公开(公告)号：US20050204050A1

公开(公告)日：2005-09-15

申请号：US11076591

申请日：2005-03-10

申请人： Patrick Turley ,  Keith Johnston ,  Steven Tonnesen

发明人： Patrick Turley ,  Keith Johnston ,  Steven Tonnesen

IPC分类号： G06F12/14 ,  G06F15/16 ,  G06F15/173

CPC分类号： H04L63/105 ,  H04L63/0263

摘要： Systems and methods intended to control a network devices access to a network are disclosed. Embodiments of the current invention expose a method for confining a network client's network access to a specific logical region of the network. A network communication may be received and the client that originated this communication determined. This client is associated with a set of rules or walled garden that specifies the access allowed by that client. The destination of the communication may also be determined and if the destination is allowed by the set of rules associated with the client and access to the destination allowed if access to the destination is allowed by the set of rules.

摘要翻译： 公开了旨在控制网络设备对网络的访问的系统和方法。 本发明的实施例公开了一种将网络客户端的网络访问限制在网络的特定逻辑区域的方法。 可以接收网络通信，并确定发起该通信的客户端。 该客户端与一组规则或围墙花园相关联，指定该客户端允许的访问。 还可以确定通信的目的地，并且如果通过该组规则允许对该目的地的访问允许的与客户端相关联的规则集合允许目的地以及允许访问目的地。

公开(公告)号：US08543710B2

公开(公告)日：2013-09-24

申请号：US11076591

申请日：2005-03-10

申请人： Patrick Turley ,  Keith Johnston ,  Steven D. Tonnesen

发明人： Patrick Turley ,  Keith Johnston ,  Steven D. Tonnesen

IPC分类号： G06F15/173 ,  G06F9/00

CPC分类号： H04L63/105 ,  H04L63/0263

摘要： Systems and methods intended to control a network devices access to a network are disclosed. Embodiments of the current invention expose a method for confining a network client's network access to a specific logical region of the network. A network communication may be received and the client that originated this communication determined. This client is associated with a set of rules or walled garden that specifies the access allowed by that client. The destination of the communication may also be determined and if the destination is allowed by the set of rules associated with the client and access to the destination allowed if access to the destination is allowed by the set of rules.

摘要翻译： 公开了旨在控制网络设备对网络的访问的系统和方法。 本发明的实施例公开了一种将网络客户端的网络访问限制在网络的特定逻辑区域的方法。 可以接收网络通信，并确定发起该通信的客户端。 该客户端与一组规则或围墙花园相关联，指定该客户端允许的访问。 还可以确定通信的目的地，并且如果通过该组规则允许对该目的地的访问允许的与客户端相关联的规则集合允许目的地以及允许访问目的地。

公开(公告)号：US08224983B2

公开(公告)日：2012-07-17

申请号：US12753390

申请日：2010-04-02

申请人： Tuan Ta ,  Patrick Turley ,  Kerry Clendinning ,  Kelly Looney

发明人： Tuan Ta ,  Patrick Turley ,  Kerry Clendinning ,  Kelly Looney

IPC分类号： G06F13/00

CPC分类号： H04L47/10 ,  H04L41/0893 ,  H04L41/0896 ,  H04L47/14 ,  H04L47/15 ,  H04L47/20 ,  H04L47/32 ,  H04L47/70 ,  H04L47/762 ,  H04L47/765 ,  H04L47/808 ,  H04L47/826

摘要： Embodiments disclosed herein provide a control device and a method executing thereon for allocating network bandwidth to users accessing a controlled network. In response to a user connecting to the control device using a user device, the control device obtains a user bandwidth allocation profile for that user based on user credentials. The user bandwidth allocation profile may be stored local or remote to the control device. A provisioning module running on the control device can map attributes in the user bandwidth allocation profile to a traffic control rule and associate the traffic control rule with the user based on the user credentials and considering information identifying the user device used by the user to connect to the control device. A traffic conditioning module running on the control device can regulate the network bandwidth usage by the user utilizing the traffic control rule associated with the user.

摘要翻译： 本文公开的实施例提供了一种控制设备及其上执行的方法，用于向接入受控网络的用户分配网络带宽。 响应于用户使用用户设备连接到控制设备，控制设备基于用户凭证获得该用户的用户带宽分配简档。 用户带宽分配简档可以被本地或远程地存储到控制设备。 在控制设备上运行的配置模块可以将用户带宽分配简档中的属性映射到流量控制规则，并基于用户凭证将流量控制规则与用户相关联，并考虑识别用户使用的用户设备连接到 控制装置。 在控制装置上运行的流量调节模块可以利用与用户相关联的流量控制规则来调节用户的网络带宽使用。

公开(公告)号：US08108915B2

公开(公告)日：2012-01-31

申请号：US12617211

申请日：2009-11-12

申请人： Eric White ,  Patrick Turley

发明人： Eric White ,  Patrick Turley

IPC分类号： G06F7/04 ,  G06F15/16

CPC分类号： G06F21/606

摘要： Embodiments disclosed herein provide a system, method, and computer program product for establishing a secure network connection between two computers, a client and a server. The client may send a connection request over a public network to the server. In response, the server may generate a set of credentials, select a controller to automatically run on the client, and send the controller and the set of credentials to the client. The controller automatically executes on the client and utilizes the set of credentials from the server to establish a secure network connection with the server without user intervention. The set of credentials is valid until the secure network connection between the client and the server is severed.

摘要翻译： 本文公开的实施例提供了一种用于在两台计算机，客户端和服务器之间建立安全网络连接的系统，方法和计算机程序产品。 客户端可以通过公共网络向服务器发送连接请求。 作为响应，服务器可以生成一组凭据，选择一个控制器以在客户端上自动运行，并将控制器和一组凭据发送到客户端。 控制器在客户机上自动执行，并利用来自服务器的一组凭证与用户建立安全的网络连接，无需用户干预。 在客户端和服务器之间的安全网络连接断开之前，该凭证集才有效。

公开(公告)号：US08032933B2

公开(公告)日：2011-10-04

申请号：US12579566

申请日：2009-10-15

申请人： Patrick Turley ,  Eric White

发明人： Patrick Turley ,  Eric White

IPC分类号： H04L29/00

CPC分类号： H04L63/0263

摘要： One embodiment creates a model of the traffic through a network firewall and uses that model to dynamically manipulate the network firewall. The firewall model defines nodes, connections between the nodes, and firewall rules applicable to the nodes, the connections between the nodes, or a combination thereof. Each of the nodes represents simultaneously a source and a destination for data packets. The firewall rules include dynamic chains of rules having defined places where firewall rules may be dynamically inserted into or deleted from the firewall while the firewall is operating on one or more machines connected to network segments where the nodes reside.

摘要翻译： 一个实施例通过网络防火墙创建流量的模型，并使用该模型来动态地操纵网络防火墙。 防火墙模型定义节点，节点之间的连接以及适用于节点的防火墙规则，节点之间的连接或其组合。 每个节点同时表示数据包的源和目的地。 防火墙规则包括具有定义的地方的动态链规则，其中防火墙规则可以在连接到节点驻留的网段的一个或多个机器上运行时将动态插入防火墙或从防火墙中删除。

公开(公告)号：US08397282B2

公开(公告)日：2013-03-12

申请号：US13092488

申请日：2011-04-22

申请人： Patrick Turley ,  Eric White

发明人： Patrick Turley ,  Eric White

IPC分类号： H04L29/00

CPC分类号： H04L63/0263

摘要： A system, method, and computer program product for controlling data through a firewall which may be dynamically configurable. The method may comprise defining at least one node, wherein the at least one node is associated with two or more network interfaces; associating a set of firewall rules with the at least one node; receiving a packet at a first node of the at least one node; and accepting or denying the packet based on the set of firewall rules. The firewall rules include dynamic chains of rules having defined places where firewall rules may be dynamically inserted into or deleted from the firewall while the firewall is operating on one or more machines connected to network segments where the nodes reside.

摘要翻译： 一种用于通过防火墙控制数据的系统，方法和计算机程序产品，其可以是可动态配置的。 该方法可以包括定义至少一个节点，其中所述至少一个节点与两个或更多个网络接口相关联; 将一组防火墙规则与所述至少一个节点相关联; 在所述至少一个节点的第一节点处接收分组; 并基于一组防火墙规则接受或拒绝该分组。 防火墙规则包括具有定义的地方的动态链规则，其中防火墙规则可以在连接到节点驻留的网段的一个或多个机器上运行时将动态插入防火墙或从防火墙中删除。

公开(公告)号：US07610621B2

公开(公告)日：2009-10-27

申请号：US11076719

申请日：2005-03-10

申请人： Patrick Turley ,  Eric White

发明人： Patrick Turley ,  Eric White

IPC分类号： H04L29/00

CPC分类号： H04L63/0263

摘要： One embodiment of the present invention creates a model of the traffic through a network firewall and uses that model to dynamically manipulate the network firewall based on human intervention or based on the automatic invocations of processes and protocols that implement firewall policy. Another embodiment of the invention creates a model of the physical and virtual network interfaces that a firewall system controls and presents abstracted entities representing both the interface abstractions and the processing nodes (network segments or network client devices) to and through which network traffic flows.

摘要翻译： 本发明的一个实施例通过网络防火墙创建流量的模型，并使用该模型基于人为干预或基于实现防火墙策略的过程和协议的自动调用来动态地操纵网络防火墙。 本发明的另一个实施例创建了防火墙系统控制的物理和虚拟网络接口的模型，并呈现代表接口抽象和表示网络流量通过哪个网络流量的处理节点（网段或网络客户端设备）的抽象实体。

公开(公告)号：US08661153B2

公开(公告)日：2014-02-25

申请号：US12506140

申请日：2009-07-20

申请人： Tuan Ta ,  Patrick Turley ,  Kerry Clendinning ,  Kelly Looney

发明人： Tuan Ta ,  Patrick Turley ,  Kerry Clendinning ,  Kelly Looney

IPC分类号： G06F13/00

CPC分类号： H04L47/10 ,  H04L41/0893 ,  H04L41/0896 ,  H04L47/14 ,  H04L47/15 ,  H04L47/20 ,  H04L47/32 ,  H04L47/70 ,  H04L47/762 ,  H04L47/765 ,  H04L47/808 ,  H04L47/826

摘要： Embodiments disclosed herein provide a control device and a method executing thereon for allocating network bandwidth to users accessing a controlled network. In response to a user connecting to the control device using a user device, the control device obtains a user bandwidth allocation profile for that user based on user credentials. The user bandwidth allocation profile may be stored local or remote to the control device. A provisioning module running on the control device can map attributes in the user bandwidth allocation profile to a traffic control rule and associate the traffic control rule with the user based on the user credentials and considering information identifying the user device used by the user to connect to the control device. A traffic conditioning module running on the control device can regulate the network bandwidth usage by the user utilizing the traffic control rule associated with the user.

摘要翻译： 本文公开的实施例提供了一种控制设备及其上执行的方法，用于向接入受控网络的用户分配网络带宽。 响应于用户使用用户设备连接到控制设备，控制设备基于用户凭证获得该用户的用户带宽分配简档。 用户带宽分配简档可以被本地或远程地存储到控制设备。 在控制设备上运行的配置模块可以将用户带宽分配简档中的属性映射到流量控制规则，并基于用户凭证将流量控制规则与用户相关联，并考虑识别用户使用的用户设备连接到 控制装置。 在控制装置上运行的流量调节模块可以利用与用户相关联的流量控制规则来调节用户的网络带宽使用。

公开(公告)号：US20120096517A1

公开(公告)日：2012-04-19

申请号：US13332639

申请日：2011-12-21

申请人： Eric White ,  Patrick Turley

发明人： Eric White ,  Patrick Turley

IPC分类号： H04L9/00 ,  H04L29/06 ,  G06F15/16

CPC分类号： G06F21/606

摘要： Embodiments disclosed herein provide a system, method, and computer program product for obtaining secure connectivity between networked computing devices. The invention comprises utilizing a network protocol inherent to an operating system on a client device to automatically set up and establish a transient secure network connection endpoint on the client device. The act of utilizing can be a result of a server device responding to a connection request from the client device. The act of establishing the transient secure network connection endpoint on the client device creates a transient secure network connection between the server device and the transient secure network connection endpoint on the client device without manual intervention or configuration by a user at the client device. Secured access by the client device to one or more network devices is permitted until the transient secure network connection between the server device and the client device is severed.

摘要翻译： 本文公开的实施例提供了一种用于获得网络计算设备之间的安全连接的系统，方法和计算机程序产品。 本发明包括利用客户端设备上的操作系统固有的网络协议来自动建立和建立客户端设备上的瞬时安全网络连接端点。 利用的行为可以是服务器设备响应来自客户端设备的连接请求的结果。 在客户端设备上建立瞬时安全网络连接端点的行为在客户端设备上创建服务器设备和客户端设备上的瞬态安全网络连接端点之间的瞬时安全网络连接，无需用户在客户端设备进行手动干预或配置。 允许客户端设备对一个或多个网络设备的安全访问，直到服务器设备和客户端设备之间的瞬时安全网络连接被切断。

公开(公告)号：US20110219444A1

公开(公告)日：2011-09-08

申请号：US13092488

申请日：2011-04-22

申请人： Patrick Turley ,  Eric White

发明人： Patrick Turley ,  Eric White

IPC分类号： G06F21/20

CPC分类号： H04L63/0263

摘要： A system, method, and computer program product for controlling data through a firewall which may be dynamically configurable. The method may comprise defining at least one node, wherein the at least one node is associated with two or more network interfaces; associating a set of firewall rules with the at least one node; receiving a packet at a first node of the at least one node; and accepting or denying the packet based on the set of firewall rules. The firewall rules include dynamic chains of rules having defined places where firewall rules may be dynamically inserted into or deleted from the firewall while the firewall is operating on one or more machines connected to network segments where the nodes reside.

摘要翻译： 一种用于通过防火墙控制数据的系统，方法和计算机程序产品，其可以是可动态配置的。 该方法可以包括定义至少一个节点，其中所述至少一个节点与两个或更多个网络接口相关联; 将一组防火墙规则与所述至少一个节点相关联; 在所述至少一个节点的第一节点处接收分组; 并基于一组防火墙规则接受或拒绝该分组。 防火墙规则包括具有定义的地方的动态链规则，其中防火墙规则可以在连接到节点驻留的网段的一个或多个机器上运行时将动态插入防火墙或从防火墙中删除。