-
公开(公告)号:US07681229B1
公开(公告)日:2010-03-16
申请号:US10873977
申请日:2004-06-22
CPC分类号: H04L63/0281 , H04L63/08
摘要: Techniques are provided for proxy authentication. A proxy includes a first port, a second port, and a secure port; each port processing a different service. Requests received on the first and second ports which require authentication are redirected to the secure port. The secure port processes an authentication router service. The authentication router service forwards requests for authentication to selective authentication services. The authentication services authenticate the requests over the secure port.
摘要翻译: 提供技术用于代理身份验证。 代理包括第一端口,第二端口和安全端口; 每个端口处理不同的服务。 在需要认证的第一和第二端口上接收到的请求被重定向到安全端口。 安全端口处理认证路由器服务。 认证路由器服务将认证请求转发给选择性认证服务。 认证服务通过安全端口认证请求。
-
2.发明授权公开(公告)号:US09514459B1
公开(公告)日:2016-12-06
申请号:US09809501
申请日:2001-03-15
IPC分类号: G06Q20/38
CPC分类号: G06Q20/383 , G06F21/335 , H04L63/00
摘要: A forward proxy can perform identity substitutions and related services. The user provides the forward proxy with identity information, and the forward proxy presents itself to remote Internet sites on behalf of the user in the guize of the specified identity. From the remote site's point of view, the forward proxy is the machine being used by the user; the identity of the actual user machine can be hidden. Cookies are thus stored and updated at the forward proxy instead of being stored and updated at the user computer as they would be if a conventional forward proxy had been used. This helps preserve user privacy. The use of group identities, which are shared by multiple users, are also facilitated.
摘要翻译: 转发代理可以执行身份替换和相关服务。 用户向转发代理提供身份信息,并且转发代理以指定身份的形式代表用户呈现给远程互联网站点。 从远程站点的角度来看,转发代理是用户使用的机器; 可以隐藏实际用户机器的身份。 因此,Cookie将在前向代理中进行存储和更新,而不是在用户计算机上进行存储和更新,因为如果使用了传统的转发代理,那么它们将被使用。 这有助于保护用户隐私。 使用由多个用户共享的组身份也是便利的。
-
公开(公告)号:US07376134B2
公开(公告)日:2008-05-20
申请号:US10909633
申请日:2004-08-02
IPC分类号: H04L12/56
CPC分类号: H04L69/16 , H04L29/06755 , H04L45/306 , H04L45/34 , H04L63/0272 , H04L63/0823 , H04L65/40
摘要: Techniques are provided for establishing privileged paths for data packets over a network. A data packet is received with a header; the header includes a route selector. The route selector assists in resolving a privileged path for the data packet. The data packet is injected into the network over the resolved privileged path.
摘要翻译: 提供了用于通过网络为数据分组建立特权路径的技术。 一个头部接收到一个数据包; 标题包括路由选择器。 路由选择器有助于解析数据包的特权路径。 数据包通过已解决的特权路径注入网络。
-
公开(公告)号:US07353537B2
公开(公告)日:2008-04-01
申请号:US10813990
申请日:2004-03-31
IPC分类号: H04L29/00
CPC分类号: H04L63/0218 , H04L12/4641 , H04L63/0272 , H04L63/0281 , H04L63/0407 , H04L63/0414 , H04L63/0428 , H04L63/0823 , H04L63/166
摘要: Techniques are provided for managing communications associated with Virtual Private Networks (VPNs). One or more local clients who attempt to communicate with one or more remote clients via a VPN are serviced by local and remote transparent VPN services. The services intercept VPN communications and, in some embodiments, satisfy the communications via local cache. In instances where the VPN communications cannot be satisfied from the cache, the services translate the intercepted communications and securely communicate with one another for purposes of interfacing the local clients with the remote clients via the VPN.
摘要翻译: 提供技术来管理与虚拟专用网(VPN)相关联的通信。 尝试通过VPN与一个或多个远程客户端通信的一个或多个本地客户端由本地和远程透明VPN服务提供服务。 该服务拦截VPN通信,并且在一些实施例中,通过本地高速缓存来满足通信。 在VPN通信无法从缓存中得到满足的情况下,服务会转换所拦截的通信,并相互安全地通信,以便通过VPN将本地客户端与远程客户端连接。
-
公开(公告)号:US08060926B1
公开(公告)日:2011-11-15
申请号:US10784440
申请日:2004-02-23
CPC分类号: H04L63/162 , H04L63/02 , H04L63/0807 , H04L63/0884
摘要: Techniques are provided for securely managing and accelerating the delivery of data associated with remote sites. A client desires to establish secure communications with a remote site. Requests made from the client to the remote site are intercepted or forwarded to a proxy, which locates a local managing service associated with handling the requests. The local managing service acts as an intermediary between the client and the remote site and communicates securely with the client. Data associated with the client's requests is at least partially cached by the local managing service for purposes of accelerating the delivery of that data to the client.
摘要翻译: 提供了技术来安全地管理和加速与远程站点相关联的数据的传送。 客户端希望与远程站点建立安全通信。 从客户端到远程站点的请求被拦截或转发到代理,该代理定位与处理请求相关联的本地管理服务。 本地管理服务作为客户端和远程站点之间的中介,并与客户端进行安全通信。 与客户端请求相关联的数据至少部分地由本地管理服务缓存,目的是加速将该数据传送到客户端。
-
公开(公告)号:US07904951B1
公开(公告)日:2011-03-08
申请号:US10814983
申请日:2004-03-31
IPC分类号: H04L9/00
CPC分类号: H04L63/0823 , H04L63/0884 , H04L67/2842
摘要: Techniques are provided for securely accelerating external domains locally. Secure client requests directed to an external domain are forwarded to a local domain accelerator. The local domain accelerator communicates securely with the client as if it were the external domain. The local domain accelerator communicates securely with the external domain and acquires data to service the client requests within a local cache. The data is vended from the local cache via secure communications made to the client.
摘要翻译: 提供了用于在本地安全加速外部域的技术。 将定向到外部域的客户端请求的安全性转发到本地域加速器。 本地域加速器与客户端安全地通信,就像它是外部域一样。 本地域加速器与外部域安全地通信,并获取数据以服务本地缓存中的客户端请求。 数据通过对客户端的安全通信从本地缓存中获取。
-
7.发明授权Brokering state information and identity among user agents, origin servers, and proxies 有权在用户代理,源服务器和代理之间介绍状态信息和身份公开(公告)号:US08850017B2
公开(公告)日:2014-09-30
申请号:US13118185
申请日:2011-05-27
IPC分类号: G06F15/173 , H04L29/08 , H04L29/06
CPC分类号: H04L67/2814 , H04L63/102 , H04L67/02 , H04L67/2819
摘要: Methods, signals, devices, and systems are provided for using proxy servers to transparently forward messages between clients and origin servers if, and only if, doing so does not violate network policies. In some systems, a transparent proxy uses a combination of standard-format HTTP commands, embedding auxiliary information in URLs and other tools and techniques to redirect an initial client request to one or more policy modules, such as a login server or an identity broker or an access control server. The policy module authenticates the request, and uses HTTP redirection to have the client transmit authorization data to the proxy. The proxy extracts the authorization data, directs the client to use a corresponding cookie, and subsequently provides the implicitly requested proxy services to the client in response to the client's subsequently providing the authorization data in a cookie. This is accomplished without requiring installation of any invention-specific software or hardware on either the client or the origin server, and also works with proxy servers that are known to the client. Unless the client request violates network policy, a person using the client will generally perceive no reduction of services, and will instead benefit from the proxy's caching and/or other performance enhancements.
摘要翻译: 提供了方法,信号,设备和系统,以使用代理服务器在客户端和源服务器之间透明地转发消息,如果并且仅当这样做不违反网络策略。 在某些系统中,透明代理使用标准格式HTTP命令的组合,在URL中嵌入辅助信息以及其他工具和技术来将初始客户端请求重定向到一个或多个策略模块,例如登录服务器或身份代理或 访问控制服务器。 策略模块认证请求,并使用HTTP重定向让客户端向代理发送授权数据。 代理提取授权数据,指示客户端使用相应的cookie,随后响应客户端随后在cookie中提供授权数据,向客户端提供隐式请求的代理服务。 这是完成的,而不需要在客户端或原始服务器上安装任何发明专用的软件或硬件,并且还与客户端已知的代理服务器一起使用。 除非客户端请求违反了网络策略,否则使用客户端的用户一般不会看到服务的减少,而是从代理的缓存和/或其他性能增强中受益。
-
8.发明授权Techniques for preserving content during a redirection for authentication 有权用于在重定向期间保留内容以进行身份验证的技术公开(公告)号:US07334257B1
公开(公告)日:2008-02-19
申请号:US10698303
申请日:2003-10-31
申请人: Hashem Mohammad Ebrahimi , Baber Amin , Stephen R Carter , Scott William Pathakis , Robert Skousen Stilmar
发明人: Hashem Mohammad Ebrahimi , Baber Amin , Stephen R Carter , Scott William Pathakis , Robert Skousen Stilmar
CPC分类号: H04L67/2814 , H04L63/08
摘要: Techniques are provided for preserving content during a network transaction. A client issues a content-bearing request to a desired service. At the time the request is issued, the client is not authenticated to the service. The content associated with the content-bearing request is preserved and associated with a modified request. The modified request and a redirection to an authentication service are sent to the client. The client authenticates and transparently sends the modified request. The modified request is used for reacquiring the content. The content-bearing request along with the content are sent to the desired service for processing.
摘要翻译: 提供了在网络交易期间保留内容的技术。 客户端向所需服务发出内容请求。 在发出请求时,客户端不会对服务进行身份验证。 与承载请求相关联的内容被保留并与修改的请求相关联。 修改的请求和重定向到认证服务被发送到客户端。 客户端认证并透明地发送修改后的请求。 修改后的请求用于重新获取内容。 内容请求与内容一起发送到所需的服务进行处理。
-
9.发明申请BROKERING STATE INFORMATION AND IDENTITY AMONG USER AGENTS, ORIGIN SERVERS, AND PROXIES 有权用户代理商,原始服务器和代理商的经纪信息和身份公开(公告)号:US20110231555A1
公开(公告)日:2011-09-22
申请号:US13118185
申请日:2011-05-27
IPC分类号: G06F15/173
CPC分类号: H04L67/2814 , H04L63/102 , H04L67/02 , H04L67/2819
摘要: Methods, signals, devices, and systems are provided for using proxy servers to transparently forward messages between clients and origin servers if, and only if, doing so does not violate network policies. In some systems, a transparent proxy uses a combination of standard-format HTTP commands, embedding auxiliary information in URLs and other tools and techniques to redirect an initial client request to one or more policy modules, such as a login server or an identity broker or an access control server. The policy module authenticates the request, and uses HTTP redirection to have the client transmit authorization data to the proxy. The proxy extracts the authorization data, directs the client to use a corresponding cookie, and subsequently provides the implicitly requested proxy services to the client in response to the client's subsequently providing the authorization data in a cookie. This is accomplished without requiring installation of any invention-specific software or hardware on either the client or the origin server, and also works with proxy servers that are known to the client. Unless the client request violates network policy, a person using the client will generally perceive no reduction of services, and will instead benefit from the proxy's caching and/or other performance enhancements.
摘要翻译: 提供了方法,信号,设备和系统,以使用代理服务器在客户端和源服务器之间透明地转发消息,如果并且仅当这样做不违反网络策略。 在某些系统中,透明代理使用标准格式HTTP命令的组合,在URL中嵌入辅助信息以及其他工具和技术来将初始客户端请求重定向到一个或多个策略模块,例如登录服务器或身份代理或 访问控制服务器。 策略模块认证请求,并使用HTTP重定向让客户端向代理发送授权数据。 代理提取授权数据,指示客户端使用相应的cookie,随后响应客户端随后在cookie中提供授权数据,向客户端提供隐式请求的代理服务。 这是完成的,而不需要在客户端或原始服务器上安装任何发明专用的软件或硬件,并且还与客户端已知的代理服务器一起使用。 除非客户端请求违反了网络策略,否则使用客户端的用户一般不会看到服务的减少,而是从代理的缓存和/或其他性能增强中受益。
-
10.发明授权Computer network having a security layer interface independent of the application transport mechanism 有权具有独立于应用传输机制的安全层接口的计算机网络公开(公告)号:US07502922B1
公开(公告)日:2009-03-10
申请号:US09620176
申请日:2000-07-20
IPC分类号: G06F21/00
CPC分类号: H04L63/166 , H04L63/0428
摘要: An architecture for secure network communications includes a security layer sandwiched between an upper connection layer and a lower connection layer. An application program need not deal directly with the details of security handshakes, encryption, and decryption. Instead, the application sends plain text data to the upper connection layer, which passes it to the security layer. The security layer manages the necessary security handshakes, and encrypts the data. The security layer then passes the encrypted application data to the lower connection layer, which transports it using TCP or another transport protocol. The security layer need not manage the transport protocol, as this is done by the connection layers. Encrypted data received over the network at the lower connection layer is passed to the security layer for decryption, and then to the upper connection layer for transport to the application.
摘要翻译: 用于安全网络通信的架构包括夹在上连接层和下连接层之间的安全层。 应用程序不需要直接处理安全握手,加密和解密的细节。 相反,应用程序将明文数据发送到上层连接层,将其传递给安全层。 安全层管理必要的安全握手,并加密数据。 然后,安全层将加密的应用数据传递到下层连接层,下层连接层使用TCP或其他传输协议传输。 安全层不需要管理传输协议,因为这是由连接层完成的。 在下连接层通过网络接收的加密数据被传递到安全层进行解密,然后传递到上连接层以传输到应用。
-
-
-
-
-
-
-
-
-
搜索结果
12 条记录 (耗时 0.022 秒)
