公开(公告)号：US07336960B2

公开(公告)日：2008-02-26

申请号：US10974418

申请日：2004-10-26

申请人： Arthur Zavalkovsky ,  Jeremy Stieglitz ,  Ami Schieber

发明人： Arthur Zavalkovsky ,  Jeremy Stieglitz ,  Ami Schieber

IPC分类号： H04Q7/20

CPC分类号： H04W48/02 ,  H04L63/20 ,  H04W12/06 ,  H04W12/08

摘要： A method and apparatus for managing and balancing wireless access based on centralized information is provided. A request to provide service to a wireless client is received from a first access node in a plurality of access node. An access policy, applicable to the first access node, is selected from a plurality of stored policies. The stored policies may include a variety of rules, such as how many or which wireless clients may be serviced by an access node. A centralized manager, such as an AAA server, may perform the selection of the access policy. A determination is made as to whether to allow the first access node to provide service to the wireless client based on the selected access policy. A message that instructs the first access node whether to provide or deny service to the wireless client is transmitted to the first access node.

摘要翻译： 提供了一种基于集中式信息管理和平衡无线接入的方法和装置。 从多个接入节点中的第一接入节点接收向无线客户端提供业务的请求。 从多个存储的策略中选择适用于第一接入节点的接入策略。 存储的策略可以包括各种规则，诸如可以由接入节点服务多少个或哪些无线客户端。 诸如AAA服务器的集中管理器可以执行访问策略的选择。 确定是否允许第一接入节点基于所选择的接入策略向无线客户端提供服务。 指示第一接入节点是否向无线客户端提供或拒绝服务的消息被发送到第一接入节点。

公开(公告)号：US07421503B1

公开(公告)日：2008-09-02

申请号：US10346967

申请日：2003-01-17

申请人： Jeremy Stieglitz ,  John Zamick ,  Ilan Frenkel ,  Arthur Zavalkovsky ,  Darran Potter

发明人： Jeremy Stieglitz ,  John Zamick ,  Ilan Frenkel ,  Arthur Zavalkovsky ,  Darran Potter

IPC分类号： G06F15/16

CPC分类号： H04L63/08 ,  H04L29/06 ,  H04L63/0892

摘要： A method is disclosed for providing multiple authentication types within an authentication protocol that supports a single type of authentication for a client in communication with an authorization server over a network. One or more authentication request packets compliant with an authentication protocol are sent to the client. Each of the packets comprises a type value that specifies multiple authentication, and a data field having a value that is structured in compliance with the authentication protocol. Each of the packets is associated with one of a plurality of different authentication conversations with the client. A plurality of responses is received from the client for each of the authentication conversations. The sending and receiving steps are repeated until results are determined for the authentication conversations. The client is authenticated based on results of each of the plurality of authentication conversations. Embodiments provide multiple Extensible Authentication Protocol (EAP) authentication methods.

摘要翻译： 公开了一种在认证协议内提供多种认证类型的方法，该认证协议支持通过网络与授权服务器通信的客户端的单一类型的认证。 符合认证协议的一个或多个认证请求分组被发送到客户端。 每个分组包括指定多个认证的类型值，以及具有符合认证协议的结构的值的数据字段。 每个分组与与客户端的多个不同认证对话中的一个相关联。 对于每个认证会话，从客户端接收到多个响应。 重复发送和接收步骤，直到确定认证对话的结果为止。 基于多个认证对话中的每一个的结果对客户端进行认证。 实施例提供了多种可扩展认证协议（EAP）认证方法。

公开(公告)号：US20070256122A1

公开(公告)日：2007-11-01

申请号：US11414540

申请日：2006-04-28

申请人： Ian Foo ,  Jeremy Stieglitz ,  Arthur Zavalkovsky ,  Jeevan Patil ,  Partha Bhattacharya ,  Jason Frazier ,  Ellis Dobbins

发明人： Ian Foo ,  Jeremy Stieglitz ,  Arthur Zavalkovsky ,  Jeevan Patil ,  Partha Bhattacharya ,  Jason Frazier ,  Ellis Dobbins

IPC分类号： H04L9/32 ,  G06K9/00 ,  G06F17/30 ,  G06F15/16 ,  G06F7/04 ,  G06F7/58 ,  G06K19/00

CPC分类号： H04L63/1433 ,  H04L63/08 ,  H04L63/1408

摘要： A method and system is disclosed for creating and tracking network sessions. A request to access a network is received from an entity. The entity is authenticated after the request is received. Authenticated identity information associated with the entity, network address information associated with the entity, and network location information associated with the entity is collected. An information set is created. The information set comprises and binds together the authenticated identity information, the network address information, and the network location information. The information set indicates a present association among the authenticated identity information, the network address information, and the network location information. The information set is stored in a session record in a centralized database. The session record represents a session in which the entity accesses the network. The session record is one of a plurality of session records that are stored in the centralized database. The plurality of session records is used by a data processing system to perform real-time diagnostics of the network.

摘要翻译： 公开了用于创建和跟踪网络会话的方法和系统。 从实体接收到访问网络的请求。 接收到请求后，实体进行身份验证。 与实体相关联的认证身份信息，与该实体相关联的网络地址信息以及与该实体相关联的网络位置信息被收集。 创建一个信息集。 信息集合包括并且将已认证的身份信息，网络地址信息和网络位置信息结合在一起。 信息集表示认证身份信息，网络地址信息和网络位置信息之间的当前关联。 信息集存储在集中式数据库中的会话记录中。 会话记录表示实体访问网络的会话。 会话记录是存储在集中式数据库中的多个会话记录之一。 数据处理系统使用多个会话记录来执行网络的实时诊断。

公开(公告)号：US07929973B2

公开(公告)日：2011-04-19

申请号：US11968049

申请日：2007-12-31

申请人： Arthur Zavalkovsky ,  Jeremy Stieglitz ,  Ami Schieber

发明人： Arthur Zavalkovsky ,  Jeremy Stieglitz ,  Ami Schieber

IPC分类号： H04W72/00

CPC分类号： H04W48/02 ,  H04L63/20 ,  H04W12/06 ,  H04W12/08

摘要： A method and apparatus for managing and balancing wireless access based on centralized information is provided. A request to provide service to a wireless client is received from a first access node in a plurality of access node. An access policy, applicable to the first access node, is selected from a plurality of stored policies. The stored policies may include a variety of rules, such as how many or which wireless clients may be serviced by an access node. A centralized manager, such as an AAA server, may perform the selection of the access policy. A determination is made as to whether to allow the first access node to provide service to the wireless client based on the selected access policy. A message that instructs the first access node whether to provide or deny service to the wireless client is transmitted to the first access node.

摘要翻译： 提供了一种基于集中式信息管理和平衡无线接入的方法和装置。 从多个接入节点中的第一接入节点接收向无线客户端提供业务的请求。 从多个存储的策略中选择适用于第一接入节点的接入策略。 存储的策略可以包括各种规则，诸如可以由接入节点服务多少个或哪些无线客户端。 诸如AAA服务器的集中管理器可以执行访问策略的选择。 确定是否允许第一接入节点基于所选择的接入策略向无线客户端提供服务。 指示第一接入节点是否向无线客户端提供或拒绝服务的消息被发送到第一接入节点。

公开(公告)号：US20050198190A1

公开(公告)日：2005-09-08

申请号：US10749897

申请日：2003-12-31

申请人： Arthur Zavalkovsky ,  Jeremy Stieglitz

发明人： Arthur Zavalkovsky ,  Jeremy Stieglitz

IPC分类号： G06F15/16

CPC分类号： H04L65/00 ,  H04L67/00

摘要： The invention provides techniques for dynamic timeout including the steps of receiving a request from a requestor; determining whether an interim message should be sent to the requestor; and, if the interim message should be sent to the requester, sending to the requestor the interim message referring to the request. Techniques are also provided for dynamic timeout including steps of sending a request to a server; receiving an interim message from the server, where the interim message contains one or more response-related items; and determining whether to change a timeout value based on the one or more response-related items in the interim message.

摘要翻译： 本发明提供了用于动态超时的技术，包括从请求者接收请求的步骤; 确定临时消息是否应发送给请求者; 并且如果临时消息应发送到请求者，则向请求者发送参考请求的临时消息。 还提供了用于动态超时的技术，包括向服务器发送请求的步骤; 从所述服务器接收临时消息，其中所述临时消息包含一个或多个响应相关项; 以及基于所述临时消息中的所述一个或多个响应相关项来确定是否改变超时值。

公开(公告)号：US07930734B2

公开(公告)日：2011-04-19

申请号：US11414540

申请日：2006-04-28

申请人： Ian Foo ,  Jeremy Stieglitz ,  Arthur Zavalkovsky ,  Jeevan S. Patil ,  Partha Bhattacharya ,  Jason Frazier ,  Ellis Roland Dobbins

发明人： Ian Foo ,  Jeremy Stieglitz ,  Arthur Zavalkovsky ,  Jeevan S. Patil ,  Partha Bhattacharya ,  Jason Frazier ,  Ellis Roland Dobbins

IPC分类号： H04L9/32 ,  G06K9/00

CPC分类号： H04L63/1433 ,  H04L63/08 ,  H04L63/1408

摘要： A method and system is disclosed for creating and tracking network sessions. A request to access a network is received from an entity. The entity is authenticated after the request is received. Authenticated identity information associated with the entity, network address information associated with the entity, and network location information associated with the entity is collected. An information set is created. The information set comprises and binds together the authenticated identity information, the network address information, and the network location information. The information set indicates a present association among the authenticated identity information, the network address information, and the network location information. The information set is stored in a session record in a centralized database. The session record represents a session in which the entity accesses the network. The session record is one of a plurality of session records that are stored in the centralized database. The plurality of session records is used by a data processing system to perform real-time diagnostics of the network.

摘要翻译： 公开了用于创建和跟踪网络会话的方法和系统。 从实体接收到访问网络的请求。 接收到请求后，实体进行身份验证。 与实体相关联的认证身份信息，与该实体相关联的网络地址信息以及与该实体相关联的网络位置信息被收集。 创建一个信息集。 信息集合包括并且将已认证的身份信息，网络地址信息和网络位置信息结合在一起。 信息集表示认证身份信息，网络地址信息和网络位置信息之间的当前关联。 信息集存储在集中式数据库中的会话记录中。 会话记录表示实体访问网络的会话。 会话记录是存储在集中式数据库中的多个会话记录之一。 数据处理系统使用多个会话记录来执行网络的实时诊断。

公开(公告)号：US07493394B2

公开(公告)日：2009-02-17

申请号：US10749897

申请日：2003-12-31

申请人： Arthur Zavalkovsky ,  Jeremy Stieglitz

发明人： Arthur Zavalkovsky ,  Jeremy Stieglitz

IPC分类号： G06F15/173

CPC分类号： H04L65/00 ,  H04L67/00

摘要： The invention provides techniques for dynamic timeout including the steps of receiving a request from a requestor; determining whether an interim message should be sent to the requestor; and, if the interim message should be sent to the requestor, sending to the requestor the interim message referring to the request. Techniques are also provided for dynamic timeout including steps of sending a request to a server; receiving an interim message from the server, where the interim message contains one or more response-related items; and determining whether to change a timeout value based on the one or more response-related items in the interim message.

摘要翻译： 本发明提供了用于动态超时的技术，包括从请求者接收请求的步骤; 确定临时消息是否应发送给请求者; 并且如果临时消息应发送给请求者，则向请求者发送参考请求的临时消息。 还提供了用于动态超时的技术，包括向服务器发送请求的步骤; 从所述服务器接收临时消息，其中所述临时消息包含一个或多个响应相关项; 以及基于所述临时消息中的所述一个或多个响应相关项来确定是否改变超时值。

公开(公告)号：US20080104242A1

公开(公告)日：2008-05-01

申请号：US11968049

申请日：2007-12-31

申请人： Arthur Zavalkovsky ,  Jeremy Stieglitz ,  Ami Schieber

发明人： Arthur Zavalkovsky ,  Jeremy Stieglitz ,  Ami Schieber

IPC分类号： G06F15/173

CPC分类号： H04W48/02 ,  H04L63/20 ,  H04W12/06 ,  H04W12/08

摘要： A method and apparatus for managing and balancing wireless access based on centralized information is provided. A request to provide service to a wireless client is received from a first access node in a plurality of access node. An access policy, applicable to the first access node, is selected from a plurality of stored policies. The stored policies may include a variety of rules, such as how many or which wireless clients may be serviced by an access node. A centralized manager, such as an AAA server, may perform the selection of the access policy. A determination is made as to whether to allow the first access node to provide service to the wireless client based on the selected access policy. A message that instructs the first access node whether to provide or deny service to the wireless client is transmitted to the first access node.

摘要翻译： 提供了一种基于集中式信息管理和平衡无线接入的方法和装置。 从多个接入节点中的第一接入节点接收向无线客户端提供业务的请求。 从多个存储的策略中选择适用于第一接入节点的接入策略。 存储的策略可以包括各种规则，诸如可以由接入节点服务多少个或哪些无线客户端。 诸如AAA服务器的集中管理器可以执行访问策略的选择。 确定是否允许第一接入节点基于所选择的接入策略向无线客户端提供服务。 指示第一接入节点是否向无线客户端提供或拒绝服务的消息被发送到第一接入节点。

公开(公告)号：US20060089122A1

公开(公告)日：2006-04-27

申请号：US10974418

申请日：2004-10-26

申请人： Arthur Zavalkovsky ,  Jeremy Stieglitz ,  Ami Schieber

发明人： Arthur Zavalkovsky ,  Jeremy Stieglitz ,  Ami Schieber

IPC分类号： H04M3/16 ,  H04Q7/38 ,  H04B7/00

CPC分类号： H04W48/02 ,  H04L63/20 ,  H04W12/06 ,  H04W12/08

摘要： A method and apparatus for managing and balancing wireless access based on centralized information is provided. A request to provide service to a wireless client is received from a first access node in a plurality of access node. An access policy, applicable to the first access node, is selected from a plurality of stored policies. The stored policies may include a variety of rules, such as how many or which wireless clients may be serviced by an access node. A centralized manager, such as an AAA server, may perform the selection of the access policy. A determination is made as to whether to allow the first access node to provide service to the wireless client based on the selected access policy. A message that instructs the first access node whether to provide or deny service to the wireless client is transmitted to the first access node.

摘要翻译： 提供了一种基于集中式信息管理和平衡无线接入的方法和装置。 从多个接入节点中的第一接入节点接收向无线客户端提供业务的请求。 从多个存储的策略中选择适用于第一接入节点的接入策略。 存储的策略可以包括各种规则，诸如可以由接入节点服务多少个或哪些无线客户端。 诸如AAA服务器的集中管理器可以执行访问策略的选择。 确定是否允许第一接入节点基于所选择的接入策略向无线客户端提供服务。 指示第一接入节点是否向无线客户端提供或拒绝服务的消息被发送到第一接入节点。

公开(公告)号：US09344432B2

公开(公告)日：2016-05-17

申请号：US12822724

申请日：2010-06-24

申请人： Yair Tor ,  Daniel Rose ,  Eugene (John) Neystadt ,  Patrik Schnell ,  Moshe Sapir ,  Oleg Ananiev ,  Arthur Zavalkovsky ,  Anat Eyal

发明人： Yair Tor ,  Daniel Rose ,  Eugene (John) Neystadt ,  Patrik Schnell ,  Moshe Sapir ,  Oleg Ananiev ,  Arthur Zavalkovsky ,  Anat Eyal

IPC分类号： H04L29/06 ,  G06F15/16 ,  G06F21/33 ,  G06F21/41

CPC分类号： H04L63/102 ,  G06F21/33 ,  G06F21/41 ,  H04L63/0807 ,  H04L63/0823 ,  H04L63/10 ,  H04L63/107 ,  H04L63/164

摘要： Embodiments of the invention provide techniques for basing access control decisions at the network layer at least in part on information provided in claims, which may describe attributes of a computer requesting access, one or more resources to which access is requested, the user, the circumstances surrounding the requested access, and/or other information. The information may be evaluated based on one or more access control policies, which may be pre-set or dynamically generated, and used in making a decision whether to grant or deny the computer access to the specified resource(s).

摘要翻译： 本发明的实施例提供了至少部分地基于在权利要求中提供的信息来在网络层基础访问控制决策的技术，其可以描述请求访问的计算机的属性，请求访问的一个或多个资源，用户，情况 围绕所请求的访问，和/或其他信息。 可以基于可以被预先设置或动态生成的一个或多个访问控制策略来评估信息，并且用于做出是否授予或拒绝计算机对指定资源的访问的决定。