专利快速检索-快速检索全球专利，免费商用专利数据库-IPRDB

1. 发明授权

US07886335B1 Reconciliation of multiple sets of network access control policies 有权
标题翻译：调整多组网络访问控制策略
公开(公告)号：US07886335B1
公开(公告)日：2011-02-08
申请号：US11827598
申请日：2007-07-12
申请人： Roger A. Chickering , Paul Funk , Paul J. Kirner
发明人： Roger A. Chickering , Paul Funk , Paul J. Kirner
IPC分类号： G06F17/00 , G06F17/30
CPC分类号： H04L43/0817 , H04L47/781 , H04L47/808 , H04L63/0263 , H04L63/20
摘要： In general, techniques are described for managing multiple access policies in a network access control system. An endpoint device may send, to a policy decision point (“PDP”), a request to communicate on a network. When the PDP receives such an access request, the PDP typically identifies a set of access policies to be enforced with regard to the endpoint device and causes the identified access policies to be enforced with regard to the endpoint device. These access policies may specify rights to communicate on networks and/or rights to communicate with server resources and/or endpoint configuration requirements. However, because the endpoint device may issue multiple access requests, conflicting sets of access policies may potentially be enforced with regard to the endpoint device. The techniques described herein ensure that only a consistent set of access policies are enforced with regard to the endpoint device when accessing the network.
摘要翻译：通常，描述了用于在网络访问控制系统中管理多个访问策略的技术。端点设备可以向策略决策点（“PDP”）发送在网络上进行通信的请求。当PDP接收到这样的访问请求时，PDP通常标识要针对端点设备执行的一组访问策略，并且导致关于端点设备来执行所标识的访问策略。这些访问策略可以指定在网络上通信的权限和/或与服务器资源和/或端点配置要求通信的权限。然而，由于端点设备可能发出多个访问请求，所以可能会针对端点设备来执行冲突的访问策略集。本文描述的技术确保在访问网络时仅针对端点设备强制执行一组一致的访问策略。

2. 发明授权

US08627493B1 Single sign-on for network applications 有权
标题翻译：单点登录网络应用程序
公开(公告)号：US08627493B1
公开(公告)日：2014-01-07
申请号：US11970701
申请日：2008-01-08
申请人： Roger A. Chickering , Paul Funk
发明人： Roger A. Chickering , Paul Funk
IPC分类号： G06F21/00
CPC分类号： H04L63/0815 , G06F21/00 , G06F21/44 , H04L63/0807 , H04L63/0876
摘要： A method may include authenticating a device to a first server, where the device includes an agent; receiving a request, in the first server from a second server, to verify the authenticity of the device, where the device is not authenticated to the second server; sending a browser plug-in to the device to communicate with the agent for verifying the authenticity of the device; receiving, in the first server, a message from the agent verifying the authenticity of the device; and sending a message from the first server to the second server to authenticate the device to the second server.
摘要翻译：方法可以包括将设备认证到第一服务器，其中设备包括代理; 在第一服务器中从第二服务器接收请求以验证设备的真实性，其中设备未被认证到第二服务器; 发送浏览器插件到设备与代理进行通信以验证设备的真实性; 在所述第一服务器中接收来自所述代理的验证所述设备的真实性的消息; 以及将消息从所述第一服务器发送到所述第二服务器以将所述设备认证到所述第二服务器。

3. 发明授权

US08478797B2 Atomic deletion of database data categories 有权
标题翻译：原子删除数据库数据类别
公开(公告)号：US08478797B2
公开(公告)日：2013-07-02
申请号：US13485482
申请日：2012-05-31
申请人： Clifford E. Kahn , Roger A. Chickering
发明人： Clifford E. Kahn , Roger A. Chickering
IPC分类号： G06F17/30
CPC分类号： G06F17/30348
摘要： A device maintains, in a database, a plurality of data items, each data item of the plurality of data items being associated with a respective category. The device associates, in the database, a first counter value with each data item, the first counter value indicating a number of times the respective category has been deleted from the database at a time when the data item was stored in the database. The device associates, in the database or another database, a second counter value with the respective category, the second counter value indicating a current value for a number of times the respective category has been deleted from the database. The device selectively deletes, from the database, one or more data items of the plurality of data items from the database based on the first counter values and the second counter value.
摘要翻译：一种设备在数据库中维护多个数据项，所述多个数据项中的每个数据项与相应类别相关联。所述设备在数据库中与第一计数器值与每个数据项相关联，所述第一计数器值指示在数据项存储在数据库中时相应类别已从数据库中删除的次数。该设备在数据库或另一个数据库中将具有相应类别的第二计数器值相关联，第二计数器值指示相应类别已经从数据库中删除的次数的当前值。该设备基于第一计数器值和第二计数器值从数据库中选择性地从数据库中删除多个数据项中的一个或多个数据项。

4. 发明授权

US08185642B1 Communication policy enforcement in a data network 有权
标题翻译：数据网络中的通信策略实施
公开(公告)号：US08185642B1
公开(公告)日：2012-05-22
申请号：US11281905
申请日：2005-11-18
申请人： Theron Tock , Roger A. Chickering
发明人： Theron Tock , Roger A. Chickering
IPC分类号： H04L9/00 , H04L9/32
CPC分类号： H04L63/0227 , H04L63/102 , H04L63/126
摘要： A device is configured to receive authorization information from a first network device and to receive a request that data units sent to a destination device contain authorization information, where the request is received from a second network device. The device is configured to assemble authorized data units by associating the authorization information with content intended for a destination device, where the content can be exchanged with the destination device during authorized communication. The device is configured to provide at least one of the authorized data units to the second network device so that the second network device can establish the authorized communication between the device and the destination device.
摘要翻译：设备被配置为从第一网络设备接收授权信息并且接收发送到目的地设备的数据单元包含授权信息的请求，其中从第二网络设备接收到请求。该设备被配置为通过将授权信息与旨在用于目的地设备的内容相关联来组装授权数据单元，其中可以在授权通信期间内容与目的地设备交换。该设备被配置为向第二网络设备提供至少一个授权数据单元，使得第二网络设备可以在设备和目的地设备之间建立授权的通信。

5. 发明申请

US20110153854A1 SESSION MIGRATION BETWEEN NETWORK POLICY SERVERS 审中-公开
标题翻译：网络政策服务器之间的会议迁移
公开(公告)号：US20110153854A1
公开(公告)日：2011-06-23
申请号：US12651081
申请日：2009-12-31
申请人： Roger A. Chickering
发明人： Roger A. Chickering
IPC分类号： G06F15/16
CPC分类号： H04L63/0815 , H04L63/20 , H04L67/146
摘要： A policy device grants access to a client device, without authenticating the client device, when the client device provides a session identifier to the policy device that was previously granted to the client device by a second policy device upon authenticating the client device by the second policy device. In one example, a policy device includes a network interface that receives a session identifier from a client device, wherein the policy device comprises an individually administered autonomous policy server, and an authorization module that grants the client device access to a network protected by the policy device based on the session identifier without authenticating the client device by the policy device. In this manner, the client device need not provide authentication information multiple times within a short time span, and the policy device can deallocate resources when a session migrates to a second policy device.
摘要翻译：当客户端设备在由第二策略认证客户端设备时，由第二策略设备向先前授予客户机设备的策略设备提供会话标识符时，策略设备授权对客户端设备的访问，而不验证客户端设备设备。在一个示例中，策略设备包括从客户端设备接收会话标识符的网络接口，其中策略设备包括单独管理的自治策略服务器，以及授权模块，其授权客户端设备访问受策略保护的网络设备基于会话标识符，而不通过策略设备认证客户端设备。以这种方式，客户端设备不需要在短时间内多次提供认证信息，并且策略设备可以在会话迁移到第二策略设备时释放资源。

6. 发明授权

US08990891B1 Provisioning layer two network access for mobile devices 有权
标题翻译：配置层两个移动设备的网络接入
公开(公告)号：US08990891B1
公开(公告)日：2015-03-24
申请号：US13166376
申请日：2011-06-22
申请人： Roger A. Chickering , Jeffrey C. Venable, Sr.
发明人： Roger A. Chickering , Jeffrey C. Venable, Sr.
IPC分类号： H04L29/02 , G06F21/44
CPC分类号： H04L63/0876 , G06F21/74 , G06F21/85 , G06F2221/2105 , H04L63/0272 , H04L63/0884 , H04L63/0892 , H04L63/105 , H04L63/162 , H04L63/164 , H04W12/06
摘要： In general, techniques are described for provisioning layer two access in computer networks. A network device located in a public network comprising an interface and a control unit may implement the techniques. The interface establishes a session with a mobile device. The control unit requests security state data identifying a security state of the mobile device via the established session. The interface receives a mobile device identifier and the security state data from the mobile device via the session. The mobile device identifier identifies the mobile device. The control unit publishes the security state information to a database such that the security state information is associated with the mobile device identifier.
摘要翻译：一般来说，描述了在计算机网络中提供第二层访问的技术。位于包括接口和控制单元的公共网络中的网络设备可以实现这些技术。接口与移动设备建立会话。控制单元通过建立的会话请求识别移动设备的安全状态的安全状态数据。该接口经由会话从移动设备接收移动设备标识符和安全状态数据。移动设备标识符标识移动设备。控制单元将安全状态信息发布到数据库，使得安全状态信息与移动设备标识符相关联。

7. 发明授权

US08290991B2 Atomic deletion of database data categories 有权
标题翻译：原子删除数据库数据类别
公开(公告)号：US08290991B2
公开(公告)日：2012-10-16
申请号：US12795426
申请日：2010-06-07
申请人： Clifford E. Kahn , Roger A. Chickering
发明人： Clifford E. Kahn , Roger A. Chickering
IPC分类号： G06F17/30
CPC分类号： G06F17/30997
摘要： A device may maintain, in a database, a plurality of data items, each data item of the plurality of data items being associated with a respective category and supplemental information relating to deletion of the data item. The device may associate a group of counters with at least one of the categories and receive a deletion request corresponding to one of the group of categories, the deletion request including the supplemental information. The device may identify a counter associated with the category corresponding to the deletion request based on the supplemental information. The device may then increment the identified counters and selectively delete the data items based on values of the counters.
摘要翻译：设备可以在数据库中维护多个数据项，多个数据项中的每个数据项与相应的类别相关联，以及与数据项的删除有关的补充信息。设备可以将一组计数器与至少一个类别相关联，并且接收与该组类别中的一个类别相对应的删除请求，该删除请求包括补充信息。该装置可以基于补充信息识别与该删除请求对应的类别相关联的计数器。然后，设备可以递增所识别的计数器，并且基于计数器的值选择性地删除数据项。

8. 发明授权

US08094812B1 Updating stored passwords 有权
标题翻译：更新存储的密码
公开(公告)号：US08094812B1
公开(公告)日：2012-01-10
申请号：US11864598
申请日：2007-09-28
申请人： Andy Tsang , Roger A. Chickering , Clifford E. Kahn , Jeffrey C. Venable, Sr.
发明人： Andy Tsang , Roger A. Chickering , Clifford E. Kahn , Jeffrey C. Venable, Sr.
IPC分类号： H04K1/00
CPC分类号： H04L63/083 , G06F17/30097 , H04L9/3226 , H04L9/3236 , H04L63/126 , H04L67/02 , H04L67/42
摘要： A device may include an authentication server and a server. The authentication server may receive a first form of a password from a client device in accordance with an authentication protocol, and authenticate the client device based on a comparison of the first form to a value derived from a second form of the password stored in a password database, where the comparison fails when the first form is not comparable to a value derived from the second form. The server may establish a secure connection to the client, receive a plain-text password from the client device over the secure connection, authenticate the client device by comparing a value derived from the plain-text password with a value derived from the second form, and update the password database with a third form of the password that permits the authentication server to successfully authenticate the client device when the authentication server receives the first form.
摘要翻译：设备可以包括认证服务器和服务器。认证服务器可以根据认证协议从客户端设备接收第一形式的密码，并且基于第一形式与从存储在密码中的密码的第二形式导出的值的比较来认证客户端设备数据库，当第一个表单与从第二个表单导出的值不可比较时，比较失败。服务器可以建立与客户端的安全连接，通过安全连接从客户端设备接收明文密码，通过将从纯文本密码导出的值与从第二形式导出的值进行比较来认证客户端设备，并使用允许认证服务器在认证服务器接收到第一个表单时成功认证客户端设备的第三种形式的密码来更新密码数据库。

9. 发明授权

US09001999B2 Updating stored passwords 有权
标题翻译：更新存储的密码
公开(公告)号：US09001999B2
公开(公告)日：2015-04-07
申请号：US13312062
申请日：2011-12-06
申请人： Andy Tsang , Roger A. Chickering , Clifford E. Kahn , Jeffrey C. Venable, Sr.
发明人： Andy Tsang , Roger A. Chickering , Clifford E. Kahn , Jeffrey C. Venable, Sr.
IPC分类号： G06F21/00 , H04L9/28 , H04L29/06 , H04L9/32
CPC分类号： H04L63/083 , G06F17/30097 , H04L9/3226 , H04L9/3236 , H04L63/126 , H04L67/02 , H04L67/42
摘要： A device may include an authentication server and a server. The authentication server may receive a first form of a password from a client in accordance with an authentication protocol, and authenticate the client based on a comparison of the first form to a value derived from a second form of the password stored in a password database. The comparison fails when the first form is not comparable to a value derived from the second form. The server may establish a secure connection to the client, receive a plain-text password from the client over the secure connection, authenticate the client by comparing a value derived from the plain-text password with a value derived from the second form, and update the password database with a third form of the password that permits the authentication server to successfully authenticate the client when the authentication server receives the first form.
摘要翻译：设备可以包括认证服务器和服务器。验证服务器可以根据认证协议从客户端接收第一形式的密码，并且基于第一形式与从密码数据库中存储的密码的第二形式导出的值的比较来认证客户端。当第一种形式与从第二种形式得出的值不相称时，比较失败。服务器可以建立到客户端的安全连接，通过安全连接从客户端接收明文密码，通过将从纯文本密码导出的值与从第二种形式导出的值进行比较来验证客户端，并更新密码数据库具有第三种形式的密码，允许认证服务器在认证服务器接收到第一个表单时成功验证客户端。

10. 发明授权

US08959569B2 Security enforcement in virtualized systems 有权
标题翻译：虚拟化系统中的安全执行
公开(公告)号：US08959569B2
公开(公告)日：2015-02-17
申请号：US13051471
申请日：2011-03-18
申请人： Krishna Narayanaswamy , Roger A. Chickering , Steve Malmskog
发明人： Krishna Narayanaswamy , Roger A. Chickering , Steve Malmskog
IPC分类号： G06F21/00 , G06F9/50 , G06F21/53 , G06F21/60 , H04L29/06 , G06F9/455
CPC分类号： H04L63/20 , G06F9/45558 , G06F9/5077 , G06F21/53 , G06F21/604 , G06F2009/45587 , G06F2221/2141 , G06F2221/2149 , H04L63/10 , H04L63/1416 , H04L63/1433
摘要： A system includes a virtual machine (VM) server and a policy engine server. The VM server includes two or more guest operating systems and an agent. The agent is configured to collect information from the two or more guest operating systems. The policy engine server is configured to: receive the information from the agent; generate access control information for a first guest OS, of the two or more guest operating systems, based on the information; and configure an enforcer based on the access control information.
摘要翻译：系统包括虚拟机（VM）服务器和策略引擎服务器。 VM服务器包括两个或多个客户机操作系统和代理。代理被配置为从两个或多个客户操作系统收集信息。策略引擎服务器被配置为：从代理接收信息; 基于所述信息生成所述两个或多个客户操作系统的第一客户操作系统的访问控制信息; 并根据访问控制信息配置执行者。

你已经成功收藏专利！

检索式保存成功!

IPRDB

热门服务

关于我们

友情链接

联系方式