-
公开(公告)号:US08689315B2
公开(公告)日:2014-04-01
申请号:US12183294
申请日:2008-07-31
IPC分类号: G06F15/16
CPC分类号: H04L63/0263
摘要: A method and system are provided for adding, removing, and managing a plurality of network policy filters in a network device. Filters are installed in a framework and designated as active or disabled. Each filter has a priority. When a new filter is to be installed into the framework, it is compared to installed filters to determine if a conflict exists. If no conflict exists, the new filter is added as an active filter. If a conflict exists, a higher priority conflicting filter is added as active and a lower priority filter is added as inactive.
摘要翻译: 提供了一种用于在网络设备中添加,删除和管理多个网络策略过滤器的方法和系统。 过滤器安装在框架中,并指定为活动或禁用。 每个过滤器都有优先权。 当将新的过滤器安装到框架中时,将其与已安装的过滤器进行比较,以确定是否存在冲突。 如果没有冲突,新的过滤器将作为活动过滤器添加。 如果存在冲突,则将优先级较高的冲突过滤器添加为活动状态,并将较低优先级的过滤器添加为非活动状态。
-
公开(公告)号:US07509673B2
公开(公告)日:2009-03-24
申请号:US10456766
申请日:2003-06-06
申请人: Brian D. Swander , Paul G. Mayfield
发明人: Brian D. Swander , Paul G. Mayfield
IPC分类号: G06F21/20
CPC分类号: H04L63/0218 , H04L63/0227 , H04L63/0236 , H04L63/0254 , H04L63/164
摘要: A method and system are provided for implementing a firewall architecture in a network device. The firewall architecture includes a plurality of network layers, a first firewall engine, and one or more callout modules. The layers send packets and packet information to the first firewall engine, maintain and pass packet context to subsequent layers, and process the packets. The first firewall engine compares the packet information to one or more installed filters and returns an action to the layers indicating how to treat the packet. The callouts provide additional functionality such as intrusion detection, logging, and parental control features.
摘要翻译: 提供了一种在网络设备中实现防火墙体系结构的方法和系统。 防火墙架构包括多个网络层,第一防火墙引擎和一个或多个标注模块。 这些层将数据包和数据包信息发送到第一个防火墙引擎,维护并将数据包上下文传递给后续层,并处理数据包。 第一个防火墙引擎将数据包信息与一个或多个安装的过滤器进行比较,并向层指示如何处理数据包的操作。 标注提供了额外的功能,如入侵检测,日志记录和家长控制功能。
-
3.发明申请公开(公告)号:US20090276828A1
公开(公告)日:2009-11-05
申请号:US12500381
申请日:2009-07-09
IPC分类号: G06F21/00
CPC分类号: H04L63/061 , H04L9/0844 , H04L63/0823 , H04L63/164 , H04L63/20
摘要: A method for authenticating and negotiating security parameters among two or more network devices is disclosed. The method has a plurality of modes including a plurality of messages exchanged between the two or more network devices. In a main mode, the two or more network devices establish a secure channel and select security parameters to be used during a quick mode and a user mode. In the quick mode, the two or more computers derive a set of keys to secure data sent according to a security protocol. The optional user mode provides a means of authenticating one or more users associated with the two or more network devices. A portion of the quick mode is conducted during the main mode thereby minimizing the plurality of messages that need to be exchanged between the initiator and the responder.
摘要翻译: 公开了一种用于在两个或多个网络设备之间认证和协商安全参数的方法。 该方法具有多个模式,包括在两个或多个网络设备之间交换的多个消息。 在主模式中,两个或多个网络设备建立安全通道并选择在快速模式和用户模式期间使用的安全参数。 在快速模式下,两台或多台计算机派生一组密钥来保护根据安全协议发送的数据。 可选的用户模式提供了认证与两个或多个网络设备相关联的一个或多个用户的手段。 快速模式的一部分在主模式期间进行,从而最小化需要在启动器和应答器之间交换的多个消息。
-
4.发明授权Method of negotiating security parameters and authenticating users interconnected to a network 有权协商安全参数和认证与网络互连的用户的方法公开(公告)号:US07574603B2
公开(公告)日:2009-08-11
申请号:US10713980
申请日:2003-11-14
IPC分类号: H04L9/00
CPC分类号: H04L63/061 , H04L9/0844 , H04L63/0823 , H04L63/164 , H04L63/20
摘要: A method for authenticating and negotiating security parameters among two or more network devices is disclosed. The method has a plurality of modes including a plurality of messages exchanged between the two or more network devices. In a main mode, the two or more network devices establish a secure channel and select security parameters to be used during a quick mode and a user mode. In the quick mode, the two or more computers derive a set of keys to secure data sent according to a security protocol. The optional user mode provides a means of authenticating one or more users associated with the two or more network devices. A portion of the quick mode is conducted during the main mode thereby minimizing the plurality of messages that need to be exchanged between the initiator and the responder.
摘要翻译: 公开了一种用于在两个或多个网络设备之间认证和协商安全参数的方法。 该方法具有多个模式,包括在两个或多个网络设备之间交换的多个消息。 在主模式中,两个或多个网络设备建立安全通道并选择在快速模式和用户模式期间使用的安全参数。 在快速模式下,两台或多台计算机派生一组密钥来保护根据安全协议发送的数据。 可选的用户模式提供了认证与两个或多个网络设备相关联的一个或多个用户的手段。 快速模式的一部分在主模式期间进行,从而最小化需要在启动器和应答器之间交换的多个消息。
-
5.发明授权Method of negotiating security parameters and authenticating users interconnected to a network 有权协商安全参数和认证与网络互连的用户的方法公开(公告)号:US08275989B2
公开(公告)日:2012-09-25
申请号:US12500381
申请日:2009-07-09
IPC分类号: H04L29/06
CPC分类号: H04L63/061 , H04L9/0844 , H04L63/0823 , H04L63/164 , H04L63/20
摘要: A method for authenticating and negotiating security parameters among two or more network devices is disclosed. The method has a plurality of modes including a plurality of messages exchanged between the two or more network devices. In a main mode, the two or more network devices establish a secure channel and select security parameters to be used during a quick mode and a user mode. In the quick mode, the two or more computers derive a set of keys to secure data sent according to a security protocol. The optional user mode provides a means of authenticating one or more users associated with the two or more network devices. A portion of the quick mode is conducted during the main mode thereby minimizing the plurality of messages that need to be exchanged between the initiator and the responder.
摘要翻译: 公开了一种用于在两个或多个网络设备之间认证和协商安全参数的方法。 该方法具有多个模式,包括在两个或多个网络设备之间交换的多个消息。 在主模式中,两个或多个网络设备建立安全通道并选择在快速模式和用户模式期间使用的安全参数。 在快速模式下,两台或多台计算机派生一组密钥来保护根据安全协议发送的数据。 可选的用户模式提供了认证与两个或多个网络设备相关联的一个或多个用户的手段。 快速模式的一部分在主模式期间进行,从而最小化需要在启动器和应答器之间交换的多个消息。
-
公开(公告)号:US20090077648A1
公开(公告)日:2009-03-19
申请号:US12183294
申请日:2008-07-31
IPC分类号: G06F21/00
CPC分类号: H04L63/0263
摘要: A method and system are provided for adding, removing, and managing a plurality of network policy filters in a network device. Filters are installed in a framework and designated as active or disabled. Each filter has a priority. When a new filter is to be installed into the framework, it is compared to installed filters to determine if a conflict exists. If no conflict exists, the new filter is added as an active filter. If a conflict exists, a higher priority conflicting filter is added as active and a lower priority filter is added as inactive.
摘要翻译: 提供了一种用于在网络设备中添加,删除和管理多个网络策略过滤器的方法和系统。 过滤器安装在框架中,并指定为活动或禁用。 每个过滤器都有优先权。 当将新的过滤器安装到框架中时,将其与已安装的过滤器进行比较,以确定是否存在冲突。 如果没有冲突,新的过滤器将作为活动过滤器添加。 如果存在冲突,则将优先级较高的冲突过滤器添加为活动状态,并将较低优先级的过滤器添加为非活动状态。
-
公开(公告)号:US07409707B2
公开(公告)日:2008-08-05
申请号:US10456433
申请日:2003-06-06
IPC分类号: H04L12/56
CPC分类号: H04L63/0263
摘要: A method and system are provided for adding, removing, and managing a plurality of network policy filters in a network device. Filters are installed in a framework and designated as active or disabled. Each filter has a priority. When a new filter is to be installed into the framework, it is compared to installed filters to determine if a conflict exists. If no conflict exists, the new filter is added as an active filter. If a conflict exists, a higher priority conflicting filter is added as active and a lower priority filter is added as inactive.
摘要翻译: 提供了一种用于在网络设备中添加,删除和管理多个网络策略过滤器的方法和系统。 过滤器安装在框架中,并指定为活动或禁用。 每个过滤器都有优先权。 当将新的过滤器安装到框架中时,将其与已安装的过滤器进行比较,以确定是否存在冲突。 如果没有冲突,新的过滤器将作为活动过滤器添加。 如果存在冲突,则将优先级较高的冲突过滤器添加为活动状态,并将较低优先级的过滤器添加为非活动状态。
-
公开(公告)号:US20080244724A1
公开(公告)日:2008-10-02
申请号:US11728608
申请日:2007-03-26
IPC分类号: G06F17/00
CPC分类号: H04L63/145 , G06F21/33 , G06F21/50 , G06F21/577 , H04L63/10 , H04L63/1441
摘要: Consumer computers that are not properly configured for safe access to a web service are protected from damage by controlling access to web services based on the health of the client computer. A client health web service receives health information from the client computer, determines the health status of the consumer computer, and issues a token to the consumer computer indicating its health status. The consumer computer can provide this token to other web services, which in turn may provide access to the consumer computer based on the health status indicated in the token. The client health web service may be operated as a web service specifically to determine the health of consumer computers or may have other functions, including providing access to the Internet. Also, the health information may be proxied to another device, such as a gateway device, that manages interactions with the client health web service.
摘要翻译: 未正确配置为安全访问Web服务的消费者计算机通过根据客户端计算机的运行状况控制对Web服务的访问,免受损坏。 客户端健康Web服务从客户端计算机接收健康信息,确定消费者计算机的健康状况,并向消费者计算机发出表示其健康状态的令牌。 消费者计算机可以将这个令牌提供给其他web服务,其又可以基于令牌中指示的健康状态来提供对消费者计算机的访问。 客户端健康Web服务可以作为Web服务来专门用于确定消费者计算机的健康状况,或者可以具有其他功能,包括提供对因特网的访问。 此外,健康信息可以被代理到管理与客户端健康web服务的交互的另一设备,例如网关设备。
-
公开(公告)号:US20120227058A1
公开(公告)日:2012-09-06
申请号:US13345031
申请日:2012-01-06
申请人: Galen C. Hunt , Reuben R. Olinsky , Adam B. Anderson , Paul G. Mayfield , William Street , Russell T. Young , Barry Bond , Andrew A. Baumann
发明人: Galen C. Hunt , Reuben R. Olinsky , Adam B. Anderson , Paul G. Mayfield , William Street , Russell T. Young , Barry Bond , Andrew A. Baumann
IPC分类号: G06F9/46
CPC分类号: G06F9/45558 , G06F8/71 , G06F2009/45575
摘要: A library operating system is employed in conjunction with an application in a virtual environment to facilitate dynamic application migration. An application executing in a virtual environment with a library operating system on a first machine can be suspended, and application state can be captured. Subsequently, the state can be restored and execution resumed on the first machine or a second machine.
摘要翻译: 图书馆操作系统与虚拟环境中的应用程序结合使用,以促进动态应用程序迁移。 可以暂停在具有第一机器上的库操作系统的虚拟环境中执行的应用程序,并且可以捕获应用程序状态。 随后,可以恢复状态并在第一机器或第二机器上恢复执行。
-
公开(公告)号:US20130024911A1
公开(公告)日:2013-01-24
申请号:US13630184
申请日:2012-09-28
申请人: Anthony M. Leibovitz , Mark C. Schurman , Mudit Goel , Paul G. Mayfield , Sudhakar Pasupuleti , Taroon Mandhana , Vivek P. Kamath , Wei Zheng , Xuemei Bao
发明人: Anthony M. Leibovitz , Mark C. Schurman , Mudit Goel , Paul G. Mayfield , Sudhakar Pasupuleti , Taroon Mandhana , Vivek P. Kamath , Wei Zheng , Xuemei Bao
IPC分类号: G06F21/20
CPC分类号: H04L63/0281 , H04L63/08 , H04L63/105 , H04L63/162 , H04L67/42
摘要: Software for managing access control functions in a network. The software includes a host that receives access control commands or information and calls one or more methods. The methods perform access control functions and communicate access control results or messages to be transmitted. The host may be installed in a network peer seeking access to the network or in a server controlling access to the network. When installed in a peer, the host receives commands and exchanges information with a supplicant. When installed in an access control server, the host receives commands and exchanges information with an authenticator. The host has a flexible architecture that enables multiple features, such as allowing the same methods to be used for authentication by multiple supplicants, providing ready integration of third party access control software, simplifying network maintenance by facilitating upgrades of authenticator software and enabling access control functions other than peer authentication.
摘要翻译: 用于管理网络中访问控制功能的软件。 该软件包括接收访问控制命令或信息并调用一个或多个方法的主机。 该方法执行访问控制功能并传送要发送的访问控制结果或消息。 主机可以安装在寻求对网络的访问的网络对等体中,或者在控制对网络的访问的服务器中。 当安装在对等体中时,主机接收命令并与请求者交换信息。 当安装在访问控制服务器中时,主机接收命令并与验证者交换信息。 主机具有灵活的架构,可实现多种功能,例如允许将相同的方法用于多个请求者的身份验证,提供第三方访问控制软件的即时集成,通过促进验证器软件升级和启用访问控制功能简化网络维护 除了对等认证。
-
-
-
-
-
-
-
-
-
搜索结果
19 条记录 (耗时 0.018 秒)