公开(公告)号：US20070256122A1

公开(公告)日：2007-11-01

申请号：US11414540

申请日：2006-04-28

申请人： Ian Foo ,  Jeremy Stieglitz ,  Arthur Zavalkovsky ,  Jeevan Patil ,  Partha Bhattacharya ,  Jason Frazier ,  Ellis Dobbins

发明人： Ian Foo ,  Jeremy Stieglitz ,  Arthur Zavalkovsky ,  Jeevan Patil ,  Partha Bhattacharya ,  Jason Frazier ,  Ellis Dobbins

IPC分类号： H04L9/32 ,  G06K9/00 ,  G06F17/30 ,  G06F15/16 ,  G06F7/04 ,  G06F7/58 ,  G06K19/00

CPC分类号： H04L63/1433 ,  H04L63/08 ,  H04L63/1408

摘要： A method and system is disclosed for creating and tracking network sessions. A request to access a network is received from an entity. The entity is authenticated after the request is received. Authenticated identity information associated with the entity, network address information associated with the entity, and network location information associated with the entity is collected. An information set is created. The information set comprises and binds together the authenticated identity information, the network address information, and the network location information. The information set indicates a present association among the authenticated identity information, the network address information, and the network location information. The information set is stored in a session record in a centralized database. The session record represents a session in which the entity accesses the network. The session record is one of a plurality of session records that are stored in the centralized database. The plurality of session records is used by a data processing system to perform real-time diagnostics of the network.

摘要翻译： 公开了用于创建和跟踪网络会话的方法和系统。 从实体接收到访问网络的请求。 接收到请求后，实体进行身份验证。 与实体相关联的认证身份信息，与该实体相关联的网络地址信息以及与该实体相关联的网络位置信息被收集。 创建一个信息集。 信息集合包括并且将已认证的身份信息，网络地址信息和网络位置信息结合在一起。 信息集表示认证身份信息，网络地址信息和网络位置信息之间的当前关联。 信息集存储在集中式数据库中的会话记录中。 会话记录表示实体访问网络的会话。 会话记录是存储在集中式数据库中的多个会话记录之一。 数据处理系统使用多个会话记录来执行网络的实时诊断。

公开(公告)号：US07930734B2

公开(公告)日：2011-04-19

申请号：US11414540

申请日：2006-04-28

申请人： Ian Foo ,  Jeremy Stieglitz ,  Arthur Zavalkovsky ,  Jeevan S. Patil ,  Partha Bhattacharya ,  Jason Frazier ,  Ellis Roland Dobbins

发明人： Ian Foo ,  Jeremy Stieglitz ,  Arthur Zavalkovsky ,  Jeevan S. Patil ,  Partha Bhattacharya ,  Jason Frazier ,  Ellis Roland Dobbins

IPC分类号： H04L9/32 ,  G06K9/00

CPC分类号： H04L63/1433 ,  H04L63/08 ,  H04L63/1408

摘要： A method and system is disclosed for creating and tracking network sessions. A request to access a network is received from an entity. The entity is authenticated after the request is received. Authenticated identity information associated with the entity, network address information associated with the entity, and network location information associated with the entity is collected. An information set is created. The information set comprises and binds together the authenticated identity information, the network address information, and the network location information. The information set indicates a present association among the authenticated identity information, the network address information, and the network location information. The information set is stored in a session record in a centralized database. The session record represents a session in which the entity accesses the network. The session record is one of a plurality of session records that are stored in the centralized database. The plurality of session records is used by a data processing system to perform real-time diagnostics of the network.

摘要翻译： 公开了用于创建和跟踪网络会话的方法和系统。 从实体接收到访问网络的请求。 接收到请求后，实体进行身份验证。 与实体相关联的认证身份信息，与该实体相关联的网络地址信息以及与该实体相关联的网络位置信息被收集。 创建一个信息集。 信息集合包括并且将已认证的身份信息，网络地址信息和网络位置信息结合在一起。 信息集表示认证身份信息，网络地址信息和网络位置信息之间的当前关联。 信息集存储在集中式数据库中的会话记录中。 会话记录表示实体访问网络的会话。 会话记录是存储在集中式数据库中的多个会话记录之一。 数据处理系统使用多个会话记录来执行网络的实时诊断。

公开(公告)号：US07788720B2

公开(公告)日：2010-08-31

申请号：US11435123

申请日：2006-05-16

申请人： Jeevan Patil ,  Jeremy E. Stieglitz ,  Shripati Acharya ,  Ian Foo

发明人： Jeevan Patil ,  Jeremy E. Stieglitz ,  Shripati Acharya ,  Ian Foo

IPC分类号： G06F21/00 ,  G06F11/30 ,  G06F15/16

CPC分类号： H04L63/10 ,  G06F21/554 ,  H04L63/1416 ,  H04L63/1441 ,  H04W12/12 ,  H04W48/02 ,  H04W88/08

摘要： Techniques for security protection of a wireless network are provided. An access point is operated in a first mode. The first mode is a mode of operation that allows access to resources of a network. A security event for a client is detected while operating the access point in the first mode. Then, the access point is changed from the first mode of operation to a second mode of operation. The second mode is a restricted mode of operation that restricts access to resources of the network. Analysis may then be performed to determine if the client is an unauthorized client or valid client.

摘要翻译： 提供了用于无线网络的安全保护的技术。 接入点在第一模式下操作。 第一种模式是允许访问网络资源的操作模式。 在第一模式下操作接入点时检测到客户端的安全事件。 然后，将接入点从第一操作模式改变为第二操作模式。 第二种模式是限制对网络资源的访问的限制操作模式。 然后可以执行分析以确定客户端是未经授权的客户端还是有效的客户端。

公开(公告)号：US20070271457A1

公开(公告)日：2007-11-22

申请号：US11435123

申请日：2006-05-16

申请人： Jeevan Patil ,  Jeremy E. Stieglitz ,  Shripati Acharya ,  Ian Foo

发明人： Jeevan Patil ,  Jeremy E. Stieglitz ,  Shripati Acharya ,  Ian Foo

IPC分类号： H04L9/00

CPC分类号： H04L63/10 ,  G06F21/554 ,  H04L63/1416 ,  H04L63/1441 ,  H04W12/12 ,  H04W48/02 ,  H04W88/08

摘要： Techniques for security protection of a wireless network are provided. An access point is operated in a first mode. The first mode is a mode of operation that allows access to resources of a network. A security event for a client is detected while operating the access point in the first mode. Then, the access point is changed from the first mode of operation to a second mode of operation. The second mode is a restricted mode of operation that restricts access to resources of the network. Analysis may then be performed to determine if the client is an unauthorized client or valid client.

摘要翻译： 提供了用于无线网络的安全保护的技术。 接入点在第一模式下操作。 第一种模式是允许访问网络资源的操作模式。 在第一模式下操作接入点时检测到客户端的安全事件。 然后，将接入点从第一操作模式改变为第二操作模式。 第二种模式是限制对网络资源的访问的限制操作模式。 然后可以执行分析以确定客户端是未经授权的客户端还是有效的客户端。

公开(公告)号：US20070195742A1

公开(公告)日：2007-08-23

申请号：US11359753

申请日：2006-02-21

申请人： William Erdman ,  Jeremy Stieglitz ,  Patrick Gilbreath ,  Ian Foo

发明人： William Erdman ,  Jeremy Stieglitz ,  Patrick Gilbreath ,  Ian Foo

IPC分类号： H04Q7/24

CPC分类号： H04W28/24 ,  H04L47/10 ,  H04L47/14 ,  H04L47/2433 ,  H04L47/2466 ,  H04L65/80 ,  H04W4/16 ,  H04W72/1242 ,  H04W84/12 ,  H04W88/08

摘要： A system and method for selectively controlling traffic in a network to improve network performance. The system includes a network controller that includes a first control-traffic prioritizer. An Access Point (AP) includes a second control-traffic prioritizer and communicates with the network controller. One or more clients communicate with the AP. The communications behavior of the client is affected by operations of the first control-traffic prioritizer and the second control-traffic prioritizer.

摘要翻译： 一种用于选择性地控制网络中的业务以提高网络性能的系统和方法。 该系统包括包括第一控制流量优先级的网络控制器。 接入点（AP）包括第二控制业务优先级并与网络控制器进行通信。 一个或多个客户端与AP通信。 客户端的通信行为受到第一控制流量优先级和第二控制流量优先级的操作的影响。

公开(公告)号：US20070112930A1

公开(公告)日：2007-05-17

申请号：US11280556

申请日：2005-11-15

申请人： Ian Foo ,  Jeremy Stieglitz ,  Frederick Baker

发明人： Ian Foo ,  Jeremy Stieglitz ,  Frederick Baker

IPC分类号： G06F15/167

CPC分类号： H04L51/08

摘要： A method, a system, a machine-readable medium, and an apparatus for managing storage on a shared storage space, for example, on an email server, are provided. A plurality of emails is compared. If the content of each of the plurality of emails is the same, then a single copy is stored on the email server. Further, each recipient of the plurality of emails is enabled access to the stored email via a link to the single copy. Additionally, one or more attachments of the plurality of emails are compared. If an attachment is the same in each of the plurality of emails, then it is stored as a single copy. Further, a link is inserted in each of the plurality of emails, enabling access to the attachment from the single copy.

摘要翻译： 提供了一种方法，系统，机器可读介质和用于管理例如在电子邮件服务器上的共享存储空间上的存储的装置。 比较多个电子邮件。 如果多个电子邮件中的每一个的内容相同，则在电子邮件服务器上存储单个副本。 此外，多个电子邮件的每个接收者能够经由到单个副本的链接访问存储的电子邮件。 此外，比较多个电子邮件中的一个或多个附件。 如果附件在多个电子邮件的每一个中是相同的，则它被存储为单个副本。 此外，在多个电子邮件的每一个中插入链接，使得能够从单个副本访问附件。

公开(公告)号：US08483191B2

公开(公告)日：2013-07-09

申请号：US11359753

申请日：2006-02-21

申请人： William D. Erdman ,  Jeremy Stieglitz ,  Patrick Che' Gilbreath ,  Ian Foo

发明人： William D. Erdman ,  Jeremy Stieglitz ,  Patrick Che' Gilbreath ,  Ian Foo

IPC分类号： H04W4/00

CPC分类号： H04W28/24 ,  H04L47/10 ,  H04L47/14 ,  H04L47/2433 ,  H04L47/2466 ,  H04L65/80 ,  H04W4/16 ,  H04W72/1242 ,  H04W84/12 ,  H04W88/08

摘要： A system and method for selectively controlling traffic in a network to improve network performance. The system includes a network controller that includes a first control-traffic prioritizer. An Access Point (AP) includes a second control-traffic prioritizer and communicates with the network controller. One or more clients communicate with the AP. The communications behavior of the client is affected by operations of the first control-traffic prioritizer and the second control-traffic prioritizer.

摘要翻译： 一种用于选择性地控制网络中的业务以提高网络性能的系统和方法。 该系统包括包括第一控制流量优先级的网络控制器。 接入点（AP）包括第二控制业务优先级并与网络控制器进行通信。 一个或多个客户端与AP通信。 客户端的通信行为受到第一控制流量优先级和第二控制流量优先级的操作的影响。

公开(公告)号：US20060028996A1

公开(公告)日：2006-02-09

申请号：US10913363

申请日：2004-08-09

申请人： Craig Huegen ,  Ellis Dobbins ,  Ian Foo ,  Robert Gleichauf

发明人： Craig Huegen ,  Ellis Dobbins ,  Ian Foo ,  Robert Gleichauf

IPC分类号： H04L9/32 ,  H04J1/16

CPC分类号： H04L63/126 ,  H04L63/08 ,  H04L63/1466 ,  H04L63/162 ,  H04L2463/146

摘要： Link layer authentication information is supplied by a link layer authentication device to an access router for tracking IP address usage by a client device. The authentication information supplied to the access router includes an authenticated client identifier and a corresponding authenticated link identifier for the client device that attached to the network based on the authenticated link identifier. The access router, in response to receiving a message that specifies the authenticated link identifier and a source IP address, adds the source IP address to a cache entry that specifies the authenticated client identifier and the corresponding authenticated link identifier, and outputs to an audit resource a record that specifies the source IP address and the authenticated link identifier.

摘要翻译： 链路层认证信息由链路层认证装置提供给接入路由器，用于跟踪客户端设备的IP地址使用情况。 提供给接入路由器的认证信息包括经认证的客户端标识符和用于基于经认证的链路标识符附接到网络的客户端设备的相应的认证链路标识符。 接入路由器响应于接收到指定认证链路标识符和源IP地址的消息，将源IP地址添加到指定认证客户端标识符和对应的认证链路标识符的高速缓存条目，并将其输出到审计资源 指定源IP地址和经过身份验证的链路标识符的记录。

公开(公告)号：US20060209705A1

公开(公告)日：2006-09-21

申请号：US11083434

申请日：2005-03-17

申请人： Susan Sauter ,  Jason Frazier ,  Ian Foo ,  Gregory Moore ,  Troy Sherman

发明人： Susan Sauter ,  Jason Frazier ,  Ian Foo ,  Gregory Moore ,  Troy Sherman

IPC分类号： H04J1/16 ,  H04L12/66

CPC分类号： H04L63/08

摘要： According to one embodiment, a method for removing authentication of a supplicant includes monitoring communication between the supplicant and an authenticator. The method also includes determining, based on the monitored communication, the MAC address for the supplicant and an attachment port of the supplicant to the intermediate network device disposed between the supplicant and the authenticator through which the monitored communication occurs. The method also includes determining that the supplicant no longer has a link connection with the intermediate network device, and in response, sending via the intermediate network device a logoff message having a spoofed source address of the supplicant to the authenticator.

摘要翻译： 根据一个实施例，一种用于去除请求方的认证的方法包括监视请求方与认证者之间的通信。 该方法还包括基于所监视的通信，将被请求者的MAC地址和请求者的附加端口确定到被设置在请求方与认证者之间的中间网络设备，通过该认证方发送被监控的通信。 该方法还包括确定请求者不再具有与中间网络设备的链路连接，并且作为响应，通过中间网络设备向认证者发送具有请求者的欺骗源地址的注销消息。

公开(公告)号：US07447166B1

公开(公告)日：2008-11-04

申请号：US10979536

申请日：2004-11-02

申请人： Shyamasundar S. Kaluve ,  Ian Foo ,  Shyam Murthy ,  Ramesh Ponnapalli ,  Rajasekhar Manam

发明人： Shyamasundar S. Kaluve ,  Ian Foo ,  Shyam Murthy ,  Ramesh Ponnapalli ,  Rajasekhar Manam

IPC分类号： H04L12/26

CPC分类号： H04L12/66

摘要： A technique optimizes the distribution of authenticated users among a plurality of broadcast domains, such as virtual local area networks (VLAN). Users are dynamically assigned to different broadcast domains based on various factors, including but not limited to the number of authenticated users already participating in each broadcast domain, the available bandwidth in each broadcast domain, user classes associated with users participating in each broadcast domain, etc. Based on one or more of these factors, authenticated users are optimally distributed (“load balanced”) among the plurality of broadcast domains, thereby reducing the amount of broadcast traffic and configuration within each domain.

摘要翻译： 一种技术优化了多个广播域（如虚拟局域网（VLAN））中的已认证用户的分布。 用户根据各种因素动态分配到不同的广播域，包括但不限于已经参与每个广播域的已认证用户的数量，每个广播域中的可用带宽，与参与每个广播域的用户相关联的用户类等 基于这些因素中的一个或多个，多个广播域中的经过认证的用户被最优地分布（“负载平衡”），从而减少每个域内的广播流量和配置的数量。