-
1.发明授权Creating, modifying and storing service abstractions and role abstractions representing one or more packet rules 有权创建,修改和存储表示一个或多个数据包规则的服务抽象和角色抽象公开(公告)号:US07855972B2
公开(公告)日:2010-12-21
申请号:US10071228
申请日:2002-02-08
CPC分类号: H04L63/0227 , H04L63/0263 , H04L63/105 , H04L63/20
摘要: The present invention provides a method and system for controlling usage of network resources on a communications network. The method comprising acts of: (a) creating one or more packet rules for analyzing packets received at one or more devices of the communications network, each rule including a condition and action to be taken if a packet received at a device satisfies the condition; and (b) creating one or more service abstractions associated with a user of the communication network, each service abstraction representing a named set of one or more of the packet rules. In some embodiments one or more role abstractions may be created, each role abstraction representing a role of a user with respect to the communications network, and each role abstraction including a set of one or more packet rules, and possibly one or more service abstractions.
摘要翻译: 本发明提供一种用于控制通信网络上的网络资源的使用的方法和系统。 该方法包括以下动作:(a)创建用于分析在通信网络的一个或多个设备处接收到的分组的一个或多个分组规则,每个规则包括如果在设备处接收到的分组满足该条件的条件和动作; 和(b)创建与通信网络的用户相关联的一个或多个服务抽象,每个服务抽象表示一个或多个分组规则的命名集合。 在一些实施例中,可以创建一个或多个角色抽象,每个角色抽象表示用户相对于通信网络的角色,并且每个角色抽象包括一组一个或多个分组规则,以及可能的一个或多个服务抽象。
-
2.发明授权Controlling usage of network resources by a user at the user's entry point to a communications network based on an identity of the user 有权基于用户的身份,控制用户在通信网络的入口点处的用户对网络资源的使用公开(公告)号:US06892309B2
公开(公告)日:2005-05-10
申请号:US10071873
申请日:2002-02-08
CPC分类号: H04L63/0218 , H04L12/4641 , H04L63/0227 , H04L63/08 , H04L63/0815 , H04L63/102
摘要: A user's usage of network resources is controlled, after the user has been authenticated, without using any network resources beyond the user's entry point to the network. Packet rules may be provisioned to the user's entry point to the network, and the packet rules may be applied to each packet received from the user before any network resources beyond the entry point are used. These packet rules may be associated with an identity of the user and then provisioned to the user's entry point in response to the user being authenticated. Usage of network resources of a communications network by a user beyond a network device of the communications network that serves as the user's entry point to the communications network is controlled. The port module of the network device is configured with one or more packet rules corresponding to an identity of the user. A packet is received from a device used by the user at the port module, and, before using any of the network resources beyond the network device, the one or more packet rules are applied to the received packet. Another embodiment is provided for controlling usage of network resources of a communications network by a user. The user has an assigned role with respect to the communications network, and the assigned role is associated with one or more packet rules, each packet rule including a condition and action to be taken if a packet received at a device satisfies the condition. A packet including identification information of the user is received from a device of the user at a port module of a network device. The assigned role of the user is determined based on the identification information, and the port module is configured with the one or more packet rules associated with the assigned role of the user.
摘要翻译: 在用户被认证之后,用户对网络资源的使用情况进行控制,而不使用超出用户进入网络的任何网络资源。 可以将分组规则提供给用户对网络的入口点,并且可以在使用超出入口点的任何网络资源之前将分组规则应用于从用户接收的每个分组。 这些分组规则可以与用户的身份相关联,然后响应于用户被认证而被提供给用户的入口点。 控制通过用户进入通信网络的通信网络的网络设备之外的用户使用通信网络的网络资源。 网络设备的端口模块配置有与用户身份相对应的一个或多个分组规则。 从用户在端口模块使用的设备接收到分组,并且在使用网络设备之外的任何网络资源之前,将一个或多个分组规则应用于所接收的分组。 提供了另一个实施例,用于控制用户对通信网络的网络资源的使用。 用户相对于通信网络具有分配的角色,并且所分配的角色与一个或多个分组规则相关联,每个分组规则包括如果在设备处接收的分组满足条件,则要采取的条件和动作。 在网络设备的端口模块处从用户的设备接收到包括用户的标识信息的分组。 基于识别信息确定用户的分配角色,并且将端口模块配置为与用户的分配角色相关联的一个或多个分组规则。
-
搜索结果
2 条记录 (耗时 0.014 秒)
