公开(公告)号：US20210037059A1

公开(公告)日：2021-02-04

申请号：US16529255

申请日：2019-08-01

Applicant: HEWLETT PACKARD ENTERPRISE DEVELOPMENT LP

Inventor： Rajesh Kumar Ganapathy Achari ,  Anoop Kumaran Nair ,  Venkatesh Ramachandran ,  Pattabhi Attaluri ,  Bhagya Prasad NR ,  Antoni Milton

IPC: H04L29/06

Abstract: A process, system, and non-transient computer readable medium that provides device automation support for the dynamic activation, authentication, and accounting of network access and network access devices while enabling seamless multi-vendor support for change of authorization through multiple network protocols. The process, system, and non-transient computer readable media also provides security threat remediation that can be automated at the device, network access, traffic inspection, and/or threat protection level by taking action on a device by triggering actions in a bidirectional manner.

公开(公告)号：US20200382516A1

公开(公告)日：2020-12-03

申请号：US16429375

申请日：2019-06-03

Applicant: HEWLETT PACKARD ENTERPRISE DEVELOPMENT LP

Inventor： Rajesh Kumar Ganapathy Achari ,  Anoop Kumaran Nair ,  Pattabhi Attaluri ,  Venkatesh Ramachandran ,  Bhagya Prasad Nittur ,  Antoni Milton

IPC: H04L29/06 ,  H04L12/24

Abstract: Methods and systems for specifying and enforcing network policies are provided. One method for configuring a network that includes a plurality of heterogeneous network access devices includes creating a network enforcement profile based on at least one enforcement policy, and determining a network access device group of the plurality of heterogeneous network access devices that are capable of managing the enforcement profile. The method further includes providing vendor-specific configuration parameters for at least one network access device of the network access device group so as to cause the network to manage the network enforcement profile, and applying the vendor-specific configuration parameters to the at least one network access device.

公开(公告)号：US11553007B2

公开(公告)日：2023-01-10

申请号：US16539549

申请日：2019-08-13

Applicant: HEWLETT PACKARD ENTERPRISE DEVELOPMENT LP

Inventor： Antoni Milton ,  Mohit Goyal ,  Pattabhi Attaluri

IPC: G06F7/04 ,  G06F15/16 ,  G06F17/30 ,  H04L29/06 ,  H04L9/40

Abstract: A method may include receiving a digital certificate through a secure connection from a network access server, the secure connection passing through a network address translation device, validating the digital certificate with a policy management system, and establishing a secure tunnel between the network access server and the policy management system when the digital certificate is validated. Also, receiving, through the secure tunnel and from the network access server, a remote authentication dial-in user service access request having a network access server internet protocol address, validating the network access server with the network access server internet protocol address by the policy management system, and allowing a remote authentication dial-in user service traffic when the internet protocol address of the network access server is validated and closing the secure tunnel when the validating the network access server fails.

公开(公告)号：US20200382497A1

公开(公告)日：2020-12-03

申请号：US16429462

申请日：2019-06-03

Applicant: HEWLETT PACKARD ENTERPRISE DEVELOPMENT LP

Inventor： Rajesh Kumar Ganapathy Achari ,  Anoop Kumaran Nair ,  Venkatesh Ramachandran ,  Pattabhi Attaluri ,  Bhagya Prasad Nittur ,  Antoni Milton

IPC: H04L29/06

Abstract: Methods and systems for providing vendor agnostic captive portal authentication in a network that includes a plurality of network access devices are provided. For instance, one method includes receiving a redirect request for a communication between a first user-terminal and a first network access device, the redirect request including at least one of a vendor-specific item of information of the first network access device and an Internet Protocol (IP) address of the first network access device. The method further includes comparing the at least one of the vendor-specific item of information of the first network access device and the IP address of the first network access device against each of a plurality of entries of a network access device database, and providing the first user-terminal access to a captive portal page in response to an appropriate match.

公开(公告)号：US11792193B2

公开(公告)日：2023-10-17

申请号：US17523263

申请日：2021-11-10

Applicant: Hewlett Packard Enterprise Development LP

Inventor： Rajesh Kumar Ganapathy Achari ,  Anoop Kumaran Nair ,  Venkatesh Ramachandran ,  Pattabhi Attaluri ,  Bhagya Prasad Nittur ,  Antoni Milton

IPC: G06F21/62 ,  G06F21/71 ,  H04L9/40 ,  G06F21/73

CPC classification number: H04L63/0876 ,  H04L63/105

Abstract: Methods and systems for providing vendor agnostic captive portal authentication in a network that includes a plurality of network access devices are provided. For instance, one method includes receiving a redirect request for a communication between a first user-terminal and a first network access device, the redirect request including at least one of a vendor-specific item of information of the first network access device and an Internet Protocol (IP) address of the first network access device. The method further includes comparing the at least one of the vendor-specific item of information of the first network access device and the IP address of the first network access device against each of a plurality of entries of a network access device database, and providing the first user-terminal access to a captive portal page in response to an appropriate match.

公开(公告)号：US11228618B2

公开(公告)日：2022-01-18

申请号：US16529255

申请日：2019-08-01

Applicant: HEWLETT PACKARD ENTERPRISE DEVELOPMENT LP

Inventor： Rajesh Kumar Ganapathy Achari ,  Anoop Kumaran Nair ,  Venkatesh Ramachandran ,  Pattabhi Attaluri ,  Rajarao Bhagya Prasad Nittur ,  Antoni Milton

IPC: H04L29/06 ,  H04L12/66

Abstract: A process, system, and non-transient computer readable medium that provides device automation support for the dynamic activation, authentication, and accounting of network access and network access devices while enabling seamless multi-vendor support for change of authorization through multiple network protocols. The process, system, and non-transient computer readable media also provides security threat remediation that can be automated at the device, network access, traffic inspection, and/or threat protection level by taking action on a device by triggering actions in a bidirectional manner.

公开(公告)号：US11463477B2

公开(公告)日：2022-10-04

申请号：US16419138

申请日：2019-05-22

Applicant: HEWLETT PACKARD ENTERPRISE DEVELOPMENT LP

Inventor： Antoni Milton ,  Pattabhi Attaluri

IPC: H04L9/40 ,  H04L67/1097

Abstract: A distributed policy management (PM) system (e.g., system for authentication, authorization, and accounting (AAA) activities on a network) is provided. Nodes of the PM system may share information of the PM system using a distributed data store (e.g., a multi-master cache). Each node of the distributed PM system may further share information from the distributed data store with other nodes of a corporate infrastructure network by augmenting information in a remote authentication dial-in user service (RADIUS) protocol message. Nodes that are involved in policy management (e.g., network authentication server (NAS) or firewall) without access to the distributed data store may receive information via augmented RADIUS messages. In this manner, devices may be interfaced to the distributed PM system without having access to the distributed data store. High availability and load balancing implementations may be provided by leveraging the distributed data store across nodes of the PM system.

公开(公告)号：US20200374315A1

公开(公告)日：2020-11-26

申请号：US16419138

申请日：2019-05-22

Applicant: HEWLETT PACKARD ENTERPRISE DEVELOPMENT LP

Inventor： Antoni Milton ,  Pattabhi Attaluri

IPC: H04L29/06

Abstract: A distributed policy management (PM) system (e.g., system for authentication, authorization, and accounting (AAA) activities on a network) is provided. Nodes of the PM system may share information of the PM system using a distributed data store (e.g., a multi-master cache). Each node of the distributed PM system may further share information from the distributed data store with other nodes of a corporate infrastructure network by augmenting information in a remote authentication dial-in user service (RADIUS) protocol message. Nodes that are involved in policy management (e.g., network authentication server (NAS) or firewall) without access to the distributed data store may receive information via augmented RADIUS messages. In this manner, devices may be interfaced to the distributed PM system without having access to the distributed data store. High availability and load balancing implementations may be provided by leveraging the distributed data store across nodes of the PM system.

公开(公告)号：US11968238B2

公开(公告)日：2024-04-23

申请号：US17823193

申请日：2022-08-30

Applicant: Hewlett Packard Enterprise Development LP

Inventor： Antoni Milton ,  Pattabhi Attaluri

IPC: H04L9/40 ,  G06F16/27 ,  H04L41/0893 ,  H04L69/24 ,  H04L67/1097 ,  H04L67/56

CPC classification number: H04L63/20 ,  G06F16/27 ,  H04L41/0893 ,  H04L63/0263 ,  H04L63/0892 ,  H04L69/24 ,  H04L63/02 ,  H04L67/1097 ,  H04L67/56

Abstract: A distributed policy management (PM) system (e.g., system for authentication, authorization, and accounting (AAA) activities on a network) is provided. Nodes of the PM system may share information of the PM system using a distributed data store (e.g., a multi-master cache). Each node of the distributed PM system may further share information from the distributed data store with other nodes of a corporate infrastructure network by augmenting information in a remote authentication dial-in user service (RADIUS) protocol message. Nodes that are involved in policy management (e.g., network authentication server (NAS) or firewall) without access to the distributed data store may receive information via augmented RADIUS messages. In this manner, devices may be interfaced to the distributed PM system without having access to the distributed data store. High availability and load balancing implementations may be provided by leveraging the distributed data store across nodes of the PM system.

公开(公告)号：US11418515B2

公开(公告)日：2022-08-16

申请号：US16429375

申请日：2019-06-03

Applicant: HEWLETT PACKARD ENTERPRISE DEVELOPMENT LP

Inventor： Rajesh Kumar Ganapathy Achari ,  Anoop Kumaran Nair ,  Pattabhi Attaluri ,  Venkatesh Ramachandran ,  Bhagya Prasad Nittur ,  Antoni Milton

IPC: H04L9/40 ,  H04L41/0806

Abstract: Methods and systems for specifying and enforcing network policies are provided. One method for configuring a network that includes a plurality of heterogeneous network access devices includes creating a network enforcement profile based on at least one enforcement policy, and determining a network access device group of the plurality of heterogeneous network access devices that are capable of managing the enforcement profile. The method further includes providing vendor-specific configuration parameters for at least one network access device of the network access device group so as to cause the network to manage the network enforcement profile, and applying the vendor-specific configuration parameters to the at least one network access device.