-
公开(公告)号:US09239915B2
公开(公告)日:2016-01-19
申请号:US11904322
申请日:2007-09-26
申请人: Avigdor Eldar , Tal Roth , Hormuzd Khosravi , Tal Shustak , Yael Yanai
发明人: Avigdor Eldar , Tal Roth , Hormuzd Khosravi , Tal Shustak , Yael Yanai
CPC分类号: G06F21/33 , G06F21/71 , G06F21/85 , H04L63/0227 , H04L63/08 , H04L63/162
摘要: In network access controlled networks, it is desirable to prevent access to the network by any non-authenticated entities. Access control may be established through a trusted agent that, in some embodiments, may be implemented with a management co-processor. In some cases, active management technology may establish a connection while a host is inactive. Then, after the host becomes active, the host can attempt to use the management co-processor connection without obtaining the necessary authentications. This may be prevented, in some embodiments, by scanning for an active host and, if such an active host is found, blocking the host from using a layer 2 authentication channel unless the host is properly authenticated and has a proper Internet Protocol address.
-
2.发明申请Synchronizing between host and management co-processor for network access control 有权同步主机和管理协处理器进行网络访问控制公开(公告)号:US20090083844A1
公开(公告)日:2009-03-26
申请号:US11904322
申请日:2007-09-26
申请人: Avigdor Eldar , Tal Roth , Hormuzd Khosravi , Tal Shustak , Yael Yanai
发明人: Avigdor Eldar , Tal Roth , Hormuzd Khosravi , Tal Shustak , Yael Yanai
IPC分类号: G06F21/20 , G06F15/173
CPC分类号: G06F21/33 , G06F21/71 , G06F21/85 , H04L63/0227 , H04L63/08 , H04L63/162
摘要: In network access controlled networks, it is desirable to prevent access to the network by any non-authenticated entities. Access control may be established through a trusted agent that, in some embodiments, may be implemented with a management co-processor. In some cases, active management technology may establish a connection while a host is inactive. Then, after the host becomes active, the host can attempt to use the management co-processor connection without obtaining the necessary authentications. This may be prevented, in some embodiments, by scanning for an active host and, if such an active host is found, blocking the host from using a layer 2 authentication channel unless the host is properly authenticated and has a proper Internet Protocol address.
摘要翻译: 在网络访问控制网络中,期望防止任何未经认证的实体访问网络。 访问控制可以通过可信代理来建立,在一些实施例中,可以使用管理协处理器来实现。 在某些情况下,主动管理技术可能会在主机处于非活动状态时建立连接。 然后,在主机变为活动状态之后,主机可以尝试使用管理协处理器连接,而无需获得必要的认证。 在一些实施例中,可以通过扫描活动主机来防止这种情况,并且如果发现这样的活动主机,则阻止主机使用第2层认证信道,除非主机被正确认证并具有适当的因特网协议地址。
-
公开(公告)号:US20090070467A1
公开(公告)日:2009-03-12
申请号:US11899991
申请日:2007-09-07
IPC分类号: G06F15/173
CPC分类号: H04L63/10 , G06F21/305 , H04L63/162
摘要: In network access control networks, it may be difficult to provide certain remote accesses such as remote boot or remote storage access. An available network connection established through chipset firmware (e.g. active management technology (AMT)) may be utilized to establish a connection and to enable the remote access. Then as soon the completion of the activity is detected, such as remote booting, then the connection may be immediately terminated to prevent access by improper agents.
摘要翻译: 在网络访问控制网络中,可能难以提供某些远程访问,例如远程启动或远程存储访问。 可以利用通过芯片组固件(例如主动管理技术(AMT))建立的可用网络连接来建立连接并实现远程访问。 然后,一旦检测到活动的完成(例如远程启动),则可能立即终止连接,以防止不正当的代理访问。
-
公开(公告)号:US09178884B2
公开(公告)日:2015-11-03
申请号:US11899991
申请日:2007-09-07
CPC分类号: H04L63/10 , G06F21/305 , H04L63/162
摘要: In network access control networks, it may be difficult to provide certain remote accesses such as remote boot or remote storage access. An available network connection established through chipset firmware (e.g. active management technology (AMT)) may be utilized to establish a connection and to enable the remote access. Then as soon the completion of the activity is detected, such as remote booting, then the connection may be immediately terminated to prevent access by improper agents.
-
公开(公告)号:US20080080373A1
公开(公告)日:2008-04-03
申请号:US11529985
申请日:2006-09-29
申请人: Avigdor Eldar , Eran Rousseau , Tal Shustak
发明人: Avigdor Eldar , Eran Rousseau , Tal Shustak
IPC分类号: H04L12/26
CPC分类号: H04L63/162 , H04L63/08 , H04L69/40
摘要: In an embodiment, a method is provided. The method of this embodiment provides detecting failure of a first device on a system to authenticate the system through a controlled port from which a service is requested; and using a second device on the system to authenticate the system through the controlled port, the second device sharing a link with the first device.
摘要翻译: 在一个实施例中,提供了一种方法。 该实施例的方法提供了系统上的第一设备的检测故障,以通过从其请求服务的受控端口认证系统; 并且在所述系统上使用第二设备通过所述受控端口认证所述系统,所述第二设备与所述第一设备共享链路。
-
公开(公告)号:US08607058B2
公开(公告)日:2013-12-10
申请号:US11529985
申请日:2006-09-29
申请人: Avigdor Eldar , Eran Rousseau , Tal Shustak
发明人: Avigdor Eldar , Eran Rousseau , Tal Shustak
CPC分类号: H04L63/162 , H04L63/08 , H04L69/40
摘要: In an embodiment, a method is provided. The method of this embodiment provides detecting failure of a first device on a system to authenticate the system through a controlled port from which a service is requested; and using a second device on the system to authenticate the system through the controlled port, the second device sharing a link with the first device.
摘要翻译: 在一个实施例中,提供了一种方法。 该实施例的方法提供了系统上的第一设备的检测故障,以通过从其请求服务的受控端口认证系统; 并且在所述系统上使用第二设备通过所述受控端口认证所述系统,所述第二设备与所述第一设备共享链路。
-
公开(公告)号:US20110246633A1
公开(公告)日:2011-10-06
申请号:US12753427
申请日:2010-04-02
IPC分类号: G06F15/173
CPC分类号: H04L67/2819 , H04L67/28 , H04L69/14
摘要: Embodiments provide methods, apparatus, and systems that enable an embedded processor to detect and configure one or more network access settings. The network access settings may enable the embedded processor to communicate over a network, via out-of-band messages, with a management server or service. Other embodiments may be disclosed or claimed.
摘要翻译: 实施例提供使得嵌入式处理器能够检测和配置一个或多个网络访问设置的方法,装置和系统。 网络访问设置可以使嵌入式处理器能够通过带外消息通过网络与管理服务器或服务进行通信。 可以公开或要求保护其他实施例。
-
公开(公告)号:US20080022355A1
公开(公告)日:2008-01-24
申请号:US11478987
申请日:2006-06-30
IPC分类号: H04L9/00
CPC分类号: H04L63/102 , H04L61/2015 , H04L63/0227 , H04L63/101 , H04L63/12
摘要: A method and apparatus for detection of network environment to aid policy selection for network access control. An embodiment of a method includes receiving a request to connect a device to a network and, if a security policy is received for the connection of the device, applying the policy for the device. If a security policy for the connection of the device is not received, the domain of the device is determined by determining whether the device is in an enterprise domain and determining whether the device is in a network access control domain, which allows selection of an appropriate domain/environment specific policy.
摘要翻译: 一种用于检测网络环境以帮助网络访问控制的策略选择的方法和装置。 一种方法的实施例包括接收将设备连接到网络的请求,并且如果接收到用于设备的连接的安全策略,则应用所述设备的策略。 如果没有接收到用于连接设备的安全策略,则通过确定设备是否在企业域中并确定设备是否在网络访问控制域中来确定设备的域,这允许选择适当的 域/环境特定策略。
-
公开(公告)号:US08332510B2
公开(公告)日:2012-12-11
申请号:US12753427
申请日:2010-04-02
IPC分类号: G06F15/16
CPC分类号: H04L67/2819 , H04L67/28 , H04L69/14
摘要: Embodiments provide methods, apparatus, and systems that enable an embedded processor to detect and configure one or more network access settings. The network access settings may enable the embedded processor to communicate over a network, via out-of-band messages, with a management server or service. Other embodiments may be disclosed or claimed.
摘要翻译: 实施例提供使得嵌入式处理器能够检测和配置一个或多个网络访问设置的方法,装置和系统。 网络访问设置可以使嵌入式处理器能够通过带外消息通过网络与管理服务器或服务进行通信。 可以公开或要求保护其他实施例。
-
公开(公告)号:US07814531B2
公开(公告)日:2010-10-12
申请号:US11478987
申请日:2006-06-30
CPC分类号: H04L63/102 , H04L61/2015 , H04L63/0227 , H04L63/101 , H04L63/12
摘要: A method and apparatus for detection of network environment to aid policy selection for network access control. An embodiment of a method includes receiving a request to connect a device to a network and, if a security policy is received for the connection of the device, applying the policy for the device. If a security policy for the connection of the device is not received, the domain of the device is determined by determining whether the device is in an enterprise domain and determining whether the device is in a network access control domain, which allows selection of an appropriate domain/environment specific policy.
摘要翻译: 一种检测网络环境以帮助网络访问控制的策略选择的方法和装置。 一种方法的实施例包括接收将设备连接到网络的请求,并且如果接收到用于设备的连接的安全策略,则应用所述设备的策略。 如果没有接收到用于连接设备的安全策略,则通过确定设备是否在企业域中并确定设备是否在网络访问控制域中来确定设备的域,这允许选择适当的 域/环境特定策略。
-
-
-
-
-
-
-
-
-
搜索结果
57 条记录 (耗时 0.022 秒)
