公开(公告)号：US20070214352A1

公开(公告)日：2007-09-13

申请号：US11373727

申请日：2006-03-10

申请人： Sean Convery ,  David Oran ,  James Rivers ,  John Schnizlein ,  Ralph Droms ,  Mark Stapp

发明人： Sean Convery ,  David Oran ,  James Rivers ,  John Schnizlein ,  Ralph Droms ,  Mark Stapp

IPC分类号： H04L9/00

CPC分类号： H04L63/0263 ,  H04L29/12301 ,  H04L61/2076 ,  H04L63/0236 ,  H04L63/101 ,  H04L63/102 ,  H04L63/20 ,  H04W12/08

摘要： Generating a binding between a source address and one or more roles of a user accessing the network and distributing the binding to a filter node. The source address is currently assigned to the device. The binding may be generated by one or more nodes on an ingress path used during authentication of the user. The binding may be distributed to the filter node on demand or without any request from the filter node. Responsive to a determination that the user is associated with a new source address, a new binding is generated to associate a new source address with the one or more roles for the user. The new binding is distributed to the filter node. Another aspect is a method of enforcing a role based security policy at a filter node, using bindings of source addresses to roles.

摘要翻译： 在源地址和访问网络的用户的一个或多个角色之间生成绑定，并将绑定分发到过滤器节点。 源地址当前分配给设备。 绑定可以由用户认证期间使用的入口路径上的一个或多个节点生成。 绑定可以根据需要分配到过滤节点，也可以不经过过滤器节点的任何请求。 响应于确定用户与新的源地址相关联，生成新的绑定以将新的源地址与用户的一个或多个角色相关联。 新的绑定被分发到过滤器节点。 另一方面是在过滤器节点上使用源地址绑定到角色来实施基于角色的安全策略的方法。

公开(公告)号：US07050396B1

公开(公告)日：2006-05-23

申请号：US09729623

申请日：2000-11-30

申请人： Ron Cohen ,  Yoram Snir ,  John Schnizlein

发明人： Ron Cohen ,  Yoram Snir ,  John Schnizlein

IPC分类号： H04L1/00

CPC分类号： H04L12/2854 ,  H04L47/2408 ,  H04W72/12 ,  H04W76/10

摘要： A method of automatically establishing differentiated services quality of service treatment for a return packet flow that is associated with an originating packet flow in a network is disclosed. The originating packet flow is received, and it is determined that one or more packets in the originating packet flow are marked with a DSCP value that matches a policy rule that instruct setting of a specified DSCP value to the return packet flow. In response, information identifying the originating packet flow and a second DSCP value for marking the return packet flow is created and stored. When a corresponding return packet flow is received and determined to be associated with the originating packet flow, packets of the return packet flow are automatically marked with the second DSCP value. Once the packet flow terminates, all stored information is removed.

摘要翻译： 公开了一种与网络中的始发分组流相关联的返回分组流自动建立差分服务质量服务质量的方法。 接收始发分组流，并且确定始发分组流中的一个或多个分组被标记为与指示将指定的DSCP值的设置指定给返回分组流的策略规则相匹配的DSCP值。 作为响应，创建并存储识别发起分组流的信息和用于标记返回分组流的第二DSCP值。 当相应的返回分组流被接收并确定为与发起分组流相关联时，返回分组流的分组被自动标记为具有第二DSCP值。 一旦数据包流终止，所有存储的信息都被删除。

公开(公告)号：US20100322241A1

公开(公告)日：2010-12-23

申请号：US12868696

申请日：2010-08-25

申请人： Sean CONVERY ,  David R. Oran ,  James Rivers ,  John Schnizlein ,  Ralph Droms ,  Mark Stapp

发明人： Sean CONVERY ,  David R. Oran ,  James Rivers ,  John Schnizlein ,  Ralph Droms ,  Mark Stapp

IPC分类号： H04L12/56

CPC分类号： H04L63/0263 ,  H04L29/12301 ,  H04L61/2076 ,  H04L63/0236 ,  H04L63/101 ,  H04L63/102 ,  H04L63/20 ,  H04W12/08

摘要： Generating a binding between a source address and one or more roles of a user accessing the network and distributing the binding to a filter node. The source address is currently assigned to the device. The binding may be generated by one or more nodes on an ingress path used during authentication of the user. The binding may be distributed to the filter node on demand or without any request from the filter node. Responsive to a determination that the user is associated with a new source address, a new binding is generated to associate a new source address with the one or more roles for the user. The new binding is distributed to the filter node. Another aspect is a method of enforcing a role based security policy at a filter node, using bindings of source addresses to roles.

摘要翻译： 在源地址和访问网络的用户的一个或多个角色之间生成绑定，并将绑定分发到过滤器节点。 源地址当前分配给设备。 绑定可以由用户认证期间使用的入口路径上的一个或多个节点生成。 绑定可以根据需要分配到过滤节点，也可以不经过过滤器节点的任何请求。 响应于确定用户与新的源地址相关联，生成新的绑定以将新的源地址与用户的一个或多个角色相关联。 新的绑定被分发到过滤器节点。 另一方面是在过滤器节点上使用源地址绑定到角色来实施基于角色的安全策略的方法。

公开(公告)号：US07814311B2

公开(公告)日：2010-10-12

申请号：US11373727

申请日：2006-03-10

申请人： Sean Convery ,  David R. Oran ,  James Rivers ,  John Schnizlein ,  Ralph Droms ,  Mark Stapp

发明人： Sean Convery ,  David R. Oran ,  James Rivers ,  John Schnizlein ,  Ralph Droms ,  Mark Stapp

IPC分类号： H04L29/06

CPC分类号： H04L63/0263 ,  H04L29/12301 ,  H04L61/2076 ,  H04L63/0236 ,  H04L63/101 ,  H04L63/102 ,  H04L63/20 ,  H04W12/08

摘要： Generating a binding between a source address and one or more roles of a user accessing the network and distributing the binding to a filter node. The source address is currently assigned to the device. The binding may be generated by one or more nodes on an ingress path used during authentication of the user. The binding may be distributed to the filter node on demand or without any request from the filter node. Responsive to a determination that the user is associated with a new source address, a new binding is generated to associate a new source address with the one or more roles for the user. The new binding is distributed to the filter node. Another aspect is a method of enforcing a role based security policy at a filter node, using bindings of source addresses to roles.

摘要翻译： 在源地址和访问网络的用户的一个或多个角色之间生成绑定，并将绑定分发到过滤器节点。 源地址当前分配给设备。 绑定可以由用户认证期间使用的入口路径上的一个或多个节点生成。 绑定可以根据需要分配到过滤节点，也可以不经过过滤器节点的任何请求。 响应于确定用户与新的源地址相关联，生成新的绑定以将新的源地址与用户的一个或多个角色相关联。 新的绑定被分发到过滤器节点。 另一方面是在过滤器节点上使用源地址绑定到角色来实施基于角色的安全策略的方法。

公开(公告)号：US08156325B2

公开(公告)日：2012-04-10

申请号：US12868696

申请日：2010-08-25

申请人： Sean Convery ,  David R. Oran ,  James Rivers ,  John Schnizlein ,  Ralph Droms ,  Mark Stapp

发明人： Sean Convery ,  David R. Oran ,  James Rivers ,  John Schnizlein ,  Ralph Droms ,  Mark Stapp

IPC分类号： H04L29/06

CPC分类号： H04L63/0263 ,  H04L29/12301 ,  H04L61/2076 ,  H04L63/0236 ,  H04L63/101 ,  H04L63/102 ,  H04L63/20 ,  H04W12/08

摘要： Generating a binding between a source address and one or more roles of a user accessing the network and distributing the binding to a filter node. The source address is currently assigned to the device. The binding may be generated by one or more nodes on an ingress path used during authentication of the user. The binding may be distributed to the filter node on demand or without any request from the filter node. Responsive to a determination that the user is associated with a new source address, a new binding is generated to associate a new source address with the one or more roles for the user. The new binding is distributed to the filter node. Another aspect is a method of enforcing a role based security policy at a filter node, using bindings of source addresses to roles.

摘要翻译： 在源地址和访问网络的用户的一个或多个角色之间生成绑定，并将绑定分发到过滤器节点。 源地址当前分配给设备。 绑定可以由用户认证期间使用的入口路径上的一个或多个节点生成。 绑定可以根据需要分配到过滤节点，也可以不经过过滤器节点的任何请求。 响应于确定用户与新的源地址相关联，生成新的绑定以将新的源地址与用户的一个或多个角色相关联。 新的绑定被分发到过滤器节点。 另一方面是在过滤器节点上使用源地址绑定到角色来实施基于角色的安全策略的方法。

公开(公告)号：US20070064624A1

公开(公告)日：2007-03-22

申请号：US11230395

申请日：2005-09-20

申请人： Norman Finn ,  Jacob Jensen ,  John Schnizlein

发明人： Norman Finn ,  Jacob Jensen ,  John Schnizlein

IPC分类号： H04L12/28 ,  H04L12/66

CPC分类号： H04L41/0856 ,  H04L12/4625 ,  H04L41/0806 ,  Y02D30/30

摘要： A system and method automatically configures the interfaces of an intermediate network device. A discovery process operating at the device detects the identity or type of network entities actually coupled to the device's interfaces. Utilizing the identity or type of detected entities, a look-up is performed to obtain a configuration macro specially defined for each detected network entity. The retrieved configuration macros are executed and applied at the respective interfaces. During operation, the intermediate network device continues to monitor the identity and type of entities actually coupled to its interfaces. If a change is detected, such as an entity moving from a first to a second interface, the specially defined configuration macro for that entity floats from the first to the second interface where it is executed and applied.

摘要翻译： 系统和方法自动配置中间网络设备的接口。 在设备上运行的发现过程检测实际耦合到设备接口的网络实体的身份或类型。 利用检测到的实体的身份或类型，执行查找以获得为每个检测到的网络实体特别定义的配置宏。 检索到的配置宏在相应的接口被执行和应用。 在操作期间，中间网络设备继续监视实际耦合到其接口的实体的身份和类型。 如果检测到更改，例如从第一个接口移动到第二个接口的实体，则该实体的特殊定义的配置宏将从执行和应用的第一个接口漂移到第二个接口。