-
公开(公告)号:US08909743B2
公开(公告)日:2014-12-09
申请号:US13157089
申请日:2011-06-09
申请人: Pradeep Bahl
发明人: Pradeep Bahl
IPC分类号: G06F15/177 , H04L29/12
CPC分类号: H04L61/1511 , H04L29/12066 , H04L29/12301 , H04L61/2015 , H04L61/2076
摘要: A framework and method are disclosed for supporting changed addresses by mobile network nodes. Such support is provided through enhancements to the mobile network nodes and utilizes DNS servers, Dynamic Host Configuration Protocol (DHCP), and virtual private network (VPN) servers—or their functional equivalents—to dynamically assign a current network address to a mobile node, provide the current network address to an authoritative name server, and thereafter have correspondent nodes update their addresses for the mobile node based upon an address provided by the authoritative name server. A mobile node registers all of its name-to-address mappings with its authoritative DNS server using a time to live of zero. Furthermore, when a mobile node moves outside its home security domain, the mobile node initiates a virtual private network connection to a virtual private server for a security domain.
摘要翻译: 公开了用于支持移动网络节点改变的地址的框架和方法。 通过对移动网络节点的增强来提供这样的支持,并且利用DNS服务器,动态主机配置协议(DHCP)和虚拟专用网络(VPN)服务器或其功能等效物来动态地为移动节点分配当前网络地址, 将当前网络地址提供给权威的名称服务器,然后基于由权威名称服务器提供的地址,对应节点更新其移动节点的地址。 移动节点通过其权威DNS服务器将所有名称与地址映射注册为零。 此外,当移动节点移动到其家庭安全域之外时,移动节点发起到用于安全域的虚拟专用服务器的虚拟专用网络连接。
-
公开(公告)号:US08676969B2
公开(公告)日:2014-03-18
申请号:US13300743
申请日:2011-11-21
IPC分类号: G06F15/173
CPC分类号: H04L43/08 , H04L41/00 , H04L41/0233 , H04L41/0803 , H04L41/0853 , H04L41/12 , H04L41/14 , H04L41/145 , H04L41/28 , H04L63/20
摘要: Network DNA may be determined for a computer network that taxonomically classifies the computer network. Network DNA may include derived network DNA components and raw network DNA components. Raw network DNA components may be acquired from local or remote sources. Derived network DNA components may be generated according to derived network DNA component specifications. Derived network DNA component specifications may reference raw network DNA components. Network DNA determined for the computer network may include a network species component capable of indicating network species classifications for computer networks. Network species classifications may include enterprise network, home network and public place network. Network species classifications may be determined as a function of network security, network management and network addressing. One or more network DNA stores may be configured to store network DNA for computer networks. Network DNA stores may store network DNA history as well as current network DNA.
摘要翻译: 可以为对计算机网络进行分类分类的计算机网络确定网络DNA。 网络DNA可以包括衍生的网络DNA组分和原始网络DNA组分。 原始网络DNA组件可以从本地或远程来源获取。 衍生网络DNA组分可以根据衍生网络DNA组分规格生成。 衍生网络DNA组件规范可以参考原始网络DNA组件。 为计算机网络确定的网络DNA可以包括能够指示计算机网络的网络物种分类的网络物种组件。 网络物种分类可能包括企业网络,家庭网络和公共场所网络。 网络物种分类可以根据网络安全,网络管理和网络寻址来确定。 一个或多个网络DNA存储可以被配置为存储用于计算机网络的网络DNA。 网络DNA存储可以存储网络DNA历史以及当前的网络DNA。
-
公开(公告)号:US20110131658A1
公开(公告)日:2011-06-02
申请号:US13023518
申请日:2011-02-08
申请人: Pradeep Bahl
发明人: Pradeep Bahl
IPC分类号: G06F21/00
CPC分类号: G06F21/577 , H04L41/28 , H04L63/1416
摘要: A dynamic risk management system for operating systems that provides monitoring, detection, assessment, and follow-up action to reduce the risk whenever it rises. The system enables an operating system to protect itself automatically in dynamic environments. The risk management system monitors a diverse set of attributes of the system which determines the security state of the system and is indicative of the risk the system is under. Based on a specification of risk levels for the various attributes and for their combinations, the risk management system determines whether one or more actions are required to alleviate the overall risk to the system.
摘要翻译: 操作系统的动态风险管理系统,提供监控,检测,评估和后续行动,以便在风险上升时降低风险。 该系统使操作系统能够在动态环境中自动保护自身。 风险管理系统监视系统的各种属性集,该属性决定系统的安全状态,并指示系统所处的风险。 基于各种属性及其组合的风险级别规范,风险管理系统确定是否需要一个或多个动作来减轻系统的整体风险。
-
4.发明授权公开(公告)号:US07610057B2
公开(公告)日:2009-10-27
申请号:US10830516
申请日:2004-04-23
申请人: Pradeep Bahl , Paramvir Bahl , Amer Hassan
发明人: Pradeep Bahl , Paramvir Bahl , Amer Hassan
CPC分类号: H04W88/06 , H04L12/5692
摘要: Criteria-driven methods and a framework are disclosed that facilitate configuration/selection of one or more wireless network interfaces/networks for carrying out wireless communications on a computing device. The wireless network interface selection and coexistence driver architecture described herein facilitates automated selection of a particular mode of network access based upon status information provided by a set of network interface drivers associated with particular network interfaces and wireless technologies. Furthermore, a criteria-driven interface/network selection framework is described that is potentially invoked in a variety of situations including, but not limited to, when an application is invoked or to select another interface/network to avoid detected interference.
摘要翻译: 公开了标准驱动的方法和框架,其促进用于在计算设备上执行无线通信的一个或多个无线网络接口/网络的配置/选择。 这里描述的无线网络接口选择和共存驱动器架构基于由与特定网络接口和无线技术相关联的一组网络接口驱动器提供的状态信息来促进对特定模式的网络访问的自动选择。 此外,描述了在各种情况下可能调用的标准驱动的接口/网络选择框架,包括但不限于当应用被调用时或者选择另一个接口/网络以避免检测到的干扰。
-
公开(公告)号:US07505756B2
公开(公告)日:2009-03-17
申请号:US10778849
申请日:2004-02-13
申请人: Pradeep Bahl
发明人: Pradeep Bahl
IPC分类号: H04M1/66
摘要: Methods and systems are provided for dynamically subscribing for access to a wireless wide-area network via an online process. Subscription information and user credentials are digitally transmitted by a network carrier to a networking device and is stored locally by the device in a SmartCard, other portable medium, or on the device's hard drive. The locally stored credentials and information may subsequently be updated wirelessly. No human interaction is required to subscribe, and access may be limited by a variety of criteria. A subscription may be used to access networks operated by multiple network carriers.
摘要翻译: 提供的方法和系统用于通过在线处理来动态地订阅对无线广域网的访问。 订阅信息和用户凭证由网络运营商数字地传输到网络设备,并由设备本地存储在智能卡,其他便携式媒体或设备的硬盘驱动器上。 随后可以无线地更新本地存储的凭证和信息。 订阅不需要人为的互动,并且访问可能受到各种标准的限制。 可以使用订阅来访问由多个网络运营商操作的网络。
-
公开(公告)号:US20070016945A1
公开(公告)日:2007-01-18
申请号:US11183317
申请日:2005-07-15
申请人: Charles Bassett , Eran Yariv , Ian Carbaugh , Lokesh Koppolu , Maksim Noy , Sarah Wahlert , Pradeep Bahl
发明人: Charles Bassett , Eran Yariv , Ian Carbaugh , Lokesh Koppolu , Maksim Noy , Sarah Wahlert , Pradeep Bahl
IPC分类号: G06F15/16
CPC分类号: H04L63/0263 , H04L63/20
摘要: A method and system for creating security policies for firewall and connection policies in an integrated manner is provided. The security system provides a user interface through which a user can define a security rule that specifies both a firewall policy and a connection policy. After the security rule is specified, the security system automatically generates a firewall rule and a connection rule to implement the security rule. The security system provides the firewall rule to a firewall engine that is responsible for enforcing the firewall rules and provides the connection rule to an IPsec engine that is responsible for enforcing the connection rules.
摘要翻译: 提供了以综合方式为防火墙和连接策略创建安全策略的方法和系统。 安全系统提供用户界面,用户可以通过该界面定义指定防火墙策略和连接策略的安全规则。 指定安全规则后,安全系统自动生成防火墙规则和连接规则,实现安全规则。 安全系统向防火墙引擎提供防火墙规则,该引擎负责执行防火墙规则,并向负责执行连接规则的IPsec引擎提供连接规则。
-
公开(公告)号:US20060047791A1
公开(公告)日:2006-03-02
申请号:US11206380
申请日:2005-08-18
申请人: Pradeep Bahl
发明人: Pradeep Bahl
IPC分类号: G06F15/177
CPC分类号: H04L61/2015
摘要: Presented is a system and method for providing centralized address management of static IP addresses through the dynamic host control protocol. Static or permanent IP addresses are those addresses assigned by DHCP having an infinite lease time. The assignment of such static IP addresses follows the conventional DHCP mechanism for the assignment of other IP addresses. However, the centralized reclamation of a statically or permanently assigned IP address by a network administrator through the DHCP server presents novel aspects of the invention heretofore unknown. Specifically, through the system and method of the present invention, the DHCP server is capable of reclaiming at any point in time, a statically or permanently assigned IP address by transmitting a DHCP RECLAIM command to the DHCP client, or through its relay agent. In the normal situation, the DHCP client acknowledges the RECLAIM command, allowing the IP address to be placed in the FREE state. If, however, the DHCP client does not respond or the responses are not received by the DHCP server, the DHCP server marks the state of the IP address as DEPRECATED. The state of the IP address will be changed from DEPRECATED to FREE once a number of retries of the RECLAIM process has been completed, or a maximum period of time has passed. Security mechanisms to prevent a malicious attacker from reclaiming static IP address from DHCP clients are also presented.
-
8.发明授权System and method of assigning and reclaiming static addresses through the dynamic host configuration protocol 失效通过动态主机配置协议分配和回收静态地址的系统和方法公开(公告)号:US06957276B1
公开(公告)日:2005-10-18
申请号:US09694153
申请日:2000-10-23
申请人: Pradeep Bahl
发明人: Pradeep Bahl
CPC分类号: H04L61/2015
摘要: Presented is a system and method for providing centralized address management of static IP addresses through the dynamic host control protocol. Static or permanent IP addresses are those addresses assigned by DHCP having an infinite lease time. The assignment of such static IP addresses follows the conventional DHCP mechanism for the assignment of other IP addresses. However, the centralized reclamation of a statically or permanently assigned IP address by a network administrator through the DHCP server presents novel aspects of the invention heretofore unknown. Specifically, through the system and method of the present invention, the DHCP server is capable of reclaiming at any point in time, a statically or permanently assigned IP address by transmitting a DHCP RECLAIM command to the DHCP client, or through its relay agent. In the normal situation, the DHCP client acknowledges the RECLAIM command, allowing the IP address to be placed in the FREE state. If, however, the DHCP client does not respond or the responses are not received by the DHCP server, the DHCP server marks the state of the IP address as DEPRECATED. The state of the IP address will be changed from DEPRECATED to FREE once a number of retries of the RECLAIM process has been completed, or a maximum period of time has passed. Security mechanisms to prevent a malicious attacker from reclaiming static IP address from DHCP clients are also presented.
摘要翻译: 提出了一种通过动态主机控制协议提供静态IP地址的集中地址管理的系统和方法。 静态或永久IP地址是由DHCP分配的具有无限租期的地址。 这种静态IP地址的分配遵循传统的DHCP机制来分配其他IP地址。 然而,由网络管理员通过DHCP服务器集中回收静态或永久分配的IP地址提供了迄今未知的本发明的新颖方面。 具体来说,通过本发明的系统和方法,DHCP服务器能够通过向DHCP客户端发送DHCP RECLAIM命令或通过其中继代理,在任何时间点回收静态或永久分配的IP地址。 在正常情况下,DHCP客户端确认RECLAIM命令,允许IP地址置于FREE状态。 但是,如果DHCP客户端没有响应或DHCP服务器没有收到响应,则DHCP服务器将IP地址的状态标记为DEPRECATED。 一旦RECLAIM进程的一些重试已经完成或最长时间过去,IP地址的状态将从DEPRECATED更改为FREE。 还介绍了防止恶意攻击者从DHCP客户端回收静态IP地址的安全机制。
-
9.发明授权Selectively utilizing an automatically generated internet protocol address in a networked environment 有权在网络环境中选择性地利用自动生成的互联网协议地址公开(公告)号:US06687755B1
公开(公告)日:2004-02-03
申请号:US09605034
申请日:2000-06-27
IPC分类号: G06F1516
CPC分类号: H04L61/2046 , H04L29/12216 , H04L29/12264 , H04L29/1232 , H04L29/12801 , H04L61/2007 , H04L61/2092 , H04L61/6004 , Y10S707/99932
摘要: The utilization is described of an automatically generated Internet protocol (“IP”) address in a networked environment. An IP address is automatically generated and used while an IP address server is unavailable or unreliable. The system used either the automatically generated IP address or the assigned address depending on certain circumstances. For example, if the IP address server repeatedly assigns conflicting IP address, the system continues to use the generated IP address despite having received an assigned IP address from the IP address server. Also, if the communication is within a common local area network, the generated IP address is used so as to avoid encryption of the communication in accordance with TCP/IP protocol.
摘要翻译: 在网络环境中描述了自动生成的Internet协议(“IP”)地址的使用。 当IP地址服务器不可用或不可靠时,会自动生成并使用IP地址。 系统根据某些情况使用自动生成的IP地址或分配的地址。 例如,如果IP地址服务器反复分配冲突的IP地址,则系统会继续使用生成的IP地址,尽管从IP地址服务器接收到分配的IP地址。 此外,如果通信在公共局域网内,则使用生成的IP地址,以避免根据TCP / IP协议的通信加密。
-
公开(公告)号:US5729689A
公开(公告)日:1998-03-17
申请号:US428582
申请日:1995-04-25
CPC分类号: H04L61/1552 , H04L29/12132 , H04L29/12811 , H04L29/1282 , H04L61/6009 , H04L61/6013
摘要: A method and apparatus are described for enabling a first node, which utilizes a first naming protocol, to obtain an network address of another node from a naming service that does not provide addresses in accordance with the first naming protocol. A network embodying the present invention includes a naming proxy agent. A first node in the network obtains network addresses corresponding to node names according to a first naming protocol, and a second node conducts network naming operations according to a second naming protocol that is incompatible with the first naming protocol. As a result, the first node cannot by itself obtain the address of the second node by means of a node name query under the first naming protocol. However, the naming proxy agent receives a first naming query transmitted by the first node according to the first naming protocol that includes the name of the second node. The naming proxy agent converts the first naming query into a second naming query that also includes the registered name. The naming proxy agent transmits the second naming query according to the second naming protocol.
摘要翻译: 描述了一种使得能够使用第一命名协议的第一节点从不根据第一命名协议提供地址的命名服务获得另一节点的网络地址的方法和装置。 体现本发明的网络包括命名代理代理。 网络中的第一节点根据第一命名协议获得与节点名对应的网络地址,第二节点根据与第一命名协议不兼容的第二命名协议进行网络命名操作。 结果,第一节点本身不能通过在第一命名协议下的节点名称查询获得第二节点的地址。 然而,命名代理代理接收根据包括第二节点的名称的第一命名协议由第一节点发送的第一命名查询。 命名代理代理将第一个命名查询转换为第二个命名查询,还包括注册的名称。 命名代理代理根据第二个命名协议传输第二个命名查询。
-
-
-
-
-
-
-
-
-
搜索结果
86 条记录 (耗时 0.028 秒)
