公开(公告)号：US08266327B2

公开(公告)日：2012-09-11

申请号：US11455011

申请日：2006-06-15

申请人： Sandeep Kumar ,  Rajesh Raman ,  Vinod Dashora

发明人： Sandeep Kumar ,  Rajesh Raman ,  Vinod Dashora

IPC分类号： G06F15/16 ,  G06F15/173 ,  H04L29/06 ,  H04L9/32

CPC分类号： H04L63/08 ,  H04L41/0213 ,  H04L41/0893 ,  H04L41/5003 ,  H04L41/5096 ,  H04L63/102 ,  H04L67/14 ,  H04L67/2814 ,  H04L67/2819 ,  H04L67/2823 ,  H04L67/327 ,  H04L69/32 ,  H04L69/40

摘要： A network infrastructure element such as a router or switch performs brokering network user identity and credential information. An application or administrative user can declare a policy for user identity information extraction, authentication and authorization. Based on the policy, the network element extracts user identity information or credentials from a transport-layer message header, application-layer message header, and message body. Based on the policy, the network element performs one or more authentication or authorization operations with the user identity information or credentials. As a result, a network element can broker identity information among incompatible applications and perform identity operations for the applications.

摘要翻译： 诸如路由器或交换机之类的网络基础设施元件执行代理网络用户身份和证书信息。 应用程序或管理用户可以声明用户身份信息提取，身份验证和授权的策略。 基于该策略，网元从传输层消息头，应用层消息头和消息体提取用户身份信息或凭证。 基于该策略，网络元件使用用户身份信息或凭证执行一个或多个认证或授权操作。 因此，网络元素可以在不兼容的应用程序之间代理身份信息，并为应用程序执行身份操作。

公开(公告)号：US08458467B2

公开(公告)日：2013-06-04

申请号：US11398983

申请日：2006-04-05

申请人： Vinod Dashora ,  Sandeep Kumar

发明人： Vinod Dashora ,  Sandeep Kumar

IPC分类号： H04L29/06 ,  G06F15/16

CPC分类号： H04L67/02 ,  G06F8/656 ,  G06F2221/2141 ,  H04L29/06 ,  H04L41/026 ,  H04L41/06 ,  H04L41/0893 ,  H04L41/12 ,  H04L41/22 ,  H04L41/5003 ,  H04L41/5009 ,  H04L41/5012 ,  H04L41/5096 ,  H04L43/0811 ,  H04L45/00 ,  H04L45/56 ,  H04L45/563 ,  H04L63/0245 ,  H04L63/0428 ,  H04L63/08 ,  H04L63/102 ,  H04L63/12 ,  H04L67/34 ,  H04L69/22

摘要： Application message payload data elements are transformed within a network infrastructure element such as a packet data router or switch. The network element has application message transformation logic for receiving one or more packets representing an input application message logically associated with OSI network model Layer 5 or above; extracting an application message payload from the input application message; identifying one or more first content elements in the application message payload; transforming the first content elements into one or more second content elements of an output application message; and forwarding the output application message to a destination that is identified in the input application message. Transformations performed in the network element can include field reordering, field enrichment, field filtering, and presentation transformation.

公开(公告)号：US20070005801A1

公开(公告)日：2007-01-04

申请号：US11455011

申请日：2006-06-15

申请人： Sandeep Kumar ,  Rajesh Raman ,  Vinod Dashora

发明人： Sandeep Kumar ,  Rajesh Raman ,  Vinod Dashora

IPC分类号： G06F15/173

CPC分类号： H04L63/08 ,  H04L41/0213 ,  H04L41/0893 ,  H04L41/5003 ,  H04L41/5096 ,  H04L63/102 ,  H04L67/14 ,  H04L67/2814 ,  H04L67/2819 ,  H04L67/2823 ,  H04L67/327 ,  H04L69/32 ,  H04L69/40

摘要： A network infrastructure element such as a router or switch performs brokering network user identity and credential information. An application or administrative user can declare a policy for user identity information extraction, authentication and authorization. Based on the policy, the network element extracts user identity information or credentials from a transport-layer message header, application-layer message header, and message body. Based on the policy, the network element performs one or more authentication or authorization operations with the user identity information or credentials. As a result, a network element can broker identity information among incompatible applications and perform identity operations for the applications.

摘要翻译： 诸如路由器或交换机之类的网络基础设施元件执行代理网络用户身份和证书信息。 应用程序或管理用户可以声明用户身份信息提取，身份验证和授权的策略。 基于该策略，网元从传输层消息头，应用层消息头和消息体提取用户身份信息或凭证。 基于该策略，网络元件使用用户身份信息或凭证执行一个或多个认证或授权操作。 因此，网络元素可以在不兼容的应用程序之间代理身份信息，并为应用程序执行身份操作。

公开(公告)号：US20060288208A1

公开(公告)日：2006-12-21

申请号：US11398983

申请日：2006-04-05

申请人： Vinod Dashora ,  Sandeep Kumar

发明人： Vinod Dashora ,  Sandeep Kumar

IPC分类号： H04L9/00

CPC分类号： H04L67/02 ,  G06F8/656 ,  G06F2221/2141 ,  H04L29/06 ,  H04L41/026 ,  H04L41/06 ,  H04L41/0893 ,  H04L41/12 ,  H04L41/22 ,  H04L41/5003 ,  H04L41/5009 ,  H04L41/5012 ,  H04L41/5096 ,  H04L43/0811 ,  H04L45/00 ,  H04L45/56 ,  H04L45/563 ,  H04L63/0245 ,  H04L63/0428 ,  H04L63/08 ,  H04L63/102 ,  H04L63/12 ,  H04L67/34 ,  H04L69/22

摘要： Application message payload data elements are transformed within a network infrastructure element such as a packet data router or switch. The network element has application message transformation logic for receiving one or more packets representing an input application message logically associated with OSI network model Layer 5 or above; extracting an application message payload from the input application message; identifying one or more first content elements in the application message payload; transforming the first content elements into one or more second content elements of an output application message; and forwarding the output application message to a destination that is identified in the input application message. Transformations performed in the network element can include field reordering, field enrichment, field filtering, and presentation transformation.

公开(公告)号：US07792975B1

公开(公告)日：2010-09-07

申请号：US11717504

申请日：2007-03-12

申请人： Vinod Dashora ,  Subramanian Srinivasan ,  Sandeep Kumar

发明人： Vinod Dashora ,  Subramanian Srinivasan ,  Sandeep Kumar

IPC分类号： G06F15/16

CPC分类号： H04L67/14 ,  H04L67/146 ,  H04L69/32

摘要： A networking device comprises an interface configured to receive and transmit data from and to a network; policy data configured to specify, for one or more application-layer messages, a session key that uniquely identifies an application session associated with the application-layer messages; logic encoded in one or more media for execution and when executed operable to receive a particular application-layer message through the interface, generate a particular session key for the particular application-layer message based on the policy data, and provide the particular session key to a message processing function.

摘要翻译： 网络设备包括被配置为从网络接收和发送数据的接口; 策略数据被配置为针对一个或多个应用层消息指定唯一地标识与所述应用层消息相关联的应用会话的会话密钥; 在用于执行的一个或多个媒体中编码的逻辑，并且当被执行时可操作以通过接口接收特定的应用层消息，基于策略数据生成针对特定应用层消息的特定会话密钥，并将特定会话密钥提供给 一个消息处理功能。

公开(公告)号：US07568217B1

公开(公告)日：2009-07-28

申请号：US10394289

申请日：2003-03-20

申请人： Ranjan Prasad ,  Vinod Dashora

发明人： Ranjan Prasad ,  Vinod Dashora

IPC分类号： G06F15/16

CPC分类号： H04L63/102 ,  G06F21/6218 ,  H04L63/20 ,  H04L67/14

摘要： A role based access control system is described that assigns roles, which otherwise are mutually exclusive, to users based on detecting designated conditions when the user initiates actions or operations on the network. The assignment of the role to a particular user may be conditional upon one or more such designated conditions occurring. In particular, two roles that are mutually exclusive of one another may be occupied by one user for purpose of performing specified operations upon designated conditions being detected when the user initiates one or more of the specified operations. Business rules specify conditions for assigning the conditional roles.

摘要翻译： 描述了一种基于角色的访问控制系统，当用户发起网络上的动作或操作时，基于检测指定的条件，向用户分配另外相互排斥的角色。 角色对特定用户的分配可以是一个或多个这样的指定条件发生的条件。 特别地，一个用户可以占用两个彼此排斥的角色，以便在用户发起一个或多个指定操作时检测到的指定条件下执行指定的操作。 业务规则指定分配条件角色的条件。

公开(公告)号：US20090119762A1

公开(公告)日：2009-05-07

申请号：US12043701

申请日：2008-03-06

申请人： Allan Thomson ,  Matthew Glenn ,  Prabandham Madan Gopal ,  Vinod Dashora ,  Neeraj Purandare

发明人： Allan Thomson ,  Matthew Glenn ,  Prabandham Madan Gopal ,  Vinod Dashora ,  Neeraj Purandare

IPC分类号： H04L9/32

CPC分类号： H04W12/08 ,  G07C9/00031 ,  H04L63/105 ,  H04L63/107 ,  H04W88/08

摘要： A network access system. In particular implementations, a method includes monitoring, responsive to a network access request of a client, an authentication session between an authentication server and the client, and determining user credential information associated with a user of the client based on one or more messages of the authentication session. The method also includes accessing, using the user credential information, physical entry information indicating a physical location of the user relative to a defined perimeter, and conditionally allowing the client access to a network based on the physical entry information and a successful authentication of the client.

摘要翻译： 网络接入系统。 在特定实施方式中，一种方法包括响应于客户机的网络访问请求，监视认证服务器和客户端之间的认证会话，以及基于客户端的一个或多个消息来确定与客户端的用户相关联的用户凭证信息 认证会话。 该方法还包括使用用户凭证信息访问指示用户相对于定义的周界的物理位置的物理条目信息，并且基于物理条目信息和客户端的成功认证来有条件地允许客户端访问网络 。