公开(公告)号：US08068414B2

公开(公告)日：2011-11-29

申请号：US10913363

申请日：2004-08-09

申请人： Craig Allen Huegen ,  Ellis Roland Dobbins ,  Ian Foo ,  Robert Eric Gleichauf

发明人： Craig Allen Huegen ,  Ellis Roland Dobbins ,  Ian Foo ,  Robert Eric Gleichauf

IPC分类号： H04L12/22

CPC分类号： H04L63/126 ,  H04L63/08 ,  H04L63/1466 ,  H04L63/162 ,  H04L2463/146

摘要： Link layer authentication information is supplied by a link layer authentication device to an access router for tracking IP address usage by a client device. The authentication information supplied to the access router includes an authenticated client identifier and a corresponding authenticated link identifier for the client device that attached to the network based on the authenticated link identifier. The access router, in response to receiving a message that specifies the authenticated link identifier and a source IP address, adds the source IP address to a cache entry that specifies the authenticated client identifier and the corresponding authenticated link identifier, and outputs to an audit resource a record that specifies the source IP address and the authenticated link identifier.

摘要翻译： 链路层认证信息由链路层认证装置提供给接入路由器，用于跟踪客户端设备的IP地址使用情况。 提供给接入路由器的认证信息包括经认证的客户端标识符和用于基于经认证的链路标识符附接到网络的客户端设备的相应的认证链路标识符。 接入路由器响应于接收到指定认证链路标识符和源IP地址的消息，将源IP地址添加到指定认证客户端标识符和对应的认证链路标识符的高速缓存条目，并将其输出到审计资源 指定源IP地址和经过身份验证的链路标识符的记录。

公开(公告)号：US07930734B2

公开(公告)日：2011-04-19

申请号：US11414540

申请日：2006-04-28

申请人： Ian Foo ,  Jeremy Stieglitz ,  Arthur Zavalkovsky ,  Jeevan S. Patil ,  Partha Bhattacharya ,  Jason Frazier ,  Ellis Roland Dobbins

发明人： Ian Foo ,  Jeremy Stieglitz ,  Arthur Zavalkovsky ,  Jeevan S. Patil ,  Partha Bhattacharya ,  Jason Frazier ,  Ellis Roland Dobbins

IPC分类号： H04L9/32 ,  G06K9/00

CPC分类号： H04L63/1433 ,  H04L63/08 ,  H04L63/1408

摘要： A method and system is disclosed for creating and tracking network sessions. A request to access a network is received from an entity. The entity is authenticated after the request is received. Authenticated identity information associated with the entity, network address information associated with the entity, and network location information associated with the entity is collected. An information set is created. The information set comprises and binds together the authenticated identity information, the network address information, and the network location information. The information set indicates a present association among the authenticated identity information, the network address information, and the network location information. The information set is stored in a session record in a centralized database. The session record represents a session in which the entity accesses the network. The session record is one of a plurality of session records that are stored in the centralized database. The plurality of session records is used by a data processing system to perform real-time diagnostics of the network.

摘要翻译： 公开了用于创建和跟踪网络会话的方法和系统。 从实体接收到访问网络的请求。 接收到请求后，实体进行身份验证。 与实体相关联的认证身份信息，与该实体相关联的网络地址信息以及与该实体相关联的网络位置信息被收集。 创建一个信息集。 信息集合包括并且将已认证的身份信息，网络地址信息和网络位置信息结合在一起。 信息集表示认证身份信息，网络地址信息和网络位置信息之间的当前关联。 信息集存储在集中式数据库中的会话记录中。 会话记录表示实体访问网络的会话。 会话记录是存储在集中式数据库中的多个会话记录之一。 数据处理系统使用多个会话记录来执行网络的实时诊断。

公开(公告)号：US07447166B1

公开(公告)日：2008-11-04

申请号：US10979536

申请日：2004-11-02

申请人： Shyamasundar S. Kaluve ,  Ian Foo ,  Shyam Murthy ,  Ramesh Ponnapalli ,  Rajasekhar Manam

发明人： Shyamasundar S. Kaluve ,  Ian Foo ,  Shyam Murthy ,  Ramesh Ponnapalli ,  Rajasekhar Manam

IPC分类号： H04L12/26

CPC分类号： H04L12/66

摘要： A technique optimizes the distribution of authenticated users among a plurality of broadcast domains, such as virtual local area networks (VLAN). Users are dynamically assigned to different broadcast domains based on various factors, including but not limited to the number of authenticated users already participating in each broadcast domain, the available bandwidth in each broadcast domain, user classes associated with users participating in each broadcast domain, etc. Based on one or more of these factors, authenticated users are optimally distributed (“load balanced”) among the plurality of broadcast domains, thereby reducing the amount of broadcast traffic and configuration within each domain.

摘要翻译： 一种技术优化了多个广播域（如虚拟局域网（VLAN））中的已认证用户的分布。 用户根据各种因素动态分配到不同的广播域，包括但不限于已经参与每个广播域的已认证用户的数量，每个广播域中的可用带宽，与参与每个广播域的用户相关联的用户类等 基于这些因素中的一个或多个，多个广播域中的经过认证的用户被最优地分布（“负载平衡”），从而减少每个域内的广播流量和配置的数量。

公开(公告)号：US20080232277A1

公开(公告)日：2008-09-25

申请号：US11726933

申请日：2007-03-23

申请人： Ian Foo ,  Jacqueline Munson ,  Randall B. Baird

发明人： Ian Foo ,  Jacqueline Munson ,  Randall B. Baird

IPC分类号： H04L12/16

CPC分类号： H04L12/1822

摘要： In one embodiment, a method includes electronically prompting, in response to a triggering event, a participant connected to a conference session via a corresponding endpoint device to enter an affirmative response in order to continue attending the conference session. The participant is disconnected from the conference session in the event that the affirmative response is not received within a predetermined time period. It is emphasized that this abstract is provided to comply with the rules requiring an abstract that will allow a searcher or other reader to quickly ascertain the subject matter of the technical disclosure.

摘要翻译： 在一个实施例中，一种方法包括响应于触发事件，通过相应的端点设备电话提示连接到会议会话的参与者以输入肯定响应，以便继续参加会议会话。 如果在预定的时间段内没有收到肯定的答复，参与者将与会议会话断开连接。 要强调的是，该摘要被提供以符合要求抽象的规则，允许搜索者或其他读者快速确定技术公开的主题。

公开(公告)号：US20070195742A1

公开(公告)日：2007-08-23

申请号：US11359753

申请日：2006-02-21

申请人： William Erdman ,  Jeremy Stieglitz ,  Patrick Gilbreath ,  Ian Foo

发明人： William Erdman ,  Jeremy Stieglitz ,  Patrick Gilbreath ,  Ian Foo

IPC分类号： H04Q7/24

CPC分类号： H04W28/24 ,  H04L47/10 ,  H04L47/14 ,  H04L47/2433 ,  H04L47/2466 ,  H04L65/80 ,  H04W4/16 ,  H04W72/1242 ,  H04W84/12 ,  H04W88/08

摘要： A system and method for selectively controlling traffic in a network to improve network performance. The system includes a network controller that includes a first control-traffic prioritizer. An Access Point (AP) includes a second control-traffic prioritizer and communicates with the network controller. One or more clients communicate with the AP. The communications behavior of the client is affected by operations of the first control-traffic prioritizer and the second control-traffic prioritizer.

摘要翻译： 一种用于选择性地控制网络中的业务以提高网络性能的系统和方法。 该系统包括包括第一控制流量优先级的网络控制器。 接入点（AP）包括第二控制业务优先级并与网络控制器进行通信。 一个或多个客户端与AP通信。 客户端的通信行为受到第一控制流量优先级和第二控制流量优先级的操作的影响。

公开(公告)号：US20060268856A1

公开(公告)日：2006-11-30

申请号：US11140686

申请日：2005-05-31

申请人： Eric Voit ,  Ian Foo ,  Wayne Roiger

发明人： Eric Voit ,  Ian Foo ,  Wayne Roiger

IPC分类号： H04L12/56

CPC分类号： H04L63/0838 ,  H04L63/0892 ,  H04L63/162

摘要： A Service Provider (SP) authentication method includes receiving a message from a subscriber-premises device, the message being compatible with an authentication protocol and being transported from the subscriber-premises device to a u-PE device operating in compliance with an IEEE 802.1x compatible protocol. Access to the SP network is either allowed or denied access based on a logical identifier contained in the message. It is emphasized that this abstract is provided to comply with the rules requiring an abstract that will allow a searcher or other reader to quickly ascertain the subject matter of the technical disclosure. It is submitted with the understanding that it will not be used to interpret or limit the scope or meaning of the claims. 37 CFR 1.72(b).

摘要翻译： 服务提供商（SP）认证方法包括从用户驻地设备接收消息，所述消息与认证协议兼容并且从用户驻地设备传输到按照IEEE 802.1x操作的u-PE设备 兼容协议。 根据包含在消息中的逻辑标识符，对SP网络的访问被允许或拒绝访问。 要强调的是，该摘要被提供以符合要求抽象的规则，允许搜索者或其他读者快速确定技术公开内容的主题。 提交它的理解是，它不会用于解释或限制权利要求的范围或含义。 37 CFR 1.72（b）。

公开(公告)号：US07903639B2

公开(公告)日：2011-03-08

申请号：US11388477

申请日：2006-03-24

申请人： Ian Foo ,  Armin Current ,  Kenneth Durazzo

发明人： Ian Foo ,  Armin Current ,  Kenneth Durazzo

IPC分类号： H04L12/66

CPC分类号： H04L51/066 ,  H04M3/42382 ,  H04M3/533 ,  H04M2201/60 ,  H04M2207/20

摘要： A system for interfacing different types of network communications. In one embodiment, the system includes one or more gateways capable of converting messages from messages that are adapted for a first type of network and/or destination device to messages that are adapted for a second type of network and/or destination device. The second type of network and/or destination device includes a first Voice Over Internet Protocol (VOIP) communications device. A message-analysis module is adapted to employ an address associated with the message to selectively forward the message to one or more of the one or more gateways and/or to a destination device. In a more specific embodiment, the first type of network includes a packet-switched network in communication with the first VOIP phone. The destination device includes a mobile phone in communication with a cellular network. In the specific embodiment, the first type of destination device includes a user option to selectively transition a text-based communications session to a voice-based communications session.

摘要翻译： 用于连接不同类型的网络通信的系统。 在一个实施例中，系统包括一个或多个网关，其能够将适合于第一类型的网络和/或目的地设备的消息的消息转换成适用于第二类型的网络和/或目的地设备的消息。 第二类型的网络和/或目的地设备包括第一语音互联网协议（VOIP）通信设备。 消息分析模块适于采用与消息相关联的地址来选择性地将消息转发到一个或多个网关和/或目的地设备中的一个或多个。 在更具体的实施例中，第一类型的网络包括与第一VOIP电话通信的分组交换网络。 目的地设备包括与蜂窝网络通信的移动电话。 在具体实施例中，第一类型的目的地设备包括用于选择性地将基于文本的通信会话转换到基于语音的通信会话的用户选项。

公开(公告)号：US07539189B2

公开(公告)日：2009-05-26

申请号：US11582786

申请日：2006-10-17

申请人： Susan M. Sauter ,  Jason D. Frazier ,  Cynthia D. Melter ,  Gregory Alan Moore ,  Ian Foo

发明人： Susan M. Sauter ,  Jason D. Frazier ,  Cynthia D. Melter ,  Gregory Alan Moore ,  Ian Foo

IPC分类号： H04L12/28

CPC分类号： H04L63/0272 ,  H04L63/10

摘要： Disclosed are apparatus and methods for authenticating a device to access a network through an access control port. In one embodiment, one or more first authentication packets for authenticating a first device or user to access a first network domain via a particular access port of a network device are received, for example, by an access control port. The particular access port is configured to control access for packets attempting to ingress into one or more network domains. When the first device or user is authorized to access the first domain, a first binding between the first device and the first domain is formed. The first binding specifies that the first device is allowed to access the first domain and the first binding is associated with the particular access port of the network device. When a packet is received that is attempting to ingress into the first domain and the ingressing packet matches the first binding, the ingressing packet is allowed to access the first domain. In contrast, when a packet is received that is attempting to ingress into the first domain and the ingressing packet does not match the first binding, the ingressing packet is blocked from accessing the first domain.

摘要翻译： 公开了用于认证通过访问控制端口访问网络的设备的装置和方法。 在一个实施例中，例如通过访问控制端口接收用于通过网络设备的特定接入端口认证第一设备或用户访问第一网络域的一个或多个第一认证分组。 特定的访问端口被配置为控制尝试进入一个或多个网络域的分组的访问。 当第一设备或用户被授权访问第一域时，形成第一设备和第一域之间的第一绑定。 第一个绑定指定允许第一个设备访问第一个域，而第一个绑定与网络设备的特定访问端口相关联。 当接收到尝试进入第一域并且入口分组与第一绑定匹配的分组时，允许入口分组访问第一个域。 相反，当接收到尝试进入第一域并且入口分组与第一绑定不匹配的分组时，入口分组被阻止访问第一域。

公开(公告)号：US08677478B2

公开(公告)日：2014-03-18

申请号：US11083434

申请日：2005-03-17

申请人： Susan M. Sauter ,  Jason D. Frazier ,  Ian Foo ,  Gregory A. Moore ,  Troy H. Sherman

发明人： Susan M. Sauter ,  Jason D. Frazier ,  Ian Foo ,  Gregory A. Moore ,  Troy H. Sherman

IPC分类号： G06F11/00

CPC分类号： H04L63/08

摘要： According to one embodiment, a method for removing authentication of a supplicant includes monitoring communication between the supplicant and an authenticator. The method also includes determining, based on the monitored communication, the MAC address for the supplicant and an attachment port of the supplicant to the intermediate network device disposed between the supplicant and the authenticator through which the monitored communication occurs. The method also includes determining that the supplicant no longer has a link connection with the intermediate network device, and in response, sending via the intermediate network device a logoff message having a spoofed source address of the supplicant to the authenticator.

摘要翻译： 根据一个实施例，一种用于去除请求方的认证的方法包括监视请求方与认证者之间的通信。 该方法还包括基于所监视的通信，将被请求者的MAC地址和请求者的附加端口确定到被设置在请求方与认证者之间的中间网络设备，通过该认证方发送被监控的通信。 该方法还包括确定请求者不再具有与中间网络设备的链路连接，并且作为响应，通过中间网络设备向认证者发送具有请求者的欺骗源地址的注销消息。

公开(公告)号：US07788720B2

公开(公告)日：2010-08-31

申请号：US11435123

申请日：2006-05-16

申请人： Jeevan Patil ,  Jeremy E. Stieglitz ,  Shripati Acharya ,  Ian Foo

发明人： Jeevan Patil ,  Jeremy E. Stieglitz ,  Shripati Acharya ,  Ian Foo

IPC分类号： G06F21/00 ,  G06F11/30 ,  G06F15/16

CPC分类号： H04L63/10 ,  G06F21/554 ,  H04L63/1416 ,  H04L63/1441 ,  H04W12/12 ,  H04W48/02 ,  H04W88/08

摘要： Techniques for security protection of a wireless network are provided. An access point is operated in a first mode. The first mode is a mode of operation that allows access to resources of a network. A security event for a client is detected while operating the access point in the first mode. Then, the access point is changed from the first mode of operation to a second mode of operation. The second mode is a restricted mode of operation that restricts access to resources of the network. Analysis may then be performed to determine if the client is an unauthorized client or valid client.

摘要翻译： 提供了用于无线网络的安全保护的技术。 接入点在第一模式下操作。 第一种模式是允许访问网络资源的操作模式。 在第一模式下操作接入点时检测到客户端的安全事件。 然后，将接入点从第一操作模式改变为第二操作模式。 第二种模式是限制对网络资源的访问的限制操作模式。 然后可以执行分析以确定客户端是未经授权的客户端还是有效的客户端。