-
1.发明申请Extensible authentication and authorization of identities in an application message on a network device 有权在网络设备上的应用消息中可扩展认证和身份认证公开(公告)号:US20070289005A1
公开(公告)日:2007-12-13
申请号:US11441594
申请日:2006-05-26
IPC分类号: H04L9/32
CPC分类号: H04L63/08 , H04L63/104
摘要: User credentials are validated within a network infrastructure element such as a packet data router or switch. The network element has authentication and authorization logic for receiving one or more packets representing an input application message logically associated with OSI network model Layer 5 or above; extracting user credentials from the one or more packets; authenticating an identity associated with the user credentials; authorizing privileges to the identity; and forwarding the application message to an intended destination if the identity is successfully authenticated and/or authorized. The authentication and authorization logic in the network element can invoke extension authentication and authorization methods that may be provisioned after the network element is deployed in a networked system.
摘要翻译: 用户凭证在诸如分组数据路由器或交换机的网络基础设施元件内被验证。 网元具有用于接收表示与OSI网络模型层5或更高逻辑地相关联的输入应用消息的一个或多个分组的认证和授权逻辑; 从一个或多个分组提取用户凭证; 认证与用户凭证相关联的身份; 授权身份的特权; 并且如果身份被成功地认证和/或授权,则将应用消息转发到预期目的地。 网络元素中的认证和授权逻辑可以调用在网络元件部署在网络系统中之后可以配置的扩展认证和授权方法。
-
2.发明授权Extensible authentication and authorization of identities in an application message on a network device 有权在网络设备上的应用消息中可扩展认证和身份认证公开(公告)号:US08613056B2
公开(公告)日:2013-12-17
申请号:US11441594
申请日:2006-05-26
IPC分类号: H04L29/06
CPC分类号: H04L63/08 , H04L63/104
摘要: User credentials are validated within a network infrastructure element such as a packet data router or switch. The network element has authentication and authorization logic for receiving one or more packets representing an input application message logically associated with OSI network model Layer 5 or above; extracting user credentials from the one or more packets; authenticating an identity associated with the user credentials; authorizing privileges to the identity; and forwarding the application message to an intended destination if the identity is successfully authenticated and/or authorized. The authentication and authorization logic in the network element can invoke extension authentication and authorization methods that may be provisioned after the network element is deployed in a networked system.
摘要翻译: 用户凭证在诸如分组数据路由器或交换机的网络基础设施元件内被验证。 网元具有用于接收表示与OSI网络模型层5或更高逻辑地相关联的输入应用消息的一个或多个分组的认证和授权逻辑; 从一个或多个分组提取用户凭证; 认证与用户凭证相关联的身份; 授权身份的特权; 并且如果身份被成功地认证和/或授权,则将应用消息转发到预期目的地。 网络元素中的认证和授权逻辑可以调用在网络元件部署在网络系统中之后可以配置的扩展认证和授权方法。
-
3.发明授权公开(公告)号:US07496750B2
公开(公告)日:2009-02-24
申请号:US11007421
申请日:2004-12-07
申请人: Sandeep Kumar , Subramanian Srinivasan , Tefcros Anthias , Subramanian N. Iyer , Christopher R. Wiborg
发明人: Sandeep Kumar , Subramanian Srinivasan , Tefcros Anthias , Subramanian N. Iyer , Christopher R. Wiborg
IPC分类号: H04L29/00
CPC分类号: H04L63/0281 , H04L63/0428 , H04L63/08 , H04L63/104 , H04L63/123 , H04L63/20
摘要: Techniques are provided for performing security functions on a message payload in a network element. According to one aspect, a network element receives one or more data packets. The network element performs a security function on at least a portion of an application layer message that is contained in one or more payload portions of the one or more data packets. According to another aspect, a network element receives a first request that is destined for a first application. The network element sends, to a second application that sent the first request, a second request for authentication information. The network element receives the authentication information and determines whether the authentication information is valid. If the authentication information is not valid, then the network element prevents the first request from being sent to the first application.
摘要翻译: 提供了用于在网络元件中的消息有效载荷上执行安全功能的技术。 根据一个方面,网络元件接收一个或多个数据分组。 网络元件对包含在一个或多个数据分组的一个或多个有效载荷部分中的应用层消息的至少一部分执行安全功能。 根据另一方面,网络元件接收注定用于第一应用的第一请求。 网元向发送第一请求的第二应用发送认证信息的第二请求。 网元接收认证信息,判断认证信息是否有效。 如果认证信息无效,则网络元件防止将第一请求发送到第一应用。
-
公开(公告)号:US08090839B2
公开(公告)日:2012-01-03
申请号:US11472796
申请日:2006-06-21
申请人: Sandeep Kumar , Karempudi Ramarao , Yuquan Jiang , Yi Jin , Tefcros Anthias
发明人: Sandeep Kumar , Karempudi Ramarao , Yuquan Jiang , Yi Jin , Tefcros Anthias
CPC分类号: H04L67/02 , G06F8/656 , G06F2221/2141 , H04L29/06 , H04L41/026 , H04L41/06 , H04L41/0893 , H04L41/12 , H04L41/22 , H04L41/5003 , H04L41/5009 , H04L41/5012 , H04L41/5096 , H04L43/0811 , H04L45/00 , H04L45/56 , H04L45/563 , H04L63/0245 , H04L63/0428 , H04L63/08 , H04L63/102 , H04L63/12 , H04L67/34 , H04L69/22
摘要: A network infrastructure element such as a router or switch performs transparent and optimized validation of XML schemas of XML payloads received in the network element. The network element comprises logic for receiving and storing one or more validation scope rules that define a portion of an extensible markup language (XML) schema for validation; receiving and storing the XML schema; receiving over the network an application-layer message comprising one or more of the packets; identifying a particular XML element in an XML payload of the application-layer message, wherein the particular XML element is within the portion of the XML schema defined in the one or more validation scope rules; determining whether the particular XML element conforms to the XML schema; and performing a responsive action based on whether the particular XML element conforms to the XML schema.
摘要翻译: 网络基础设施元素(如路由器或交换机)对网元中接收的XML有效负载的XML模式进行透明和优化的验证。 网络元件包括用于接收和存储定义可扩展标记语言(XML)模式的一部分以进行验证的一个或多个验证范围规则的逻辑; 接收和存储XML模式; 通过网络接收包括一个或多个分组的应用层消息; 识别应用层消息的XML有效载荷中的特定XML元素,其中所述特定XML元素在所述一个或多个验证范围规则中定义的所述XML模式的部分内; 确定特定的XML元素是否符合XML模式; 以及基于所述特定XML元素是否符合所述XML模式来执行响应动作。
-
公开(公告)号:US20070005786A1
公开(公告)日:2007-01-04
申请号:US11472796
申请日:2006-06-21
申请人: Sandeep Kumar , Karempudi Ramarao , Yuquan Jiang , Yi Jin , Tefcros Anthias
发明人: Sandeep Kumar , Karempudi Ramarao , Yuquan Jiang , Yi Jin , Tefcros Anthias
IPC分类号: G06F15/16
CPC分类号: H04L67/02 , G06F8/656 , G06F2221/2141 , H04L29/06 , H04L41/026 , H04L41/06 , H04L41/0893 , H04L41/12 , H04L41/22 , H04L41/5003 , H04L41/5009 , H04L41/5012 , H04L41/5096 , H04L43/0811 , H04L45/00 , H04L45/56 , H04L45/563 , H04L63/0245 , H04L63/0428 , H04L63/08 , H04L63/102 , H04L63/12 , H04L67/34 , H04L69/22
摘要: A network infrastructure element such as a router or switch performs transparent and optimized validation of XML schemas of XML payloads received in the network element. The network element comprises logic for receiving and storing one or more validation scope rules that define a portion of an extensible markup language (XML) schema for validation; receiving and storing the XML schema; receiving over the network an application-layer message comprising one or more of the packets; identifying a particular XML element in an XML payload of the application-layer message, wherein the particular XML element is within the portion of the XML schema defined in the one or more validation scope rules; determining whether the particular XML element conforms to the XML schema; and performing a responsive action based on whether the particular XML element conforms to the XML schema.
摘要翻译: 网络基础设施元素(如路由器或交换机)对网元中接收的XML有效负载的XML模式进行透明和优化的验证。 网络元件包括用于接收和存储定义可扩展标记语言(XML)模式的一部分以进行验证的一个或多个验证范围规则的逻辑; 接收和存储XML模式; 通过网络接收包括一个或多个分组的应用层消息; 识别应用层消息的XML有效载荷中的特定XML元素,其中所述特定XML元素在所述一个或多个验证范围规则中定义的所述XML模式的部分内; 确定特定的XML元素是否符合XML模式; 以及基于所述特定XML元素是否符合所述XML模式来执行响应动作。
-
公开(公告)号:US09935955B2
公开(公告)日:2018-04-03
申请号:US15153108
申请日:2016-05-12
申请人: Purvi Desai , Vikas Mahajan , Abhinav Bansal , Ajit Singh , Sandeep Kumar , Vivek Raman
发明人: Purvi Desai , Vikas Mahajan , Abhinav Bansal , Ajit Singh , Sandeep Kumar , Vivek Raman
CPC分类号: H04L63/0884 , H04L61/1511 , H04L61/6063 , H04L63/0272 , H04L63/0281 , H04L67/02 , H04L67/10 , H04L67/1002 , H04L67/125 , H04L67/16 , H04L67/28 , H04L67/2814 , H04L67/2819 , H04L69/162
摘要: Systems and methods implemented by a unified agent application executed on a mobile device, for unified service discovery and secure availability include authenticating a user into a plurality of cloud services including a proxy service and a Virtual Private Network (VPN) service, wherein the proxy service is utilized for Internet traffic and the VPN service is for Intranet traffic; creating and operating a link local network at the mobile device with a virtual network interface and multiple listening sockets; and intercepting traffic at the virtual network interface from one or more client applications on the mobile device and splitting the traffic between the proxy service, the VPN service, and the Internet based on a type of the traffic, a destination, and the one or more client applications.
-
7.发明申请VLAN Bridging Path for Virtual Machines in MVRP Environment without Administrator Intervention 有权MVRP环境中虚拟机的VLAN桥接路径,无需管理员干预公开(公告)号:US20140294012A1
公开(公告)日:2014-10-02
申请号:US13853593
申请日:2013-03-29
IPC分类号: H04L12/931
CPC分类号: H04L49/35
摘要: A bi-directional VLAN bridging path is created on an edge switch in an MVRP environment without administrator intervention using a virtual network profile (VNP) feature running on the edge switch. The VNP feature is configured to detect a device coupled to a port of the edge switch, learn the Medium Access Control (MAC) address of the device on a MVRP-VLAN and automatically convert the MVRP-VLAN to a VNP-Dynamic-VLAN corresponding to a static VLAN to create a bi-directional VLAN Port Association (VPA) for the device.
摘要翻译: 在MVRP环境的边缘交换机上创建双向VLAN桥接路径,无需管理员干预即可使用边缘交换机上运行的虚拟网络配置文件(VNP)功能。 VNP功能配置为检测耦合到边缘交换机端口的设备,了解MVRP-VLAN上设备的介质访问控制(MAC)地址,并自动将MVRP-VLAN转换为对应的VNP-Dynamic-VLAN 到静态VLAN,为设备创建双向VLAN端口关联(VPA)。
-
公开(公告)号:US08799511B1
公开(公告)日:2014-08-05
申请号:US12814198
申请日:2010-06-11
申请人: Raghunath Balakrishna , Shine-chu Wang , Umesh Krishnaswamy , Bharani Chadalavada , Sandeep Kumar , Raj Tuplur , Rajagopalan Sivaramakrishnan
发明人: Raghunath Balakrishna , Shine-chu Wang , Umesh Krishnaswamy , Bharani Chadalavada , Sandeep Kumar , Raj Tuplur , Rajagopalan Sivaramakrishnan
IPC分类号: G06F15/173
CPC分类号: G06F11/2097 , G06F11/2038 , H04L12/66
摘要: Techniques are described for synchronizing state information between a plurality of control units. A router, for example, is described that includes a primary control unit and a standby control unit. The primary control unit maintains router resources to ensure operation of the router. To ensure operation, the primary control unit receives state information from the router resources and maintains the state information for consumers, i.e. router resources that require or “consume” state information. Prior to updating the consumers with the state information, the primary control unit synchronizes the state information with the standby control unit. In the event the primary control unit fails, the standby control unit assumes control of the router resources. Upon assuming control, the standby control unit resumes updating the consumers with state information without having to “relearn” state information, e.g., by way of power cycling the router resources to a known state.
摘要翻译: 描述了用于使多个控制单元之间的状态信息同步的技术。 描述了路由器,其包括主控制单元和备用控制单元。 主控单元维护路由器资源,确保路由器的运行。 为了确保操作,主控制单元从路由器资源接收状态信息并维护消费者的状态信息,即需要或“消耗”状态信息的路由器资源。 在使用状态信息更新消费者之前,主控制单元将状态信息与待机控制单元同步。 在主控单元发生故障的情况下,备用控制单元承担路由器资源的控制。 在进行控制时,备用控制单元通过状态信息恢复消费者的更新,而不必例如通过将路由器资源的功率循环到已知状态来“重新学习”状态信息。
-
9.发明授权Method and apparatus for high-speed processing of structured application messages in a network device 有权用于在网络设备中高速处理结构化应用消息的方法和装置公开(公告)号:US08549171B2
公开(公告)日:2013-10-01
申请号:US11089794
申请日:2005-03-24
申请人: Karempudi Ramarao , Tefcros Anthias , Sunil Potti , Sandeep Kumar , Stephen Cho , Alex Yiu-Man Chan , Yi Jin , Ricky Ho
发明人: Karempudi Ramarao , Tefcros Anthias , Sunil Potti , Sandeep Kumar , Stephen Cho , Alex Yiu-Man Chan , Yi Jin , Ricky Ho
IPC分类号: G06F15/173
摘要: A method is disclosed for high-speed processing of structured application messages in a network device. According to one aspect, a network device receives a set of message classification rules that have been prepared beforehand by a system administrator or customer. The system analyzes the message classification rules to determine what part(s) of the message are necessary to classify a message according to the message classification rules. This allows the system to consider only the relevant parts of the message and ignore the rest of the message. The system extracts the portion of the message necessary for classifying the message and classifies the message using the values of the extracted information and the message classification rules. A unique sequence of operations is implied by the message classification and those operations must then be applied to the message.
摘要翻译: 公开了一种用于在网络设备中高速处理结构化应用消息的方法。 根据一个方面,网络设备接收由系统管理员或客户预先准备的一组消息分类规则。 系统分析消息分类规则,以根据消息分类规则确定消息的哪些部分是必要的,以对消息进行分类。 这允许系统仅考虑消息的相关部分,并忽略消息的其余部分。 系统提取消息分类所需的部分,并使用提取的信息和消息分类规则的值对消息进行分类。 消息分类暗示了唯一的操作序列,然后必须将这些操作应用于消息。
-
10.发明授权Performing message payload processing functions in a network element on behalf of an application 有权代表应用程序在网络元素中执行消息有效负载处理功能公开(公告)号:US07987272B2
公开(公告)日:2011-07-26
申请号:US11005978
申请日:2004-12-06
IPC分类号: G06F15/16
摘要: A method is disclosed for performing message payload processing functions in a network element on behalf of an application. According to one aspect, a network element receives user-specified input that indicates a particular message classification. The network element also receives one or more data packets. Based on the data packets, the network element determines that an application layer message, which is collectively contained in payload portions of the data packets, matches the particular message classification. The network element processes at least a portion of the message by performing, on behalf of the application to which the message is directed, and relative to at least the portion of the message, one or more actions that are (a) specified in the user-specified input and (b) associated with the particular message classification.
摘要翻译: 公开了一种代表应用程序在网络元件中执行消息有效载荷处理功能的方法。 根据一个方面,网络元件接收指示特定消息分类的用户指定的输入。 网元还接收一个或多个数据包。 基于数据分组,网元确定在数据分组的有效载荷部分中共同包含的应用层消息与特定消息分类相匹配。 网络元件通过代表消息所针对的应用程序并相对于消息的至少一部分执行一个或多个动作(a)在用户中指定的处理消息的至少一部分 指定的输入和(b)与特定消息分类相关联。
-
-
-
-
-
-
-
-
-
搜索结果
68 条记录 (耗时 0.041 秒)
