专利快速检索-快速检索全球专利，免费商用专利数据库-IPRDB

1. 发明授权

US07886335B1 Reconciliation of multiple sets of network access control policies 有权
标题翻译：调整多组网络访问控制策略
公开(公告)号：US07886335B1
公开(公告)日：2011-02-08
申请号：US11827598
申请日：2007-07-12
申请人： Roger A. Chickering , Paul Funk , Paul J. Kirner
发明人： Roger A. Chickering , Paul Funk , Paul J. Kirner
IPC分类号： G06F17/00 , G06F17/30
CPC分类号： H04L43/0817 , H04L47/781 , H04L47/808 , H04L63/0263 , H04L63/20
摘要： In general, techniques are described for managing multiple access policies in a network access control system. An endpoint device may send, to a policy decision point (“PDP”), a request to communicate on a network. When the PDP receives such an access request, the PDP typically identifies a set of access policies to be enforced with regard to the endpoint device and causes the identified access policies to be enforced with regard to the endpoint device. These access policies may specify rights to communicate on networks and/or rights to communicate with server resources and/or endpoint configuration requirements. However, because the endpoint device may issue multiple access requests, conflicting sets of access policies may potentially be enforced with regard to the endpoint device. The techniques described herein ensure that only a consistent set of access policies are enforced with regard to the endpoint device when accessing the network.
摘要翻译：通常，描述了用于在网络访问控制系统中管理多个访问策略的技术。端点设备可以向策略决策点（“PDP”）发送在网络上进行通信的请求。当PDP接收到这样的访问请求时，PDP通常标识要针对端点设备执行的一组访问策略，并且导致关于端点设备来执行所标识的访问策略。这些访问策略可以指定在网络上通信的权限和/或与服务器资源和/或端点配置要求通信的权限。然而，由于端点设备可能发出多个访问请求，所以可能会针对端点设备来执行冲突的访问策略集。本文描述的技术确保在访问网络时仅针对端点设备强制执行一组一致的访问策略。

2. 发明授权

US08627493B1 Single sign-on for network applications 有权
标题翻译：单点登录网络应用程序
公开(公告)号：US08627493B1
公开(公告)日：2014-01-07
申请号：US11970701
申请日：2008-01-08
申请人： Roger A. Chickering , Paul Funk
发明人： Roger A. Chickering , Paul Funk
IPC分类号： G06F21/00
CPC分类号： H04L63/0815 , G06F21/00 , G06F21/44 , H04L63/0807 , H04L63/0876
摘要： A method may include authenticating a device to a first server, where the device includes an agent; receiving a request, in the first server from a second server, to verify the authenticity of the device, where the device is not authenticated to the second server; sending a browser plug-in to the device to communicate with the agent for verifying the authenticity of the device; receiving, in the first server, a message from the agent verifying the authenticity of the device; and sending a message from the first server to the second server to authenticate the device to the second server.
摘要翻译：方法可以包括将设备认证到第一服务器，其中设备包括代理; 在第一服务器中从第二服务器接收请求以验证设备的真实性，其中设备未被认证到第二服务器; 发送浏览器插件到设备与代理进行通信以验证设备的真实性; 在所述第一服务器中接收来自所述代理的验证所述设备的真实性的消息; 以及将消息从所述第一服务器发送到所述第二服务器以将所述设备认证到所述第二服务器。

3. 发明申请

US20050046183A1 Coupler for flexible hose sections 审中-公开
标题翻译：柔性软管部分的连接器
公开(公告)号：US20050046183A1
公开(公告)日：2005-03-03
申请号：US10653734
申请日：2003-09-02
申请人： Donald Adams , James Yausie , Paul Funk , Robert Kallio
发明人： Donald Adams , James Yausie , Paul Funk , Robert Kallio
IPC分类号： F16L31/00 , F24F13/02
CPC分类号： F24F13/0209 , F16L31/00 , F24F13/0218 , F24F13/0245
摘要： A flexible air hose comprises a plurality of hose sections, each having at one end a female portion and at an opposite end a male portion coupled inside the female portion of an adjacent hose section. A loop coupling fastener is attached to an inside surface of the female portion, and a corresponding area of an outside surface of the male portion. A single slit extends from an end edge of the female portion of the hose section longitudinally along the hose section such that the female portion can be opened along the slit to facilitate positioning the male portion inside the female portion. A flap can be provided to cover the slit, and extend past the slit end to reduce air leakage. A wear strip can be wrapped around the hose.
摘要翻译：柔性空气软管包括多个软管部分，每个软管部分的一端具有阴部分，并且在相对端具有耦合在相邻软管部分的阴部分内的阳部分。环形联接紧固件附接到阴部分的内表面和阳部分的外表面的对应区域。单个狭缝从软管部分的阴部分的端部边缘沿软管部分纵向延伸，使得阴部分可以沿着狭缝打开，以便将阳部分定位在阴部分内部。可以提供挡板以覆盖狭缝，并且延伸穿过狭缝端部以减少空气泄漏。软管可以缠绕一条耐磨条。

4. 发明授权

US07861078B2 Password-authenticated asymmetric key exchange 有权
公开(公告)号：US07861078B2
公开(公告)日：2010-12-28
申请号：US11580757
申请日：2006-10-13
申请人： Paul Funk
发明人： Paul Funk
IPC分类号： H04L9/32
CPC分类号： H04L9/0844 , H04L9/0822 , H04L9/0863 , H04L9/302
摘要： Communicating keys between network devices on a network using asymmetric cryptographic techniques, for which asymmetric keys may be derived from a single (same) password. Knowledge or partial knowledge of the password may be the only information shared between parties prior to execution of a key exchange, and may be the only criteria by which one party will base trust in the other. A first network device may encrypt a key using a password-based key derived from a password, and authenticate a second device based on the second network device's ability to decrypt the encrypted key using a key derived from the same password. Knowledge of the password may be conveyed by the second device to the first device—a session key may be generated as a function of the decrypted key, and a function of this session key may be communicated from the second device to the first device.

5. 发明授权

US08281371B1 Authentication and authorization in network layer two and network layer three 有权
标题翻译：网络层二和网络层三认证授权
公开(公告)号：US08281371B1
公开(公告)日：2012-10-02
申请号：US11742370
申请日：2007-04-30
申请人： Roger Chickering , Derek Brown , Paul Funk , Oliver Tavakoli
发明人： Roger Chickering , Derek Brown , Paul Funk , Oliver Tavakoli
IPC分类号： H04L29/06
CPC分类号： H04L63/20 , G06F21/577 , H04L63/02 , H04L63/08 , H04L63/0869 , H04L63/0892 , H04L63/102 , H04L63/162 , H04L63/164
摘要： A method may include authenticating a node over layer 2 in a network based on authentication rules; sending a node authentication code to the node; and providing layer 3 network access based on the node authentication code.
摘要翻译：一种方法可以包括基于认证规则来认证网络中的层2上的节点; 向节点发送节点认证码; 并提供基于节点认证码的第3层网络接入。

6. 发明授权

US08108904B1 Selective persistent storage of controller information 有权
标题翻译：选择性持久存储控制器信息
公开(公告)号：US08108904B1
公开(公告)日：2012-01-31
申请号：US11537036
申请日：2006-09-29
申请人： Roger Chickering , Paul Funk
发明人： Roger Chickering , Paul Funk
IPC分类号： G06F7/04
CPC分类号： H04L63/20 , H04L63/08 , H04L63/105 , H04L67/34
摘要： A controller may receive a request from an endpoint and determine whether the endpoint connects via a first network or a second network. The controller may download first software to the endpoint when the endpoint connects via the first network, where the first software facilitates authentication of the endpoint via another device and instructs the endpoint to not store information regarding the controller. The controller may download second software to the endpoint when the endpoint connects via the second network, where the second software facilitates authentication of the endpoint by the device and instructs the endpoint to store information regarding the controller.
摘要翻译：控制器可以从端点接收请求，并确定端点是否经由第一网络或第二网络连接。当端点经由第一网络连接时，控制器可以将第一软件下载到端点，其中第一软件有助于经由另一设备对端点的认证，并指示端点不存储关于控制器的信息。当端点通过第二网络连接时，控制器可以将第二软件下载到端点，其中第二软件有助于设备对端点的认证，并且指示端点存储关于控制器的信息。

7. 发明申请

US20050125663A1 Tunneled authentication protocol for preventing man-in-the-middle attacks 有权
标题翻译：隧道化身份验证协议，用于防止中间人员的攻击
公开(公告)号：US20050125663A1
公开(公告)日：2005-06-09
申请号：US10728360
申请日：2003-12-03
申请人： Paul Funk
发明人： Paul Funk
IPC分类号： H04L9/00 , H04L9/32 , H04L29/06
CPC分类号： H04L63/08 , H04L9/3236 , H04L9/3271 , H04L63/1466 , H04L63/16 , H04L63/166 , H04L2209/38
摘要： Systems and methods for preventing a Man-in-the-Middle attack on a communications network, without combining encryption keys of an inner authentication protocol and a tunneling protocol encapsulating the inner authentication protocol. The performance of a hash function may be split between two network devices on the communications network. For example, in response to a challenge issued by a tunnel server, a client may initiate performance of a hash function using only a first part only of the challenge and generate an intermediate result of the hash function (i.e., a preliminary hash). The client then may transmit the preliminary hash to the tunnel server as part of a response to the challenge. The tunnel server then may complete the hash function using the preliminary hash and the remaining part of the challenge to produce a final hash. The final hash then may be used to authenticate a user.
摘要翻译：用于防止在通信网络上的中间人攻击的系统和方法，而不组合内部认证协议的加密密钥和封装内部认证协议的隧道协议。散列函数的性能可以在通信网络上的两个网络设备之间分开。例如，响应于由隧道服务器发出的挑战，客户端可以仅使用仅挑战的第一部分来发起哈希函数的性能，并生成散列函数的中间结果（即初步散列）。然后，客户端可以将初始散列传输到隧道服务器，作为对挑战的响应的一部分。然后，隧道服务器可以使用初始散列和挑战的剩余部分来完成散列函数以产生最终散列。最后一个散列可以用来认证一个用户。

8. 发明授权

US08800006B2 Authentication and authorization in network layer two and network layer three 有权
标题翻译：网络层二和网络层三认证授权
公开(公告)号：US08800006B2
公开(公告)日：2014-08-05
申请号：US13601546
申请日：2012-08-31
申请人： Roger Chickering , Derek Brown , Paul Funk , Oliver Tavakoli
发明人： Roger Chickering , Derek Brown , Paul Funk , Oliver Tavakoli
IPC分类号： H04L29/06 , G06F21/57
CPC分类号： H04L63/20 , G06F21/577 , H04L63/02 , H04L63/08 , H04L63/0869 , H04L63/0892 , H04L63/102 , H04L63/162 , H04L63/164
摘要： A method may include authenticating a node over layer 2 in a network based on authentication rules; sending a node authentication code to the node; and providing layer 3 network access based on the node authentication code.
摘要翻译：一种方法可以包括基于认证规则来认证网络中的层2上的节点; 向节点发送节点认证码; 并提供基于节点认证码的第3层网络接入。

9. 发明授权

US08225095B2 Password-authenticated asymmetric key exchange 有权
标题翻译：密码认证的非对称密钥交换
公开(公告)号：US08225095B2
公开(公告)日：2012-07-17
申请号：US12976370
申请日：2010-12-22
申请人： Paul Funk
发明人： Paul Funk
IPC分类号： H04L9/32
CPC分类号： H04L9/0844 , H04L9/0822 , H04L9/0863 , H04L9/302
摘要： Communicating keys between network devices on a network using asymmetric cryptographic techniques, for which asymmetric keys may be derived from a single (same) password. Knowledge or partial knowledge of the password may be the only information shared between parties prior to execution of a key exchange, and may be the only criteria by which one party will base trust in the other. A first network device may encrypt a key using a password-based key derived from a password, and authenticate a second device based on the second network device's ability to decrypt the encrypted key using a key derived from the same password. Knowledge of the password may be conveyed by the second device to the first device—a session key may be generated as a function of the decrypted key, and a function of this session key may be communicated from the second device to the first device.
摘要翻译：使用非对称加密技术在网络上的网络设备之间传递密钥，可以从单个（相同）密码导出非对称密钥。密码的知识或部分知识可能是在执行密钥交换之前各方之间共享的唯一信息，并且可能是一方将基于另一方的信任的唯一标准。第一网络设备可以使用从密码导出的基于密码的密钥来加密密钥，并且基于第二网络设备使用从相同密码导出的密钥来解密加密密钥的能力来验证第二设备。密码的知识可以由第二设备传送到第一设备 - 可以根据解密的密钥生成会话密钥，并且可以将该会话密钥的功能从第二设备传送到第一设备。

10. 发明申请

US20110107101A1 PASSWORD-AUTHENTICATED ASYMMETRIC KEY EXCHANGE 有权
标题翻译：密码 - 认证不对称密钥交换
公开(公告)号：US20110107101A1
公开(公告)日：2011-05-05
申请号：US12976370
申请日：2010-12-22
申请人： Paul Funk
发明人： Paul Funk
IPC分类号： H04L9/32 , H04L9/08
CPC分类号： H04L9/0844 , H04L9/0822 , H04L9/0863 , H04L9/302
摘要： Communicating keys between network devices on a network using asymmetric cryptographic techniques, for which asymmetric keys may be derived from a single (same) password. Knowledge or partial knowledge of the password may be the only information shared between parties prior to execution of a key exchange, and may be the only criteria by which one party will base trust in the other. A first network device may encrypt a key using a password-based key derived from a password, and authenticate a second device based on the second network device's ability to decrypt the encrypted key using a key derived from the same password. Knowledge of the password may be conveyed by the second device to the first device—a session key may be generated as a function of the decrypted key, and a function of this session key may be communicated from the second device to the first device.
摘要翻译：使用非对称加密技术在网络上的网络设备之间传递密钥，可以从单个（相同）密码导出非对称密钥。密码的知识或部分知识可能是在执行密钥交换之前各方之间共享的唯一信息，并且可能是一方将基于另一方的信任的唯一标准。第一网络设备可以使用从密码导出的基于密码的密钥来加密密钥，并且基于第二网络设备使用从相同密码导出的密钥来解密加密密钥的能力来验证第二设备。密码的知识可以由第二设备传送到第一设备 - 可以根据解密的密钥生成会话密钥，并且可以将该会话密钥的功能从第二设备传送到第一设备。

你已经成功收藏专利！

检索式保存成功!

IPRDB

热门服务

关于我们

友情链接

联系方式