公开(公告)号：US20100107231A1

公开(公告)日：2010-04-29

申请号：US12582544

申请日：2009-10-20

Applicant: Alan Kavanagh ,  Suresh Krishnan

Inventor： Alan Kavanagh ,  Suresh Krishnan

IPC: H04L9/32 ,  G06F21/00 ,  G06F11/07 ,  G06F15/16

CPC classification number: H04L63/08 ,  H04L9/3213 ,  H04L61/2015 ,  H04L63/0892

Abstract: Methods and network node in a network for receiving a network access request related to a subscriber via at least one external network interface and treating the network access request by using at least a first function and second function. A failure indication related to the subscriber is obtained from at least one of the first function or the second function. The network access request is thereafter denied by sending an access result via the external network interface. The access result comprises a cause of failure indicating the at least one of the first function or the second function as a source for the failure. The first and second functions may be, for instance, an AAA function and a DHCP function.

Abstract translation: 网络中的方法和网络节点，用于经由至少一个外部网络接口接收与订户相关的网络接入请求，并且通过使用至少第一功能和第二功能来处理所述网络接入请求。 从第一功能或第二功能中的至少一个获得与订户相关的故障指示。 此后，网络访问请求通过外部网络接口发送访问结果而被拒绝。 访问结果包括故障原因，指示第一功能或第二功能中的至少一个作为故障的源。 第一和第二功能可以是例如AAA功能和DHCP功能。

公开(公告)号：US20140204947A1

公开(公告)日：2014-07-24

申请号：US14222032

申请日：2014-03-21

Applicant: Suresh Krishnan ,  Alan Kavanagh

Inventor： Suresh Krishnan ,  Alan Kavanagh

IPC: H04L12/56

CPC classification number: H04L45/741 ,  H04L61/2514 ,  H04L61/2517 ,  H04L61/6095

Abstract: Methods, network address translation (NAT) devices, network nodes and system for allowing identification of a private device in a public network or treating traffic of a private device in a public network. The NAT may allocate a private IPv4 address to the private device, reserve a block of ports on the public IPv4 address for the private device and send an identification of the block of ports to a network node in the public network. The network node of the public network may receive an identification of a block of ports on the public IPv4 address indicating that the block of ports is reserved for the private device and activate a rule for treating traffic of the private device.

Abstract translation: 方法，网络地址转换（NAT）设备，网络节点和系统，用于允许在公共网络中识别专用设备或处理公共网络中的专用设备的流量。 NAT可以将私有IPv4地址分配给私有设备，在私有设备的公共IPv4地址上保留端口块，并将该端口块的标识发送到公共网络中的网络节点。 公共网络的网络节点可以接收公共IPv4地址上的端口块的标识，指示端口块被保留用于专用设备，并激活用于处理专用设备的流量的规则。

公开(公告)号：US08495713B2

公开(公告)日：2013-07-23

申请号：US12965552

申请日：2010-12-10

Applicant: Suresh Krishnan ,  Alan Kavanagh

Inventor： Suresh Krishnan ,  Alan Kavanagh

IPC: H04L29/06

CPC classification number: H04L63/162 ,  H04L63/08 ,  H04L63/0884 ,  H04L63/102 ,  H04W12/06 ,  H04W88/04

Abstract: Systems and methods provide for authenticating a device. A method for authenticating a device can include receiving, at communications node, a first message, wherein the first message includes a first Extensible Authentication Protocol (EAP) packet which includes an EAP (Identify) ID response and a first destination address; generating, by the communications node, a second message, wherein the second message includes the first EAP ID response and a second destination address which is different from the first destination address; and transmitting, by the communications node, the second message toward the second destination address.

Abstract translation: 系统和方法提供认证设备。 用于认证设备的方法可以包括在通信节点处接收第一消息，其中第一消息包括包括EAP（识别）ID响应和第一目的地地址的第一可扩展认证协议（EAP）分组; 由所述通信节点生成第二消息，其中所述第二消息包括所述第一EAP ID响应和与所述第一目的地地址不同的第二目的地地址; 以及由所述通信节点向所述第二目的地地址发送所述第二消息。

公开(公告)号：US20110283344A1

公开(公告)日：2011-11-17

申请号：US12965552

申请日：2010-12-10

Applicant: Suresh KRISHNAN ,  Alan Kavanagh

Inventor： Suresh KRISHNAN ,  Alan Kavanagh

IPC: G06F21/20

CPC classification number: H04L63/162 ,  H04L63/08 ,  H04L63/0884 ,  H04L63/102 ,  H04W12/06 ,  H04W88/04

Abstract: Systems and methods provide for authenticating a device. A method for authenticating a device can include receiving, at communications node, a first message, wherein the first message includes a first Extensible Authentication Protocol (EAP) packet which includes an EAP (Identify) ID response and a first destination address; generating, by the communications node, a second message, wherein the second message includes the first EAP ID response and a second destination address which is different from the first destination address; and transmitting, by the communications node, the second message toward the second destination address.

Abstract translation: 系统和方法提供认证设备。 用于认证设备的方法可以包括在通信节点处接收第一消息，其中第一消息包括包括EAP（识别）ID响应和第一目的地地址的第一可扩展认证协议（EAP）分组; 由所述通信节点生成第二消息，其中所述第二消息包括所述第一EAP ID响应和与所述第一目的地地址不同的第二目的地地址; 以及由所述通信节点向所述第二目的地地址发送所述第二消息。

公开(公告)号：US20060013191A1

公开(公告)日：2006-01-19

申请号：US11182789

申请日：2005-07-18

Applicant: Alan Kavanagh

Inventor： Alan Kavanagh

IPC: H04J3/24

CPC classification number: H04L63/102 ,  H04W4/08 ,  H04W12/08 ,  H04W12/12

Abstract: A method, security system control module and policy server for providing security for Mobile Stations (MSs) in a Packet-Switched Telecommunications System. When an MS accesses the system, its identity is sent to a security system control module that retrieves a security profile associated with the MS. A policy server of the security system control module stores individual security profiles, default security profiles and group security profiles for registered subscribers. Security settings associated with the MS security profile are returned from the policy server to a mobile security manager of the control module, which then determines if they should be propagated in the system. When no previous network access was made in a given time period by an MS having similar security settings, i.e. belongs to the same group security profile, the settings are propagated in the system in order to be enforced, for providing security protection for the MS.

Abstract translation: 一种用于在分组交换电信系统中为移动站（MS）提供安全性的方法，安全系统控制模块和策略服务器。 当MS访问系统时，其身份被发送到检索与MS相关联的安全简档的安全系统控制模块。 安全系统控制模块的策略服务器存储注册用户的各个安全配置文件，默认安全配置文件和组安全配置文件。 与MS安全配置文件相关联的安全设置从策略服务器返回到控制模块的移动安全管理器，然后控制模块确定是否应在系统中传播。 当由具有相似安全设置的MS（即属于相同组安全性配置文件）的MS在给定时间段内没有进行以前的网络访问时，在系统中传播设置以便被强制执行，以便为MS提供安全保护。

公开(公告)号：US07418253B2

公开(公告)日：2008-08-26

申请号：US11182789

申请日：2005-07-18

Applicant: Alan Kavanagh

Inventor： Alan Kavanagh

IPC: G06F17/00

CPC classification number: H04L63/102 ,  H04W4/08 ,  H04W12/08 ,  H04W12/12

Abstract: A method, security system control module and policy server for providing security for Mobile Stations (MSs) in a Packet-Switched Telecommunications System. When an MS accesses the system, its identity is sent to a security system control module that retrieves a security profile associated with the MS. A policy server of the security system control module stores individual security profiles, default security profiles and group security profiles for registered subscribers. Security settings associated with the MS security profile are returned from the policy server to a mobile security manager of the control module, which then determines if they should be propagated in the system. When no previous network access was made in a given time period by an MS having similar security settings, i.e. belongs to the same group security profile, the settings are propagated in the system in order to be enforced, for providing security protection for the MS.

Abstract translation: 一种用于在分组交换电信系统中为移动站（MS）提供安全性的方法，安全系统控制模块和策略服务器。 当MS访问系统时，其身份被发送到检索与MS相关联的安全简档的安全系统控制模块。 安全系统控制模块的策略服务器存储注册用户的各个安全配置文件，默认安全配置文件和组安全配置文件。 与MS安全配置文件相关联的安全设置从策略服务器返回到控制模块的移动安全管理器，然后控制模块确定是否应在系统中传播。 当由具有相似安全设置的MS（即属于相同组安全性配置文件）的MS在给定时间段内没有进行先前的网络访问时，在系统中传播设置以便强制执行，以便为MS提供安全保护。

公开(公告)号：US20090031394A1

公开(公告)日：2009-01-29

申请号：US11782438

申请日：2007-07-24

Applicant: Alan Kavanagh ,  Frederic Rossi ,  Richard Tremblay ,  Ludovic Beliveau

Inventor： Alan Kavanagh ,  Frederic Rossi ,  Richard Tremblay ,  Ludovic Beliveau

IPC: G06F17/00

CPC classification number: H04L65/4084 ,  H04L47/70 ,  H04L47/824 ,  H04N21/25883 ,  H04N21/4627 ,  H04N21/647

Abstract: Communication nodes, systems and methods are described which provide access screening for services based upon service type description information and policy criteria information associated with an access network. If a requested service is, e.g., banned due to regulatory policies in a geographic region associated with a particular access network, then the requested service shall be denied even if the user has a valid subscription to such requested service via another access network.

Abstract translation: 描述了基于与接入网络相关联的服务类型描述信息和策略标准信息为服务提供接入筛选的通信节点，系统和方法。 如果所请求的服务例如由于与特定接入网络相关联的地理区域中的监管策略而被禁止，则即使用户经由另一个接入网络对这样的请求的服务进行有效订阅，也应该拒绝所请求的服务。

公开(公告)号：US06748434B2

公开(公告)日：2004-06-08

申请号：US09955797

申请日：2001-09-18

Applicant: Alan Kavanagh

Inventor： Alan Kavanagh

IPC: G06F15173

CPC classification number: H04L61/1511 ,  H04L29/12066 ,  H04W8/26 ,  H04W24/00 ,  H04W28/06

Abstract: Methods, systems and arrangements enable an adaptive node selector (e.g., an adaptive domain name server (DNS)) to monitor network nodes and/or links/interfaces therebetween/thereof to facilitate connections to and through network nodes and over network links that are available/up. The adaptive node selector may include a nomenclature-nodal address mapper/filtering data structure in which one or more entries indicate whether network node(s) and/or network link(s) used to route through and/or to the node of the nodal address is/are functioning properly. The adaptive node selector may monitor the network by, for example, polling various elements of the network. In certain embodiment(s), the adaptive node selector may include a location/origin based filter, an event logger for logging various monitored functioning and non-functioning occurrences, and a filter for returning IP address(es) responsive to queries for available/up interfaces/links.

Abstract translation: 方法，系统和布置使自适应节点选择器（例如，自适应域名服务器（DNS））监视其间的网络节点和/或链路/接口，以便于连接到网络节点和通过可用的网络链路 /向上。 自适应节点选择器可以包括命名节点地址映射器/过滤数据结构，其中一个或多个条目指示用于路由和/或节点的节点的网络节点和/或网络链路 地址正在正常运行。 自适应节点选择器可以通过例如轮询网络的各种元件来监视网络。 在某些实施例中，自适应节点选择器可以包括基于位置/来源的过滤器，用于记录各种监视的功能和不起作用的事件的事件记录器，以及响应于可用/ up接口/链接。