公开(公告)号：US07646725B1

公开(公告)日：2010-01-12

申请号：US11010741

申请日：2004-12-13

申请人： Martin Soukup ,  Stephen Gaito ,  Sergio Fiszman

发明人： Martin Soukup ,  Stephen Gaito ,  Sergio Fiszman

IPC分类号： H04L12/26

CPC分类号： H04L41/5035 ,  H04L41/0654 ,  H04L41/5003 ,  H04L41/5009

摘要： Performance of applications such as service capabilities in a container for providing a multimedia service is monitored. Performance monitoring indicates how well the applications are functioning in terms of predefined metrics and also whether the applications are functioning at all. Responses are prompted if performance monitoring indicates that an application is performing below a predefined level or failing to perform entirely. For example, a hung application may be restarted and other applications may alter their manner of function. This allows complex recovery logic through combinations of simple rules.

摘要翻译： 监视诸如用于提供多媒体服务的容器中的服务能力等应用的性能。 性能监视表明应用程序在预定义度量方面的运行情况以及应用程序是否正常运行。 如果性能监视表明应用程序正在低于预定义级别执行或无法完全执行，则会提示响应。 例如，可以重新启动挂起的应用程序，并且其他应用程序可能改变其功能的方式。 这可以通过简单规则的组合来实现复杂的恢复逻辑。

公开(公告)号：US08862570B1

公开(公告)日：2014-10-14

申请号：US10944565

申请日：2004-09-17

申请人： Sergio Fiszman ,  Laurence Beaulleu ,  Paul Ensing ,  Pierre Fournier ,  Elizabeth Goldrich ,  Kevin Howe-Patterson ,  Michael Leeder ,  David Price ,  Chris Ryerson ,  Richard Taylor

发明人： Sergio Fiszman ,  Laurence Beaulleu ,  Paul Ensing ,  Pierre Fournier ,  Elizabeth Goldrich ,  Kevin Howe-Patterson ,  Michael Leeder ,  David Price ,  Chris Ryerson ,  Richard Taylor

IPC分类号： G06F7/00

CPC分类号： H04L47/82 ,  G06F17/30017 ,  G06F17/30557 ,  G06F17/30867 ,  G06F17/30964 ,  H04L41/0273 ,  H04L41/5003 ,  H04L43/08 ,  H04W4/60

摘要： An architecture which permits externalized management of services includes a number of management service capability (MSC) definitions. Each operator may associate a management service capability with a Service/Service Capability for managing various aspects of the Service/Service Capability. An interface enables a variety of different management systems to utilize a common MSC structure, independent of the information models, transport mechanisms and management interface of the system using the MSC. With such an arrangement, management related integration costs associated with integrating and bundling complex multi-media services is significantly reduced.

摘要翻译： 允许服务的外部化管理的架构包括许多管理服务能力（MSC）定义。 每个运营商可以将管理服务能力与服务/服务能力相关联，以管理服务/服务能力的各个方面。 接口使得各种不同的管理系统能够利用公共MSC结构，独立于使用MSC的系统的信息模型，传输机制和管理接口。 通过这样的安排，与集成和捆绑复杂的多媒体业务相关的管理相关的集成成本显着降低。

公开(公告)号：US07764677B2

公开(公告)日：2010-07-27

申请号：US11524215

申请日：2006-09-20

申请人： Edwin Koehler, Jr. ,  Sergio Fiszman ,  Cherif Sleiman

发明人： Edwin Koehler, Jr. ,  Sergio Fiszman ,  Cherif Sleiman

IPC分类号： H04L12/28

CPC分类号： H04L61/2015 ,  H04L63/0815 ,  H04L63/20

摘要： The present invention advantageously provides a method, system and apparatus for allocating addresses to secure unique local networks by providing a brokered federated policy and identity management system, the brokered federated policy and identity management system having an address domain manager that allocates network addresses, the address domain manager arranged to interoperate with a network identity management module, the network identity management module providing management of identity at an application level, receiving an authorization from the brokered federated policy and identity management system, and assigning a network address to a unique local network based on the authorization from the brokered federated policy and identity management system. The method, system and apparatus may further include authenticating a user, wherein authenticating a user includes passing an assertion token to a device of the user. The method, system and apparatus may yet further include providing user policies to a policy enforcement point in a network.

摘要翻译： 本发明有利地提供了一种方法，系统和装置，用于通过提供经纪的联合策略和身份管理系统来分配地址以保护独特的本地网络，所述互联的联合策略和身份管理系统具有分配网络地址的地址域管理器，地址 域管理器被安排为与网络身份管理模块进行交互操作，网络身份管理模块提供在应用级别的身份管理，从经纪的联合策略和身份管理系统接收授权，并将网络地址分配给唯一的本地网络 经授权的联邦政策和身份管理系统。 方法，系统和装置还可以包括认证用户，其中认证用户包括将断言令牌传递给用户的设备。 该方法，系统和装置还可以进一步包括向网络中的策略执行点提供用户策略。

公开(公告)号：US07653189B1

公开(公告)日：2010-01-26

申请号：US10937573

申请日：2004-09-09

申请人： Pierre Fournier ,  Laurence Beaulieu ,  Paul Ensing ,  Sergio Fiszman ,  Elizabeth Goldrich ,  Kevin Howe-Patterson ,  Michael Leeder ,  David Price ,  Chris Ryerson ,  Richard Taylor

发明人： Pierre Fournier ,  Laurence Beaulieu ,  Paul Ensing ,  Sergio Fiszman ,  Elizabeth Goldrich ,  Kevin Howe-Patterson ,  Michael Leeder ,  David Price ,  Chris Ryerson ,  Richard Taylor

IPC分类号： H04M3/42

CPC分类号： H04M3/4228 ,  H04L65/1016 ,  H04L65/1096 ,  H04L65/40 ,  H04L67/16 ,  H04L67/306 ,  H04M7/0012 ,  H04Q3/0045

摘要： A service tender node functions as an intermediary between subscribers and adjunct telecommunications services from multiple service providers to facilitate negotiation of services in real-time. The service tender node includes an index of services which is maintained and employed to search for applicable services in response to a tender request generated by a subscriber. Records in the index are described with an adaptive service definition which includes standard parameters and subjective parameters. The standard parameters identify types of service pursuant to telecommunications industry standards. The subjective parameters may be specified by individual service providers in order to differentiate their services within the service type defined by the standard parameters. Services generated from a search of the index pursuant to the standard parameters may be further sorted and filtered according to a comparison between a subscriber profile and the subjective parameters.

摘要翻译： 服务投标节点作为订户和来自多个服务提供商的辅助电信服务之间的中介，以便于实时地进行业务协商。 服务招标节点包括服务索引，其被维护并用于响应于订户产生的投标请求来搜索适用的服务。 索引中的记录用包括标准参数和主观参数的自适应服务定义来描述。 标准参数根据电信行业标准确定服务类型。 主观参数可以由各个服务提供商指定，以便在由标准参数定义的服务类型内区分其服务。 根据标准参数从索引的搜索产生的服务可以根据用户简档和主观参数之间的比较进一步分类和过滤。

公开(公告)号：US07580994B1

公开(公告)日：2009-08-25

申请号：US10939019

申请日：2004-09-10

申请人： Sergio Fiszman ,  Chris Ryerson ,  David Price ,  Elizabeth Goldrich ,  Kevin Howe-Patterson ,  Laurence Beaulleu ,  Michael Leader ,  Paul Ensing ,  Pierre Fournier ,  Richard Taylor

发明人： Sergio Fiszman ,  Chris Ryerson ,  David Price ,  Elizabeth Goldrich ,  Kevin Howe-Patterson ,  Laurence Beaulleu ,  Michael Leader ,  Paul Ensing ,  Pierre Fournier ,  Richard Taylor

IPC分类号： G06F15/173

CPC分类号： H04L41/08 ,  H04L41/044 ,  H04L41/046 ,  H04L41/0654 ,  H04L41/147 ,  H04L41/16

摘要： In the service architecture of the invention, each service is viewed as a hierarchical arrangement of service components. At least one management agent is associated with each layer, and is used to manage and preserve the expected performance of the service components. The management agents cooperatively exchange management information regarding the service components at their layers to permit service self-management and self-healing, enabling restoration and recovery with minimum or no human intervention.

摘要翻译： 在本发明的服务架构中，每个服务被视为服务组件的分层布置。 至少一个管理代理与每个层相关联，并用于管理和保留服务组件的预期性能。 管理代理人协调交换其层次上的服务组件的管理信息，以允许服务自我管理和自我修复，能够以最少或没有人为干预实现恢复和恢复。

公开(公告)号：US20080069102A1

公开(公告)日：2008-03-20

申请号：US11524215

申请日：2006-09-20

申请人： Edwin Koehler ,  Sergio Fiszman ,  Cherif Sleiman

发明人： Edwin Koehler ,  Sergio Fiszman ,  Cherif Sleiman

IPC分类号： H04L12/56

CPC分类号： H04L61/2015 ,  H04L63/0815 ,  H04L63/20

摘要： The present invention advantageously provides a method, system and apparatus for allocating addresses to secure unique local networks by providing a brokered federated policy and identity management system, the brokered federated policy and identity management system having an address domain manager that allocates network addresses, the address domain manager arranged to interoperate with a network identity management module, the network identity management module providing management of identity at an application level, receiving an authorization from the brokered federated policy and identity management system, and assigning a network address to a unique local network based on the authorization from the brokered federated policy and identity management system. The method, system and apparatus may further include authenticating a user, wherein authenticating a user includes passing an assertion token to a device of the user. The method, system and apparatus may yet further include providing user policies to a policy enforcement point in a network.

摘要翻译： 本发明有利地提供了一种方法，系统和装置，用于通过提供经纪的联合策略和身份管理系统来分配地址以保护独特的本地网络，所述互联的联合策略和身份管理系统具有分配网络地址的地址域管理器，地址 域管理器被安排为与网络身份管理模块进行交互操作，网络身份管理模块提供在应用级别的身份管理，从经纪的联合策略和身份管理系统接收授权，并将网络地址分配给唯一的本地网络 经授权的联邦政策和身份管理系统。 方法，系统和装置还可以包括认证用户，其中认证用户包括将断言令牌传递给用户的设备。 该方法，系统和装置还可以进一步包括向网络中的策略执行点提供用户策略。

公开(公告)号：US20070150934A1

公开(公告)日：2007-06-28

申请号：US11425806

申请日：2006-06-22

申请人： Sergio Fiszman ,  David Price ,  Edwin Koehler

发明人： Sergio Fiszman ,  David Price ,  Edwin Koehler

IPC分类号： H04L9/00

CPC分类号： H04L63/102 ,  H04L63/0815 ,  H04L63/1425 ,  H04L63/1441 ,  H04L63/20

摘要： Network policies are managed based at least in-part on user/entity identity information with: a state monitor operable to monitor for state change events in user/entity state and related, network state or in traffic pattern and traffic flow state; an identity manager operable to obtain and validate user credentials; and a policy manager operable in response to a state change event detected by the state monitor (either the identity manager or a defense center) to select a policy based in-part on the user identity obtained by the identity manager or security context obtained by the defense center, and to prompt application of the selected policy. The policies are indicative of user/device authorization entitlements and restrictions to utilization of certain network resources, network services or applications. Dynamic policy selection and targeted responses can be used, for example, against a user who gains network access with stolen user ID and password, and subsequently attempts malicious behavior. In particular, the malicious behavior is detected and identified, and the malicious user can then be restricted from abusing network resources without adversely affecting other users, groups, network devices, and other network services.

摘要翻译： 至少部分地基于用户/实体身份信息来管理网络策略，状态监视器可操作以监视用户/实体状态以及相关，网络状态或业务模式和业务流状态中的状态改变事件; 身份管理器可操作以获取和验证用户凭证; 以及策略管理器，其可响应于状态监视器（身份管理器或防御中心）检测到的状态改变事件而可操作以部分地基于由身份管理器获得的用户身份或由所述身份管理器或防御中心获得的安全上下文来选择策略 防御中心，并提出应用选定的政策。 这些策略表示用户/设备授权权限以及对某些网络资源，网络服务或应用程序的利用的限制。 可以使用动态策略选择和目标响应，例如针对通过窃取的用户ID和密码获得网络访问的用户，并且随后尝试恶意行为。 特别地，检测和识别恶意行为，然后可以限制恶意用户滥用网络资源，而不会不利地影响其他用户，组，网络设备和其他网络服务。