公开(公告)号：US07898977B2

公开(公告)日：2011-03-01

申请号：US10377299

申请日：2003-02-28

Applicant: John J. Roese ,  Richard W. Graham ,  Roger P. Durand ,  John-Paul Gorsky

Inventor： John J. Roese ,  Richard W. Graham ,  Roger P. Durand ,  John-Paul Gorsky

IPC: H04L12/28

CPC classification number: H04L67/16 ,  G01S5/02 ,  H04L29/06 ,  H04L29/12018 ,  H04L41/0213 ,  H04L41/12 ,  H04L61/10 ,  H04L63/02 ,  H04L63/0492 ,  H04L63/08 ,  H04L63/10 ,  H04L63/104 ,  H04L63/107 ,  H04L63/126 ,  H04L67/04 ,  H04L67/18 ,  H04L67/327 ,  H04L69/329 ,  H04W4/02 ,  H04W4/04 ,  H04W4/20 ,  H04W4/50 ,  H04W8/26 ,  H04W64/00 ,  Y10S707/99932 ,  Y10S707/99939

Abstract: A method of determining a physical location of a device connected to a data network infrastructure including a plurality of connection points at different physical locations, the method including establishing a connection with the data network infrastructure via a cable-based transmission medium, wherein a communication signal passes via the cable-based transmission medium including at least one of the plurality of connection points. A connection point identifier is determined based, at least in part, upon the at least one of the plurality of connection points. A signal characteristic of the communication signal passing via the cable-based transmission medium between the device and the data network infrastructure through the at least one of the plurality of connection points is measured. A first physical location of the device is determined based on the determined connection point identifier, including accessing stored information associating the determined connection point identifier with location information. A second physical location of the device is determined based on the determined first physical location and the measured signal characteristic, including accessing stored information associating signal characteristics with location information.

Abstract translation: 一种确定连接到包括不同物理位置处的多个连接点的数据网络基础设施的设备的物理位置的方法，所述方法包括经由基于电缆的传输介质建立与数据网络基础设施的连接，其中通信信号 经由基于电缆的传输介质包括多个连接点中的至少一个。 至少部分地基于多个连接点中的至少一个来确定连接点识别符。 测量通过多个连接点中的至少一个通过基于电缆的传输介质在设备和数据网络基础设施之间通信的通信信号的信号特性。 基于所确定的连接点标识来确定设备的第一物理位置，包括访问与确定的连接点标识符与位置信息相关联的存储信息。 基于所确定的第一物理位置和所测量的信号特性来确定设备的第二物理位置，包括访问将信号特征与位置信息相关联的存储信息。

公开(公告)号：US20080138012A1

公开(公告)日：2008-06-12

申请号：US12033811

申请日：2008-02-19

Applicant: Richard W. Graham ,  John J. Roese

Inventor： Richard W. Graham ,  John J. Roese

IPC: G02B6/32

CPC classification number: G02B6/3895 ,  G02B6/3817 ,  G02B6/3827 ,  G02B6/3845 ,  G02B6/3894

Abstract: A connector assembly, configured to releasably couple a socket assembly, includes zero or more data conductors. An optical pathway is configured to: receive an optical signal from an optical light source positioned within the socket assembly; and provide at least a portion of the optical signal to an optical light target positioned within the socket assembly.

Abstract translation: 配置成可释放地联接插座组件的连接器组件包括零个或多个数据导体。 光路被配置为：从位于插座组件内的光学光源接收光信号; 并且将光信号的至少一部分提供给定位在插座组件内的光学目标。

公开(公告)号：US07706369B2

公开(公告)日：2010-04-27

申请号：US11938518

申请日：2007-11-12

Applicant: John J. Roese ,  Richard W. Graham ,  David Frattura ,  Anja A. Allen ,  Brendan J. Fee

Inventor： John J. Roese ,  Richard W. Graham ,  David Frattura ,  Anja A. Allen ,  Brendan J. Fee

IPC: H04L12/28

CPC classification number: H04L67/16 ,  G01S5/02 ,  H04L29/06 ,  H04L29/12018 ,  H04L41/0213 ,  H04L41/12 ,  H04L61/10 ,  H04L63/02 ,  H04L63/0492 ,  H04L63/08 ,  H04L63/10 ,  H04L63/104 ,  H04L63/107 ,  H04L63/126 ,  H04L67/04 ,  H04L67/18 ,  H04L67/327 ,  H04L69/329 ,  H04W4/02 ,  H04W4/04 ,  H04W4/20 ,  H04W4/50 ,  H04W8/26 ,  H04W64/00 ,  Y10S707/99932 ,  Y10S707/99939

Abstract: A method for location discovery in a data network includes receiving, at a first device, connection information from a neighboring network device and determining a physical location of the first device based on the connection information. The method can include receiving, at the first device, the physical location transmitted from the neighboring network device. The method can further include associating a level of trust with the physical location based on the neighboring network device. The first device be one of a variety of devices, such as a router, a switch, a network entry device, a firewall device, or a gateway.

Abstract translation: 一种用于数据网络中的位置发现的方法包括在第一设备处接收来自相邻网络设备的连接信息，并且基于所述连接信息确定所述第一设备的物理位置。 该方法可以包括在第一设备处接收从相邻网络设备发送的物理位置。 该方法还可以包括将信任级与基于相邻网络设备的物理位置相关联。 第一个设备是各种设备之一，如路由器，交换机，网络入口设备，防火墙设备或网关。

公开(公告)号：US07611292B2

公开(公告)日：2009-11-03

申请号：US12033811

申请日：2008-02-19

Applicant: Richard W. Graham ,  John J. Roese

Inventor： Richard W. Graham ,  John J. Roese

IPC: G02B6/36

CPC classification number: G02B6/3895 ,  G02B6/3817 ,  G02B6/3827 ,  G02B6/3845 ,  G02B6/3894

Abstract: A connector assembly, configured to releasably couple a socket assembly, includes zero or more data conductors. An optical pathway is configured to: receive an optical signal from an optical light source positioned within the socket assembly; and provide at least a portion of the optical signal to an optical light target positioned within the socket assembly.

Abstract translation: 配置成可释放地联接插座组件的连接器组件包括零个或多个数据导体。 光路被配置为：从位于插座组件内的光学光源接收光信号; 并且将光信号的至少一部分提供给定位在插座组件内的光学目标。

公开(公告)号：US07526541B2

公开(公告)日：2009-04-28

申请号：US10629331

申请日：2003-07-29

Applicant: John J. Roese ,  Richard W. Graham

Inventor： John J. Roese ,  Richard W. Graham

IPC: G06F15/173 ,  G06F17/00

CPC classification number: H04L41/0893 ,  H04L41/0213

Abstract: A system and method that provides dynamic network policy management. The system enables a network administrator to regulate usage of network services upon initiation of and throughout network sessions. The system employs a method of identifying selectable characteristics of attached functions to establish static and dynamic policies, which policies may be amended before, during and after any session throughout the network based on the monitored detection of any of a number of specified triggering events or activities. Particular policies associated with a particular identified attached function in prior sessions may be cached or saved and employed in subsequent sessions to provide network usage permissions more rapidly in such subsequent sessions. The cached or saved policy information may also be used to identify network usage, control, and security. The system and method of the present invention provides static and dynamic policy allocation for network usage provisioning.

Abstract translation: 提供动态网络策略管理的系统和方法。 该系统使网络管理员能够在网络会话开始和整个过程中调节网络服务的使用。 该系统采用一种识别附加功能的可选特征以建立静态和动态策略的方法，该策略可以在整个网络中的任何会话之前，之中和之后基于监视到的多个指定的触发事件或活动中的任一个的检测来修改 。 与先前会话中的特定标识的附加功能相关联的特定策略可以被缓存或保存并在随后的会话中被采用以在这样的后续会话中更快地提供网络使用许可。 缓存或保存的策略信息也可以用于标识网络使用，控制和安全性。 本发明的系统和方法提供用于网络使用配置的静态和动态策略分配。

公开(公告)号：US08347375B2

公开(公告)日：2013-01-01

申请号：US10956304

申请日：2004-10-01

Applicant: Richard W. Graham ,  John J. Roese

Inventor： Richard W. Graham ,  John J. Roese

IPC: G06F9/00 ,  G06F15/16 ,  G06F17/00

CPC classification number: H04L63/20 ,  G06F21/552 ,  H04L63/0218 ,  H04L63/0263 ,  H04L63/1416 ,  H04L63/145

Abstract: The intrusion detection function monitors for and reports detected intrusion signatures. The dynamic intrusion signatures function determines whether reported intrusion signatures exist in a library of signatures associated with a particular intrusion detection function. If the reported signature does not exist in the library, the library is updated. Detected intrusion signatures are reported to similarly enabled devices for library analysis and updating, if necessary. The related method includes the steps of monitoring for intrusion signatures or other triggering events, analyzing the events and updating IDS signature libraries as necessary.

Abstract translation: 入侵检测功能监控并报告检测到的入侵签名。 动态入侵签名功能确定报告的入侵签名是否存在于与特定入侵检测功能相关联的签名库中。 如果报告的签名在库中不存在，则库将被更新。 如果需要，检测到的入侵签名被报告给类似启用的设备进行库分析和更新。 相关方法包括监视入侵签名或其他触发事件，分析事件和根据需要更新IDS签名库的步骤。

公开(公告)号：US20090187968A1

公开(公告)日：2009-07-23

申请号：US12408289

申请日：2009-03-20

Applicant: John J. Roese ,  Richard W. Graham

Inventor： John J. Roese ,  Richard W. Graham

IPC: H04L29/06 ,  G06F15/173 ,  G06F17/00

CPC classification number: H04L41/0893 ,  H04L41/0213

Abstract: A system and method that provides dynamic network policy management. The system enables a network administrator to regulate usage of network services upon initiation of and throughout network sessions. The system employs a method of identifying selectable characteristics of attached functions to establish static and dynamic policies, which policies may be amended before, during and after any session throughout the network based on the monitored detection of any of a number of specified triggering events or activities. Particular policies associated with a particular identified attached function in prior sessions may be cached or saved and employed in subsequent sessions to provide network usage permissions more rapidly in such subsequent sessions. The cached or saved policy information may also be used to identify network usage, control, and security. The system and method of the present invention provides static and dynamic policy allocation for network usage provisioning.

Abstract translation: 提供动态网络策略管理的系统和方法。 该系统使网络管理员能够在网络会话开始和整个过程中调节网络服务的使用。 该系统采用一种识别附加功能的可选特征以建立静态和动态策略的方法，该策略可以在整个网络中的任何会话之前，之中和之后基于监视到的多个指定的触发事件或活动中的任一个的检测来修改 。 与先前会话中的特定标识的附加功能相关联的特定策略可以被缓存或保存并在随后的会话中被采用以在这样的后续会话中更快地提供网络使用许可。 缓存或保存的策略信息也可以用于标识网络使用，控制和安全性。 本发明的系统和方法提供用于网络使用配置的静态和动态策略分配。

公开(公告)号：US07092943B2

公开(公告)日：2006-08-15

申请号：US10377177

申请日：2003-02-28

Applicant: John J. Roese ,  Richard W. Graham ,  David Frattura ,  David Harrington

Inventor： John J. Roese ,  Richard W. Graham ,  David Frattura ,  David Harrington

IPC: G06F17/30

CPC classification number: H04L67/16 ,  G01S5/02 ,  H04L29/06 ,  H04L29/12018 ,  H04L41/0213 ,  H04L41/12 ,  H04L61/10 ,  H04L63/02 ,  H04L63/0492 ,  H04L63/08 ,  H04L63/10 ,  H04L63/104 ,  H04L63/107 ,  H04L63/126 ,  H04L67/04 ,  H04L67/18 ,  H04L67/327 ,  H04L69/329 ,  H04W4/02 ,  H04W4/04 ,  H04W4/20 ,  H04W4/50 ,  H04W8/26 ,  H04W64/00 ,  Y10S707/99932 ,  Y10S707/99939

Abstract: Data is provided with location-based access control information. Access to the data at a physical location is then limited according to the location-based access control information. A physical location of a device accessing the data can be determined, and the limiting of the access is then according to the determined physical location. The data can be provided in encrypted form, and limiting access to the data includes enabling decryption of the data according to the physical location.

公开(公告)号：US08972589B2

公开(公告)日：2015-03-03

申请号：US10377012

申请日：2003-02-28

Applicant: John J. Roese ,  Richard W. Graham ,  David Frattura ,  David Harrington

Inventor： John J. Roese ,  Richard W. Graham ,  David Frattura ,  David Harrington

IPC: G06F15/16 ,  G06F15/173 ,  G06F7/04 ,  H04W24/00 ,  H04L29/08 ,  G01S5/02 ,  H04L29/06 ,  H04L12/24 ,  H04W4/00 ,  H04W4/02 ,  H04W4/04 ,  H04W4/20 ,  H04L29/12 ,  H04W8/26 ,  H04W64/00

CPC classification number: H04L67/16 ,  G01S5/02 ,  H04L29/06 ,  H04L29/12018 ,  H04L41/0213 ,  H04L41/12 ,  H04L61/10 ,  H04L63/02 ,  H04L63/0492 ,  H04L63/08 ,  H04L63/10 ,  H04L63/104 ,  H04L63/107 ,  H04L63/126 ,  H04L67/04 ,  H04L67/18 ,  H04L67/327 ,  H04L69/329 ,  H04W4/02 ,  H04W4/04 ,  H04W4/20 ,  H04W4/50 ,  H04W8/26 ,  H04W64/00 ,  Y10S707/99932 ,  Y10S707/99939

Abstract: A request for network access is received from a client device at a network entry device of a network infrastructure. The network infrastructure determines a physical location of the client device and determines authorization of the client device based on the physical location. The approach can include providing the physical location along with other user credentials to an authorizing device. The method can also include determining a level of service based on the physical location. Communication for the approach can make use of the IEEE 802.1X protocol.

Abstract translation: 在网络基础设施的网络入口设备处从客户端设备接收到对网络访问的请求。 网络基础设施确定客户端设备的物理位置，并根据物理位置确定客户端设备的授权。 该方法可以包括将物理位置与其他用户凭证一起提供给授权设备。 该方法还可以包括基于物理位置来确定服务等级。 该方法的通信可以利用IEEE 802.1X协议。

公开(公告)号：US07606938B2

公开(公告)日：2009-10-20

申请号：US10377181

申请日：2003-02-28

Applicant: John J. Roese ,  Richard W. Graham ,  David Frattura ,  David Harrington

Inventor： John J. Roese ,  Richard W. Graham ,  David Frattura ,  David Harrington

IPC: G06F15/173 ,  H04W24/00 ,  G01C21/00

CPC classification number: H04L67/16 ,  G01S5/02 ,  H04L29/06 ,  H04L29/12018 ,  H04L41/0213 ,  H04L41/12 ,  H04L61/10 ,  H04L63/02 ,  H04L63/0492 ,  H04L63/08 ,  H04L63/10 ,  H04L63/104 ,  H04L63/107 ,  H04L63/126 ,  H04L67/04 ,  H04L67/18 ,  H04L67/327 ,  H04L69/329 ,  H04W4/02 ,  H04W4/04 ,  H04W4/20 ,  H04W4/50 ,  H04W8/26 ,  H04W64/00 ,  Y10S707/99932 ,  Y10S707/99939

Abstract: One or more trusted network devices within a data network infrastructure determine a physical location of a client device requesting access to the data network infrastructure. A trusted physical location is generated and associated with the client device. The approach can include determining whether a candidate network device is a trusted network device based on a likelihood that the candidate network device can be modified to provide false physical location data. The approach also can include determining a response for an access request by the client and controlling network resources provided to the client based on the trusted physical location.

Abstract translation: 数据网络基础设施内的一个或多个可信网络设备确定请求接入数据网络基础设施的客户端设备的物理位置。 生成可信的物理位置并与客户端设备相关联。 该方法可以包括基于候选网络设备可以被修改以提供虚假物理位置数据的可能性来确定候选网络设备是否是可信网络设备。 该方法还可以包括确定客户端的访问请求的响应并且基于可信的物理位置控制提供给客户端的网络资源。