-
公开(公告)号:US08555056B2
公开(公告)日:2013-10-08
申请号:US13012432
申请日:2011-01-24
申请人: Michael R. Smith , Padmanabha Nallur , Wilson Kok , Michael Fine
发明人: Michael R. Smith , Padmanabha Nallur , Wilson Kok , Michael Fine
IPC分类号: H04L29/06 , G06F9/00 , G06F15/16 , G06F17/00 , G06F11/00 , G06F12/14 , G06F12/16 , G08B23/00
CPC分类号: H04L63/20
摘要: A method and system for including security information with a packet is disclosed. A packet is detected as it exits a first network and enters a second network. The first network is configured to support a network security technique, and the second network is not configured to support the network security technique. Network security information associated with the network security technique is included with the packet. A network device is configured to include network security information in overhead of a packet. A method for identifying a first network device in a network is also disclosed. Identification information of the first network is communicated to a second network device.
摘要翻译: 公开了一种包含安全信息与分组的方法和系统。 当数据包离开第一个网络并进入第二个网络时被检测到。 第一个网络被配置为支持网络安全技术,而第二个网络没有被配置为支持网络安全技术。 与网络安全技术相关联的网络安全信息包括在包中。 网络设备被配置为在分组的开销中包括网络安全信息。 还公开了一种用于识别网络中的第一网络设备的方法。 第一网络的识别信息被传送到第二网络设备。
-
公开(公告)号:US07886145B2
公开(公告)日:2011-02-08
申请号:US10996102
申请日:2004-11-23
申请人: Michael R. Smith , Padmanabha Nallur , Wilson Kok , Michael Fine
发明人: Michael R. Smith , Padmanabha Nallur , Wilson Kok , Michael Fine
IPC分类号: H04L29/06 , G06F9/00 , G06F15/16 , G06F17/00 , G06F11/00 , G06F12/14 , G06F12/16 , G08B23/00
CPC分类号: H04L63/20
摘要: A method and system for including security information with a packet is disclosed. A packet is detected as it exits a first network and enters a second network. The first network is configured to support a network security technique, and the second network is not configured to support the network security technique. Network security information associated with the network security technique is included with the packet. A network device is configured to include network security information in overhead of a packet. A method for identifying a first network device in a network is also disclosed. Identification information of the first network is communicated to a second network device.
-
公开(公告)号:US20110119752A1
公开(公告)日:2011-05-19
申请号:US13012432
申请日:2011-01-24
申请人: Michael R. Smith , Padmanabha Nallur , Wilson Kok , Michael Fine
发明人: Michael R. Smith , Padmanabha Nallur , Wilson Kok , Michael Fine
IPC分类号: G06F21/20
CPC分类号: H04L63/20
摘要: A method and system for including security information with a packet is disclosed. A packet is detected as it exits a first network and enters a second network. The first network is configured to support a network security technique, and the second network is not configured to support the network security technique. Network security information associated with the network security technique is included with the packet. A network device is configured to include network security information in overhead of a packet. A method for identifying a first network device in a network is also disclosed. Identification information of the first network is communicated to a second network device.
摘要翻译: 公开了一种包含安全信息与分组的方法和系统。 当数据包离开第一个网络并进入第二个网络时被检测到。 第一个网络被配置为支持网络安全技术,而第二个网络没有被配置为支持网络安全技术。 与网络安全技术相关联的网络安全信息包括在包中。 网络设备被配置为在分组的开销中包括网络安全信息。 还公开了一种用于识别网络中的第一网络设备的方法。 第一网络的识别信息被传送到第二网络设备。
-
公开(公告)号:US07877601B2
公开(公告)日:2011-01-25
申请号:US10999343
申请日:2004-11-30
申请人: Michael R. Smith , Padmanabha Nallur , Wilson Kok , Michael Fine
发明人: Michael R. Smith , Padmanabha Nallur , Wilson Kok , Michael Fine
IPC分类号: H04L29/06 , G06F9/00 , G06F15/16 , G06F17/00 , G06F11/00 , G06F12/14 , G06F12/16 , G08B23/00
CPC分类号: H04L63/20
摘要: A method and system for including security information with a packet is disclosed. A packet is detected as it exits a first network and enters a second network. The first network is configured to support a network security technique, and the second network is not configured to support the network security technique. Network security information associated with the network security technique is included with the packet. A network device is configured to include network security information in overhead of a packet. A method for identifying a first network device in a network is also disclosed. Identification information of the first network is communicated to a second network device.
摘要翻译: 公开了一种包含安全信息与分组的方法和系统。 当数据包离开第一个网络并进入第二个网络时被检测到。 第一个网络被配置为支持网络安全技术,而第二个网络没有被配置为支持网络安全技术。 与网络安全技术相关联的网络安全信息包括在包中。 网络设备被配置为在分组的开销中包括网络安全信息。 还公开了一种用于识别网络中的第一网络设备的方法。 第一网络的识别信息被传送到第二网络设备。
-
公开(公告)号:US20060112426A1
公开(公告)日:2006-05-25
申请号:US10999343
申请日:2004-11-30
申请人: Michael Smith , Padmanabha Nallur , Wilson Kok , Michael Fine
发明人: Michael Smith , Padmanabha Nallur , Wilson Kok , Michael Fine
CPC分类号: H04L63/20
摘要: A method and system for including security information with a packet is disclosed. A packet is detected as it exits a first network and enters a second network. The first network is configured to support a network security technique, and the second network is not configured to support the network security technique. Network security information associated with the network security technique is included with the packet. A network device is configured to include network security information in overhead of a packet. A method for identifying a first network device in a network is also disclosed. Identification information of the first network is communicated to a second network device.
-
公开(公告)号:US20060112425A1
公开(公告)日:2006-05-25
申请号:US10996102
申请日:2004-11-23
申请人: Michael Smith , Padmanabha Nallur , Wilson Kok , Michael Fine
发明人: Michael Smith , Padmanabha Nallur , Wilson Kok , Michael Fine
IPC分类号: G06F15/16
CPC分类号: H04L63/20
摘要: A method and system for including security information with a packet is disclosed. A packet is detected as it exits a first network and enters a second network. The first network is configured to support a network security technique, and the second network is not configured to support the network security technique. Network security information associated with the network security technique is included with the packet. A network device is configured to include network security information in overhead of a packet. A method for identifying a first network device in a network is also disclosed. Identification information of the first network is communicated to a second network device.
-
公开(公告)号:US20090213733A1
公开(公告)日:2009-08-27
申请号:US12035502
申请日:2008-02-22
申请人: Padmanabha Nallur , Wilson Kok , Rajesh Bhandari
发明人: Padmanabha Nallur , Wilson Kok , Rajesh Bhandari
IPC分类号: G01R31/08
CPC分类号: H04L63/162 , H04L9/321 , H04L9/3271 , H04L63/08 , H04L63/0892 , H04L2209/043 , H04L2209/80
摘要: Techniques for selecting authentication roles when establishing a link between devices in a secure network are provided. By assigning role levels to devices, devices may be more likely to assume a preferred role when establishing a link. For example, during a negotiation process, each device may establish a timer value based on their role level. Each device may initiate a timer with the timer value and, the device whose timer value expires first may assume a role as authenticator.
摘要翻译: 提供了在建立安全网络中的设备之间的链路时选择认证角色的技术。 通过将角色级别分配给设备,当建立链接时,设备可能更有可能承担首选角色。 例如,在协商过程中,每个设备可以基于其角色级别建立定时器值。 每个设备可以启动具有定时器值的定时器,并且其定时器值首先到期的设备可以担当认证器的角色。
-
公开(公告)号:US08081568B2
公开(公告)日:2011-12-20
申请号:US12035502
申请日:2008-02-22
申请人: Padmanabha Nallur , Wilson Kok , Rajesh Bhandari
发明人: Padmanabha Nallur , Wilson Kok , Rajesh Bhandari
IPC分类号: G01R31/08
CPC分类号: H04L63/162 , H04L9/321 , H04L9/3271 , H04L63/08 , H04L63/0892 , H04L2209/043 , H04L2209/80
摘要: Techniques for selecting authentication roles when establishing a link between devices in a secure network are provided. By assigning role levels to devices, devices may be more likely to assume a preferred role when establishing a link. For example, during a negotiation process, each device may establish a timer value based on their role level. Each device may initiate a timer with the timer value and, the device whose timer value expires first may assume a role as authenticator.
摘要翻译: 提供了在建立安全网络中的设备之间的链路时选择认证角色的技术。 通过将角色级别分配给设备,当建立链接时,设备可能更有可能承担首选角色。 例如,在协商过程中,每个设备可以基于其角色级别建立定时器值。 每个设备可以启动具有定时器值的定时器,并且其定时器值首先到期的设备可以担当认证器的角色。
-
9.发明申请Method and apparatus for securely extending a protected network through secure intermediation of AAA information 审中-公开通过AAA信息的安全中介来安全地扩展受保护网络的方法和装置公开(公告)号:US20060259759A1
公开(公告)日:2006-11-16
申请号:US11130654
申请日:2005-05-16
申请人: Fabio Maino , Michael Fine , Irene Kuffel , Wilson Kok
发明人: Fabio Maino , Michael Fine , Irene Kuffel , Wilson Kok
IPC分类号: H04L9/00
CPC分类号: H04L63/162 , H04L63/08 , H04L63/0892
摘要: A method of securely extending a protected network through secure relay of AAA information, when an isolated device lacks Layer 3 connectivity to an AAA infrastructure of the protected network, comprises receiving a first authentication message, from an isolated first network device, wherein the first authentication message is encapsulated in a first Layer 2 message, wherein the first authentication message seeks to authenticate a second network device using an authentication server, and wherein the second network device and the authentication server are within a protected network; extracting the first authentication message from the first Layer 2 message; forming a packet that includes the first authentication message; sending the packet with the extracted authentication message over a Layer 3 link to the authentication server, without modifying the extracted authentication message. Thus a network node within a protected network can relay AAA requests and responses between an isolated AAA client, encapsulated in Layer 2 messages, and an AAA server, in Layer 3 messages.
摘要翻译: 一种当隔离设备缺少到受保护网络的AAA基础设施的第3层连接时,通过AAA信息的安全中继来安全地扩展受保护网络的方法包括从隔离的第一网络设备接收第一认证消息,其中第一认证 消息被封装在第一层2消息中,其中所述第一认证消息试图使用认证服务器认证第二网络设备,并且其中所述第二网络设备和所述认证服务器在受保护网络内; 从所述第一层2消息中提取所述第一认证消息; 形成包括所述第一认证消息的分组; 通过三层链路将提取的认证消息发送给认证服务器,而不修改提取的认证消息。 因此,受保护网络中的网络节点可以在层3消息中中继AAA请求和响应之间隔离的AAA客户端,封装在二层消息中,AAA服务器之间。
-
10.发明申请Method and apparatus for securely disseminating security server contact information in a network 有权用于在网络中安全地传播安全服务器联系信息的方法和装置公开(公告)号:US20060200670A1
公开(公告)日:2006-09-07
申请号:US11069857
申请日:2005-03-01
申请人: Irene Kuffel , Wilson Kok , Michael Fine , Fabio Maino , Jed Lau
发明人: Irene Kuffel , Wilson Kok , Michael Fine , Fabio Maino , Jed Lau
IPC分类号: H04L9/00
CPC分类号: H04L9/321 , H04L9/3247 , H04L9/3263 , H04L9/3271 , H04L63/08 , H04L2209/76
摘要: Various systems and method are disclosed for disseminating security server contact information in a network. For example, one method (e.g., performed by a security server) involves determining that a network device is a secure network device, in response to participating in a security exchange with the network device; and then sending a server list to the network device. The server list includes the network address of at least one security server. Another method (e.g., performed by a network device) involves initiating an authentication exchange; receiving a server list, which includes the network address of a security server, as part of the authentication exchange; and communicating with the security server by sending a packet to the network address included in the server list.
摘要翻译: 公开了用于在网络中传播安全服务器联系信息的各种系统和方法。 例如,响应于参与与网络设备的安全交换,一种方法(例如由安全服务器执行)涉及确定网络设备是安全网络设备; 然后将服务器列表发送到网络设备。 服务器列表包括至少一个安全服务器的网络地址。 另一种方法(例如,由网络设备执行)涉及启动认证交换; 作为认证交换的一部分,接收包括安全服务器的网络地址的服务器列表; 并通过向包括在服务器列表中的网络地址发送分组来与安全服务器通信。
-
-
-
-
-
-
-
-
-
搜索结果
13 条记录 (耗时 0.018 秒)
