公开(公告)号：US20070016939A1

公开(公告)日：2007-01-18

申请号：US11177757

申请日：2005-07-08

申请人： Anthony Leibovitz ,  Mark Schurman ,  Mudit Goel ,  Paul Mayfield ,  Sudhakar Pasupuleti ,  Taroon Mandhana ,  Vivek Kamath ,  Wei Zheng ,  Xuemei Bao

发明人： Anthony Leibovitz ,  Mark Schurman ,  Mudit Goel ,  Paul Mayfield ,  Sudhakar Pasupuleti ,  Taroon Mandhana ,  Vivek Kamath ,  Wei Zheng ,  Xuemei Bao

IPC分类号： H04L9/32

CPC分类号： H04L63/0281 ,  H04L63/08 ,  H04L63/105 ,  H04L63/162 ,  H04L67/42

摘要： Software for managing access control functions in a network. The software includes a host that receives access control commands or information and calls one or more methods. The methods perform access control functions and communicate access control results or messages to be transmitted. The host may be installed in a network peer seeking access to the network or in a server controlling access to the network. When installed in a peer, the host receives commands and exchanges information with a supplicant. When installed in an access control server, the host receives commands and exchanges information with an authenticator. The host has a flexible architecture that enables multiple features, such as allowing the same methods to be used for authentication by multiple supplicants, providing ready integration of third party access control software, simplifying network maintenance by facilitating upgrades of authenticator software and enabling access control functions other than peer authentication.

摘要翻译： 用于管理网络中访问控制功能的软件。 该软件包括接收访问控制命令或信息并调用一个或多个方法的主机。 该方法执行访问控制功能并传送要发送的访问控制结果或消息。 主机可以安装在寻求对网络的访问的网络对等体中，或者在控制对网络的访问的服务器中。 当安装在对等体中时，主机接收命令并与请求者交换信息。 当安装在访问控制服务器中时，主机接收命令并与验证者交换信息。 主机具有灵活的架构，可实现多种功能，例如允许将相同的方法用于多个请求者的身份验证，提供第三方访问控制软件的即时集成，通过促进验证器软件升级和启用访问控制功能简化网络维护 除了对等认证。

公开(公告)号：US20050060316A1

公开(公告)日：2005-03-17

申请号：US10819624

申请日：2004-04-07

申请人： Vivek Kamath ,  Craig Brown ,  John Pence ,  M. Shekaran ,  Thomas Lorimor ,  Thomas Firman ,  Elizabeth Gentile ,  Keith Toussaint

发明人： Vivek Kamath ,  Craig Brown ,  John Pence ,  M. Shekaran ,  Thomas Lorimor ,  Thomas Firman ,  Elizabeth Gentile ,  Keith Toussaint

IPC分类号： G06F17/30

CPC分类号： G06F17/30067 ,  Y10S707/99933 ,  Y10S707/99952 ,  Y10S707/99953

摘要： A method and system for transparently combining remote and local storage to provide an extended file system such as a virtual local drive for a computer system client/user, e.g., a user of a pocket sized personal computer or a cable set-top box. A client device may load file system object data, storing the directories and files remotely, and retrieving the files only when required. Via its local storage, the extended file system handles unreliable connections and delays. When a connection to an extended file system server is present, the extended file system provides automatic downloading of information that is not locally cached, and automatically uploading of information that has been modified on the client. Extended file system attributes are employed to determine the actual location of file system data, and a lightweight protocol is defined to download or upload remote data by low-level components that make the remote source transparent from the perspective of the application. The system scales to large networks as it employs the lightweight protocol and establishes a connection only to retrieve and submit data.

摘要翻译： 一种用于透明地组合远程和本地存储以提供扩展文件系统的方法和系统，例如用于计算机系统客户端/用户的虚拟本地驱动器，例如袖珍型个人计算机或有线机顶盒的用户。 客户端设备可以加载文件系统对象数据，远程存储目录和文件，只有在需要时才能检索文件。 通过其本地存储，扩展文件系统处理不可靠的连接和延迟。 当与扩展文件系统服务器的连接存在时，扩展文件系统提供自动下载不是本地缓存的信息，并自动上传已在客户端上修改的信息。 使用扩展文件系统属性来确定文件系统数据的实际位置，并且定义了一个轻量级协议，以便从应用程序的角度使远程源透明的低级组件下载或上传远程数据。 该系统使用轻量级协议扩展到大型网络，并建立一个仅用于检索和提交数据的连接。

公开(公告)号：US20060123118A1

公开(公告)日：2006-06-08

申请号：US11007122

申请日：2004-12-08

申请人： Calvin Choe ,  Vivek Kamath

发明人： Calvin Choe ,  Vivek Kamath

IPC分类号： G06F15/16

CPC分类号： H04L63/0869 ,  H04L61/2015 ,  H04L63/0876 ,  H04L69/161

摘要： Disclosed is a mechanism for securely provisioning a client by authenticating that client during a dynamic configuration process. Rather than relying on post-configuration authentication schemes, the present invention combines security and dynamic configuration into a unified scheme. Any client device attempting to access a network may request configuration information from a configuration server associated with that network, but the server does not comply with the request until the client has successfully authenticated itself as a device authorized to receive configuration information for the network. The configuration server may provide the client with temporary configuration information that allows the client to proceed with the authentication process but that denies the client full access to the network. Upon successful authentication, the server may give the client new, non-temporary configuration information or may change the status of the information already given from temporary to a status giving fuller access.

公开(公告)号：US20050267954A1

公开(公告)日：2005-12-01

申请号：US10973970

申请日：2004-10-27

申请人： Elliot Lewis ,  Hakan Berk ,  Ljubomir Bradic ,  Calvin Choe ,  Narendra Gidwani ,  Vivek Kamath ,  Timothy Moore ,  Ashwin Palekar

发明人： Elliot Lewis ,  Hakan Berk ,  Ljubomir Bradic ,  Calvin Choe ,  Narendra Gidwani ,  Vivek Kamath ,  Timothy Moore ,  Ashwin Palekar

IPC分类号： H04L12/26 ,  H04L12/24 ,  H04L29/06 ,  G06F15/177

CPC分类号： H04L63/0823 ,  H04L63/104 ,  H04L63/164

摘要： A system and method for ensuring that machines having invalid or corrupt states are restricted from accessing network resources are provided. A quarantine coordination client (QCC) located on a client machine acquires statements of health from a plurality of quarantine policy clients. The QCC packages the statements and provides the package to a quarantine enforcement client (QEC). The QEC sends the package to a quarantine enforcement server (QES) with a request for network access. The QES passes the package to a quarantine coordination server (QCS) that disassembles the package and passes the individual statements of health to corresponding quarantine policy servers (QPS). The QPSs validate the statements of health and inform the QCS of the result. If the client provided valid statements of health, the QES grants the client access to the network.

摘要翻译： 提供了一种用于确保具有无效或损坏状态的机器被限制访问网络资源的系统和方法。 位于客户端计算机上的隔离协调客户端（QCC）从多个隔离策略客户端获取健康声明。 QCC封装语句，并将该包提供给隔离执行客户端（QEC）。 QEC将包裹发送到具有网络访问请求的隔离执行服务器（QES）。 QES将包裹传递到隔离协议服务器（QCS），该服务器反汇编包，并将单个健康声明传递给相应的隔离策略服务器（QPS）。 QPS验证健康声明并通知QCS结果。 如果客户端提供了有效的健康声明，则QES授予客户端访问网络的权限。