Patent application number | Description | Published |
20080235508 | Reducing processing load in proxies for secure communications - In one embodiment, a method for providing secure communications using a proxy is provided. The proxy negotiates with a client and a server to determine a session key to use with communications between the client and the proxy and between the proxy and the server. Encrypted data may then be received from the client at the proxy. The proxy can decrypt the encrypted data for processing using the session key. In one embodiment, the decrypted data is not altered. The proxy then sends the encrypted data that was received from the client to the server without re-encrypting the data that was decrypted. Because the proxy did not alter the data in its processing of the decrypted data and the same session key is used between communications for the proxy and the server, the encrypted data stream that was received from the client can be forwarded to the server. | 09-25-2008 |
20090055900 | ENTERPRISE WIRELESS LOCAL AREA NETWORK (LAN) GUEST ACCESS - In one embodiment, detecting a wireless network access request, forwarding data associated with the detected wireless network access request to a first multipoint Generic Routing Encapsulation (mGRE) tunnel, receiving authentication information associated with the detected wireless network access request, receiving authentication status information for the detected wireless network access request, and forwarding data associated with the detected wireless network access request to a second multipoint Generic Routing Encapsulation (mGRE) tunnel connected to a predetermined internet protocol (IP) subnet when the received authentication status information includes a successful authentication, are provided. | 02-26-2009 |
20090235077 | NETWORK INFRASTRUCTURE VALIDATION OF NETWORK MANAGEMENT FRAMES - A detection-based defense to a wireless network. Elements of the infrastructure, e.g., access points or scanning-only access points, detect intruders by detecting spoofed frames, such as from rogue access points. Access points include a signature, such as a message integrity check, with their management frames in a manner that enables neighboring access points to be able to validate the management frames, and to detect spoofed frames. When a neighboring access point receives a management frame, obtains a key for the access point sending the frame, and validates the management frame using the key. | 09-17-2009 |
20110235645 | VIRTUAL SERVICE DOMAINS - In one embodiment, layer-2 (L2) ports of a network device may each be assigned to a particular virtual service domain (VSD). One or more virtual service engines (VSEs) may also be assigned in a particular order to each VSD, where each VSE is configured to apply a particular service to traffic traversing the VSE between ingress and egress service ports. Interconnecting the L2 ports and the ingress and egress service ports is an illustrative virtual Ethernet module (VEM), which directs traffic it receives according to rules as follows: a) into a destination VSD via the one or more correspondingly assigned VSEs in the particular order; b) out of a current VSD via the one or more correspondingly assigned VSEs in a reverse order from the particular order; or c) within a current VSD without redirection through a VSE. | 09-29-2011 |
20120086363 | Intelligent lighting management and building control system - A method of controlling and managing a plurality of system managers, a plurality of lights and devices, including human interfaces and building automation devices is disclosed. The method includes a system manager collecting data from the plurality of lights and devices. The system manager uses the collected data to determine an adjacency of lights and devices. The system manager dynamically places the plurality of lights and devices into zones and binding human interface devices to the zones, and a dynamically configures the devices to control the zones. The devices perform self-calibration and self-commissioning. The system manager and devices perform ongoing calibration and commissioning. The system manager and devices operate resiliently in case of failure of the system manager, other devices, or software or hardware failures in the devices. The system manager and the devices operate on the collected data to determine usage patterns, and to efficiently manage the plurality of lights and devices. | 04-12-2012 |
20120210395 | NETWORK INFRASTRUCTURE VALIDATION OF NETWORK MANAGEMENT FRAMES - A detection-based defense to a wireless network. Elements of the infrastructure, e.g., access points or scanning-only access points, detect intruders by detecting spoofed frames, such as from rogue access points. Access points include a signature, such as a message integrity check, with their management frames in a manner that enables neighboring access points to be able to validate the management frames, and to detect spoofed frames. When a neighboring access point receives a management frame, obtains a key for the access point sending the frame, and validates the management frame using the key. | 08-16-2012 |
20120233453 | Reducing Processing Load in Proxies for Secure Communications - In one embodiment, a method for providing secure communications using a proxy is provided. The proxy negotiates with a client and a server to determine a session key to use with communications between the client and the proxy and between the proxy and the server. Encrypted data may then be received from the client at the proxy. The proxy can decrypt the encrypted data for processing using the session key. In one embodiment, the decrypted data is not altered. The proxy then sends the encrypted data that was received from the client to the server without re-encrypting the data that was decrypted. Because the proxy did not alter the data in its processing of the decrypted data and the same session key is used between communications for the proxy and the server, the encrypted data stream that was received from the client can be forwarded to the server. | 09-13-2012 |
20120294316 | VIRTUAL SERVICE DOMAINS - In one embodiment, ports of a network device are assigned to virtual service domains (VSDs). The ports are coupled to a virtual Ethernet module (VEM) of the network device. Each VSD is associated with one or more virtual service engines (VSEs) in a particular order. Each VSE is configured to apply a particular service to traffic traversing the VSE. Traffic received at a virtual Ethernet module (VEM) of the network device that is destined for a particular VSD, and is received on a port that has not been assigned to the particular VSD, is forwarded to the particular VSD via the one or more VSEs associated with the particular VSD such that the traffic traverses the one or more VSEs in the particular order. | 11-22-2012 |
20130074066 | Portable Port Profiles for Virtual Machines in a Virtualized Data Center - Techniques are provided for implementing a portable port profile that is based on a virtual machine (VM) definition file. Properties are specified within the VM definition that allow a virtual switch to look up one or more network policies such as connectivity, firewall, or other enforcement policies, and apply those policies on a customizable basis to the VM's virtual network interface. | 03-21-2013 |
20130333012 | NETWORK INFRASTRUCTURE VALIDATION OF NETWORK MANAGEMENT FRAMES - A detection-based defense to a wireless network. Elements of the infrastructure, e.g., access points or scanning-only access points, detect intruders by detecting spoofed frames, such as from rogue access points. Access points include a signature, such as a message integrity check, with their management frames in a manner that enables neighboring access points to be able to validate the management frames, and to detect spoofed frames. When a neighboring access point receives a management frame, obtains a key for the access point sending the frame, and validates the management frame using the key. | 12-12-2013 |
20140112205 | SYSTEM AND METHOD FOR PINNING VIRTUAL MACHINE ADAPTERS TO PHYSICAL ADAPTERS IN A NETWORK ENVIRONMENT - A method for pinning virtual machine adapters to physical adapters in a network environment is provided and includes capturing a first Bridge Protocol Data Unit (BPDU) from a first switch in a virtual local area network (VLAN), and a second BPDU from a second switch in the VLAN, identifying a first root bridge identifier (ID) of a first spanning tree associated with the first BPDU and a second root bridge ID of a second spanning tree associated with the second BPDU, comparing the first root bridge ID and the second root bridge ID, and communicating an alert. If the first root bridge ID is different from the second root bridge ID, the alert indicates re-pinning a virtual network interface card associated with a virtual machine from a first physical network interface card (pNIC) on the to a second pNIC. | 04-24-2014 |
20140169215 | Enabling Virtual Workloads using Overlay Technologies to Interoperate with Physical Network Services - A solution is provided to enable cloud service provider customers/users to offer physical network services to virtualized workloads that use overlay technologies, such as a Virtual Extensible Local Area Network (VXLAN). For a virtual workload that uses an overlay technology, an identifier is received of a logical network to which the virtual workload connects and a policy for the logical network. Based on the identifier of the logical network and the policy, a gateway is configured to connect traffic for the virtual workload on the logical network to a particular virtual local area network (VLAN) interface of the physical network service equipment on which the policy is configured | 06-19-2014 |