公开(公告)号：US07984479B2

公开(公告)日：2011-07-19

申请号：US11405069

申请日：2006-04-17

申请人： Roy F. Brabson ,  Barry Mosakowski ,  Linwood H. Overby, Jr.

发明人： Roy F. Brabson ,  Barry Mosakowski ,  Linwood H. Overby, Jr.

IPC分类号： G06F17/00 ,  H04L29/06 ,  H04L9/32

CPC分类号： H04L63/0823 ,  G06F21/33 ,  H04L9/3265 ,  H04L63/0227 ,  H04L63/12 ,  H04L63/166 ,  H04L2209/80

摘要： Policy filtering services are built into security processing of an execution environment for resolving how to handle a digital security certificate of a communicating entity without requiring a local copy of a root certificate that is associated with the entity through a certificate authority (“CA”) chain. Policy may be specified using a set of rules (or other policy format) indicating conditions for certificate filtering. This filtering is preferably invoked during handshaking, upon determining that a needed root CA certificate is not available. In one approach, the policy uses rules specifying conditions under which a certificate is permitted (i.e., treated as if it is validated) and other rules specifying conditions under which a certificate is blocked (i.e., treated as if it is invalid). Preferably, policy rules are evaluated and enforced in order of most-specific to least-specific.

摘要翻译： 策略过滤服务内置在执行环境的安全处理中，用于解决如何处理通信实体的数字安全证书，而不需要通过证书颁发机构（“CA”）链与实体关联的根证书的本地副本 。 可以使用指示证书筛选条件的一组规则（或其他策略格式）来指定策略。 在确定所需的根CA证书不可用时，优选地在握手期间调用该过滤。 在一种方法中，策略使用规则来规定允许证书的条件（即被视为已被验证）以及指定证书被阻止的条件的其他规则（即被视为无效）。 优选地，按照大多数特定到最小特定的顺序来评估和执行策略规则。

公开(公告)号：US20080259790A1

公开(公告)日：2008-10-23

申请号：US11738499

申请日：2007-04-22

申请人： Dinakaran Joseph ,  Jon K. Franks ,  Christopher N. Freeman ,  Sivaram Gottimukkala ,  Jason P. Hawrysz ,  Lap T. Huynh ,  Barry Mosakowski

发明人： Dinakaran Joseph ,  Jon K. Franks ,  Christopher N. Freeman ,  Sivaram Gottimukkala ,  Jason P. Hawrysz ,  Lap T. Huynh ,  Barry Mosakowski

IPC分类号： H04J1/16

CPC分类号： H04L41/022

摘要： Embodiments of the present invention address deficiencies of the art in respect to connectivity management in a heterogeneous network and provide a method, system and computer program product for resilient and reliable end-to-end connectivity in a heterogeneous network. In one embodiment of the invention, a method for resilient and reliable end-to-end connectivity in a heterogeneous network environment can be provided. The method can include creating an instance of an abstracted network resource model (NRM) for a heterogeneous network environment of different network resource nodes. The method further can include binding an application endpoint in the instance of the abstracted NRM with a connectivity endpoint for a first of the different network resource nodes. The method yet further can include detecting an outage in the first of the different network resource nodes. Finally, the method can include re-binding the application endpoint to a second of the different network resource nodes in response to detecting the outage.

摘要翻译： 本发明的实施例解决了异构网络中的连接性管理方面的技术缺陷，并提供了用于异构网络中的弹性和可靠的端到端连接的方法，系统和计算机程序产品。 在本发明的一个实施例中，可以提供一种用于异构网络环境中的弹性且可靠的端到端连接的方法。 该方法可以包括为不同网络资源节点的异构网络环境创建抽象网络资源模型（NRM）的实例。 该方法还可以包括将抽象NRM的实例中的应用端点与第一个不同网络资源节点的连接性端点绑定。 该方法还可以包括检测第一不同网络资源节点中的中断。 最后，该方法可以包括响应于检测到中断而将应用端点重新绑定到不同网络资源节点中的第二个。

公开(公告)号：US08458768B2

公开(公告)日：2013-06-04

申请号：US13111907

申请日：2011-05-19

申请人： Roy F. Brabson ,  Barry Mosakowski ,  Linwood H. Overby, Jr.

发明人： Roy F. Brabson ,  Barry Mosakowski ,  Linwood H. Overby, Jr.

IPC分类号： H04L29/06

CPC分类号： H04L63/0823 ,  G06F21/33 ,  H04L9/3265 ,  H04L63/0227 ,  H04L63/12 ,  H04L63/166 ,  H04L2209/80

摘要： Policy filtering services are built into security processing of an execution environment for resolving how to handle a digital security certificate of a communicating entity without requiring a local copy of a root certificate that is associated with the entity through a certificate authority (“CA”) chain. Policy may be specified using a set of rules (or other policy format) indicating conditions for certificate filtering. This filtering is preferably invoked during handshaking, upon determining that a needed root CA certificate is not available. In one approach, the policy uses rules specifying conditions under which a certificate is permitted (i.e., treated as if it is validated) and other rules specifying conditions under which a certificate is blocked (i.e., treated as if it is invalid). Preferably, policy rules are evaluated and enforced in order of most-specific to least-specific.

摘要翻译： 策略过滤服务内置在执行环境的安全处理中，用于解决如何处理通信实体的数字安全证书，而不需要通过证书颁发机构（“CA”）链与实体相关联的根证书的本地副本 。 可以使用指示证书筛选条件的一组规则（或其他策略格式）来指定策略。 在确定所需的根CA证书不可用时，优选地在握手期间调用该过滤。 在一种方法中，策略使用规则来规定允许证书的条件（即被视为已被验证）以及指定证书被阻止的条件的其他规则（即被视为无效）。 优选地，按照大多数特定到最小特定的顺序来评估和执行策略规则。

公开(公告)号：US20110219442A1

公开(公告)日：2011-09-08

申请号：US13111907

申请日：2011-05-19

申请人： Roy F. Brabson ,  Barry Mosakowski ,  Linwood H. Overby, JR.

发明人： Roy F. Brabson ,  Barry Mosakowski ,  Linwood H. Overby, JR.

IPC分类号： H04L9/32 ,  G06F21/00

CPC分类号： H04L63/0823 ,  G06F21/33 ,  H04L9/3265 ,  H04L63/0227 ,  H04L63/12 ,  H04L63/166 ,  H04L2209/80

摘要： Policy filtering services are built into security processing of an execution environment for resolving how to handle a digital security certificate of a communicating entity without requiring a local copy of a root certificate that is associated with the entity through a certificate authority (“CA”) chain. Policy may be specified using a set of rules (or other policy format) indicating conditions for certificate filtering. This filtering is preferably invoked during handshaking, upon determining that a needed root CA certificate is not available. In one approach, the policy uses rules specifying conditions under which a certificate is permitted (i.e., treated as if it is validated) and other rules specifying conditions under which a certificate is blocked (i.e., treated as if it is invalid). Preferably, policy rules are evaluated and enforced in order of most-specific to least-specific.

摘要翻译： 策略过滤服务内置在执行环境的安全处理中，用于解决如何处理通信实体的数字安全证书，而不需要通过证书颁发机构（“CA”）链与实体关联的根证书的本地副本 。 可以使用指示证书筛选条件的一组规则（或其他策略格式）来指定策略。 在确定所需的根CA证书不可用时，优选地在握手期间调用该过滤。 在一种方法中，策略使用规则来规定允许证书的条件（即被视为已被验证）以及指定证书被阻止的条件的其他规则（即被视为无效）。 优选地，按照大多数特定到最小特定的顺序来评估和执行策略规则。

公开(公告)号：US07821921B2

公开(公告)日：2010-10-26

申请号：US11738499

申请日：2007-04-22

申请人： Dinakaran Joseph ,  Jon K. Franks ,  Christopher N. Freeman ,  Sivaram Gottimukkala ,  Jason P. Hawrysz ,  Lap T Huynh ,  Barry Mosakowski

发明人： Dinakaran Joseph ,  Jon K. Franks ,  Christopher N. Freeman ,  Sivaram Gottimukkala ,  Jason P. Hawrysz ,  Lap T Huynh ,  Barry Mosakowski

IPC分类号： H04J1/16 ,  G06F11/00 ,  G06F15/173

CPC分类号： H04L41/022

摘要： Embodiments of the present invention address deficiencies of the art in respect to connectivity management in a heterogeneous network and provide a method, system and computer program product for resilient and reliable end-to-end connectivity in a heterogeneous network. In one embodiment of the invention, a method for resilient and reliable end-to-end connectivity in a heterogeneous network environment can be provided. The method can include creating an instance of an abstracted network resource model (NRM) for a heterogeneous network environment of different network resource nodes. The method further can include binding an application endpoint in the instance of the abstracted NRM with a connectivity endpoint for a first of the different network resource nodes. The method yet further can include detecting an outage in the first of the different network resource nodes. Finally, the method can include re-binding the application endpoint to a second of the different network resource nodes in response to detecting the outage.

摘要翻译： 本发明的实施例解决了异构网络中的连接性管理方面的技术缺陷，并且提供了一种用于异构网络中的弹性且可靠的端到端连接的方法，系统和计算机程序产品。 在本发明的一个实施例中，可以提供一种用于异构网络环境中的弹性且可靠的端到端连接的方法。 该方法可以包括为不同网络资源节点的异构网络环境创建抽象网络资源模型（NRM）的实例。 该方法还可以包括将抽象NRM的实例中的应用端点与第一个不同网络资源节点的连接性端点绑定。 该方法还可以包括检测第一不同网络资源节点中的中断。 最后，该方法可以包括响应于检测到中断而将应用端点重新绑定到不同网络资源节点中的第二个。

公开(公告)号：US20070245401A1

公开(公告)日：2007-10-18

申请号：US11405069

申请日：2006-04-17

申请人： Roy Brabson ,  Barry Mosakowski ,  Linwood Overby

发明人： Roy Brabson ,  Barry Mosakowski ,  Linwood Overby

IPC分类号： H04L9/00

CPC分类号： H04L63/0823 ,  G06F21/33 ,  H04L9/3265 ,  H04L63/0227 ,  H04L63/12 ,  H04L63/166 ,  H04L2209/80

摘要： Policy filtering services are built into security processing of an execution environment for resolving how to handle a digital security certificate of a communicating entity without requiring a local copy of a root certificate that is associated with the entity through a certificate authority (“CA”) chain. Policy may be specified using a set of rules (or other policy format) indicating conditions for certificate filtering. This filtering is preferably invoked during handshaking, upon determining that a needed root CA certificate is not available. In one approach, the policy uses rules specifying conditions under which a certificate is permitted (i.e., treated as if it is validated) and other rules specifying conditions under which a certificate is blocked (i.e., treated as if it is invalid). Preferably, policy rules are evaluated and enforced in order of most-specific to least-specific.

摘要翻译： 策略过滤服务内置在执行环境的安全处理中，用于解决如何处理通信实体的数字安全证书，而不需要通过证书颁发机构（“CA”）链与实体关联的根证书的本地副本 。 可以使用指示证书筛选条件的一组规则（或其他策略格式）来指定策略。 在确定所需的根CA证书不可用时，优选地在握手期间调用该过滤。 在一种方法中，策略使用规则来规定允许证书的条件（即被视为已被验证）以及指定证书被阻止的条件的其他规则（即被视为无效）。 优选地，按照大多数特定到最小特定的顺序来评估和执行策略规则。

公开(公告)号：US10523491B2

公开(公告)日：2019-12-31

申请号：US12911707

申请日：2010-10-25

申请人： Dinakaran Joseph ,  Jon K. Franks ,  Christopher N. Freeman ,  Sivaram Gottimukkala ,  Jason P. Hawrysz ,  Lap T. Huynh ,  Barry Mosakowski

发明人： Dinakaran Joseph ,  Jon K. Franks ,  Christopher N. Freeman ,  Sivaram Gottimukkala ,  Jason P. Hawrysz ,  Lap T. Huynh ,  Barry Mosakowski

IPC分类号： H04L12/24 ,  H04L12/703

摘要： Embodiments of the present invention address deficiencies of the art in respect to connectivity management in a heterogeneous network and provide a method, system and computer program product for resilient and reliable end-to-end connectivity in a heterogeneous network. In one embodiment of the invention, a method for resilient and reliable end-to-end connectivity in a heterogeneous network environment can be provided. The method can include creating an instance of an abstracted network resource model (NRM) for a heterogeneous network environment of different network resource nodes. The method further can include binding an application endpoint in the instance of the abstracted NRM with a connectivity endpoint for a first of the different network resource nodes. The method yet further can include detecting an outage in the first of the different network resource nodes. Finally, the method can include re-binding the application endpoint to a second of the different network resource nodes in response to detecting the outage.

公开(公告)号：US09742621B2

公开(公告)日：2017-08-22

申请号：US13406653

申请日：2012-02-28

申请人： Dinakaran Joseph ,  Jon K. Franks ,  Christopher N. Freeman ,  Sivaram Gottimukkala ,  Jason P. Hawrysz ,  Lap T. Huynh ,  Barry Mosakowski

发明人： Dinakaran Joseph ,  Jon K. Franks ,  Christopher N. Freeman ,  Sivaram Gottimukkala ,  Jason P. Hawrysz ,  Lap T. Huynh ,  Barry Mosakowski

IPC分类号： H04L12/26 ,  H04L12/24

CPC分类号： H04L41/022

摘要： Embodiments of the present invention address deficiencies of the art in respect to connectivity management in a heterogeneous network and provide a method, system and computer program product for resilient and reliable end-to-end connectivity in a heterogeneous network. In one embodiment of the invention, a method for resilient and reliable end-to-end connectivity in a heterogeneous network environment can be provided. The method can include creating an instance of an abstracted network resource model (NRM) for a heterogeneous network environment of different network resource nodes. The method further can include binding an application endpoint in the instance of the abstracted NRM with a connectivity endpoint for a first of the different network resource nodes. Finally, the method can include re-binding the application endpoint to a second of the different network resource nodes in response to detecting the outage.

公开(公告)号：US20120213059A1

公开(公告)日：2012-08-23

申请号：US13406653

申请日：2012-02-28

申请人： Dinakaran Joseph ,  Jon K. Franks ,  Christopher N. Freeman ,  Sivaram Gottimukkala ,  Jason P. Hawrysz ,  Lap T. Huynh ,  Barry Mosakowski

发明人： Dinakaran Joseph ,  Jon K. Franks ,  Christopher N. Freeman ,  Sivaram Gottimukkala ,  Jason P. Hawrysz ,  Lap T. Huynh ,  Barry Mosakowski

IPC分类号： G06F11/00

CPC分类号： H04L41/022

摘要： Embodiments of the present invention address deficiencies of the art in respect to connectivity management in a heterogeneous network and provide a method, system and computer program product for resilient and reliable end-to-end connectivity in a heterogeneous network. In one embodiment of the invention, a method for resilient and reliable end-to-end connectivity in a heterogeneous network environment can be provided. The method can include creating an instance of an abstracted network resource model (NRM) for a heterogeneous network environment of different network resource nodes. The method further can include binding an application endpoint in the instance of the abstracted NRM with a connectivity endpoint for a first of the different network resource nodes. Finally, the method can include re-binding the application endpoint to a second of the different network resource nodes in response to detecting the outage.

摘要翻译： 本发明的实施例解决了异构网络中的连接性管理方面的技术缺陷，并提供了用于异构网络中的弹性和可靠的端到端连接的方法，系统和计算机程序产品。 在本发明的一个实施例中，可以提供一种用于异构网络环境中的弹性且可靠的端到端连接的方法。 该方法可以包括为不同网络资源节点的异构网络环境创建抽象网络资源模型（NRM）的实例。 该方法还可以包括将抽象NRM的实例中的应用端点与第一个不同网络资源节点的连接性端点绑定。 最后，该方法可以包括响应于检测到中断而将应用端点重新绑定到不同网络资源节点中的第二个。

公开(公告)号：US20110038256A1

公开(公告)日：2011-02-17

申请号：US12911707

申请日：2010-10-25

申请人： Dinakaran Joseph ,  Jon K. Franks ,  Christopher N. Freeman ,  Sivaram Gottimukkala ,  Jason P. Hawrysz ,  Lap T. Huynh ,  Barry Mosakowski

发明人： Dinakaran Joseph ,  Jon K. Franks ,  Christopher N. Freeman ,  Sivaram Gottimukkala ,  Jason P. Hawrysz ,  Lap T. Huynh ,  Barry Mosakowski

IPC分类号： G06F11/00

摘要： Embodiments of the present invention address deficiencies of the art in respect to connectivity management in a heterogeneous network and provide a method, system and computer program product for resilient and reliable end-to-end connectivity in a heterogeneous network. In one embodiment of the invention, a method for resilient and reliable end-to-end connectivity in a heterogeneous network environment can be provided. The method can include creating an instance of an abstracted network resource model (NRM) for a heterogeneous network environment of different network resource nodes. The method further can include binding an application endpoint in the instance of the abstracted NRM with a connectivity endpoint for a first of the different network resource nodes. The method yet further can include detecting an outage in the first of the different network resource nodes. Finally, the method can include re-binding the application endpoint to a second of the different network resource nodes in response to detecting the outage.

摘要翻译： 本发明的实施例解决了异构网络中的连接性管理方面的技术缺陷，并提供了用于异构网络中的弹性和可靠的端到端连接的方法，系统和计算机程序产品。 在本发明的一个实施例中，可以提供一种用于异构网络环境中的弹性且可靠的端到端连接的方法。 该方法可以包括为不同网络资源节点的异构网络环境创建抽象网络资源模型（NRM）的实例。 该方法还可以包括将抽象NRM的实例中的应用端点与第一个不同网络资源节点的连接性端点绑定。 该方法还可以包括检测第一不同网络资源节点中的中断。 最后，该方法可以包括响应于检测到中断而将应用端点重新绑定到不同网络资源节点中的第二个。