-
1.发明授权Method and system for controlling subscriber access in a network capable of establishing connections with a plurality of domain sites 有权用于控制能够建立与多个域站点的连接的网络中的用户接入的方法和系统公开(公告)号:US07325058B1
公开(公告)日:2008-01-29
申请号:US09712005
申请日:2000-11-13
IPC分类号: G06F15/16 , G06F15/173
CPC分类号: H04L63/0272 , H04L12/4633 , H04L63/08 , H04L63/0892
摘要: A method for controlling subscriber access in a network capable of establishing connections with a plurality of domains includes receiving a communication from a subscriber using a first communication network coupled to at least one other communication network, the communication optionally including a domain identifier associated with a domain on the at least one other communication network, determining whether the subscriber is authorized to access the domain based upon the domain identifier and a list of authorized domains for a virtual circuit used to receive the communication and authorizing subscriber access to the domain when the domain identifier is included in the list. An access server includes a tunnel ID request generator and an authorizer. The tunnel ID request generator generates a tunnel ID request that includes a virtual circuit identifier associated with a virtual circuit used to accept a PPP authentication request. The authorizer grants subscribers domain access based upon a list of authorized domains for the virtual circuit.
摘要翻译: 用于控制能够建立与多个域的连接的网络中的用户接入的方法包括:使用耦合到至少一个其他通信网络的第一通信网络从订户接收通信,所述通信可选地包括与域相关联的域标识符 在所述至少一个其他通信网络上,基于所述域标识符确定所述订户是否被授权访问所述域,以及当所述域标识符用于接收所述通信并且授权订户访问所述域的虚拟电路的授权域的列表 列入清单。 接入服务器包括隧道ID请求生成器和授权器。 隧道ID请求生成器生成包括与用于接受PPP认证请求的虚拟电路相关联的虚拟电路标识符的隧道ID请求。 授权者根据虚拟电路的授权域列表授予用户域访问权限。
-
公开(公告)号:US07389354B1
公开(公告)日:2008-06-17
申请号:US09734952
申请日:2000-12-11
CPC分类号: H04L63/1458
摘要: A method for preventing denial of service attacks against Hypertext Transfer Protocol (HTTP) servers includes receiving a HTTP request from a subscriber using a first communication network coupled to at least one other communication network, receiving a profile for the subscriber, filtering the request to determine whether the subscriber is authorized to make the request based upon the profile and forwarding the request to the other communication network when the subscriber is authorized to make the request. An apparatus capable of preventing denial of service attacks against HTTP servers includes a profile request generator capable of generating a profile request based upon a HTTP request received from a subscriber using a first communication network, a filter capable of determining whether the request is authorized based upon the requested profile and an authorizer capable of allowing the request to be forwarded on at least one other communication network coupled to the first communication network.
摘要翻译: 一种用于防止对超文本传输协议(HTTP)服务器的拒绝服务攻击的方法包括:使用耦合到至少一个其他通信网络的第一通信网络从订户接收HTTP请求,接收用户的简档,过滤该请求以确定 当用户被授权进行请求时,用户是否被授权基于该简档进行请求并将该请求转发给另一个通信网络。 能够防止针对HTTP服务器的拒绝服务攻击的装置包括能够基于使用第一通信网络从订户接收的HTTP请求来生成简档请求的简档请求生成器,能够基于 所请求的简档和授权器能够允许在耦合到第一通信网络的至少一个其他通信网络上转发该请求。
-
公开(公告)号:US06874030B1
公开(公告)日:2005-03-29
申请号:US09712780
申请日:2000-11-13
CPC分类号: H04L29/12594 , H04L12/2856 , H04L12/2859 , H04L61/3065 , H04L63/102 , H04L63/18 , H04L69/16 , H04L69/168 , H04L69/324
摘要: A method for controlling subscriber access in a network capable of establishing connections with multiple services includes receiving a communication from a subscriber using a first communication network coupled to a second communication network, the communication optionally including a domain identifier associated with a service on the second communication network, and authorizing the subscriber to access a service on the second communication network using a virtual circuit. The authorization is based upon a domain configuration override attribute associated with the virtual circuit used to receive the communication from the subscriber. An access server capable of forcing subscribers of a communications system to gain access exclusively to a domain network associated with a virtual circuit includes an authorizer to grant service authorization to the subscribers based upon a virtual circuit used to make a service request, a virtual circuit profile request generator to generate virtual circuit profile requests and a calculator to determine whether the service associated with the virtual circuit matches the service associated with a domain configuration override attribute.
摘要翻译: 用于控制能够建立与多个服务的连接的网络中的用户接入的方法包括使用耦合到第二通信网络的第一通信网络从订户接收通信,所述通信可选地包括与第二通信上的服务相关联的域标识符 网络,并且授权订户使用虚拟电路访问第二通信网络上的服务。 该授权基于与用于从订户接收通信的虚拟电路相关联的域配置覆盖属性。 能够强制通信系统的用户能够独占地访问与虚拟电路相关联的域网络的接入服务器包括授权器,用于基于用于进行服务请求的虚拟电路向用户授予服务授权,虚拟电路配置文件 请求生成器生成虚拟电路配置文件请求和计算器,以确定与虚拟电路相关联的服务是否与域配置覆盖属性相关联的服务匹配。
-
公开(公告)号:US07139276B1
公开(公告)日:2006-11-21
申请号:US09795688
申请日:2001-02-27
CPC分类号: H04L12/4633 , H04L47/10 , H04L47/125
摘要: A method for load sharing between tunnels connecting communication networks includes receiving a communication from a subscriber using the first communication network, determining tunnel selection criteria for the communication, selecting one of the at least one tunnel based on the tunnel selection criteria and forwarding the communication on the selected tunnel. The tunnel selection criteria indicate the basis for selecting one of the tunnels. An apparatus for load sharing between tunnels connecting communication networks includes a receiving interface to receive a communication from a subscriber using the first communication network, a tunnel selection criteria determiner to determine tunnel selection criteria for the communication, a tunnel selector to select one of the tunnels based on the tunnel selection criteria and a session forwarder to forward the communication on the selected tunnel. In one aspect of the invention, load sharing is performed between Layer 2 Tunneling Protocol (L2TP) tunnels.
摘要翻译: 用于连接通信网络的隧道之间的负载共享的方法包括:使用第一通信网络从订户接收通信,确定通信的隧道选择标准,基于隧道选择标准选择至少一个隧道中的一个,并将通信转发 所选隧道。 隧道选择标准表示选择其中一条隧道的依据。 用于连接通信网络的隧道之间的负载共享的装置包括:接收接口,用于使用第一通信网络从订户接收通信;隧道选择标准确定器,用于确定通信的隧道选择标准;隧道选择器,用于选择隧道之一 基于隧道选择标准和会话转发器转发所选隧道上的通信。 在本发明的一个方面,在第二层隧道协议(L2TP)隧道之间执行负载共享。
-
公开(公告)号:US07529832B2
公开(公告)日:2009-05-05
申请号:US10973550
申请日:2004-10-25
IPC分类号: G06F15/173 , G06F15/16
CPC分类号: H04L29/12594 , H04L12/2856 , H04L12/2859 , H04L61/3065 , H04L63/102 , H04L63/18 , H04L69/16 , H04L69/168 , H04L69/324
摘要: Determining the domain name associated with a virtual circuit may includes receiving, at an Authentication, Authorization, and Accounting (AAA) server, a Point-to-Point Protocol (PPP) authentication request comprising a unique identifier comprising a virtual channel ID, and determining whether a domain configuration override attribute exists in a virtual circuit profile associated with a DSLAM port used to receive the PPP authentication request. Determining the domain name further includes, if the domain configuration override attribute exists in the virtual circuit profile or if the PPP authentication request does not comprise a domain name, returning a domain name associated with the unique identifier, and if the domain configuration override attribute does not exist in the virtual circuit profile, returning a PPP domain name used in the PPP authentication request.
摘要翻译: 确定与虚拟电路相关联的域名可以包括在认证,授权和计费(AAA)服务器处接收包括唯一标识符的点对点协议(PPP)认证请求,所述唯一标识符包括虚拟信道ID,以及确定 在与用于接收PPP认证请求的DSLAM端口相关联的虚拟电路配置文件中是否存在域配置覆盖属性。 确定域名还包括如果虚拟电路配置文件中存在域配置覆盖属性,或者如果PPP认证请求不包含域名,则返回与该唯一标识符相关联的域名,并且如果域配置覆盖属性 在虚拟电路配置文件中不存在,返回在PPP认证请求中使用的PPP域名。
-
公开(公告)号:US07023879B1
公开(公告)日:2006-04-04
申请号:US09802410
申请日:2001-03-09
IPC分类号: H04J3/16
CPC分类号: H04L12/4633 , H04L41/0896 , H04L41/5003 , H04L67/327 , H04L69/324 , H04L2212/00
摘要: A method for dynamic ingress to egress tunnel mapping from a first communication network to a second communication network includes receiving a tunneled communication from a subscriber using the first communication network, determining egress tunnel selection criteria for the tunneled communication, selecting one of at least one egress tunnel based on the egress tunnel selection criteria and forwarding the tunneled communication on the selected egress tunnel. The egress tunnel selection criteria indicate the basis for selecting one of the egress tunnels. An apparatus for dynamic ingress to egress tunnel mapping from a first communication network to a second communication network includes a receiving interface to receive a tunneled communication from a subscriber using the first communication network, an egress tunnel selection criteria determiner to determine egress tunnel selection criteria for the tunneled communication, an egress tunnel selector to select one of at least one egress tunnel based on the egress tunnel selection criteria and a session forwarder to forward the tunneled communication on the selected egress tunnel. In one aspect of the invention, tunnel mapping is performed between Layer 2 Tunneling Protocol (L2TP) ingress and egress tunnels.
摘要翻译: 用于从第一通信网络到第二通信网络的动态入口到出口隧道映射的方法包括:使用第一通信网络从订户接收隧道通信,确定隧道通信的出口隧道选择标准,选择至少一个出口 基于出口隧道选择标准的隧道,并在所选择的出口隧道上转发隧道通信。 出口隧道选择标准表示选择出口隧道之一的依据。 用于动态入侵到从第一通信网络到第二通信网络的出口隧道映射的装置包括:接收接口,用于使用第一通信网络从订户接收隧道通信;出口隧道选择标准确定器,用于确定出站隧道选择标准, 所述隧道通信,出口隧道选择器,基于所述出口隧道选择标准选择至少一个出口隧道中的一个,以及会话转发器,用于转发所选出口隧道上的隧道通信。 在本发明的一个方面,在第二层隧道协议(L2TP)入口和出口隧道之间执行隧道映射。
-
公开(公告)号:US07587493B1
公开(公告)日:2009-09-08
申请号:US11302003
申请日:2005-12-12
申请人: Purnam Anil Sheth
发明人: Purnam Anil Sheth
IPC分类号: G06F15/173
CPC分类号: H04L41/046 , H04L29/12283 , H04L41/0213 , H04L61/2061 , H04L63/1458
摘要: A method for managing Internet Protocol (IP) addresses on a data communications network includes allocating multiple local IP address pools, requesting IP address usage data from one or more of the network edge devices, receiving the requested IP address usage data, determining whether the local IP address pools should be reallocated based upon the requested IP address usage data, reallocating one or more of the local IP address pools based upon the determination and updating one or more of the local IP address pool databases and a global IP pool database based upon the reallocating. Each of the local IP address pools is associated with a different network edge device that is capable of accepting connection requests requiring an IP address. The global IP address pool database includes the information maintained in each local IP address pool. A network edge device capable of managing IP addresses on a data communications network includes an allocator capable of allocating multiple local IP address pools, a receiver capable of receiving a communication, an allocator capable of allocating an available IP address from the local IP address pool if the communication includes a connection request, a determiner capable of determining whether the local IP address pool should be adjusted, a notifier capable of sending an alarm message to an IP pool manager when the IP address pool should be adjusted and a memory capable of storing an IP address allocation when the communication includes an IP address allocation.
摘要翻译: 一种用于在数据通信网络上管理因特网协议(IP)地址的方法包括分配多个本地IP地址池,从一个或多个网络边缘设备请求IP地址使用数据,接收所请求的IP地址使用数据,确定本地 IP地址池应根据所请求的IP地址使用数据重新分配,根据确定和更新一个或多个本地IP地址池数据库和全球IP池数据库,重新分配一个或多个本地IP地址池,基于 重新分配 每个本地IP地址池与能够接受需要IP地址的连接请求的不同的网络边缘设备相关联。 全局IP地址池数据库包括在每个本地IP地址池中维护的信息。 能够管理数据通信网络上的IP地址的网络边缘设备包括能够分配多个本地IP地址池的分配器,能够接收通信的接收器,能够从本地IP地址池分配可用IP地址的分配器,如果 该通信包括连接请求,能够确定是否应当调整本地IP地址池的确定器,当IP地址池应被调整时能够向IP池管理器发送警报消息的通知器,以及能够存储该IP地址池的存储器 通信时IP地址分配包括IP地址分配。
-
公开(公告)号:US06988148B1
公开(公告)日:2006-01-17
申请号:US09765981
申请日:2001-01-19
申请人: Purnam Anil Sheth
发明人: Purnam Anil Sheth
IPC分类号: G06F15/16
CPC分类号: H04L41/046 , H04L29/12283 , H04L41/0213 , H04L61/2061 , H04L63/1458
摘要: A method for managing Internet Protocol (IP) addresses on a data communications network includes allocating multiple local IP address pools, requesting IP address usage data from one or more of the network edge devices, receiving the requested IP address usage data, determining whether the local IP address pools should be reallocated based upon the requested IP address usage data, reallocating one or more of the local IP address pools based upon the determination and updating one or more of the local IP address pool databases and a global IP pool database based upon the reallocating. Each of the local IP address pools is associated with a different network edge device that is capable of accepting connection requests requiring an IP address. The global IP address pool database includes the information maintained in each local IP address pool. A network edge device capable of managing IP addresses on a data communications network includes an allocator capable of allocating multiple local IP address pools, a receiver capable of receiving a communication, an allocator capable of allocating an available IP address from the local IP address pool if the communication includes a connection request, a determiner capable of determining whether the local IP address pool should be adjusted, a notifier capable of sending an alarm message to an IP pool manager when the IP address pool should be adjusted and a memory capable of storing an IP address allocation when the communication includes an IP address allocation.
摘要翻译: 一种用于在数据通信网络上管理因特网协议(IP)地址的方法包括分配多个本地IP地址池,从一个或多个网络边缘设备请求IP地址使用数据,接收所请求的IP地址使用数据,确定本地 IP地址池应根据所请求的IP地址使用数据重新分配,根据确定和更新一个或多个本地IP地址池数据库和全球IP池数据库,重新分配一个或多个本地IP地址池,基于 重新分配 每个本地IP地址池与能够接受需要IP地址的连接请求的不同的网络边缘设备相关联。 全局IP地址池数据库包括在每个本地IP地址池中维护的信息。 能够管理数据通信网络上的IP地址的网络边缘设备包括能够分配多个本地IP地址池的分配器,能够接收通信的接收器,能够从本地IP地址池分配可用IP地址的分配器,如果 该通信包括连接请求,能够确定是否应当调整本地IP地址池的确定器,当IP地址池应被调整时能够向IP池管理器发送警报消息的通知器,以及能够存储该IP地址池的存储器 通信时IP地址分配包括IP地址分配。
-
公开(公告)号:US08321567B1
公开(公告)日:2012-11-27
申请号:US11302043
申请日:2005-12-12
申请人: Purnam Anil Sheth
发明人: Purnam Anil Sheth
IPC分类号: G06F15/16
CPC分类号: H04L41/046 , H04L29/12283 , H04L41/0213 , H04L61/2061 , H04L63/1458
摘要: A method for managing Internet Protocol (IP) addresses on a data communications network includes allocating multiple local IP address pools, requesting IP address usage data from one or more of the network edge devices, receiving the requested IP address usage data, determining whether the local IP address pools should be reallocated based upon the requested IP address usage data, reallocating one or more of the local IP address pools based upon the determination and updating one or more of the local IP address pool databases and a global IP pool database based upon the reallocating. Each of the local IP address pools is associated with a different network edge device that is capable of accepting connection requests requiring an IP address. The global IP address pool database includes the information maintained in each local IP address pool. A network edge device capable of managing IP addresses on a data communications network includes an allocator capable of allocating multiple local IP address pools, a receiver capable of receiving a communication, an allocator capable of allocating an available IP address from the local IP address pool if the communication includes a connection request, a determiner capable of determining whether the local IP address pool should be adjusted, a notifier capable of sending an alarm message to an IP pool manager when the IP address pool should be adjusted and a memory capable of storing an IP address allocation when the communication includes an IP address allocation.
摘要翻译: 一种用于在数据通信网络上管理因特网协议(IP)地址的方法包括分配多个本地IP地址池,从一个或多个网络边缘设备请求IP地址使用数据,接收所请求的IP地址使用数据,确定本地 IP地址池应根据所请求的IP地址使用数据重新分配,根据确定和更新一个或多个本地IP地址池数据库和全球IP池数据库,重新分配一个或多个本地IP地址池,基于 重新分配 每个本地IP地址池与能够接受需要IP地址的连接请求的不同的网络边缘设备相关联。 全局IP地址池数据库包括在每个本地IP地址池中维护的信息。 能够管理数据通信网络上的IP地址的网络边缘设备包括能够分配多个本地IP地址池的分配器,能够接收通信的接收器,能够从本地IP地址池分配可用IP地址的分配器,如果 该通信包括连接请求,能够确定是否应当调整本地IP地址池的确定器,当IP地址池应该被调整时能够向IP池管理器发送警报消息的通知器,以及能够存储该IP地址池的存储器 通信时IP地址分配包括IP地址分配。
-
公开(公告)号:US07788345B1
公开(公告)日:2010-08-31
申请号:US09952259
申请日:2001-09-13
IPC分类号: G06F15/177 , G06F15/16 , G06F15/173
CPC分类号: H04L61/2061 , H04L29/12226 , H04L29/12283 , H04L29/12933 , H04L61/2015 , H04L61/6068
摘要: A method for on-demand management of Internet Protocol (IP) address pools includes allocating an unused IP address from a local IP address pool designated for a remote domain if a request to connect to the remote domain is received and deallocating an IP address if the IP address is released. The local IP address pool includes at least one subnet dynamically assigned from a global IP address pool. Each of the subnets specifies a contiguous set of one or more IP addresses. IP addresses are allocated using a first-assigned-subnet-first policy, wherein an IP address is allocated from a least recently assigned subnet having at least one unallocated IP address. According to one aspect, subnets are deassigned using a last-assigned-subnet-first policy, wherein the deassigned subnet is the most recently assigned subnet having no allocated IP addresses.
摘要翻译: 一种用于因特网协议(IP)地址池的按需管理的方法包括:如果接收到连接到远程域的请求并且分配了IP地址,则分配来自为远程域指定的本地IP地址池的未使用的IP地址 IP地址被释放。 本地IP地址池包括至少一个从全局IP地址池动态分配的子网。 每个子网指定一个或多个IP地址的连续集合。 使用第一分配子网优先策略分配IP地址,其中从具有至少一个未分配IP地址的最近分配的子网分配IP地址。 根据一个方面,使用最后分配的子网优先策略来分配子网,其中所述被重新分配的子网是没有分配的IP地址的最近分配的子网。
-
-
-
-
-
-
-
-
-
搜索结果
11 条记录 (耗时 0.018 秒)
