公开(公告)号：US20120284771A1

公开(公告)日：2012-11-08

申请号：US13554822

申请日：2012-07-20

Applicant: Andrew T. Baron ,  Aaron W. Cunningham ,  David Jones ,  Arun K. Buduri ,  Deon C. Brewis ,  Bill Begorre

Inventor： Andrew T. Baron ,  Aaron W. Cunningham ,  David Jones ,  Arun K. Buduri ,  Deon C. Brewis ,  Bill Begorre

IPC: G06F15/173 ,  G06F21/00

CPC classification number: H04L12/2867 ,  H04W48/17

Abstract: Methods and systems which identify and interact with network interfaces based on the network to which they provide access. A computing device operating in accordance with one or more of the principles described herein may examine available network interfaces and identify the network to which the network interfaces provide access, and perform networking tasks on interfaces based on the network identified. For example, a user may instruct a computing device to connect to a specified network, and the computing device will select a particular network interface by which to connect from the one or more available network interfaces that are able to connect to that network. Alternatively, a user may manage policies (e.g., security, connection, and application policies) based on the network to which a network interface provides access and thereby manage a network regardless of which of multiple network interfaces is used to access the network.

Abstract translation: 基于他们提供访问的网络识别和与网络接口交互的方法和系统。 根据本文描述的一个或多个原理操作的计算设备可以检查可用的网络接口并识别网络接口提供接入的网络，并且基于所识别的网络在接口上执行联网任务。 例如，用户可以指示计算设备连接到指定的网络，并且计算设备将从能够连接到该网络的一个或多个可用网络接口中选择要从其连接的特定网络接口。 或者，用户可以基于网络接口提供访问的网络来管理策略（例如，安全性，连接和应用策略），从而管理网络，而不管使用多个网络接口中的哪一个来访问网络。

公开(公告)号：US08730801B2

公开(公告)日：2014-05-20

申请号：US13554822

申请日：2012-07-20

Applicant: Andrew T. Baron ,  Aaron W. Cunningham ,  David Jones ,  Arun K. Buduri ,  Deon C. Brewis ,  Bill Begorre

Inventor： Andrew T. Baron ,  Aaron W. Cunningham ,  David Jones ,  Arun K. Buduri ,  Deon C. Brewis ,  Bill Begorre

IPC: H04L12/46

CPC classification number: H04L12/2867 ,  H04W48/17

Abstract: Methods and systems which identify and interact with network interfaces based on the network to which they provide access. A computing device operating in accordance with one or more of the principles described herein may examine available network interfaces and identify the network to which the network interfaces provide access, and perform networking tasks on interfaces based on the network identified. For example, a user may instruct a computing device to connect to a specified network, and the computing device will select a particular network interface by which to connect from the one or more available network interfaces that are able to connect to that network. Alternatively, a user may manage policies (e.g., security, connection, and application policies) based on the network to which a network interface provides access and thereby manage a network regardless of which of multiple network interfaces is used to access the network.

Abstract translation: 基于他们提供访问的网络识别和与网络接口交互的方法和系统。 根据本文描述的一个或多个原理操作的计算设备可以检查可用的网络接口并识别网络接口提供接入的网络，并且基于所识别的网络在接口上执行联网任务。 例如，用户可以指示计算设备连接到指定的网络，并且计算设备将从能够连接到该网络的一个或多个可用网络接口中选择要从其连接的特定网络接口。 或者，用户可以基于网络接口提供访问的网络来管理策略（例如，安全性，连接和应用策略），从而管理网络，而不管使用多个网络接口中的哪一个来访问网络。

公开(公告)号：US08635680B2

公开(公告)日：2014-01-21

申请号：US11788210

申请日：2007-04-19

Applicant: Bill Begorre ,  Deon C. Brewis

Inventor： Bill Begorre ,  Deon C. Brewis

IPC: G06F15/173 ,  G06F15/177 ,  G06F7/00 ,  H04L9/00

CPC classification number: H04L63/0876 ,  H04L29/12594 ,  H04L61/30 ,  H04L63/126 ,  H04L63/1466

Abstract: A method is provided for network identification based on high entropy data on a network which are not easily guessed or obtained outside the network, which can prevent an attacker from “spoofing” the network. A component in a client computer connected to a network may obtain over the network a network data block including device identification information of a device controlling the network. Upon parsing the network data block, such high entropy data as unique device identifiers may be obtained from the device identification information. Depending on availability of the unique device identifiers and authentication history of the client computer, different combinations of the unique device identifiers and/or other identification information may be used to generate a unique network identifier such as a network signature. The component may provide the network signature to applications within the client computer.

Abstract translation: 提供了一种基于网络上的高熵数据的网络识别方法，该网络不容易在网络外部猜测或获取，从而可以防止攻击者“欺骗”网络。 连接到网络的客户端计算机中的组件可以通过网络获得包括控制网络的设备的设备标识信息的网络数据块。 在解析网络数据块时，可以从设备标识信息获得诸如唯一设备标识符的高熵数据。 根据客户端计算机的唯一设备标识符和认证历史的可用性，可以使用唯一设备标识符和/或其他标识信息的不同组合来生成诸如网络签名的唯一网络标识符。 组件可以向客户端计算机内的应用程序提供网络签名。

公开(公告)号：US20090064299A1

公开(公告)日：2009-03-05

申请号：US12070500

申请日：2008-02-19

Applicant: Bill Begorre ,  Deon C. Brewis ,  Alok Sinha

Inventor： Bill Begorre ,  Deon C. Brewis ,  Alok Sinha

IPC: H04L9/32 ,  G06F21/00

CPC classification number: H04W12/06 ,  G06F2221/2101 ,  G06F2221/2129 ,  H04L63/1466 ,  H04W12/12

Abstract: Some embodiments of the invention are directed to increasing security and lowering risk of attack in connecting automatically to networks by enabling client devices to verify the identity of the networks by, for example, confirming the identity of networks and network components such as wireless access points. In some embodiments, a client device may maintain a data store of characteristics of a network—including, for example, characteristics of a wireless access point or other portion of the network and/or characteristics of a connection previously established with the wireless access point and/or network. Stored characteristics may include characteristics other than those minimally necessary to identify a wireless access point and/or wireless network. The stored characteristics may be compared to known good characteristics of a network (including characteristics of a wireless access point or other portion of the wireless network) prior to connection to the network to determine whether the characteristics match.

Abstract translation: 本发明的一些实施例旨在通过使客户端设备通过例如确认诸如无线接入点的网络和网络组件的身份来验证网络的身份来增加安全性并降低自动连接到网络的攻击风险。 在一些实施例中，客户端设备可以维护网络特性的数据存储，包括例如无线接入点或网络的其他部分的特性和/或先前与无线接入点建立的连接的特性，以及 /或网络。 存储的特征可以包括除了识别无线接入点和/或无线网络所需的那些以外的特性。 存储的特性可以在连接到网络之前与网络的已知良好特性（包括无线接入点的特征或无线网络的其他部分）进行比较，以确定特性是否匹配。

公开(公告)号：US20080263189A1

公开(公告)日：2008-10-23

申请号：US11788210

申请日：2007-04-19

Applicant: Bill Begorre ,  Deon C. Brewis

Inventor： Bill Begorre ,  Deon C. Brewis

IPC: G06F15/173

CPC classification number: H04L63/0876 ,  H04L29/12594 ,  H04L61/30 ,  H04L63/126 ,  H04L63/1466

Abstract: A method is provided for network identification based on high entropy data on a network which are not easily guessed or obtained outside the network, which can prevent an attacker from “spoofing” the network. A component in a client computer connected to a network may obtain over the network a network data block including device identification information of a device controlling the network. Upon parsing the network data block, such high entropy data as unique device identifiers may be obtained from the device identification information. Depending on availability of the unique device identifiers and authentication history of the client computer, different combinations of the unique device identifiers and/or other identification information may be used to generate a unique network identifier such as a network signature. The component may provide the network signature to applications within the client computer.

Abstract translation: 提供了一种基于网络上的高熵数据的网络识别方法，该网络不容易在网络外部猜测或获取，从而可以防止攻击者“欺骗”网络。 连接到网络的客户端计算机中的组件可以通过网络获得包括控制网络的设备的设备标识信息的网络数据块。 在解析网络数据块时，可以从设备标识信息获得诸如唯一设备标识符的高熵数据。 根据客户端计算机的唯一设备标识符和认证历史的可用性，可以使用唯一设备标识符和/或其他标识信息的不同组合来生成诸如网络签名的唯一网络标识符。 组件可以向客户端计算机内的应用程序提供网络签名。

公开(公告)号：US08769639B2

公开(公告)日：2014-07-01

申请号：US12070500

申请日：2008-02-19

Applicant: Bill Begorre ,  Deon C. Brewis ,  Alok Sinha

Inventor： Bill Begorre ,  Deon C. Brewis ,  Alok Sinha

IPC: G06F15/16

CPC classification number: H04W12/06 ,  G06F2221/2101 ,  G06F2221/2129 ,  H04L63/1466 ,  H04W12/12

Abstract: Some embodiments of the invention are directed to increasing security and lowering risk of attack in connecting automatically to networks by enabling client devices to verify the identity of the networks by, for example, confirming the identity of networks and network components such as wireless access points. In some embodiments, a client device may maintain a data store of characteristics of a network—including, for example, characteristics of a wireless access point or other portion of the network and/or characteristics of a connection previously established with the wireless access point and/or network. Stored characteristics may include characteristics other than those minimally necessary to identify a wireless access point and/or wireless network. The stored characteristics may be compared to known good characteristics of a network (including characteristics of a wireless access point or other portion of the wireless network) prior to connection to the network to determine whether the characteristics match.

Abstract translation: 本发明的一些实施例旨在通过使客户端设备通过例如确认诸如无线接入点的网络和网络组件的身份来验证网络的身份来增加安全性并降低自动连接到网络的攻击风险。 在一些实施例中，客户端设备可以维护网络特性的数据存储，包括例如无线接入点或网络的其他部分的特性和/或先前与无线接入点建立的连接的特性，以及 /或网络。 存储的特征可以包括除了识别无线接入点和/或无线网络所需的那些以外的特性。 存储的特性可以在连接到网络之前与网络的已知良好特性（包括无线接入点的特征或无线网络的其他部分）进行比较，以确定特性是否匹配。

公开(公告)号：US20100107240A1

公开(公告)日：2010-04-29

申请号：US12357812

申请日：2009-01-22

Applicant: David Thaler ,  Rob M. Trace ,  Deon C. Brewis ,  Arun K. Buduri ,  Bill Begorre ,  Scott Roberts ,  Srinivas Raghu Gatta ,  Gerardo Diaz Cuellar

Inventor： David Thaler ,  Rob M. Trace ,  Deon C. Brewis ,  Arun K. Buduri ,  Bill Begorre ,  Scott Roberts ,  Srinivas Raghu Gatta ,  Gerardo Diaz Cuellar

IPC: G06F21/00

CPC classification number: H04L63/20 ,  H04L63/0236 ,  H04L63/0272 ,  H04L63/107

Abstract: A client computer that supports different behaviors when connected to a private network behind a network firewall than when outside the network firewall and connected indirectly through an access device. The client computer is configured to attempt communication with a device on the network. Based on the response, the client computer can determine that it is behind the network firewall, and therefore can operate with less restrictive security or settings for other parameters appropriate for when the client is directly connected to the network. Alternatively, the client computer may determine that it is indirectly connected to the network through the Internet or other outside network, and therefore, because it is outside the private network firewall, should operate with more restrictive security or settings of other parameters more appropriate for use in that network location. The described approach operates even if the remote client computer has a direct connection to the network that enables it to authenticate with a domain controller.

Abstract translation: 一种客户端计算机，当连接到网络防火墙后面的专用网络时，支持不同于网络防火墙之外的不同行为，并通过接入设备间接连接。 客户端计算机被配置为尝试与网络上的设备进行通信。 根据响应，客户端计算机可以确定它位于网络防火墙之后，因此可以以较少限制的安全性或其他参数进行操作，适用于客户端直接连接到网络时的其他参数。 或者，客户端计算机可以确定其通过因特网或其他外部网络间接连接到网络，并且因此由于其在专用网络防火墙之外，应该以更加限制性的安全性或更适合于使用的其他参数的设置来操作 在那个网络位置。 所描述的方法即使远程客户端计算机具有与网络的直接连接，使其能够与域控制器进行认证，也是如此。

公开(公告)号：US20090285190A1

公开(公告)日：2009-11-19

申请号：US12121961

申请日：2008-05-16

Applicant: Andrew T. Baron ,  Aaron W. Cunningham ,  David Jones ,  Arun K. Buduri ,  Deon C. Brewis ,  Bill Begorre

Inventor： Andrew T. Baron ,  Aaron W. Cunningham ,  David Jones ,  Arun K. Buduri ,  Deon C. Brewis ,  Bill Begorre

IPC: H04Q7/24

CPC classification number: H04L12/2867 ,  H04W48/17

Abstract: Methods and systems which identify and interact with network interfaces based on the network to which they provide access. A computing device operating in accordance with one or more of the principles described herein may examine available network interfaces and identify the network to which the network interfaces provide access, and perform networking tasks on interfaces based on the network identified. For example, a user may instruct a computing device to connect to a specified network, and the computing device will select a particular network interface by which to connect from the one or more available network interfaces that are able to connect to that network. Alternatively, a user may manage policies (e.g., security, connection, and application policies) based on the network to which a network interface provides access and thereby manage a network regardless of which of multiple network interfaces is used to access the network.

Abstract translation: 基于他们提供访问的网络识别和与网络接口交互的方法和系统。 根据本文描述的一个或多个原理操作的计算设备可以检查可用的网络接口并识别网络接口提供接入的网络，并且基于所识别的网络在接口上执行联网任务。 例如，用户可以指示计算设备连接到指定的网络，并且计算设备将从能够连接到该网络的一个或多个可用网络接口中选择要从其连接的特定网络接口。 或者，用户可以基于网络接口提供访问的网络来管理策略（例如，安全性，连接和应用策略），从而管理网络，而不管使用多个网络接口中的哪一个来访问网络。

公开(公告)号：US20070067734A1

公开(公告)日：2007-03-22

申请号：US11473761

申请日：2006-06-22

Applicant: Aaron Cunningham ,  David Jones ,  Marieke Watson ,  Patrice Miner ,  Bill Begorre ,  Gursharan Sidhu

Inventor： Aaron Cunningham ,  David Jones ,  Marieke Watson ,  Patrice Miner ,  Bill Begorre ,  Gursharan Sidhu

IPC: G06F17/00 ,  G06F3/00 ,  G06F9/00

CPC classification number: G06F3/04817

Abstract: Described is a technology by which network connectivity information may be communicated via a single notifications area (e.g., system tray) icon, including by representing different images of the icon to display different types/states of connectivity and different types of media connections. For example, the icon may indicate whether Internet connectivity is present, and whether the connection is wired or wireless. The icon may regularly transition between at least two images to communicate different variables, e.g., types of connectivity and/or different types of media connections. The icon may be interactive to provide a tooltip, flyout and/or context menu related to the network state, and the icon may change in response to the networking state change event, e.g., be updated when a different capability connection is detected, when a different interface is detected, and/or when a wireless network with a different signal quality is detected.

Abstract translation: 描述了可以通过单个通知区域（例如，系统托盘）图标来传送网络连接信息的技术，包括通过表示图标的不同图像来显示不同类型/连接状态和不同类型的媒体连接。 例如，图标可以指示是否存在互联网连接，以及连接是有线还是无线。 该图标可以在至少两个图像之间定期地转换以传达不同的变量，例如连接的类型和/或不同类型的媒体连接。 图标可以是交互式的，以提供与网络状态相关的工具提示，弹出和/或上下文菜单，并且图标可以响应于联网状态改变事件而改变，例如，当检测到不同的能力连接时被更新，当 检测不同的接口，和/或当检测到具有不同信号质量的无线网络时。

公开(公告)号：US08238238B2

公开(公告)日：2012-08-07

申请号：US12121961

申请日：2008-05-16

Applicant: Andrew T. Baron ,  Aaron W. Cunningham ,  David Jones ,  Arun K. Buduri ,  Deon C. Brewis ,  Bill Begorre

Inventor： Andrew T. Baron ,  Aaron W. Cunningham ,  David Jones ,  Arun K. Buduri ,  Deon C. Brewis ,  Bill Begorre

IPC: H04Q7/24

CPC classification number: H04L12/2867 ,  H04W48/17

Abstract: Methods and systems which identify and interact with network interfaces based on the network to which they provide access. A computing device operating in accordance with one or more of the principles described herein may examine available network interfaces and identify the network to which the network interfaces provide access, and perform networking tasks on interfaces based on the network identified. For example, a user may instruct a computing device to connect to a specified network, and the computing device will select a particular network interface by which to connect from the one or more available network interfaces that are able to connect to that network. Alternatively, a user may manage policies (e.g., security, connection, and application policies) based on the network to which a network interface provides access and thereby manage a network regardless of which of multiple network interfaces is used to access the network.

Abstract translation: 基于他们提供访问的网络识别和与网络接口交互的方法和系统。 根据本文描述的一个或多个原理操作的计算设备可以检查可用的网络接口并识别网络接口提供接入的网络，并且基于所识别的网络在接口上执行联网任务。 例如，用户可以指示计算设备连接到指定的网络，并且计算设备将从能够连接到该网络的一个或多个可用网络接口中选择要从其连接的特定网络接口。 或者，用户可以基于网络接口提供访问的网络来管理策略（例如，安全性，连接和应用策略），从而管理网络，而不管使用多个网络接口中的哪一个来访问网络。