-
公开(公告)号:US20230283608A1
公开(公告)日:2023-09-07
申请号:US18197895
申请日:2023-05-16
发明人: Hendrikus GP Bosch , Jeffrey Michael Napper , Alessandro Duminuco , Sape Jurrien Mullender , Julien Barbot , Vinny Parla
IPC分类号: H04L9/40 , H04L61/4511
CPC分类号: H04L63/10 , H04L61/4511 , H04L63/0876 , H04L63/20 , H04L63/0272
摘要: This disclosure describes techniques including, by a domain name service (DNS), receiving a name resolution request from a client computing device and, by the DNS, providing a nonce to the client computing device, wherein a service is configured to authorize a connection request from the client computing device based at least in part on processing the nonce. This disclosure further describes techniques include a method of validating a connection request from a client computing device, including receiving the connection request, the connection request including a nonce. The techniques further include determining that the nonce is a valid nonce. The techniques further include, based at least in part on determining that the nonce is a valid nonce, authorizing the connection request and disabling the nonce.
-
公开(公告)号:US20220217132A1
公开(公告)日:2022-07-07
申请号:US17141007
申请日:2021-01-04
发明人: Ahmed Bakry Helmy Ahmed , Sape Jurrien Mullender , Hendrikus G. P. Bosch , Alessandro Duminuco , Jeffrey Michael Napper
IPC分类号: H04L29/06
摘要: Operations include transmitting, on behalf of a first application, a first request to a first service provider, the first request requesting first services from the first service provider, intercepting, at a local agent, a first redirect message from the first service provider to an identity provider, receiving an identity provider cookie from the identity provider based on a validation of credentials during the authentication process, storing a copy of the identity provider cookie, transmitting, on behalf of a second application, a second request to a second service provider, the second request requesting second services from the second service provider, intercepting a second redirect message from the second service provider to the identity provider, adding the identity provider cookie to the second redirect message, and receiving validation to access the second service provider from the identity provider based on the identity provider cookie stored by the local agent.
-
公开(公告)号:US09992103B2
公开(公告)日:2018-06-05
申请号:US14162954
申请日:2014-01-24
发明人: Hendrikus G. P. Bosch , Peter Weinberger , Praveen Bhagwatula , Michael E. Lipman , Alessandro Duminuco , Louis Gwyn Samuel
IPC分类号: H04L12/721 , H04W24/02
摘要: Presented herein are techniques to reduce the number of redirected subscriber packet flows while performing sticky hierarchical load balancing. An Nth head end network element may be activated such that a plurality of N head end network elements are active and capable of receiving and processing one or more packet flows. A primary load balancer may then be directed to overwrite a portion of pointers of a hash table in an evenly distributed manner with pointers to the Nth head end network element such that packet flows are forwarded to the Nth head end network element, wherein the hash table retains a static number of entries as the number of head end network elements is modified.
-
公开(公告)号:US20170359265A1
公开(公告)日:2017-12-14
申请号:US15181159
申请日:2016-06-13
发明人: Hendrikus G. P. Bosch , Jeffrey Napper , Alessandro Duminuco , Humberto J. La Roche , Surendra M. Kumar , Aeneas Sean Dodd-Noble , Anil Kumar Chandrupatla
IPC分类号: H04L12/851 , H04L12/713 , H04L12/803 , H04L29/08 , H04L12/801
CPC分类号: H04L47/2441 , H04L45/586 , H04L47/125 , H04L47/14 , H04L67/1076 , H04L67/2842
摘要: A method is provided in one example embodiment and includes receiving at a network element a packet associated with a flow and determining whether a flow cache of the network element includes an entry for the flow indicating a classification for the flow. The method further includes, if the network element flow cache does not include an entry for the flow, punting the packet over a default path to a classifying service function, in which the classifying service function classifies the flow and determines a control plane service function for handling the flow, and receiving from the classifying service function a service path identifier (“SPI”) of a service path leading to the determined control plane service function. The flow is subsequently offloaded from the classifying service function to the network element.
-
公开(公告)号:US20170208000A1
公开(公告)日:2017-07-20
申请号:US14997212
申请日:2016-01-15
发明人: Hendrikus Bosch , Sape Jurriën Mullender , Jeffrey Napper , Surendra M. Kumar , Alessandro Duminuco
IPC分类号: H04L12/721 , H04L12/741
CPC分类号: H04L45/38 , H04L45/745
摘要: Particular embodiments described herein provide for a communication system that can be configured for receiving, at a network element, a flow offload decision for a first service node. The flow offload decision can include a portion of a service chain for processing a flow and updating next hop flow based routing information for the flow. A next hop in the flow can insert flow specific route information in its routing tables to bypass a packet forwarder serving the service that offloaded the flow in the reverse direction.
-
公开(公告)号:US09509614B2
公开(公告)日:2016-11-29
申请号:US13923257
申请日:2013-06-20
发明人: Hendrikus G. P. Bosch , David Richard Barach , Michael E. Lipman , Alessandro Duminuco , James N. Guichard , Humberto J. La Roche
IPC分类号: H04L12/803
CPC分类号: H04L47/125
摘要: An example method for load balancing in a network environment is provided and includes receiving a packet from a first stage load-balancer in a network environment, where the packet is forwarded from the first stage load-balancer to one of a plurality of second stage load-balancers in the network according to a hash based forwarding scheme, and routing the packet from the second stage load-balancer to one of a plurality of servers in the network according to a per-session routing scheme. The per-session routing scheme includes retrieving a session routing state from a distributed hash table in the network. In a specific embodiment, the hash based forwarding scheme includes equal cost multi path routing. The session routing state can include an association between a next hop for the packet and the packet's 5-tuple representing a session to which the packet belongs.
摘要翻译: 提供了一种用于在网络环境中进行负载平衡的示例性方法,并且包括在网络环境中从第一级负载平衡器接收分组,其中分组从第一级负载平衡器转发到多个第二级负载 根据基于散列的转发方案的网络中的平衡器,并且根据每会话路由方案将分组从第二阶段负载平衡器路由到网络中的多个服务器之一。 每会话路由方案包括从网络中的分布式哈希表检索会话路由状态。 在具体实施例中,基于散列的转发方案包括相同成本的多路径路由。 会话路由状态可以包括分组的下一跳与分组所属的会话的分组的5元组之间的关联。
-
公开(公告)号:US09413655B2
公开(公告)日:2016-08-09
申请号:US14304043
申请日:2014-06-13
发明人: Kevin D. Shatzkamer , James N. Guichard , Hendrikus G. P. Bosch , Alessandro Duminuco , Humberto J. La Roche , Jeffrey Napper
IPC分类号: H04L12/741 , H04L12/721 , H04L12/851 , H04L12/725
CPC分类号: H04L45/74 , H04L45/306 , H04L45/38 , H04L47/2441 , H04L47/2483
摘要: A method provided in one embodiment includes receiving a first data packet of a data flow at a first classifier in which the first data packet includes a first identifier. The method further includes determining a second classifier associated with the first identifier in which the second classifier is further associated with at least one service chain of a service chain environment. The method still further includes forwarding the first data packet to the second classifier. The second classifier is configured to receive the first data packet, determine a particular service chain of the at least one service chain to which the first data packet is to be forwarded, and forward the first data packet to the particular service chain.
摘要翻译: 在一个实施例中提供的方法包括在第一分类器处接收数据流的第一数据分组,其中第一数据分组包括第一标识符。 该方法还包括确定与第一标识符相关联的第二分类器,其中第二分类器进一步与服务链环境的至少一个服务链相关联。 该方法还包括将第一数据分组转发到第二分类器。 第二分类器被配置为接收第一数据分组,确定要转发第一数据分组的至少一个服务链的特定服务链,并将第一数据分组转发到特定服务链。
-
公开(公告)号:US20150172170A1
公开(公告)日:2015-06-18
申请号:US14108994
申请日:2013-12-17
发明人: Hendrikus G.P. Bosch , James N. Guichard , David D. Ward , Alessandro Duminuco , Rex E. Fernando , Paul Quinn
IPC分类号: H04L12/733
CPC分类号: H04L45/20 , H04L45/04 , H04L45/24 , H04L45/28 , H04L45/586
摘要: An example method is provided in one example embodiment and includes receiving a packet of a session from a previous hop router at a service zone of a service chain; recording the previous hop router for the session; determining an appliance to service the packet in the service zone using load balancing; recording an appliance identity for servicing the session in the service zone; determining a next hop router in the service chain for the packet using load balancing; and recording the next hop router for the session.
摘要翻译: 在一个示例实施例中提供了示例性方法,并且包括从服务链的服务区的前一跳路由器接收会话的分组; 记录会话的上一跳路由器; 确定使用负载平衡来服务所述服务区中的分组的设备; 记录在服务区域中为会话服务的设备身份; 使用负载平衡确定所述分组的服务链中的下一跳路由器; 并为会话记录下一跳路由器。
-
9.发明公开公开(公告)号:US20240265112A1
公开(公告)日:2024-08-08
申请号:US18330214
申请日:2023-06-06
发明人: Jeffrey M. Napper , Hendrikus G. P. Bosch , Jean Diaconu , Marcelo Yannuzzi , Alessandro Duminuco , Guillaume Sauvage De Saint Marc , Marc Scibelli
CPC分类号: G06F21/577 , G06F9/451 , G06F2221/033
摘要: A system and a method to map attack paths in a visualization interface may include storing in a memory asset inventory indicating application assets, attack vector parameters configured to indicate vulnerabilities of one or more of the application assets, and asset mapping information. A processor may determine multiple vulnerable assets in the application assets based at least in part upon the attack vector parameters. Further, the processor may obtain security parameters from a security framework indicating one or more attack techniques, associate each of the vulnerable assets to one or more of the security parameters, and generate a visual interface showing the vulnerable assets and the security parameters. The processor may determine an attack path connecting the vulnerable assets based at least in part upon the asset mapping information, and map the attack path to the application layers and the security parameters in the visual interface.
-
10.发明公开公开(公告)号:US20240146770A1
公开(公告)日:2024-05-02
申请号:US18395471
申请日:2023-12-22
发明人: Hendrikus G.P. Bosch , Sape Jurrien Mullender , Jeffrey Michael Napper , Alessandro Duminuco , Shivani Raghav
CPC分类号: H04L63/20 , G06F9/547 , G06F21/575 , H04L63/0272 , H04L63/0853 , H04L63/1425 , H04L63/1433
摘要: Dynamically tailored trust for secure application-server networking and advanced enterprise security is provided. A system can individually assess the security posture of each application connecting to the Internet from each client device in an enterprise. For each application, the system tailors a security mode of the Internet connection based on the security posture of the application. Assessment of the security posture of an application is a comprehensive inventory of the security of the application, the security of the device hosting the application, the rights and security of the user, security attributes of the intended service or website being accessed, the security of the communication channel, and so forth. A network-based controller communicates with an agent running within a secure boot mode of each client device to select a security mode for application-service connection, including lean-trust direct access to the Internet, secure VPN-like access, or no access to the Internet.
-
-
-
-
-
-
-
-
-
搜索结果
82 条记录 (耗时 0.027 秒)
