公开(公告)号：US20070150947A1

公开(公告)日：2007-06-28

申请号：US11315823

申请日：2005-12-22

申请人： Rajesh Vijayakumar ,  Vibhu Vivek ,  Biju Kunjukunju ,  Niklas Hanberger

发明人： Rajesh Vijayakumar ,  Vibhu Vivek ,  Biju Kunjukunju ,  Niklas Hanberger

IPC分类号： G06F12/14

CPC分类号： H04L41/0893 ,  H04L63/0272 ,  H04L63/08

摘要： Increased security may be provided on an enterprise network by causing a central security server to administer security policy on the network. Agents in hosts on the network authenticate with the central security server to obtain policy information for that particular host user. The policy information may specify whether any special routing, processing, or other features, should occur in connection with particular classes of traffic or in connection with communications with particular other hosts or classes of hosts. In operation, the agents implement the policy by interfacing with the networking layer to cause the traffic to be routed via any other host/server on the network so that appropriate services may occur with respect to that traffic. Additionally, tunnels may be established so that traffic in-between hosts or between a host and server to be encrypted, compressed, or otherwise treated as specified in the policy.

摘要翻译： 可以通过使中央安全服务器管理网络上的安全策略来在企业网络上提供更高的安全性。 网络主机中的代理与中央安全服务器进行身份验证，以获取该特定主机用户的策略信息。 策略信息可以指定是否应该与特定类别的业务相关联或者与特定的其他主机或类别的主机相关联地发生特殊的路由，处理或其他特征。 在操作中，代理通过与网络层接口来实现该策略，以使流量经由网络上的任何其他主机/服务器路由，使得相对于该流量可能发生适当的服务。 此外，可以建立隧道，使得主机之间或主机和服务器之间的流量被加密，压缩或以其他方式处理，如在策略中指定的。

公开(公告)号：US20070150946A1

公开(公告)日：2007-06-28

申请号：US11316719

申请日：2005-12-23

申请人： Niklas Hanberger ,  Johan Bevemyr

发明人： Niklas Hanberger ,  Johan Bevemyr

IPC分类号： G06F15/16

CPC分类号： H04L63/0272 ,  H04L63/168

摘要： VPN tunnels may be established using an Internet browser and dynamically downloadable VPN client software that may be installed as part of a remote login process. By causing the VPN client software to be dynamically downloaded during the session, the remote user does not need to pre-load any software onto the computer that will be used as the remote computer. Thus, any computer with an Internet browser may be used to log into the enterprise network without first requiring the user of that computer to acquire rights to install a VPN client on the computer. By causing some or all of the dynamically downloaded software components to be deleted upon termination of the session, the components of the software may be made to be not available once the session has ended. Encrypted UDP may be used to transmit data on the VPN tunnel where exchange of an initial UDP packet indicates the availability of UDP connectivity.

摘要翻译： 可以使用Internet浏览器和可以作为远程登录过程的一部分安装的动态可下载VPN客户端软件来建立VPN隧道。 通过使VPN客户端软件在会话期间被动态下载，远程用户不需要将任何软件预加载到将被用作远程计算机的计算机上。 因此，具有因特网浏览器的任何计算机可以用于登录到企业网络，而不需要该计算机的用户获得在计算机上安装VPN客户端的权限。 通过在会话结束时导致部分或全部动态下载的软件组件被删除，在会话结束之后，软件的组件可能不可用。 加密UDP可以用于在VPN隧道上传输数据，其中初始UDP分组的交换表示UDP连接的可用性。