B2
公开(公告)日：2013-10-08
申请号：US12644365
申请日：2009-12-22
申请人： Kathryn De Graaf , John Liddy , Paul Raison , John C. Scano , Sanjay Wadhwa
发明人： Kathryn De Graaf , John Liddy , Paul Raison , John C. Scano , Sanjay Wadhwa
IPC分类号： G06F15/16 , H04L29/06
CPC分类号： H04L63/08 , H04L61/2015 , H04L63/0892
摘要： A method performed by a Dynamic Host Configuration Protocol (DHCP) server comprising receiving a DHCP DISCOVER message from a DHCP client; generating a challenge in response to the DHCP DISCOVER message; sending the challenge to an authentication device; receiving a first challenge response from the authentication device; generating a DHCP OFFER message; sending the challenge to the DHCP client in the DHCP OFFER message; receiving a DHCP REQUEST message that includes a second challenge response from the DHCP client; comparing the first challenge response with the second challenge response; and authenticating the DHCP client when the first challenge response and the second challenge response match.
摘要翻译：一种由动态主机配置协议（DHCP）服务器执行的方法，包括从DHCP客户端接收DHCP DISCOVER消息; 响应DHCP DISCOVER消息产生挑战; 将所述挑战发送给认证设备; 从认证设备接收第一挑战响应; 生成DHCP OFFER消息; 在DHCP OFFER消息中向DHCP客户端发送挑战; 从DHCP客户端接收包括第二挑战响应的DHCP请求消息; 将第一挑战响应与第二挑战响应进行比较; 并在第一个挑战响应和第二个挑战响应匹配时验证DHCP客户端。

8. 发明授权

US6061650A Method and apparatus for transparently providing mobile network functionality 失效
标题翻译：用于透明地提供移动网络功能的方法和装置
公开(公告)号：US6061650A
公开(公告)日：2000-05-09
申请号：US714407
申请日：1996-09-10
申请人： Gary Malkin , Nancy Kossack , Paul Raison , Thuan Tran , Ellis L. Wong
发明人： Gary Malkin , Nancy Kossack , Paul Raison , Thuan Tran , Ellis L. Wong
IPC分类号： H04L29/06 , C06F13/14 , H04L9/00 , H04L12/22
CPC分类号： H04L63/083 , H04W12/06 , H04W80/04 , H04W88/005
摘要： A method and apparatus for transparently providing a remote node with mobile network functionality. One embodiment of the present invention includes a remote node contacting a service provider to establish a remote connection with a home network. In response, the service provider generated an authentication request, on behalf of the remote node to obtain access to the home network. The service provider then sends the authentication request to an authentication server residing at the home network. The service provider then establishes, on behalf of the remote node, a remote connection between the remote node and the home network to enable packets to be transferred between the remote node and the home network.
摘要翻译：一种用于透明地向远程节点提供移动网络功能的方法和装置。本发明的一个实施例包括与服务提供商联系以建立与家庭网络的远程连接的远程节点。作为响应，服务提供商代表远程节点生成认证请求以获得对家庭网络的访问。然后，服务提供商将认证请求发送到驻留在家庭网络上的认证服务器。然后，服务提供商代表远程节点建立远程节点和家庭网络之间的远程连接，以使分组能够在远程节点和家庭网络之间传送。

9. 发明授权

US09021100B1 Tunneling DHCP options in authentication messages 有权
标题翻译：在认证消息中隧道化DHCP选项
公开(公告)号：US09021100B1
公开(公告)日：2015-04-28
申请号：US13592031
申请日：2012-08-22
申请人： Kathryn De Graaf , Paul Raison , John Liddy , John C. Scano , Sanjay Wadhwa
发明人： Kathryn De Graaf , Paul Raison , John Liddy , John C. Scano , Sanjay Wadhwa
IPC分类号： G06F15/173 , H04L29/12 , H04L29/06
CPC分类号： H04L61/2015 , H04L63/0272 , H04L63/08 , H04L63/168 , H04L2212/00
摘要： An example network device includes network interfaces and a control unit that receives a network configuration request from a client device and sends a network configuration response to the client device. The control unit comprises a network configuration protocol module that generates an authentication request in accordance with a network authentication protocol such that the authentication request includes a request for a second set of network configuration parameters based on a request for a first set of network configuration parameters in the network configuration request, and generates the network configuration response in accordance with the network configuration protocol, wherein the network configuration response is based on an authentication response generated by a second network device in accordance with the network authentication protocol, wherein the authentication response comprises a third set of network configuration parameters based on the request for the second set of network configuration parameters.
摘要翻译：示例性网络设备包括网络接口和从客户端设备接收网络配置请求并向客户端设备发送网络配置响应的控制单元。所述控制单元包括网络配置协议模块，所述网络配置协议模块根据网络认证协议生成认证请求，使得认证请求基于对第一组网络配置参数的请求而包括对第二组网络配置参数的请求网络配置请求，并根据网络配置协议生成网络配置响应，其中网络配置响应基于根据网络认证协议由第二网络设备生成的认证响应，其中认证响应包括：第三组网络配置参数基于第二组网络配置参数的请求。

10. 发明授权

US08260902B1 Tunneling DHCP options in authentication messages 有权
标题翻译：在认证消息中隧道化DHCP选项
公开(公告)号：US08260902B1
公开(公告)日：2012-09-04
申请号：US12694081
申请日：2010-01-26
申请人： Kathryn DeGraaf , Paul Raison , John Liddy , John C. Scano , Sanjay Wadhwa
发明人： Kathryn DeGraaf , Paul Raison , John Liddy , John C. Scano , Sanjay Wadhwa
IPC分类号： G06F15/173
CPC分类号： H04L61/2015 , H04L63/0272 , H04L63/08 , H04L63/168 , H04L2212/00
摘要： An example network device includes network interfaces and a control unit that receives a network configuration request from a client device and sends a network configuration response to the client device. The control unit comprises a network configuration protocol module that generates an authentication request in accordance with a network authentication protocol such that the authentication request includes a request for a second set of network configuration parameters based on a request for a first set of network configuration parameters in the network configuration request, and generates the network configuration response in accordance with the network configuration protocol, wherein the network configuration response is based on an authentication response generated by a second network device in accordance with the network authentication protocol, wherein the authentication response comprises a third set of network configuration parameters based on the request for the second set of network configuration parameters.
摘要翻译：示例性网络设备包括网络接口和从客户端设备接收网络配置请求并向客户端设备发送网络配置响应的控制单元。所述控制单元包括网络配置协议模块，所述网络配置协议模块根据网络认证协议生成认证请求，使得认证请求基于对第一组网络配置参数的请求而包括对第二组网络配置参数的请求网络配置请求，并根据网络配置协议生成网络配置响应，其中网络配置响应基于根据网络认证协议由第二网络设备生成的认证响应，其中认证响应包括：第三组网络配置参数基于第二组网络配置参数的请求。

你已经成功收藏专利！

检索式保存成功!

IPRDB

热门服务

关于我们

友情链接

联系方式