System and method for on the fly protocol conversion in obtaining policy enforcement information
원문보기
IPC분류정보
국가/구분
United States(US) Patent
등록
국제특허분류(IPC7판)
H04L-029/06
H04W-012/08
출원번호
US-0284806
(2011-10-28)
등록번호
US-9554276
(2017-01-24)
발명자
/ 주소
Thirasuttakorn, Nat
Haworth, Jason
Burns, Brandon
Smith, Ian Michael
출원인 / 주소
F5 Networks, Inc.
대리인 / 주소
LeClairRyan, a Professional Corporation
인용정보
피인용 횟수 :
0인용 특허 :
205
초록▼
A system, machine readable medium and method for utilizing protocol conversions in policy changing enforcement is disclosed. A message, in a first protocol, is received from a network gateway device including identifying information unique to a client attempting to access a resource from a server. T
A system, machine readable medium and method for utilizing protocol conversions in policy changing enforcement is disclosed. A message, in a first protocol, is received from a network gateway device including identifying information unique to a client attempting to access a resource from a server. The message is processed using one or more portions of the client identifying information as a unique key identifier. A policy access request is generated, in a second protocol, and includes at least the unique key identifier. The policy access request is sent to a policy server, wherein the policy server is configured to provide policy enforcement information of the client associated with the policy access request. The policy enforcement information is received and one or more policies from the policy enforcement information are enforced to network traffic between the client and the server.
대표청구항▼
1. A method for utilizing protocol conversions in policy changing enforcement, the method comprising: receiving, by a network traffic management device, a message in a first protocol from a network gateway device comprising identifying information unique to a client device attempting to make a reque
1. A method for utilizing protocol conversions in policy changing enforcement, the method comprising: receiving, by a network traffic management device, a message in a first protocol from a network gateway device comprising identifying information unique to a client device attempting to make a request to access a resource from a server, wherein the first protocol is an authentication, authorization, and accounting protocol;processing, by the network traffic management device, the received message, to extract one or more portions of the client device identifying information comprising one or more of a mobile station international subscriber directory number (MSIDN) of the client device, a source IP address of the client device, or an access point name (APN) of the client device for use as a unique key identifier;determining, by the network traffic management device, when the extracted unique key identifier is present within one or more databases; andgenerating, by the network traffic management device, a policy access request to obtain policy enforcement information for the client device when the extracted unique key identifier is absent within the one or more databases, wherein the generated policy access request includes at least the unique key identifier and is in a second protocol different from the first protocol, and wherein the second protocol is a TCP/IP protocol. 2. The method of claim 1, further comprising: storing, by the network traffic management device, the policy enforcement information and associated unique key information of the client device in a memory. 3. The method of claim 1, wherein the client device communicates with the gateway device via a cellular network and the first protocol is a RADIUS protocol. 4. The method of claim 1, wherein the client device communicates with the gateway device via a cellular network and the first protocol is a DIAMETER protocol. 5. The method of claim 1, wherein the policy request is a LDAP search request. 6. A non-transitory computer readable medium having stored thereon instructions for protocol conversions in policy changing enforcement, comprising computer executable code which when executed by at least one processor, causes the processor to perform steps to: receive a message in a first protocol from a network gateway device comprising identifying information unique to a client device attempting to make a request to access a resource from a server, wherein the first protocol is an authentication, authorization, and accounting protocol;process the received message to extract one or more portions of the client device identifying information comprising one or more of a mobile station international subscriber directory number (MSIDN) of the client device, a source IP address of the client device, or an access point name (APN) of the client device for use as a unique key identifier;determine when the extracted unique key identifier is present within one or more databases; andgenerate a policy access request to obtain policy enforcement information for the client device when the extracted unique key identifier is absent within the one or more databases, wherein the generated policy access request includes at least the unique key identifier and is in a second protocol different from the first protocol, and wherein the second protocol is a TCP/IP protocol. 7. The medium of claim 6, further comprises: store the policy enforcement information and associated unique key information of the client device in a memory. 8. The medium of claim 6, wherein the client device communicates with the gateway device via a cellular network and the first protocol is a RADIUS protocol. 9. The medium of claim 6, wherein the client device communicates with the gateway device via a cellular network and the first protocol is a DIAMETER protocol. 10. The medium of claim 6, wherein the policy access request is a LDAP search request. 11. A network traffic management device comprising: a network interface coupled to a client device via a network, the network interface receiving a request from the client device requesting access to the server, wherein the network traffic management device is interposed between and separate from the client device and the server;one or more processors;memory, wherein the memory is coupled to the one or more processors which are configured to execute programmed instructions stored in the memory which cause the processor to:receive a message in a first protocol from a network gateway device comprising identifying information unique to a client device attempting to make a request to access a resource from a server, wherein the first protocol is an authentication, authorization, and accounting protocol;process the received message to extract one or more portions of the client device identifying information comprising one or more of a mobile station international subscriber directory number (MSIDN) of the client device, a source IP address of the client device, or an access point name (APN) of the client device for use as a unique key identifier;determine when the extracted unique key identifier is present within one or more databases; andgenerate a policy access request to obtain policy enforcement information for the client device when the extracted unique key identifier is absent within the one or more databases, wherein the generated policy access request includes at least the unique key identifier and is in a second protocol different from the first protocol, and wherein the second protocol is a TCP/IP protocol. 12. The network traffic management device of claim 11, wherein the processor is further configured to execute programmed instructions stored in the memory further comprising: storing the policy enforcement information and associated unique key information of the client device in the memory. 13. The network traffic management device of claim 11, wherein the client device communicates with the gateway device via a cellular network and the first protocol is a RADIUS protocol. 14. The network traffic management device of claim 11, wherein the client device communicates with the gateway device via a cellular network and the first protocol is a DIAMETER protocol. 15. The network traffic management device of claim 11, wherein the policy access request is a LDAP search request. 16. The method as set forth in claim 1 further comprising: sending, by the network traffic management device, the policy access request to a policy server, wherein the policy server is configured to provide policy enforcement information of the client device associated with the policy access request;retrieving, by the network traffic management device, policy enforcement information for the client device from the policy server; andenforcing, by the network traffic management device, one or more policies from the policy enforcement information to network traffic between the client device and the server. 17. The medium as set forth in claim 6 further comprising: sending the policy access request to a policy server, wherein the policy server is configured to provide policy enforcement information of the client device associated with the policy access request;retrieving the policy enforcement information for the client device from the policy server; andenforcing one or more policies from the policy enforcement information to network traffic between the client device and the server. 18. The device as set forth in claim 11 wherein the processor is further configured to execute programmed instructions stored in the memory further comprising: send the policy access request to a policy server, wherein the policy server is configured to provide policy enforcement information of the client device associated with the policy access request;retrieve policy enforcement information for the client device from the policy server; andenforce one or more policies from the policy enforcement information to network traffic between the client device and the server.
연구과제 타임라인
LOADING...
LOADING...
LOADING...
LOADING...
LOADING...
이 특허에 인용된 특허 (205)
Wobber, Edward P.; Birrell, Andrew; Abadi, Martin, Access control based on program properties.
Kim, Hye-Jeong, Apparatus and method for controlling slotted mode of several systems using one sleep controller in a hybrid terminal of a mobile communication system.
Susai, Michel K.; Sinha, Rajiv; Shetty, Anil, Apparatus, method and computer program product for efficiently pooling connections between clients and servers.
Sohn Sung Won,KRX ; Doh Yoon Mi,KRX ; Kim Jong Oh,KRX, Asynchronous transfer mode (ATM) layer function processing apparatus with an enlarged structure.
Schmidt,Donald E.; Van Dyke,Clifford P.; Leach,Paul J.; Garg,Praerit; Satagopan,Murli D., Authentication and authorization across autonomous network systems.
Sathaye Shirish S. (North Chelmsford MA) Hannigan Brendan (West Newton MA) Hawe William R. (Pepperell MA), Automatic assignment of addresses in a computer communications network.
Yang Henry S. (Andover MA) Sathaye Shirish S. (North Chelmsford MA) Ben-Nun Michael (Jerusalem ILX) De-Leon Moshe (Jerusalem ILX) Ben-Michael Simoni (Givaat Zeev ILX), Buffer descriptor prefetch in network and I/O design.
Fitzgerald Albion J. (Ridgewood NJ) Fitzgerald Joseph J. (New Paltz NY), Distributed computer network including hierarchical resource information structure and related method of distributing re.
Dobbins Kurt ; Grant Thomas A. ; Ruffen David J. ; Kane Laura ; Len Theodore ; Andlauer Philip ; Bahi David H. ; Yohe Kevin ; Fee Brendan ; Oliver Chris ; Cullerot David L. ; Skubisz Michael, Distributed connection-oriented services for switched communications networks.
Shi Shaw-Ben ; Ault Michael Bradford ; Plassmann Ernst Robert ; Rich Bruce Arland ; Rosiles Mickella Ann ; Shrader Theodore Jack London, Distributed file system web server user authentication with cookies.
Couland Ghislaine,FRX ; Hunt Guerney Douglass Holloway ; Levy-Abegnoli Eric Michel,FRX ; Jean-Marie Mauduit Daniel Georges,FRX, Distributed scalable device for selecting a server from a server cluster and a switched path to the selected server.
Albert, Mark; Howes, Richard A.; Jordan, James A.; Kersey, Edward A.; LeBlanc, William M.; Menditto, Louis F.; O'Rourke, Chris; Tiwari, Pranav Kumar; Tsang, Tzu-Ming, Handling packet fragments in a distributed network service environment.
Tokuyo, Masanaga; Nakagawa, Itaru; Chikuma, Satoru; Fujino, Nobutsugu; Taniguchi, Tetsuya; Hisanaga, Takanori; Chikada, Michiyasu; Kuwata, Daisuke, IP router device having a TCP termination function and a medium thereof.
Sengupta, Uttam; Gandhi, Prashant; Varshney, Shobhit; Joshi, Mandar; Thakkar, Shreekant, Method and apparatus for a power-efficient framework to maintain data synchronization of a mobile personal computer to simulate a connected scenario.
Daniel Arthur A. (Rochester MN) Moore Robert E. (Durham NC) Anderson Catherine J. (Raleigh NC) Gelm Thomas J. (Raleigh NC) Kiter Raymond F. (Poughkeepsie NY) Meeham John P. (Raleigh NC) Stevenson Joh, Method and apparatus for communication network alert message construction.
Pani, Diana; Marinier, Paul; Cave, Christopher R., Method and apparatus for layer 2 processing and creation of protocol data units for wireless communications.
Attanasio Clement R. (Peekskill NY) Smith Stephen E. (Mahopac NY), Method and apparatus for making a cluster of computers appear as a single host on a network.
Chou Stephen T. ; Fenger Russell J. ; Kumar Mohan J. ; Lortz Victor B. ; Manny Benjamin L. ; Travnicek Mil ; Wang Chih-Kan, Method and apparatus for providing unattended on-demand availability of a computer system.
Mohaban, Shai; Parnafes, Itzhak; Ramberg, Yoram; Snir, Yoram; Strassner, John, Method and apparatus for storing policies for policy-based management of network quality of service.
Tang, Wenting; Cherkasova, Ludmila; Russell, Lance Warren, Method and system for a front-end modular transmission control protocol (TCP) handoff design in a streams based transmission control protocol/internet protocol (TCP/IP) implementation.
Walter A. Hubis ; William G. Deitz, Method and system for controlling access share storage devices in a network environment by configuring host-to-volume mapping data structures in the controller memory for granting and denying access .
Colby Steven ; Krawczyk John J. ; Nair Raj Krishnan ; Royce Katherine ; Siegel Kenneth P. ; Stevens Richard C. ; Wasson Scott, Method and system for directing a flow between a client and a server.
Waldspurger, Carl; Craig, Michael; Dharan, Ramesh; Kambo, Rajit S.; Mann, Timothy P.; Muckle, Stephen A.; Weissman, Boris; Zedlewski, John, Method and system for improving the accuracy of timing and process accounting within virtual machines.
Pardee,Peter; Dillon,Douglas; Border,John; Bartlett,Nigel, Method and system for integrating performance enhancing functions in a virtual private network (VPN).
Linville John Walter ; Makrucki Brad Alan ; Suffern Edward Stanley ; Warren Jeffrey Robert, Method and system for monitoring and controlling data flow in a network congestion state by changing each calculated pause time by a random amount.
Leighton Frank T. (459 Chestnut Hill Ave. Newtonville MA) Micali Silvio (459 Chestnut Hill Ave. Brookline MA 02146), Method for enabling users of a cryptosystem to generate and use a private pair key for enciphering communications betwee.
Zhang,Hui; de la Iglesia,Erik; Gomez,Miguel; Liu,Liang; Lowe,Rick K.; Wallace,Mark Aaron; Wang,Wei, Method of and system for allocating resources to resource requests.
Choquier Philippe,FRX ; Peyroux Jean-Francios ; Griffin William J., Method of redirecting a client service session to a second application server without interrupting the session by forwa.
Kanode, Mark Edward; Marsico, Peter J., Methods, systems, and computer readable media for providing dynamic origination-based routing key registration in a diameter network.
Craig, Jeffrey Alan; Kanode, Mark Edward; Karmarkar, Kedar Kashinath; Sprague, David Michael; Tomar, Mahesh; Wallace, Donald E., Methods, systems, and computer readable media for providing peer routing at a diameter node.
Albert, Mark; Howes, Richard A.; Jordan, James A.; Kersey, Edward A.; LeBlanc, William M.; McGuire, Jacob Mark; Menditto, Louis F.; O'Rourke, Chris; Tiwari, Pranav Kumar; Tsang, Tzu-Ming, Network address translation using a forwarding agent.
Allen, Jr., James Johnson; Bass, Brian Mitchell; Calvignac, Jean Louis; Gaur, Santosh Prasad; Heddes, Marco C.; Siegel, Michael Steven; Verplanken, Fabrice Jean, Network processor interface for building scalable switching systems.
Cummings Kevin D. (Phoenix AZ) Johnson William A. (Paradise Valley AZ) Laird Daniel L. (Madison WI), Pattern writing method during X-ray mask fabrication.
Smith R. Steven (Saratoga CA) Hanlon Mike S. (San Jose CA) Bailey Robert L. (San Jose CA), Power management for a laptop computer with slow and sleep modes.
Lim,Vincent Cheekiat; Raghuvanshi,Preetham, Power save management with customized range for user configuration and tuning value based upon recent usage.
Wright,Michael; Boucher,Peter; Nault,Gabe; Smith,Merrill; Jacobson,Sterling K; Wood,Jonathan; Mims,Robert, Protection of data accessible by a mobile device.
Allen, Jr., James Johnson; Bass, Brian Mitchell; Davis, Gordon Taylor; Jeffries, Clark Debs; Nair, Jitesh Ramachandran; Sabhikhi, Ravinder Kumar; Siegel, Michael Steven; Yedavalli, Rama Mohan, Retro flow control for arriving traffic in computer networks.
Klein, Johannes; Garcia, Aurelio Navarro Belletti; da Silva, Ernesto Miranda Pedrosa; Torres, Rafael Alberto Marques; Qian, William; Ostrovsky, Eduard; Colbert, Oliver Bruno; Raman, Ganapathy; Alves, Edgar Pereira, Securing out-of-band messages.
Arora Sanjeev (Berkeley CA) Knight ; Jr. Thomas F. (Belmont MA) Leighton Frank T. (Newton Center MA) Maggs Bruce M. (Princeton NJ) Upfal Eliezer (Palo Alto CA), Switching networks with expansive and/or dispersive logical clusters for message routing.
Liu, Fu-Hua; Cheng, Shih-An; Chang, Chen-Huei; Lee, Chih-Ping, System and method for determining a connectionless communication path for communicating audio data through an address and port translation device.
Gnagy,Matthew R.; Champagne,Jean Philippe; Aviani,James A.; Lueckenhoff,Bruce Arthur; O'Toole, Jr.,James W., System and method for generalized URL-rewriting.
Chen, Jonathan; Amdahl, Saxon; Shigapov, Andrey, System and method for handling TCP performance in network access with driver initiated application tunnel.
Brezak, Jr.,John E.; Ward,Richard B.; Leach,Paul J.; Swift,Michael M., System and method for managing and authenticating services via service principal names.
Labio,Wilburt Juan; Nguyen,Giao Thanh; Liu,Winston Wencheng; Manku,Gurmeet Singh, System and method for optimizing access to information in peer-to-peer computer networks.
Bommareddy, Satish; Kale, Makarand; Chaganty, Srinivas, System and method for routing message traffic using a cluster of routers sharing a single logical IP address distinct from unique IP addresses of the routers.
Chang Albert (Austin TX) Neuman Grover H. (Austin TX) Shaheen-Gouda Amal A. (Austin TX) Smith Todd A. (Austin TX), System and method for using cached data at a local node after re-opening a file at a remote node in a distributed networ.
Kramer,Andre; Harwood,Will, System and method of exploiting the security of a secure communication channel to secure a non-secure communication channel.
Pitts William M. (780 Mora Dr. Los Altos CA 94024), System for accessing distributed data cache channel at each network node to pass requests and data.
O'Toole, Jr.,James W., System using idle connection metric indicating a value based on connection characteristic for performing connection drop sequence.
Rao, Goutham P.; Rodriguez, Robert; Brueggemann, Eric, Systems and methods for communicating a lossy protocol via a lossless protocol using false acknowledgements.
Short, Joel E.; Delley, Frederic; Logan, Mark F.; Pagan, Florence C. I., Systems and methods for redirecting users having transparent computer access to a network using a gateway device having redirection capability.
Cappiello,Scott; Du,Yi; Le,Dyung V.; Li,Benjamin Z.; Li,Wenfeng; Polana,Ramprasad; Vinton,Patrick, Technique for handling server session requests in a system having a plurality of servers.
Agarwal, Mugdha; Suganthi, Josephine; Annamalaisami, Saravana; Kurma, Jyotheesh Rao; Goel, Deepak; Shetty, Anil, Transparent layer 2 redirection of request to single sign in service based on applying policy to content of request.
Brown Charles Allan ; Burns John Martin ; Nagaraj Holavanahally Seshachar ; O'Neill James Joseph ; Ullah Muhammad Inayet ; Volpe Leo ; Wendt Herman Russell, Vacuum baking process.
Brendel Juergen ; Kring Charles J. ; Liu Zaide ; Marino Christopher C., World-wide-web server with delayed resource-binding for resource-based load balancing on a distributed resource multi-n.
※ AI-Helper는 부적절한 답변을 할 수 있습니다.