-
公开(公告)号:US07606916B1
公开(公告)日:2009-10-20
申请号:US10705158
申请日:2003-11-10
申请人: Darran Potter , Andrew Clymer
发明人: Darran Potter , Andrew Clymer
IPC分类号: G06F15/16
CPC分类号: G06F9/505
摘要: A method and apparatus for load balancing within a computer system makes use of client MAC addresses, reduced modulo N, to direct client requests to a particular server within a server farm. The method is particularly applicable to load balancing applied to AAA servers. In the preferred embodiments, the method can handle failovers and fail-back with few or no aborted authentications.
摘要翻译: 用于计算机系统内的负载平衡的方法和装置利用客户端MAC地址(减小模N)来将客户端请求引导到服务器场内的特定服务器。 该方法特别适用于应用于AAA服务器的负载均衡。 在优选实施例中,该方法可以很少或没有中止的认证来处理故障转移和故障回复。
-
公开(公告)号:US20070118883A1
公开(公告)日:2007-05-24
申请号:US11655646
申请日:2007-01-18
申请人: Darran Potter , Jeremy Stieglitz , Andrew Clymer
发明人: Darran Potter , Jeremy Stieglitz , Andrew Clymer
IPC分类号: H04L9/32 , H04L9/00 , G06K9/00 , H04K1/00 , G06F17/30 , G06F15/16 , G06F7/04 , G06F7/58 , G06K19/00
CPC分类号: H04L63/20 , H04L63/08 , H04L63/0892 , H04L63/105 , H04L63/205 , H04L69/24 , H04M3/38
摘要: A method is disclosed for determining the authentication capabilities of a supplicant before initiating an authentication conversation with a client, for example, using Extensible Authentication Protocol (EAP). In one aspect, the method provides for sending, to a supplicant that is requesting access to a computer network subject to authentication of a user of the supplicant, a list of first authentication methods that are supported by an authentication server; receiving, from the supplicant, a counter-list of second authentication methods that are supported by the supplicant; determining how many second authentication methods in the counter-list match the first authentication methods; and performing an authentication policy action based on how many of the second authentication methods match the first authentication methods. Policy actions can include blocking access, re-directing to sources of acceptable authentication methods, granting one of several levels of network access, etc.
摘要翻译: 公开了一种用于在发起与客户端的认证会话之前确定请求方的认证能力的方法,例如使用可扩展认证协议(EAP)。 一方面,该方法提供向认证服务器所支持的第一认证方式的列表发送请求接入受认证请求者的用户的计算机网络的请求者; 从请求方接收请求者支持的第二认证方法的反向列表; 确定所述计数器列表中的第二认证方法与所述第一认证方法匹配; 以及基于多少所述第二认证方法与所述第一认证方法相匹配来执行认证策略动作。 策略操作可以包括阻止访问,重新定向到可接受的认证方法的源,授予几个级别的网络访问等之一。
-
3.发明授权Methods and apparatus to configure a network device via an authentication protocol 有权通过认证协议配置网络设备的方法和装置公开(公告)号:US07546632B2
公开(公告)日:2009-06-09
申请号:US11059835
申请日:2005-02-17
CPC分类号: H04L41/0806 , H04L41/0866 , H04L63/08 , H04L63/20
摘要: A system supplies configuration information, via an EAP protocol, to a remote device trying to access the network. An authentication server performs an authentication exchange by receiving, from a remote device, a connection attempt to access the network. The authentication server performs an authentication exchange with the remote device to allow the remote device access to the network. During the authentication exchange, a configuration selection characteristic associated with the remote device is identified. A device configuration to be applied to the remote device, based on the configuration selection characteristic, is determined. The authentication server provides the determined device configuration to the remote device, via an EAP protocol, to allow the remote device to install the determined device configuration prior to being allowed access to the network.
摘要翻译: 系统通过EAP协议将配置信息提供给尝试访问网络的远程设备。 认证服务器通过从远程设备接收到访问网络的连接尝试来执行认证交换。 认证服务器与远程设备进行认证交换,允许远程设备访问网络。 在认证交换期间,识别与远程设备相关联的配置选择特性。 确定基于配置选择特性应用于远程设备的设备配置。 认证服务器通过EAP协议向远程设备提供所确定的设备配置,以允许远程设备在被允许访问网络之前安装所确定的设备配置。
-
公开(公告)号:US07225263B1
公开(公告)日:2007-05-29
申请号:US10310572
申请日:2002-12-04
申请人: Andrew M. Clymer , Darran Potter
发明人: Andrew M. Clymer , Darran Potter
IPC分类号: G06F15/16
CPC分类号: H04L63/101 , H04L63/20
摘要: A method is disclosed for creating and storing troubleshooting information for providing access control information to a network device. A provisioning of one or more access control lists, and one or more associations of the access control lists to users of the network device, are received. As part of authenticating a user login request, a name of a first access control list is provided to the network device, selected from among the one or more access control lists that based on the associations. A request is received from the network device for a first access control list that is associated with a user of the network device. The request includes the name of the access control list. The first access control list is sent to the network device in response to the request. Embodiments may use RADIUS packets for communicating ACLs from an authentication server to a firewall, and a de-fragmentation approach is disclosed for downloading ACLs that exceed the maximum RADIUS packet size. Further, using an ACL renaming approach the firewall is forced to update its cache when a user subsequently logs in and the corresponding ACL has changed in the interim.
摘要翻译: 公开了一种用于创建和存储用于向网络设备提供访问控制信息的故障排除信息的方法。 接收一个或多个访问控制列表的配置以及访问控制列表的一个或多个关联到网络设备的用户。 作为认证用户登录请求的一部分,将第一访问控制列表的名称提供给从根据关联的一个或多个访问控制列表中选择的网络设备。 从网络设备接收到与网络设备的用户相关联的第一访问控制列表的请求。 该请求包括访问控制列表的名称。 响应于该请求,将第一访问控制列表发送到网络设备。 实施例可以使用RADIUS分组来从认证服务器到防火墙传递ACL,并且公开了一种去分片方法来下载超过最大RADIUS分组大小的ACL。 此外,使用ACL重命名方法,当用户随后登录时,防火墙被迫更新其缓存,并且临时更改对应的ACL。
-
公开(公告)号:US08555340B2
公开(公告)日:2013-10-08
申请号:US11655646
申请日:2007-01-18
申请人: Darran Potter , Jeremy Stieglitz , Andrew Clymer
发明人: Darran Potter , Jeremy Stieglitz , Andrew Clymer
CPC分类号: H04L63/20 , H04L63/08 , H04L63/0892 , H04L63/105 , H04L63/205 , H04L69/24 , H04M3/38
摘要: A method is disclosed for determining the authentication capabilities of a supplicant before initiating an authentication conversation with a client, for example, using Extensible Authentication Protocol (EAP). In one aspect, the method provides for sending, to a supplicant that is requesting access to a computer network subject to authentication of a user of the supplicant, a list of first authentication methods that are supported by an authentication server; receiving, from the supplicant, a counter-list of second authentication methods that are supported by the supplicant; determining how many second authentication methods in the counter-list match the first authentication methods; and performing an authentication policy action based on how many of the second authentication methods match the first authentication methods. Policy actions can include blocking access, re-directing to sources of acceptable authentication methods, granting one of several levels of network access, etc.
摘要翻译: 公开了一种用于在发起与客户端的认证会话之前确定请求方的认证能力的方法,例如使用可扩展认证协议(EAP)。 一方面,该方法提供向认证服务器所支持的第一认证方式的列表发送请求接入受认证请求者的用户的计算机网络的请求者; 从请求方接收请求者支持的第二认证方法的反向列表; 确定所述计数器列表中的第二认证方法与所述第一认证方法匹配; 以及基于多少所述第二认证方法与所述第一认证方法相匹配来执行认证策略动作。 策略操作可以包括阻止访问,重新定向到可接受的认证方法的源,授予几个级别的网络访问等之一。
-
公开(公告)号:US20110154048A1
公开(公告)日:2011-06-23
申请号:US13035873
申请日:2011-02-25
申请人: Jeremy Stieglitz , Darran Potter
发明人: Jeremy Stieglitz , Darran Potter
IPC分类号: G06F21/00
CPC分类号: H04L63/0892 , G06F21/46 , G06F2221/2101 , G06F2221/2105 , G06F2221/2141 , G06F2221/2149 , H04L63/083
摘要: Techniques are disclosed for dynamically mitigating a noncompliant password. The method comprises obtaining a password; generating one or more quality scores for the password using a password policy for an authentication and authorization service; determining whether the password has sufficient score quality; in response to determining that the password does not have sufficient score quality, granting to the user a different level of access to the service than if the password meets the quality criteria; wherein the method is performed by one or more computing devices.
摘要翻译: 公开了用于动态减轻不合规密码的技术。 该方法包括获取密码; 使用认证和授权服务的密码策略为密码生成一个或多个质量得分; 确定密码是否具有足够的分数质量; 响应于确定密码没有足够的分数质量,给予用户不同于对密码达到质量标准的访问级别; 其中所述方法由一个或多个计算设备执行。
-
公开(公告)号:US07194763B2
公开(公告)日:2007-03-20
申请号:US10910006
申请日:2004-08-02
申请人: Darran Potter , Jeremy Stieglitz , Andrew Clymer
发明人: Darran Potter , Jeremy Stieglitz , Andrew Clymer
IPC分类号: G06K9/00
CPC分类号: H04L63/20 , H04L63/08 , H04L63/0892 , H04L63/105 , H04L63/205 , H04L69/24 , H04M3/38
摘要: A method is disclosed for determining the authentication capabilities of a supplicant before initiating an authentication conversation with a client, for example, using Extensible Authentication Protocol (EAP). In one aspect, the method provides for sending, to a supplicant that is requesting access to a computer network subject to authentication of a user of the supplicant, a list of first authentication methods that are supported by an authentication server; receiving, from the supplicant, a counter-list of second authentication methods that are supported by the supplicant; determining how many second authentication methods in the counter-list match the first authentication methods; and performing an authentication policy action based on how many of the second authentication methods match the first authentication methods. Policy actions can include blocking access, re-directing to sources of acceptable authentication methods, granting one of several levels of network access, etc.
-
8.发明申请Method and apparatus for automatically re-validating multiple clients of an authentication system 有权用于自动重新验证认证系统的多个客户端的方法和装置公开(公告)号:US20060026670A1
公开(公告)日:2006-02-02
申请号:US10910005
申请日:2004-08-02
申请人: Darran Potter , Jeremy Stieglitz , Andrew Clymer
发明人: Darran Potter , Jeremy Stieglitz , Andrew Clymer
IPC分类号: G06K9/00
CPC分类号: H04L63/20 , G06F21/31 , H04L63/08 , H04L63/0892 , H04L63/10 , H04L63/1433
摘要: A method is disclosed for performing on-demand posture validation for all of multiple clients or supplicants of an authentication system, comprising creating and storing a session list identifying communication sessions relating to supplicants that access a computer network through an access device; receiving input requesting performing posture validation for all the supplicants; determining a time value for starting the posture validation for a particular supplicant identified in the session list; generating and sending to the access device, a request to perform posture validation, wherein the request comprises supplicant identifying information and the time value and instructs the access device to initiate the posture validation for that supplicant only after the time value has expired; and repeating the steps of determining, generating and sending for all supplicants in the session list.
摘要翻译: 公开了一种用于对认证系统的所有多个客户端或请求者执行按需姿势验证的方法,包括创建和存储会话列表,该会话列表标识与通过接入设备访问计算机网络的请求者有关的通信会话; 接收请求对所有请求者执行姿势验证的输入; 确定用于开始在会话列表中标识的特定请求者的姿势验证的时间值; 生成并向所述访问设备发送执行姿势验证的请求,其中所述请求包括请求者识别信息和所述时间值,并且仅在所述时间值到期之后指示所述访问设备才启动所述请求者的姿势验证; 并重复在会话列表中为所有请求者确定,生成和发送的步骤。
-
公开(公告)号:US08909936B2
公开(公告)日:2014-12-09
申请号:US13035873
申请日:2011-02-25
申请人: Jeremy Stieglitz , Darran Potter
发明人: Jeremy Stieglitz , Darran Potter
CPC分类号: H04L63/0892 , G06F21/46 , G06F2221/2101 , G06F2221/2105 , G06F2221/2141 , G06F2221/2149 , H04L63/083
摘要: Techniques are disclosed for dynamically mitigating a noncompliant password. The method comprises obtaining a password; generating one or more quality scores for the password using a password policy for an authentication and authorization service; determining whether the password has sufficient score quality; in response to determining that the password does not have sufficient score quality, granting to the user a different level of access to the service than if the password meets the quality criteria; wherein the method is performed by one or more computing devices.
摘要翻译: 公开了用于动态减轻不合规密码的技术。 该方法包括获取密码; 使用认证和授权服务的密码策略为密码生成一个或多个质量得分; 确定密码是否具有足够的分数质量; 响应于确定密码没有足够的分数质量,给予用户不同于对密码达到质量标准的访问级别; 其中所述方法由一个或多个计算设备执行。
-
10.发明授权Method and apparatus for automatically re-validating multiple clients of an authentication system 有权用于自动重新验证认证系统的多个客户端的方法和装置公开(公告)号:US07587751B2
公开(公告)日:2009-09-08
申请号:US10910005
申请日:2004-08-02
申请人: Darran Potter , Jeremy Stieglitz , Andrew Clymer
发明人: Darran Potter , Jeremy Stieglitz , Andrew Clymer
IPC分类号: G06F7/04
CPC分类号: H04L63/20 , G06F21/31 , H04L63/08 , H04L63/0892 , H04L63/10 , H04L63/1433
摘要: According to one embodiment of the invention, a session list identifying communication sessions relating to supplicants that access a computer network through an access device is created and stored at an authentication server. Then, an event is received from an anti-virus system announcing an updated anti-virus policy. User input is received that requests performing posture validation for all the supplicants. Next, in response to the information received, a time value for starting the posture validation for a particular supplicant identified in the session list. Finally, in response to the information received, a request to perform posture validation is generated and sent to the access device, wherein the request includes supplicant identifying information, the time value, and instructions that instructs the access device to initiate the posture validation for that supplicant only after the time value has expired. The steps are repeated for all supplicants in the session list.
摘要翻译: 根据本发明的一个实施例,创建识别与通过接入设备访问计算机网络的请求者有关的通信会话的会话列表,并将其存储在认证服务器。 然后,从反病毒系统收到一个宣布更新的反病毒策略的事件。 接收到请求对所有请求者执行姿态验证的用户输入。 接下来,响应于所接收的信息,为在会话列表中标识的特定请求者开始姿势验证的时间值。 最后,响应于接收到的信息,产生执行姿势验证的请求并发送到接入设备,其中该请求包括请求者识别信息,时间值和指示接入设备启动对该接入设备的姿态验证的指令 请求者只有在时间值过期之后。 会话列表中的所有请求者重复这些步骤。
-
-
-
-
-
-
-
-
-
搜索结果
18 条记录 (耗时 0.012 秒)
