利索-全球专利检索

  1. 登录
  2. 注册

搜索结果

27 条记录 (耗时 0.04 秒)

    Systems and methods for providing IIP address stickiness in an SSL VPN session failover environment
    1.
    发明授权
    Systems and methods for providing IIP address stickiness in an SSL VPN session failover environment 有权
    在SSL VPN会话故障切换环境中提供IIP地址粘性的系统和方法

    公开(公告)号:US09009327B2

    公开(公告)日:2015-04-14

    申请号:US11833581

    申请日:2007-08-03

    申请人: Saibal Adhya Akshat Choudhary Shashi Nanjundaswamy Sergey Verzunov Arkesh Kumar Amarnath Mullick

    发明人: Saibal Adhya Akshat Choudhary Shashi Nanjundaswamy Sergey Verzunov Arkesh Kumar Amarnath Mullick

    IPC分类号: G06F15/16 H04L12/46 H04L29/12 H04L29/08 H04L29/14 G06F15/173 H04W4/00 H04L29/06

    CPC分类号: H04L12/4641 H04L29/12216 H04L61/2007 H04L63/0272 H04L63/166 H04L67/14 H04L69/40

    摘要: The SSL VPN session failover solution of the appliance and/or client agent described herein provides an environment for handling IP address assignment and end point re-authorization upon failover. The appliances may be deployed to provide a session failover environment in which a second appliance is a backup to a first appliance when a failover condition is detected, such as failure in operation of the first appliance. The backup appliance takes over responsibility for SSL VPN sessions provided by the first appliance. In the failover environment, the first appliance propagates SSL VPN session information including user IP address assignment and end point authorization information to the backup appliance. The backup appliance maintains this information. Upon detection of failover of the first appliance, the backup appliance activates the transferred SSL VPN session and maintains the user assigned IP addresses. The backup appliance may also re-authorize the client for the transferred SSL VPN session.

    摘要翻译: 本文描述的设备和/或客户端代理的SSL VPN会话故障切换解决方案提供了一种在故障转移时处理IP地址分配和终点重新授权的环境。 可以部署设备以提供会话故障转移环境,其中当检测到故障转移条件时,第二设备是第一设备的备份,诸如第一设备的操作失败。 备份设备负责第一个设备提供的SSL VPN会话。 在故障切换环境中,第一个设备将SSL VPN会话信息(包括用户IP地址分配和终点授权信息)传播到备份设备。 备份设备维护此信息。 在检测到第一个设备的故障切换后,备份设备会激活传输的SSL VPN会话并维护用户分配的IP地址。 备份设备还可以重新授权客户端传输的SSL VPN会话。

    Systems and Methods for Authorizing a Client in an SSL VPN Session Failover Environment
    2.
    发明申请
    Systems and Methods for Authorizing a Client in an SSL VPN Session Failover Environment 有权
    在SSL VPN会话故障转移环境中授权客户端的系统和方法

    公开(公告)号:US20090037998A1

    公开(公告)日:2009-02-05

    申请号:US11833577

    申请日:2007-08-03

    申请人: Saibal Adhya Akshat Choudhary Sergey Verzunov Amarnath Mullick Shashi Nanjundaswamy Arkesh Kumar

    发明人: Saibal Adhya Akshat Choudhary Sergey Verzunov Amarnath Mullick Shashi Nanjundaswamy Arkesh Kumar

    IPC分类号: H04L9/00

    CPC分类号: H04L63/20 G06Q20/027 H04L63/0428 H04L63/08 H04L63/166 H04L69/40 Y10S379/901

    摘要: The SSL VPN session failover solution of the appliance and/or client agent described herein provides an environment for handling IP address assignment and end point re-authorization upon failover. The appliances may be deployed to provide a session failover environment in which a second appliance is a backup to a first appliance when a failover condition is detected, such as failure in operation of the first appliance. The backup appliance takes over responsibility for SSL VPN sessions provided by the first appliance. In the failover environment, the first appliance propagates SSL VPN session information including user IP address assignment and end point authorization information to the backup appliance. The backup appliance maintains this information. Upon detection of failover of the first appliance, the backup appliance activates the transferred SSL VPN session and maintains the user assigned IP addresses. The backup appliance may also re-authorize the client for the transferred SSL VPN session.

    摘要翻译: 本文描述的设备和/或客户端代理的SSL VPN会话故障切换解决方案提供了一种在故障转移时处理IP地址分配和终点重新授权的环境。 可以部署设备以提供会话故障转移环境,其中当检测到故障转移条件时,第二设备是第一设备的备份,诸如第一设备的操作失败。 备份设备负责第一个设备提供的SSL VPN会话。 在故障切换环境中,第一个设备将SSL VPN会话信息(包括用户IP地址分配和终点授权信息)传播到备份设备。 备份设备维护此信息。 在检测到第一个设备的故障切换后,备份设备会激活传输的SSL VPN会话并维护用户分配的IP地址。 备份设备还可以重新授权客户端传输的SSL VPN会话。

    Systems and methods for authorizing a client in an SSL VPN session failover environment
    3.
    发明授权
    Systems and methods for authorizing a client in an SSL VPN session failover environment 有权
    在SSL VPN会话故障切换环境中授权客户端的系统和方法

    公开(公告)号:US08132247B2

    公开(公告)日:2012-03-06

    申请号:US11833577

    申请日:2007-08-03

    申请人: Saibal Adhya Akshat Choudhary Sergey Verzunov Amarnath Mullick Shashi Nanjundaswamy Arkesh Kumar

    发明人: Saibal Adhya Akshat Choudhary Sergey Verzunov Amarnath Mullick Shashi Nanjundaswamy Arkesh Kumar

    IPC分类号: G06F9/00

    CPC分类号: H04L63/20 G06Q20/027 H04L63/0428 H04L63/08 H04L63/166 H04L69/40 Y10S379/901

    摘要: The SSL VPN session failover solution of the appliance and/or client agent described herein provides an environment for handling IP address assignment and end point re-authorization upon failover. The appliances may be deployed to provide a session failover environment in which a second appliance is a backup to a first appliance when a failover condition is detected, such as failure in operation of the first appliance. The backup appliance takes over responsibility for SSL VPN sessions provided by the first appliance. In the failover environment, the first appliance propagates SSL VPN session information including user IP address assignment and end point authorization information to the backup appliance. The backup appliance maintains this information. Upon detection of failover of the first appliance, the backup appliance activates the transferred SSL VPN session and maintains the user assigned IP addresses. The backup appliance may also re-authorize the client for the transferred SSL VPN session.

    摘要翻译: 本文描述的设备和/或客户端代理的SSL VPN会话故障切换解决方案提供了一种在故障转移时处理IP地址分配和终点重新授权的环境。 可以部署设备以提供会话故障转移环境,其中当检测到故障转移条件时,第二设备是第一设备的备份,诸如第一设备的操作失败。 备份设备负责第一个设备提供的SSL VPN会话。 在故障切换环境中,第一个设备将SSL VPN会话信息(包括用户IP地址分配和终点授权信息)传播到备份设备。 备份设备维护此信息。 在检测到第一个设备的故障切换后,备份设备会激活传输的SSL VPN会话并维护用户分配的IP地址。 备份设备还可以重新授权客户端传输的SSL VPN会话。

    Systems and Methods for Providing IIP Address Stickiness in an SSL VPN Session Failover Environment
    4.
    发明申请
    Systems and Methods for Providing IIP Address Stickiness in an SSL VPN Session Failover Environment 有权
    在SSL VPN会话故障转移环境中提供IIP地址粘性的系统和方法

    公开(公告)号:US20090037763A1

    公开(公告)日:2009-02-05

    申请号:US11833581

    申请日:2007-08-03

    申请人: Saibal Adhya Akshat Choudhary Shashi Nanjundaswamy Sergey Verzunov Arkesh Kumar Amarnath Mullick

    发明人: Saibal Adhya Akshat Choudhary Shashi Nanjundaswamy Sergey Verzunov Arkesh Kumar Amarnath Mullick

    IPC分类号: G06F11/07

    CPC分类号: H04L12/4641 H04L29/12216 H04L61/2007 H04L63/0272 H04L63/166 H04L67/14 H04L69/40

    摘要: The SSL VPN session failover solution of the appliance and/or client agent described herein provides an environment for handling IP address assignment and end point re-authorization upon failover. The appliances may be deployed to provide a session failover environment in which a second appliance is a backup to a first appliance when a failover condition is detected, such as failure in operation of the first appliance. The backup appliance takes over responsibility for SSL VPN sessions provided by the first appliance. In the failover environment, the first appliance propagates SSL VPN session information including user IP address assignment and end point authorization information to the backup appliance. The backup appliance maintains this information. Upon detection of failover of the first appliance, the backup appliance activates the transferred SSL VPN session and maintains the user assigned IP addresses. The backup appliance may also re-authorize the client for the transferred SSL VPN session.

    摘要翻译: 本文描述的设备和/或客户端代理的SSL VPN会话故障切换解决方案提供了一种在故障转移时处理IP地址分配和终点重新授权的环境。 可以部署设备以提供会话故障转移环境,其中当检测到故障转移条件时,第二设备是第一设备的备份,诸如第一设备的操作失败。 备份设备负责第一个设备提供的SSL VPN会话。 在故障切换环境中,第一个设备将SSL VPN会话信息(包括用户IP地址分配和终点授权信息)传播到备份设备。 备份设备维护此信息。 在检测到第一个设备的故障切换后,备份设备会激活传输的SSL VPN会话并维护用户分配的IP地址。 备份设备还可以重新授权客户端传输的SSL VPN会话。

    Systems and methods for application based interception of SSL/VPN traffic
    6.
    发明授权
    Systems and methods for application based interception of SSL/VPN traffic 有权
    基于应用程序拦截SSL / VPN流量的系统和方法

    公开(公告)号:US08869262B2

    公开(公告)日:2014-10-21

    申请号:US11462329

    申请日:2006-08-03

    申请人: Amarnath Mullick Shashi Nanjundaswamy Charu Venkatraman Junxiao He James Harris Ajay Soni

    发明人: Amarnath Mullick Shashi Nanjundaswamy Charu Venkatraman Junxiao He James Harris Ajay Soni

    IPC分类号: G06F15/16 H04L29/06

    CPC分类号: H04L63/10 H04L63/0272 H04L63/0876 H04L63/102 H04L63/20

    摘要: A method for allowing or denying, by an appliance, access to a resource by an application on a client via a virtual private network connection includes basing the decision to allow or deny access on identification of the application. The appliance intercepts a request from an application on a client on a first network to access via a virtual private network connection a resource on a second network. The appliance identifies the application and associates with the intercepted request an authorization policy based on the identity of the application. The appliance determines, using the authorization policy and the identity of the application, to either allow or deny access by the application to the resource.

    摘要翻译: 允许或拒绝由设备通过虚拟专用网络连接在客户端上的应用访问资源的方法包括基于允许或拒绝对应用标识的访问的决定。 设备拦截来自第一网络上的客户端上的应用的请求,以经由虚拟专用网络连接在第二网络上访问资源。 设备识别应用程序,并根据应用程序的身份将截获的请求与授权策略相关联。 设备使用授权策略和应用程序的身份来确定应用程序是否允许或拒绝资源访问。

    Method and system for authorizing a level of access of a client to a virtual private network connection, based on a client-side attribute
    7.
    发明授权
    Method and system for authorizing a level of access of a client to a virtual private network connection, based on a client-side attribute 有权
    基于客户端属性来授权客户端访问虚拟专用网络连接的级别的方法和系统

    公开(公告)号:US08397287B2

    公开(公告)日:2013-03-12

    申请号:US11465915

    申请日:2006-08-21

    申请人: Amarnath Mullick Shashi Nanjundaswamy Ajay Soni Charu Venkatraman Max He

    发明人: Amarnath Mullick Shashi Nanjundaswamy Ajay Soni Charu Venkatraman Max He

    IPC分类号: G06F17/00

    CPC分类号: H04L63/20 H04L63/0272 H04L63/102 H04L63/105

    摘要: An appliance and method for authorizing a level of access of a client to a virtual private network connection, based on a client-side attribute includes the step of establishing, by an appliance, a control connection with a client upon receiving a client request to establish a virtual private network connection with a network. The appliance transmits, via the control connection, a request to the client to evaluate at least one clause of a security string, the at least one clause including an expression associated with a client-side attribute. The client transmits, via the control connection, a response to the appliance comprising a result of evaluating the at least one clause by the client. The appliance assigns the client to an authorization group based on the result of evaluation of the at least one clause.

    摘要翻译: 基于客户端属性来授权客户端访问虚拟专用网络连接的级别的设备和方法包括以下步骤:当设备在接收到建立客户端请求时建立与客户端的控制连接 与网络的虚拟专用网络连接。 该设备经由控制连接向客户端发送请求以评估安全字符串的至少一个子句,所述至少一个子句包括与客户端属性相关联的表达式。 客户端经由控制连接发送对设备的响应,包括由客户端评估至少一个子句的结果。 该设备基于至少一个子句的评估结果将客户端分配给授权组。

    Systems and methods for using a client agent to manage ICMP traffic in a virtual private network environment
    8.
    发明授权
    Systems and methods for using a client agent to manage ICMP traffic in a virtual private network environment 有权
    在虚拟专用网络环境中使用客户端代理来管理ICMP流量的系统和方法

    公开(公告)号:US07907621B2

    公开(公告)日:2011-03-15

    申请号:US11462253

    申请日:2006-08-03

    申请人: Amarnath Mullick Charu Venkatraman Shashi Nanjundaswamy Junxiao He Roy Rajan Ajay Soni

    发明人: Amarnath Mullick Charu Venkatraman Shashi Nanjundaswamy Junxiao He Roy Rajan Ajay Soni

    IPC分类号: H04L12/28

    CPC分类号: H04L12/4641 H04L41/046 H04L41/0893 H04L43/00 H04L43/0811 H04L43/0817 H04L43/10 H04L63/0272 H04L63/166

    摘要: Systems and methods are described for using a client agent executing on a client to send ICMP messages to an appliance connected via a virtual private network Methods include: establishing, via a client agent executing on a client, a transport layer virtual private network connection with an appliance; intercepting, by the client agent at the network layer, an ICMP request originating from the client; and transmitting, by the client agent via a transport layer connection, the ICMP request to the appliance. Addition methods describe determining, by the appliance, the address identified by the ICMP request corresponds to a second client, the second client also connected via a virtual private network to the remote machine; and transmitting, by the appliance to the second client via the virtual private network connection, the ICMP request. Corresponding systems are also described.

    摘要翻译: 描述了使用在客户端上执行的客户端代理将ICMP消息发送到经由虚拟专用网连接的设备的系统和方法。方法包括:通过在客户端上执行的客户端代理来建立传输层虚拟专用网络连接 器具; 由网络层的客户代理拦截来自客户端的ICMP请求; 以及由所述客户端代理经由传输层连接向所述设备发送所述ICMP请求。 附加方法描述了由设备确定由ICMP请求标识的地址对应于第二客户端,第二客户端还经由虚拟专用网络连接到远程机器; 以及由所述设备经由所述虚拟专用网络连接向所述第二客户端发送所述ICMP请求。 还描述了相应的系统。

    Systems and methods of fine grained interception of network communications on a virtual private network
    9.
    发明授权
    Systems and methods of fine grained interception of network communications on a virtual private network 有权
    在虚拟专用网络上进行网络通信的细粒度拦截的系统和方法

    公开(公告)号:US07843912B2

    公开(公告)日:2010-11-30

    申请号:US11462312

    申请日:2006-08-03

    申请人: James Harris Charu Venkatraman Junxiao He Amarnath Mullick Shashi Nanjundaswamy Ajay Soni

    发明人: James Harris Charu Venkatraman Junxiao He Amarnath Mullick Shashi Nanjundaswamy Ajay Soni

    IPC分类号: H04L12/28

    CPC分类号: H04L12/4679 H04L63/0272 H04L63/102 H04L69/16 H04L69/163

    摘要: A method for intercepting communication of a client to a destination on a virtual private network includes an agent executing on the client that intercepts a network communication of the client. The agent provides a virtual private network connection from a first network to a second network. The decision to intercept is based on a network destination description or an identification of an application authorized to be accessed via the virtual private network. In one case, the agent determines that a destination specified by the intercepted communication corresponds to a network identifier and a port of a network destination description of an application on the second network authorized for access via the virtual private network. In response to this determination, the agent transmits the intercepted communication.

    摘要翻译: 用于拦截客户端到虚拟专用网络上的目的地的通信的方法包括在客户端上执行的代理,其拦截客户端的网络通信。 代理提供从第一网络到第二网络的虚拟专用网络连接。 拦截的决定基于网络目的地描述或被授权经由虚拟专用网络访问的应用的标识。 在一种情况下,代理确定由截取的通信指定的目的地对应于被授权用于经由虚拟专用网访问的第二网络上的应用的网络标识符和网络目的地描述的端口。 响应于该确定,代理发送被拦截的通信。