公开(公告)号：US07624434B2

公开(公告)日：2009-11-24

申请号：US10090543

申请日：2002-03-01

Applicant: Peter M. Rigstad ,  John Y. Yoon ,  Mark Farahar ,  Barani Subbiah ,  Brant D. Thomsen ,  David E. Richmond ,  Vered Maor Semel ,  Earl Bryner

Inventor： Peter M. Rigstad ,  John Y. Yoon ,  Mark Farahar ,  Barani Subbiah ,  Brant D. Thomsen ,  David E. Richmond ,  Vered Maor Semel ,  Earl Bryner

IPC: G06F17/00 ,  G06F7/04 ,  G06F15/173 ,  G06F15/16 ,  H04L9/00

CPC classification number: H04L63/0227 ,  H04L63/20

Abstract: A system for providing security in a computing network. The system has a server for distributing policies to be implemented by firewall devices in the network. The firewall devices provide hardware implemented firewalls to communication devices making network connections. The system has logic to allow a connection to be made to the network via a communication device at a node provided the firewall device is at that node. Therefore, the firewall device must be in the system for a connection to be established via the communication device. Additionally, the system is configured to cause data transferred by the communication device to be processed by the firewall.

Abstract translation: 一种用于在计算网络中提供安全性的系统。 该系统具有用于分发由网络中的防火墙设备实现的策略的服务器。 防火墙设备为进行网络连接的通信设备提供硬件实现的防火墙。 该系统具有允许在提供防火墙设备在该节点处的节点处经由通信设备对网络进行连接的逻辑。 因此，防火墙设备必须在系统中才能通过通信设备建立连接。 此外，该系统被配置为使由通信设备传送的数据由防火墙处理。

公开(公告)号：US06745333B1

公开(公告)日：2004-06-01

申请号：US10062871

申请日：2002-01-31

Applicant: Brant D. Thomsen

Inventor： Brant D. Thomsen

IPC: G06F124

CPC classification number: H04L41/046 ,  H04L29/12264 ,  H04L41/0213 ,  H04L43/00 ,  H04L61/2046 ,  H04L63/101 ,  H04L63/1408 ,  H04L63/1466 ,  H04W12/08 ,  H04W12/12

Abstract: A method is described a NIC to ascertain the presence of spoofing activity and thus detect unauthorized network access. The NIC monitors for packets purporting to be from itself. In one embodiment, a NIC views packets trafficking on its network and monitors for packets having its own MAC Address, but which it did not send. In another embodiment, the NIC monitors for packets having its own IP address, but which it did not send. These falsely purportive packets originate not from the observant NIC, but suspiciously from elsewhere. Such suspect origins entities may be rogue entities attempting to gain unauthorized network access. These embodiments detect unauthorized access to a network by ascertaining the presence of spoofing activity in a manner that does not require gross revamping of network architecture or the burdening of network accessibility by legitimate authorized entities.

Abstract translation: 描述了一种NIC来确定欺骗活动的存在并因此检测未经授权的网络访问。 NIC监视来自本身的数据包。 在一个实施例中，NIC在其网络上查看分组传送，并监视具有其自己的MAC地址但是没有发送的分组的分组。 在另一个实施例中，NIC监视具有其自己的IP地址但是没有发送的分组的分组。 这些虚假的信息来源不是来自观察网卡，而是来自其他地方。 这些嫌疑来源实体可能是试图获得未经授权的网络访问的流氓实体。 这些实施例通过不需要大量改进网络架构或合法授权实体对网络可访问性的负担的方式来确定欺骗活动的存在来检测对网络的未授权访问。

公开(公告)号：US06675308B1

公开(公告)日：2004-01-06

申请号：US09568862

申请日：2000-05-09

Applicant: Brant D. Thomsen

Inventor： Brant D. Thomsen

IPC: G06F900

CPC classification number: H04L43/0817 ,  H04L41/0803 ,  H04L41/22

Abstract: Methods of determining whether a network interface card entry within the system registry of a Windows™-based operating system pertains to “real” physical hardware or to a “virtual” device. In one embodiment of the present invention, the method includes the steps of: (1) opening the HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Class\Net key entry of the system registry; (2) examining each of the sub-keys for the “Net” key, and find one with a “DriverDesc” string value matching a NIC; (3) opening the “Ndi” key under the matching sub-key; (4) getting the “DeviceID” string value under the “Ndi” key; and, (5) searching the “DeviceID” string for a backslash “\” character. If the backslash character is found, then it can be concluded that the network interface card entry is associated with “real” physical hardware. Otherwise, it can be concluded that the network interface card entry is associated with a “virtual” device. In one particular embodiment, the present invention is implemented as part of a network configuration software or network monitoring software and allows users or system administrators to more easily monitor and modify the settings for network interface cards installed on a computer system running on Windows 95® or Windows 98® operating systems.

Abstract translation: 确定基于Windows（TM）的操作系统的系统注册表内的网络接口卡条目是否属于“真实的”物理硬件或“虚拟”设备的方法。 在本发明的一个实施例中，该方法包括以下步骤：（1）打开系统注册表的HKEY_LOCAL_MACHINE \ System \ CurrentControlSet \ Services \ Class \ Net密钥项; （2）检查“Net”键的每个子键，并找到一个与NIC匹配的“DriverDesc”字符串值; （3）打开匹配子键下的“Ndi”键; （4）获取“NID”键下的“DeviceID”字符串值; 和（5）搜索“DeviceID”字符串中的反斜杠“\”字符。 如果找到反斜杠字符，则可以得出结论，网络接口卡条目与“真实”物理硬件相关联。 否则，可以得出结论，网络接口卡条目与“虚拟”设备相关联。 在一个特定实施例中，本发明被实现为网络配置软件或网络监视软件的一部分，并且允许用户或系统管理员更容易地监视和修改安装在运行在Windows 95上的计算机系统上的网络接口卡（R ）或Windows 98（R）操作系统。

公开(公告)号：US20100100738A1

公开(公告)日：2010-04-22

申请号：US12642942

申请日：2009-12-21

Applicant: Brant D. Thomsen ,  Brent R. Beachem ,  Thomas M. Wheeler

Inventor： Brant D. Thomsen ,  Brent R. Beachem ,  Thomas M. Wheeler

IPC: H04L9/32 ,  H04L9/08 ,  H04L9/00

CPC classification number: H04L63/068 ,  H04L63/0823 ,  H04L63/083 ,  H04L63/0853 ,  H04L63/0861 ,  H04L63/101 ,  H04L63/205 ,  H04W12/04 ,  H04W12/06 ,  H04W84/18

Abstract: Secure communications on a network. An unauthenticated client on an network sends start packets to locate other clients. The unauthenticated client receives responses to the start packets from other clients on the network. The responses may be advertise packets that are from advertising clients that may be authenticated clients or other unauthenticated clients in authenticated mode. The unauthenticated client prioritizes the received packets so that authentication can be performed with the most desirable advertising client. Authentication packets are sent and received between the unauthenticated client and the advertising client in an attempt to authenticate.

Abstract translation: 安全通信网络。 网络上未认证的客户端发送启动数据包以查找其他客户端。 未经身份验证的客户端收到来自网络上其他客户端的起始数据包的响应。 响应可以是通过来自可以是经认证的客户端的广告客户端或其他经认证的模式的未经认证的客户端的分组。 未经身份验证的客户端对接收到的数据包进行优先级排序，以便可以用最理想的广告客户端执行身份验证。 验证数据包在未经身份验证的客户端和广告客户端之间发送和接收，以尝试进行身份验证。

公开(公告)号：US07660990B1

公开(公告)日：2010-02-09

申请号：US10832698

申请日：2004-04-27

Applicant: Brant D. Thomsen ,  Brent R. Beachem ,  Thomas M. Wheeler

Inventor： Brant D. Thomsen ,  Brent R. Beachem ,  Thomas M. Wheeler

IPC: H04L29/06

CPC classification number: H04L63/068 ,  H04L63/0823 ,  H04L63/083 ,  H04L63/0853 ,  H04L63/0861 ,  H04L63/101 ,  H04L63/205 ,  H04W12/04 ,  H04W12/06 ,  H04W84/18

Abstract: Secure communications on a network. An unauthenticated client on an network sends start packets to locate other clients. The unauthenticated client receives responses to the start packets from other clients on the network. The responses may be advertise packets that are from advertising clients that may be authenticated clients or other unauthenticated clients in authenticated mode. The unauthenticated client prioritizes the received packets so that authentication can be performed with the most desirable advertising client. Authentication packets are sent and received between the unauthenticated client and the advertising client in an attempt to authenticate.

Abstract translation: 安全通信网络。 网络上未认证的客户端发送启动数据包以查找其他客户端。 未经身份验证的客户端收到来自网络上其他客户端的起始数据包的响应。 响应可以是通过来自可以是经认证的客户端的广告客户端或其他经认证的模式的未经认证的客户端的分组。 未经身份验证的客户端对接收到的数据包进行优先级排序，以便可以用最理想的广告客户端执行身份验证。 验证数据包在未经身份验证的客户端和广告客户端之间发送和接收，以尝试进行身份验证。

公开(公告)号：US08321676B2

公开(公告)日：2012-11-27

申请号：US12642942

申请日：2009-12-21

Applicant: Brant D. Thomsen ,  Brent R. Beachem ,  Thomas M. Wheeler

Inventor： Brant D. Thomsen ,  Brent R. Beachem ,  Thomas M. Wheeler

IPC: H04L29/06

CPC classification number: H04L63/068 ,  H04L63/0823 ,  H04L63/083 ,  H04L63/0853 ,  H04L63/0861 ,  H04L63/101 ,  H04L63/205 ,  H04W12/04 ,  H04W12/06 ,  H04W84/18

Abstract: Secure communications on a network. An unauthenticated client on an network sends start packets to locate other clients. The unauthenticated client receives responses to the start packets from other clients on the network. The responses may be advertise packets that are from advertising clients that may be authenticated clients or other unauthenticated clients in authenticated mode. The unauthenticated client prioritizes the received packets so that authentication can be performed with the most desirable advertising client. Authentication packets are sent and received between the unauthenticated client and the advertising client in an attempt to authenticate.

Abstract translation: 安全通信网络。 网络上未认证的客户端发送启动数据包以查找其他客户端。 未经身份验证的客户端收到来自网络上其他客户端的起始数据包的响应。 响应可以是通过来自可以是经认证的客户端的广告客户端或其他未经认证的客户端的认证模式的分组。 未经身份验证的客户端对接收到的数据包进行优先级排序，以便可以用最理想的广告客户端执行身份验证。 验证数据包在未经身份验证的客户端和广告客户端之间发送和接收，以尝试进行身份验证。

公开(公告)号：US07194004B1

公开(公告)日：2007-03-20

申请号：US10060112

申请日：2002-01-28

Applicant: Brant D. Thomsen

Inventor： Brant D. Thomsen

IPC: H04L12/28 ,  G06F21/00

CPC classification number: H04L63/101 ,  H04L63/08

Abstract: A method for providing security in a computing network. A device connects to a network and authenticates itself with a server. Next, the server adds the IP address of the device to a list of trusted devices. The server broadcasts the trusted IP address to all devices in the network to which the newly authenticated device is allowed to communicate. The devices in the network add the trusted IP address to a list of trusted address stored on each device. The server may also transmit its stored list to the newly authenticated device. After a device has received a packet, it determines if the IP address associated with the packet is on its trusted list. If it is, the device processes the packet. If the IP address is not found on the safe list, the device queries the authentication server to determine if the IP address is safe.

Abstract translation: 一种在计算网络中提供安全性的方法。 设备连接到网络并使用服务器进行身份验证。 接下来，服务器将设备的IP地址添加到可信设备列表中。 服务器将可信IP地址广播到允许新认证设备通信的网络中的所有设备。 网络中的设备将可信IP地址添加到每个设备上存储的可信地址列表中。 服务器还可以将其存储的列表发送到新认证的设备。 在设备收到数据包之后，它确定与数据包相关联的IP地址是否在其信任列表上。 如果是，则设备处理该分组。 如果在安全列表中找不到IP地址，设备会查询认证服务器，以确定IP地址是否安全。

公开(公告)号：US06675234B1

公开(公告)日：2004-01-06

申请号：US09734796

申请日：2000-12-11

Applicant: Brant D. Thomsen

Inventor： Brant D. Thomsen

IPC: G06F300

CPC classification number: H04L63/0272 ,  H04L29/06 ,  H04L69/16 ,  H04L69/161 ,  H04L69/162 ,  H04L69/32

Abstract: The present invention provides a method for detecting TCP/IP (Transmission Control Protocol/Internet Protocol) bindings for Network Interface Cards (NICs) installed on Windows 95™ and Windows 98™ operating systems with a VPN (Virtual Private Network) client present. More particularly, the present invention provides a method for parsing the Windows™ system registry to detect TCP/IP bindings for network interface cards installed within a host computer system. In one embodiment, a function for detecting TCP/IP bindings of one network interface card implemented and repeated for all keys of the registry of a computer software for detecting the TCP/IP bindings for network interface cards installed on the host computer system.

Abstract translation: 本发明提供了一种用于检测安装在具有VPN（虚拟专用网）的Windows 95（TM）和Windows 98 TM操作系统上的网络接口卡（NIC）的TCP / IP（传输控制协议/因特网协议） 客户礼物 更具体地，本发明提供了一种用于解析Windows TM系统注册表以检测安装在主计算机系统内的网络接口卡的TCP / IP绑定的方法。 在一个实施例中，用于检测对计算机软件的注册表的所有密钥实施和重复的一个网络接口卡的TCP / IP绑定的功能，用于检测安装在主计算机系统上的网络接口卡的TCP / IP绑定。

公开(公告)号：US06529965B1

公开(公告)日：2003-03-04

申请号：US09568098

申请日：2000-05-09

Applicant: Brant D. Thomsen ,  Ronald D. Smith

Inventor： Brant D. Thomsen ,  Ronald D. Smith

IPC: G06F1310

CPC classification number: H04L63/0272 ,  H04L29/06 ,  H04L69/16 ,  H04L69/161 ,  H04L69/162 ,  H04L69/32

Abstract: A method for detecting TCP/IP (Transmission Control Protocol/Internet Protocol) bindings for Network Interface Cards (NICs) installed on Windows 95® and Windows 98® operating systems with a VPN (Virtual Private Network) client present. The present invention provides a method for parsing the Windows™ system registry to detect TCP/IP bindings for network interface cards installed within a host computer system. In one embodiment, a DriverCheck function and a HardwareCheck function are implemented as parts of a computer software for detecting the TCP/IP bindings for network interface cards installed on the host computer system.

Abstract translation: 检测安装在具有VPN（虚拟专用网络）客户端的Windows 95（R）和Windows 98（R）操作系统上的网络接口卡（NIC）的TCP / IP（传输控制协议/互联网协议）绑定的方法。 本发明提供了一种用于解析Windows TM系统注册表以检测安装在主计算机系统内的网络接口卡的TCP / IP绑定的方法。 在一个实施例中，DriverCheck功能和HardwareCheck功能被实现为用于检测安装在主计算机系统上的网络接口卡的TCP / IP绑定的计算机软件的一部分。