公开(公告)号：US20060277187A1

公开(公告)日：2006-12-07

申请号：US11504368

申请日：2006-08-15

申请人： John Roese ,  Richard Graham ,  David Frattura ,  David Harrington

发明人： John Roese ,  Richard Graham ,  David Frattura ,  David Harrington

IPC分类号： G06F17/30

CPC分类号： H04L67/16 ,  G01S5/02 ,  H04L29/06 ,  H04L29/12018 ,  H04L41/0213 ,  H04L41/12 ,  H04L61/10 ,  H04L63/02 ,  H04L63/0492 ,  H04L63/08 ,  H04L63/10 ,  H04L63/104 ,  H04L63/107 ,  H04L63/126 ,  H04L67/04 ,  H04L67/18 ,  H04L67/327 ,  H04L69/329 ,  H04W4/029 ,  H04W4/50 ,  H04W8/26 ,  H04W64/00 ,  Y10S707/99932 ,  Y10S707/99939

摘要： A computer-implemented method and computer program product for providing data that includes location-based access control information concerning a data relay device located within a network infrastructure. The data relay device is loaded with one or more features, such that the one or more features loaded are dependent, at least in part, upon the location-based access control information.

摘要翻译： 一种计算机实现的方法和计算机程序产品，用于提供包括位于网络基础设施内的数据中继装置的基于位置的访问控制信息的数据。 数据中继设备被加载有一个或多个特征，使得加载的一个或多个特征至少部分地取决于基于位置的访问控制信息。

公开(公告)号：US20060059163A1

公开(公告)日：2006-03-16

申请号：US11208372

申请日：2005-08-19

申请人： David Frattura ,  Richard Graham ,  John Roese

发明人： David Frattura ,  Richard Graham ,  John Roese

IPC分类号： G06F17/30

CPC分类号： H04L12/2602 ,  H04L12/4633 ,  H04L43/00 ,  H04L43/0882 ,  H04L43/16 ,  H04L63/00 ,  H04L63/14 ,  H04L63/1416 ,  H04L63/166 ,  H04L63/30 ,  H04L67/1095

摘要： The present invention provides method and systems for dynamically mirroring network traffic. The mirroring of network traffic may comprise data that may be considered of particular interest. The network traffic may be mirrored by a mirror service portal from a mirror sender, referred to as a mirror source, to a mirror receiver, referred to as a mirror destination, locally or remotely over various network segments, such as private and public networks and the Internet. The network traffic may be mirrored to locations not involved in the network communications being mirrored. The present invention provides various techniques for dynamically mirroring data contained in the network traffic from a mirror source to a mirror destination.

摘要翻译： 本发明提供了用于动态镜像网络业务的方法和系统。 网络流量的镜像可以包括可被认为特别感兴趣的数据。 网络流量可以由镜像服务门户从称为镜像源的镜像服务器镜像到本地或远程通过各种网段（如私有和公共网络）的镜像接收器（称为镜像目的地），以及 互联网。 可以将网络流量镜像到不涉及正在镜像的网络通信中的位置。 本发明提供了用于动态镜像从镜像源到镜像目的地的网络流量中包含的数据的各种技术。

公开(公告)号：US20050278565A1

公开(公告)日：2005-12-15

申请号：US11075936

申请日：2005-03-08

申请人： David Frattura ,  Richard Graham ,  John Roese

发明人： David Frattura ,  Richard Graham ,  John Roese

IPC分类号： G06F11/00 ,  G06F21/00 ,  H04L12/26 ,  H04L29/06

CPC分类号： H04L63/0407 ,  G06F21/6263 ,  H04L63/0428 ,  H04L63/14 ,  H04L63/1441 ,  H04L63/16 ,  Y10S707/99955

摘要： Systems and methods are provided for preserving the privacy of data contained in mirrored network traffic. The mirrored network traffic may comprise data that may be considered confidential, privileged, private, or otherwise sensitive data. For example, the data payload of a frame of mirrored network traffic may include private Voice over IP (VoIP) communications between users on one or more networks. The present invention provides various techniques for securing the privacy of data contained in the mirrored network traffic. Using the techniques of the present invention, network traffic comprising confidential, privileged, private, or otherwise sensitive data may be mirrored in such a manner as to provide for the privacy of such data over at least a portion if not all of the mirrored communications between the mirror source point and the mirror destination point.

摘要翻译： 提供了系统和方法，用于保护镜像网络流量中包含的数据的隐私。 镜像网络流量可以包括可被认为是机密，特权，私有或其他敏感数据的数据。 例如，镜像网络业务帧的数据有效载荷可以包括在一个或多个网络上的用户之间的专用IP语音（VoIP）通信。 本发明提供了用于保护包含在镜像网络业务中的数据的隐私的各种技术。 使用本发明的技术，包括机密，特权，私有或其他敏感数据的网络业务可以以这样的方式被镜像，以便通过至少一部分（如果不是全部）的所有镜像通信提供这种数据的隐私， 镜像源点和镜像目标点。

公开(公告)号：US20060036730A1

公开(公告)日：2006-02-16

申请号：US11199552

申请日：2005-08-08

申请人： Richard Graham ,  John Roese

发明人： Richard Graham ,  John Roese

IPC分类号： G06F15/173

CPC分类号： H04L29/12009 ,  H04L29/12801 ,  H04L29/12839 ,  H04L61/6004 ,  H04L61/6022 ,  H04L63/20 ,  H04L67/025 ,  H04L67/125

摘要： A method, computer readable medium, and system for acquiring address block information for an attached function that initiates network access on a distributed computing network. Additional policy information in acquired concerning the attached function. One or more access policies are set based, at least in part, on the address block information and the additional policy information.

摘要翻译： 一种用于获取在分布式计算网络上发起网络访问的附加功能的地址块信息的方法，计算机可读介质和系统。 有关附加功能的附加政策信息。 至少部分地基于地址块信息和附加策略信息设置一个或多个访问策略。

公开(公告)号：US20060037075A1

公开(公告)日：2006-02-16

申请号：US11066622

申请日：2005-02-25

申请人： David Frattura ,  Richard Graham

发明人： David Frattura ,  Richard Graham

IPC分类号： G06F15/173 ,  G06F12/14

CPC分类号： H04L43/00 ,  H04L41/042 ,  H04L63/1416 ,  H04L63/1441

摘要： A method of dynamically launching a monitor includes monitoring network operations, occurring within a device network, to determine the occurrence of one or more trigger events. One or more event-specific monitor processes are dynamically deployed in response to the occurrence of the one or more trigger events.

摘要翻译： 动态启动监视器的方法包括监视在设备网络内发生的网络操作，以确定一个或多个触发事件的发生。 响应于一个或多个触发事件的发生而动态地部署一个或多个事件特定监视器进程。

公开(公告)号：US07581249B2

公开(公告)日：2009-08-25

申请号：US10713560

申请日：2003-11-14

申请人： Richard Bussiere ,  Mark Townsend ,  Steven Pettit ,  David Harrington ,  John Roese ,  Richard Graham

发明人： Richard Bussiere ,  Mark Townsend ,  Steven Pettit ,  David Harrington ,  John Roese ,  Richard Graham

IPC分类号： G06F11/00 ,  G06F21/00

CPC分类号： H04L63/1408 ,  H04L63/0236 ,  H04L63/20 ,  H04L2463/146

摘要： A system and method to respond to intrusions detected on a network system including attached functions and a network infrastructure. The system includes means for receiving from an intrusion detection function information about intrusions, a directory service function for gathering and reporting at least the physical and logical addresses of devices of the network infrastructure associated with the detected intrusions, and a plurality of distributed enforcement devices of the network infrastructure for enforcing policies responsive to the detected intrusions. A policy decision function evaluates the reported detected intrusions and makes a determination whether one or more policy changes are required on the enforcement devices in response to a detected intrusion. A policy manager function configures the distributed enforcement devices with the responsive changed policy or policies. Policy changes rules can vary from no change to complete port blocking on one or more identified enforcement devices associated with the detected intrusion, to redirecting the associated traffic including the intrusion and these policies may be modified or removed over time as warranted by network operation.

摘要翻译： 一种用于响应在包括附加功能和网络基础设施的网络系统上检测到的入侵的系统和方法。 该系统包括用于从入侵检测功能接收关于入侵的信息的装置，用于收集和报告至少与检测到的入侵相关联的网络基础设施的物理和逻辑地址的目录服务功能的装置，以及多个分布式执行装置 用于执行响应于检测到的入侵的策略的网络基础设施。 策略决策功能评估报告的检测到的入侵，并且确定是否需要在执行设备上响应于检测到的入侵而需要进行一个或多个策略改变。 策略管理器功能使用响应更改的策略或策略配置分布式强制实施设备。 策略更改规则可以在与检测到的入侵相关联的一个或多个识别的强制设备上的完全端口阻塞之间变化到完全端口阻塞，重定向包括入侵的相关联的流量，并且这些策略可以随着网络操作的保证而被修改或删除。

公开(公告)号：US20060120671A1

公开(公告)日：2006-06-08

申请号：US11269152

申请日：2005-11-08

申请人： Richard Graham ,  John Roese

发明人： Richard Graham ,  John Roese

IPC分类号： G02B6/36

CPC分类号： G02B6/3895 ,  G02B6/3817 ,  G02B6/3827 ,  G02B6/3845 ,  G02B6/3894

摘要： A connector assembly, configured to releasably couple a socket assembly, includes zero or more data conductors. An optical pathway is configured to: receive an optical signal from an optical light source positioned within the socket assembly; and provide at least a portion of the optical signal to an optical light target positioned within the socket assembly.

公开(公告)号：US07945945B2

公开(公告)日：2011-05-17

申请号：US11199552

申请日：2005-08-08

申请人： Richard Graham ,  John Roese

发明人： Richard Graham ,  John Roese

IPC分类号： H04L9/32 ,  H04L9/00 ,  G06F7/04

CPC分类号： H04L29/12009 ,  H04L29/12801 ,  H04L29/12839 ,  H04L61/6004 ,  H04L61/6022 ,  H04L63/20 ,  H04L67/025 ,  H04L67/125

摘要： A method, computer readable medium, and system for acquiring address block information for an attached function that initiates network access on a distributed computing network. Additional policy information in acquired concerning the attached function. One or more access policies are set based, at least in part, on the address block information and the additional policy information.

摘要翻译： 一种用于获取在分布式计算网络上发起网络访问的附加功能的地址块信息的方法，计算机可读介质和系统。 有关附加功能的附加政策信息。 至少部分地基于地址块信息和附加策略信息设置一个或多个访问策略。

公开(公告)号：US07936770B1

公开(公告)日：2011-05-03

申请号：US11371990

申请日：2006-03-08

申请人： David E. Frattura ,  Richard Graham ,  John Roese

发明人： David E. Frattura ,  Richard Graham ,  John Roese

IPC分类号： H04L21/28

CPC分类号： H04L47/6215 ,  H04L49/90

摘要： A method and apparatus are provided that allows for the representation of a larger number of classes of network traffic and logical queues than is physically available on a per port basis within a network device. A number of logical queues, whose number can match the number of classes of network traffic a network device handles, may be supported across an aggregated set of ports even though the network device has fewer physical queues per port than there are classes of network traffic. The method and apparatus improve the management of network traffic sensitive to time delay and jitter, and further facilitates the operation of these applications in a simultaneous or near simultaneous manner.

摘要翻译： 提供了一种方法和装置，其允许比在网络设备内每个端口的物理上可用的更多数量的网络流量和逻辑队列的表示。 即使网络设备每个端口的物理队列数少于网络流量类别，也可以跨越一组聚合端口来支持多个逻辑队列，其数量可以匹配网络设备处理的网络流量的数量。 该方法和装置改善对时间延迟和抖动敏感的网络业务的管理，并且进一步促进了这些应用以同时或接近同时的方式的操作。

公开(公告)号：US20060048142A1

公开(公告)日：2006-03-02

申请号：US10932824

申请日：2004-09-02

申请人： John Roese ,  Richard Graham ,  David Harrington ,  James Richmond

发明人： John Roese ,  Richard Graham ,  David Harrington ,  James Richmond

IPC分类号： G06F9/445

CPC分类号： H04L41/0893 ,  H04L63/1416 ,  H04L63/20

摘要： A system and method for rapidly responding to triggering events or activities in a network system. The system includes a policy enforcement function, a policy manager function, and one or more network devices of the network system. The policy enforcement function includes one or more installed policy sets and/or policy enforcement rule sets suitably responsive to triggering events or activities. Upon detection of a trigger, the policy manager function analyzes the trigger and selects one or more appropriate policy sets and/or policy enforcement rule sets deemed to be responsive to the trigger. Each set has a unique rapid response identifier. The policy manager function signals for implementation of the one or more policy and/or rule sets, based on one or more rapid response identifiers, which are enforced through the policy enforcement function. The policy enforcement function may be a part of one or more of the one or more network infrastructure devices for implementing the policy change. The system and method enable rapid response to a detected trigger (which might be a manual input) by pre-installing responsive policy and/or rule sets first and then generating and transmitting the unique rapid response identifier(s) corresponding to one or more selected policy and/or rule sets for implementation. That is, the network device is already configured with a response through the pre-installed policy and/or rule sets. Responses may be implemented and/or removed gradually, and different network devices may be instructed to implement different policies in response to the same trigger and the same policy may be implemented with different policy enforcement rules on different devices, ports, or interfaces.

摘要翻译： 一种用于在网络系统中快速响应触发事件或活动的系统和方法。 系统包括策略执行功能，策略管理器功能以及网络系统的一个或多个网络设备。 策略执行功能包括适合于触发事件或活动的一个或多个安装的策略集和/或策略强制规则集。 在检测到触发器时，策略管理器功能分析触发器并且选择被认为对触发器响应的一个或多个适当的策略集和/或策略执行规则集。 每组具有独特的快速响应标识符。 策略管理器功能基于通过策略执行功能强制执行的一个或多个快速响应标识符发出信号，用于实现一个或多个策略和/或规则集。 策略实施功能可以是用于实现策略改变的一个或多个网络基础设施设备中的一个或多个的一部分。 该系统和方法能够通过首先预先安排响应策略和/或规则集，然后生成和发送对应于一个或多个所选择的唯一快速响应标识符来实现对检测到的触发（其可能是手动输入）的快速响应 政策和/或规则实施。 也就是说，网络设备已经通过预先安装的策略和/或规则集配置了响应。 可以逐渐实现和/或删除响应，并且可以指示不同的网络设备响应于相同的触发来实现不同的策略，并且可以在不同的设备，端口或接口上使用不同的策略执行规则来实现相同的策略。