US20060072583A1 - Systems and methods for monitoring and displaying performance metrics - Google Patents
Systems and methods for monitoring and displaying performance metrics Download PDFInfo
- Publication number
- US20060072583A1 US20060072583A1 US11/167,745 US16774505A US2006072583A1 US 20060072583 A1 US20060072583 A1 US 20060072583A1 US 16774505 A US16774505 A US 16774505A US 2006072583 A1 US2006072583 A1 US 2006072583A1
- Authority
- US
- United States
- Prior art keywords
- server
- network
- status
- performance metrics
- networks
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Abandoned
Links
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
- G06F21/31—User authentication
- G06F21/316—User authentication by observing the pattern of computer usage, e.g. typical user behaviour
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/62—Protecting access to data via a platform, e.g. using keys or access control rules
- G06F21/6218—Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
- G06F21/6227—Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database where protection concerns the structure of data, e.g. records, types, queries
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L41/00—Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
- H04L41/02—Standardisation; Integration
- H04L41/0213—Standardised network management protocols, e.g. simple network management protocol [SNMP]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L41/00—Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
- H04L41/50—Network service management, e.g. ensuring proper service fulfilment according to agreements
- H04L41/5003—Managing SLA; Interaction between SLA and QoS
- H04L41/5009—Determining service level performance parameters or violations of service level contracts, e.g. violations of agreed response time or mean time between failures [MTBF]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L41/00—Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
- H04L41/50—Network service management, e.g. ensuring proper service fulfilment according to agreements
- H04L41/5061—Network service management, e.g. ensuring proper service fulfilment according to agreements characterised by the interaction between service providers and their network customers, e.g. customer relationship management
- H04L41/5067—Customer-centric QoS measurements
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L43/00—Arrangements for monitoring or testing data switching networks
- H04L43/04—Processing captured monitoring data, e.g. for logfile generation
- H04L43/045—Processing captured monitoring data, e.g. for logfile generation for graphical visualisation of monitoring data
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L43/00—Arrangements for monitoring or testing data switching networks
- H04L43/08—Monitoring or testing based on specific metrics, e.g. QoS, energy consumption or environmental parameters
- H04L43/0805—Monitoring or testing based on specific metrics, e.g. QoS, energy consumption or environmental parameters by checking availability
- H04L43/0817—Monitoring or testing based on specific metrics, e.g. QoS, energy consumption or environmental parameters by checking availability by checking functioning
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L47/00—Traffic control in data switching networks
- H04L47/10—Flow control; Congestion control
- H04L47/11—Identifying congestion
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L47/00—Traffic control in data switching networks
- H04L47/10—Flow control; Congestion control
- H04L47/22—Traffic shaping
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L47/00—Traffic control in data switching networks
- H04L47/10—Flow control; Congestion control
- H04L47/24—Traffic characterised by specific attributes, e.g. priority or QoS
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/02—Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
- H04L63/0227—Filtering policies
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/02—Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
- H04L63/0227—Filtering policies
- H04L63/0263—Rule management
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/02—Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
- H04L63/0272—Virtual private networks
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0869—Network architectures or network communication protocols for network security for authentication of entities for achieving mutual authentication
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/10—Network architectures or network communication protocols for network security for controlling access to devices or network resources
- H04L63/102—Entity profiles
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1408—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1441—Countermeasures against malicious traffic
- H04L63/145—Countermeasures against malicious traffic the attack involving the propagation of malware through the network, e.g. viruses, trojans or worms
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/20—Network architectures or network communication protocols for network security for managing network security; network security policies in general
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/02—Protocols based on web technology, e.g. hypertext transfer protocol [HTTP]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/04—Protocols specially adapted for terminals or networks with limited capabilities; specially adapted for terminal portability
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/14—Session management
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/2866—Architectures; Arrangements
- H04L67/30—Profiles
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/50—Network services
- H04L67/60—Scheduling or organising the servicing of application requests, e.g. requests for application data transmissions using the analysis and optimisation of the required network resources
- H04L67/61—Scheduling or organising the servicing of application requests, e.g. requests for application data transmissions using the analysis and optimisation of the required network resources taking into account QoS or priority requirements
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L69/00—Network arrangements, protocols or services independent of the application payload and not provided for in the other groups of this subclass
- H04L69/30—Definitions, standards or architectural aspects of layered protocol stacks
- H04L69/32—Architecture of open systems interconnection [OSI] 7-layer type protocol stacks, e.g. the interfaces between the data link level and the physical level
- H04L69/322—Intralayer communication protocols among peer entities or protocol data unit [PDU] definitions
- H04L69/329—Intralayer communication protocols among peer entities or protocol data unit [PDU] definitions in the application layer [OSI layer 7]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/321—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving a third party or a trusted authority
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3271—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using challenge-response
- H04L9/3273—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using challenge-response for mutual authentication
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/08—Access security
- H04W12/088—Access security using filters or firewalls
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L2209/00—Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
- H04L2209/56—Financial cryptography, e.g. electronic payment or e-cash
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L2209/00—Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
- H04L2209/60—Digital content management, e.g. content distribution
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L2209/00—Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
- H04L2209/80—Wireless
- H04L2209/805—Lightweight hardware, e.g. radio-frequency identification [RFID] or sensor
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L41/00—Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
- H04L41/06—Management of faults, events, alarms or notifications
- H04L41/0681—Configuration of triggering conditions
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L41/00—Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
- H04L41/50—Network service management, e.g. ensuring proper service fulfilment according to agreements
- H04L41/5003—Managing SLA; Interaction between SLA and QoS
- H04L41/5009—Determining service level performance parameters or violations of service level contracts, e.g. violations of agreed response time or mean time between failures [MTBF]
- H04L41/5012—Determining service level performance parameters or violations of service level contracts, e.g. violations of agreed response time or mean time between failures [MTBF] determining service availability, e.g. which services are available at a certain point in time
- H04L41/5016—Determining service level performance parameters or violations of service level contracts, e.g. violations of agreed response time or mean time between failures [MTBF] determining service availability, e.g. which services are available at a certain point in time based on statistics of service availability, e.g. in percentage or over a given time
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L41/00—Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
- H04L41/50—Network service management, e.g. ensuring proper service fulfilment according to agreements
- H04L41/508—Network service management, e.g. ensuring proper service fulfilment according to agreements based on type of value added network service under agreement
- H04L41/509—Network service management, e.g. ensuring proper service fulfilment according to agreements based on type of value added network service under agreement wherein the managed service relates to media content delivery, e.g. audio, video or TV
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0823—Network architectures or network communication protocols for network security for authentication of entities using certificates
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/16—Implementing security features at a particular protocol layer
- H04L63/162—Implementing security features at a particular protocol layer at the data link layer
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/16—Implementing security features at a particular protocol layer
- H04L63/166—Implementing security features at a particular protocol layer at the transport layer
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W48/00—Access restriction; Network selection; Access point selection
- H04W48/18—Selecting a network or a communication service
Definitions
- the present invention relates generally to computer networking and, more particularly to systems and methods for monitoring and displaying performance metrics.
- each remote method for connecting to an enterprise network offers a tradeoff between cost, performance, and convenience. For instance, a wired network connection might be faster and less costly than a cellular network connection, but less convenient for a mobile user. Also, since each connection type may be purchased from a different network provider, the enterprise must reconcile charges from each of the providers for each of the users accessing the network remotely.
- Embodiments of the present invention provide systems and methods for monitoring and displaying performance metrics.
- One aspect of one embodiment of the present invention comprises receiving performance metrics associated with a plurality of network connections to a plurality of networks, each of the plurality of network connections associated with a client device; determining a status of one of the plurality of networks based at least in part on the performance metrics; and providing the status of the one of the plurality of networks to a user interface.
- a computer-readable medium (such as, for example random access memory or a computer disk) comprises code for carrying out such a method.
- FIG. 1 is a block diagram showing an illustrative environment for implementation of one embodiment of the present invention
- FIG. 2 is a block diagram illustrating the modules present on a client device 102 in one embodiment of the present invention
- FIG. 3 is a block diagram illustrating the modules present on a security server 104 in one embodiment of the present invention
- FIG. 4 is a block diagram illustrating the modules present on an enterprise server 106 in one embodiment of the present invention.
- FIG. 5 is a flowchart illustrating a process for collecting and storing performance metrics in one embodiment of the present invention
- FIG. 6 is a flowchart illustrating a process for providing a network status to a user interface in one embodiment of the present invention
- FIG. 7 is a flowchart illustrating a process for determining a status of the network in one embodiment of the present invention.
- FIG. 8 is a flowchart illustrating a method for providing the status of the network to a user interface in another embodiment of the present invention.
- Embodiments of the present invention provide systems and methods for monitoring and displaying performance metrics. There are multiple embodiments of the present invention.
- one illustrative embodiment of the present invention provides a method for receiving and analyzing performance metrics associated with various network carriers used by clients of an enterprise to access the enterprise's network.
- the metrics may include information such as throughput rate, protocol used, application identifier, and other performance and network-related measures.
- a Quality of Service (“QoS”) server uses the performance metrics to determine the status of the networks. For instance, the QoS server may determine that a particular carrier's network in one city or neighborhood in that city is unstable based on the throughput rate of that network segment or based on some other measure.
- the QoS server provides the status of the network to a user and may provide alerts based on predetermined events and thresholds. For instance, in one embodiment, the user accesses a portal.
- the portal provides a visual alert to the user, indicating that the network segment is unstable.
- the portal may provide other information as well, such as the relative costs of various networks.
- real-time analysis of the data occurs, and information from that real-time analysis is weighted in terms of level of urgency. Based on this level of urgency, a determination is made as to how the information should be dealt with. For instance the data may simply be stored for logging purposes or sent to an internal or external customer service representative.
- an embodiment of the present invention may provide the enterprise with the ability to define certain events that, when they occur, trigger an alarm on a portal.
- One example of such a user-defined event might be “if a single user is logged on more than once in geographically disparate areas, post an alert.”
- FIG. 1 is a block diagram showing an illustrative environment for implementation of one embodiment of the present invention.
- the system shown in FIG. 1 includes a client 102 .
- the client is in communication with a security server 104 .
- the network 108 may comprise a public or private network and may include the Internet.
- the network may also comprise a plurality of networks, including, for example, dedicated phone lines between the various components.
- the client 102 communicates with the security server 104 via a virtual private network (“VPN”) established over the Internet.
- VPN virtual private network
- the security server 104 is also in communication with an enterprise server 106 via a network.
- the network 108 may comprise various elements, both wired and wireless.
- the communication between the security server 104 and enterprise server 106 occurs over a static VPN established over dedicated communication lines.
- a user connects a client device 102 to the network 108 using a network access user interface.
- the network access user interface is always on and only allows the user to connect to the network 108 via the interface.
- the network access user interface automatically causes the client 102 to connect to the security server 104 through the network 108 .
- the security server 104 provides value added services to the client 102 and to one or more enterprises. Access to other services, such as the Internet, may be provided via the security server 104 .
- FIG. 1 includes only a single client 102 , security server 104 , and enterprise server 106 , an embodiment of the present invention will typically include a plurality of clients 102 and may include a plurality of security servers 104 and enterprise servers 106 .
- FIG. 2 is a block diagram illustrating the modules present on a client device 102 in one embodiment of the present invention.
- client device 102 are personal computers, digital assistants, personal digital assistants, cellular phones, mobile phones, smart phones, pagers, digital tablets, laptop computers, Internet appliances, and other processor-based devices.
- a client device 102 may be any suitable type of processor-based platform that is connected to the network 108 , and that interacts with one or more application programs.
- the client device 102 can contain a processor coupled to a computer-readable medium, such as RAM.
- Client device 102 may operate on any operating system, such as Microsoft® Windows® or Linux.
- the client device 102 is, for example, a laptop computer executing a network access user interface.
- the modules shown in FIG. 2 represent functionality of the client 102 .
- the modules may be implemented as one or more computer programs that include one or more modules. For instance, in one embodiment, all the modules shown in FIG. 2 are contained within a single network access application.
- the functionality shown on the client 102 may be implemented on a server in other embodiments of the present invention.
- functionality shown in FIGS. 3 and 4 as being on a server may be implemented on the client 102 in some embodiments of the present invention.
- the client 102 shown in FIG. 2 comprises a VPN client 202 .
- the VPN client 202 allows the client 102 to connect to the enterprise server 106 .
- the VPN client 202 is used to determine whether or not the VPN client 202 is active and whether or not the VPN client 202 is connected to a VPN server. For instance, an embodiment of the present invention may determine whether or not to connect to a particular service based on whether or not the VPN client 202 is enabled.
- the VPN client 202 is used for four purposes: (1) to manage policy files, which include information, such as a gateway Internet Protocol (IP) address, secrecy and authentication level, and hash; (2) automatically connecting a VPN; (3) automatically disconnecting the VPN; and (4) monitoring the status of the VPN.
- IP Internet Protocol
- Each of these four purposes may be affected by other modules, including, for example, the connection manager 210 .
- the client 102 also comprises a secure vault 204 .
- the secure vault 204 protects content on the client 102 .
- the secure vault 204 is responsible for storing encrypted content on the client 102 and allowing access to the encrypted content based on a set of permissions or policies.
- a content creator can provide access via a viewer to secured content and allow a recipient of the content read-only access or allow the recipient to perform other tasks, such as modifying the content and forwarding it to other users.
- the secure vault 204 allows the user to create and distribute secure content to other clients 102 , the content creator can decide to send a document to several users and allow two of the users full access and one of the users read-only access.
- the client 102 shown in FIG. 2 also comprises a firewall 206 .
- the firewall 206 allows port blocking via predefined policies. For instance, in one embodiment, an information technology (“IT”) manager specifies port blocking based on two zones, a safe zone and a dangerous zone. The IT manager specifies one of these two zones for each of the network interface devices installed on the client 102 . The IT manager is then able to set port-blocking rules by zone on the firewall 206 .
- IT information technology
- the IT manager may classify a Wireless Fidelity (“Wi-Fi”) network interface as dangerous since it has traditionally been considered fairly unsafe. And the IT manager may apply more restrictive port-blocking rules to the dangerous zone than to the safe zone and network interface devices, such as those used to connect to a wired Local Area Network (“LAN”) or a Personal Handyphone System (“PHS”) cellular connection.
- the PHS standard is a TDD-TDMA based microcellular wireless communications technology and has been traditionally considered relatively safer than Wi-Fi connections.
- the PHS cellular connection may also be referred to as a wireless wide area network (“WWAN”) as opposed to a dial-up connection providing access to a wide area network (“WAN”).
- WWAN wireless wide area network
- WAN wide area network
- the port-blocking rules of the firewall 206 may be based on time of day, client IP address, terminating IP address, terminating and originating port, protocol, and other variables. In one embodiment, the port-blocking rules are based on policy data associated with individual users logged into the client 102 .
- the port-blocking rules of the firewall 206 include a blacklist.
- the blacklist allows an IT manager to prevent an application from executing on the client 102 .
- an IT manager may blacklist a DVD player so that a user is unable to view DVD's on the client 102 .
- the firewall 206 may provide a message to the user informing the user that an application is unavailable.
- the firewall 206 implements a white list.
- the white list is somewhat more restrictive than the blacklist described above.
- the white list allows only specified applications to execute. For example, an IT manager may allow only MS Word, Excel, PowerPoint, and Outlook to execute. No other applications will be permitted to execute.
- the firewall 206 may be a custom firewall or a third-party firewall integrated into an embodiment of the present invention.
- the embodiment shown in FIG. 2 also includes an antivirus module 208 .
- the antivirus module 208 shown determines whether policy files, virus dictionary, or other virus-related resources are out of date and provides the client 102 with a mechanism for updating the files or data.
- the antivirus module 208 may restrict access to various connections, applications, and other functionality when the policy files are out of date. For instance, the antivirus module 208 may restrict the client 102 to connecting to a single gateway through which the policy files are available.
- the antivirus module 208 comprises a third-party antivirus product that is integrated with the other modules on the client 102 .
- the client 102 also comprises a connection manager 210 , which includes a rules processor.
- the connection manager 210 assigns a priority number to every connection, e.g., one to one hundred, and selects the connection with the highest number to connect to.
- connection manager 210 may provide a connection to a variety of networks, including, for example, dial-up, LAN, digital subscriber line (“DSL”), cable modem, Wi-Fi, wireless local area network (“WLAN”), PHS, and satellite.
- networks including, for example, dial-up, LAN, digital subscriber line (“DSL”), cable modem, Wi-Fi, wireless local area network (“WLAN”), PHS, and satellite.
- connection manager 210 differentiates between public and private connections.
- a public connection is a connection provided by a service provider who has a relationship with the administrator of the security server 104 , which allows the security server 104 to authenticate the connection.
- the security server 104 administrator may have a business arrangement with a hotspot provider.
- the client 102 connects to a local access point and the authentication of the user occurs automatically at the security server 104 .
- a private connection requires that all aspects of the authentication mechanism for a connection be managed in the absence of the security server 104 , although the connection manager may provide certain facilities to allow for automated authentication where possible.
- connection manager 210 makes connections available or unavailable to the client 102 based on policies present on the client 102 .
- the connection manager 210 may also download changes to policy data and transmit quality of service (“QoS”) and other data to the security server 104 or the enterprise server 106 .
- QoS quality of service
- the connection manager 210 determines the type of connections that are available based on signals provided by hardware associated with the client 102 . For example, when the client 102 passes near a hotspot, a Wi-Fi card in the client 102 senses the hotspot and sends a signal to the connection manager 210 . For instance, the Wi-Fi card may sense a broadcast service set identifier (“SSID”). Once the signal exceeds a threshold, the connection manager 210 provides a signal to a user of the client 102 that the network is available or may automatically connect to the hotspot. Alternatively, the Wi-Fi card may poll for a non-broadcast SSID. The connection manager 210 may provide a single connection to the client 102 at one time or may provide multiple connections to the client 102 .
- SSID broadcast service set identifier
- the client 102 shown in FIG. 2 also comprises a QoS collector 212 .
- the QoS collector 212 collects data values, including, for example, the number of bytes sent and received, the average transfer rate, the average signal strength at connection, termination cause, failed connections, and a network identifier. In another embodiment, the QoS collector 212 collects data during the session to determine when a connection provides inconsistent performance.
- the QoS collector 212 collects data regarding a connection during a session but does not send the data for a session until the next session. Thus, if a session is terminated abnormally, the QoS data will still be collected and transferred successfully. In another embodiment, the QoS collector 212 transfers data only when a particular type of connection is detected, such as a high-speed or low cost connection.
- the client 102 also comprises a session statistics module 214 .
- the session statistics module stores data representing user characteristics. For instance, the session statistic module 214 may store a list of the applications a user generally accesses, how often the user is connected, the typical CPU and memory utilization measure, keyboard sequences, and other characteristics of a user. If a particular user deviates from the expected characteristics by greater than a threshold, such as N standard deviations, and the significance of the statistic is more than a specified amount, the session statistics module 214 can identify the current user as a potential unauthorized user.
- a threshold such as N standard deviations
- the session statistics module 214 may perform other tasks as well. For instance, in one embodiment, the session statistics module 214 pre-loads applications based on a user's general usage patterns.
- the client 102 shown in FIG. 2 also comprises a policy reader 216 .
- a company's policies are housed on the enterprise server 106 . For instance, individual groups and users within an enterprise are identified and associated with policies, such as what types of connections they are able to access and what a user's VPN profile is. The user may also be able to specify a VPN policy on the client 102 .
- the policy reader 216 downloads the policy rules from the enterprise server 106 and accesses local user policies and reconciles any conflicts between the two.
- an IT manager may establish a VPN profile to be used by a user when connecting to a Wi-Fi network. However, the user may wish to create a secondary VPN profile to be used if the first VPN becomes unavailable.
- the policy reader 216 loads both local and enterprise VPN profiles, resolving any conflict between the two VPN profiles.
- the policy reader 216 accesses data at an enterprise, department, and user level. In such an embodiment, some of the policy rules may be stored in a lightweight directory access protocol (“LDAP”) server on the client 102 , security server 104 , or enterprise server 106 . In another embodiment, the policy reader 216 receives only changes to policy data and does not typically download all of the policy data at once. Policies downloaded by the policy reader 216 may be provided to the rules processor of the connection manager 210 .
- LDAP lightweight directory access protocol
- the client 102 may also comprises a client security module 216 .
- the client security module 216 implements a client asset protection process.
- the client security module 216 may, for example, disable devices and interfaces on the client device 102 and may, in some embodiments, encrypt the hard drive of the client device 102 so that the files stored on the drive are not easily accessible.
- the client 102 may also comprise a user interface 220 .
- the user interface 220 may control the underlying operating environment or the user's view of the underlying environment.
- the user interface 220 supplants the Microsoft® Windows operating system interface from the user's perspective. In other words, the user is unable to access many of the standard Windows features.
- Such a user interface may be implemented to limit the applications and configuration setting a user is able to access.
- PDA personal digital assistant
- no user interface is provided by an embodiment of the present invention; the standard PDA user interface is utilized.
- the client 102 shown in FIG. 2 also comprises a security agent 222 .
- the security agent 222 is also referred to as a “bomb.”
- an IT manager indicates that the security agent 222 should be activated when the client 102 next connects to the enterprise server 106 . The IT manager may do so because the client 102 has been reported stolen. Subsequently, the client 102 connects to the enterprise server 106 , either directly or indirectly and receives the message to initiate the security agent 222 .
- the security agent 222 when the security agent 222 activates, it stops all applications from being able to run and encrypts the data on the hard drive of the client 102 .
- the security agent 222 may implement a white list as described above and then implement a secure vault for all data on the client 102 .
- the connection manager 210 may also be configured so that no connections are possible.
- the data since the data is merely encrypted by security agent 222 , rather than erased, the data may be recovered if the client 102 is subsequently recovered. For instance, the enterprise may retain the key needed for decrypting the local drive. The client 102 is returned to the enterprise, which then decrypts the drive. In another embodiment, the data on the local drive of the client is rendered inaccessible by, for example, writing over the data multiple times.
- the client 102 shown in FIG. 2 also comprises an out-of-band communication receiver 224 .
- the out-of-band communication receiver 224 allows the client to receive communications other than through a network-based connection.
- the connection manager 210 may manage the out-of-band communication. For instance, the command to activate the security agent 222 may be transferred via a short messaging service (“SMS”) communication received by the out-of-band communication receiver 224 .
- SMS short messaging service
- FIG. 3 is a block diagram illustrating the modules present on a security server 104 in one embodiment of the present invention.
- the security server 104 shown in FIG. 3 comprises a remote authentication dial-in user service (“RADIUS”) server 302 , which may also be referred to as an AAA (authentication, authorization, and accounting) server.
- RADIUS is the standard by which applications and devices communicate with an AAA server.
- the RADIUS server 302 provides authentication services on the security server 104 .
- the RADIUS server 302 proxies to a RADIUS server on the enterprise server 106 .
- the RADIUS server 302 provides mutual authentication for the client 102 using Extensible Authentication Protocol Transport Layer Security (“EAP-TLS”).
- EAP-TLS itself is strictly an 802.1x authentication protocol, designed primarily for Wi-Fi connections, the underlying TLS authentication protocol may be deployed in both wired and wireless networks.
- EAP-TLS performs mutual secured sockets layer (“SSL”) authentication. This requires both the client device 102 and the RADIUS server 302 to have a certificate. In mutual authentication, each side may prove its identity to the other using its certificate and its private key.
- SSL mutual secured sockets layer
- the security server shown in FIG. 3 also comprises an LDAP server 304 .
- the LDAP server 304 uses the LDAP protocol, which provides a mechanism for locating users, organizations, and other resources on the network.
- the LDAP server 304 provides access control at the network layer to various components that an enterprise customer may or may not purchase. For example, a customer may choose to implement a secure vault as described in relation to FIG. 1 . In such a case, the customer or users or groups associated with the customer are also associated with the firewall module. The LDAP entry is then used to determine that the firewall is to be enabled on a client.
- the LDAP server 304 is implemented as a list of user identifiers not using the LDAP protocol.
- data in the LDAP server 304 is propagated from data present in the enterprise server 106 .
- the security server 104 shown in FIG. 3 also comprises a session manager 306 .
- the session manager 306 controls sessions, including sessions between the client 102 and enterprise server 106 .
- the session manager 306 also determines how to route data requests. For instance, the session manager 306 may determine that a particular data request should be routed to the Internet rather than to the enterprise server 106 . This may be referred to as “splitting the pipe” and provides a mechanism to replace “split tunneling” (a traditional configuration option with most standard VPN clients) at the client device by the more secure split of traffic not intended for the enterprise at the security server, allowing monitoring of all traffic without the enterprise incurring the expense of the extra bandwidth required.
- the client 102 and enterprise server 106 establish a VPN for communication.
- the session manager 306 may be unable to route requests to any location other than the enterprise—the packets are encrypted and thus, cannot be separately evaluated.
- the session manager 306 performs automated authentication of a client device 102 or user. For example, if the session manager 306 determines that a client 102 is approaching a Wi-Fi hotspot, the session manager 306 is able to pre-populate the hotspot with the certificate that the hotspot requires to authenticate the user. In this manner, the authentication appears very fast to the user.
- the session manager 306 may also control the manner in which data is queued for download to the client device 102 .
- the session manager 306 provides two modes for data queuing. In a first mode, the session manager 306 determines that the network down time will be brief, e.g., the user is moving through a tunnel, which interferes with network access. In such a case, the session manager queues a minimal amount of data. In a second mode, the session manager 306 determines that the network down time will be of a longer duration, e.g., the user is boarding a plane from New York to Tokyo. In such a case, the session manager 306 may queue a larger amount of data. In one such embodiment, the session manager 306 determines the mode by querying the user for the downtime interval. When the user reconnects to the security server 104 , the session manager 306 determines the best manner of downloading the queued data and begins the download.
- the session manager 306 comprises a packet shaper (not shown).
- the packet shaper provides various functional capabilities to the session manager 306 .
- the packet shaper provides a mechanism for prioritizing packets sent between the enterprise server 106 and the client 102 .
- the packet shaper utilizes Multiprotocol Label Switching (“MPLS”).
- MPLS allows a specific path to be specified for a given sequence of packets.
- MPLS allows most packets to be forwarded at the switching (layer 2 ) level rather than at the (routing) layer 3 level.
- MPLS provides a means for providing QoS for data transmissions, particularly as networks begin to carry more varied traffic.
- the session manager 306 may also provide session persistence capabilities. For instance, in one embodiment, when a user drops a connection or moves from one provider network coverage area to another, the connection manager 306 persists a virtual connection as the first connection is terminated and the second is initiated.
- the session manager 306 may include a server-side rules engine.
- the server-side rules engine may use historical information, such as the session statistics described above, for statistical attack determination. For instance, session manager 306 may access a stored statistic regarding a client device 102 and based on monitoring of the current statistics for the client device 102 determine that an unauthorized user is using the client device 102 .
- the security server 104 shown in FIG. 3 also comprises a real-time monitor 308 .
- the real-time monitor 308 monitors the status of communications, such as which clients and users are logged on, the amount of data being transferred, ongoing QoS measures, ports in use, and other information.
- the real-time monitor 308 When the real-time monitor 308 detects a problem, it may issue an alert to network support.
- data from the real-time monitor 308 is provided to users via a portal available on the security server 308 .
- the real-time portal 308 transfers information to the enterprise server 106 , from which users access the data.
- the embodiment shown in FIG. 3 also comprises a historical monitor 310 .
- the historical monitor 310 provides information similar to the real-time monitor 310 .
- the underlying data is historical in nature.
- the historical monitor 310 provides audit information for making intelligent business decisions and for dealing with regulatory compliance issues.
- the information available via the historical monitor 310 may include, for example, historical QoS data, registration compliance data, and metrics consistency data.
- the historical data monitor 310 may be used to determine that certain clients are not performing optimally by comparing metrics of various clients over time. For instance, by evaluating information available via the historical data monitor 310 , a support person may be able to determine that a radio tuner on a specific client device 102 is failing. If the user of one client device 102 is complaining about the availability of service, but other users are able to successfully access service, then the client device's radio may be the problem.
- the historical data monitor 310 may also be used to reconcile information captured on the security server 104 regarding connections and data provided by telecommunication carriers.
- the data may be used to determine when certain resources need to be increased and when a certain carrier is not performing adequately.
- the security server also comprises a database 312 .
- the database 312 may be any type of database, including, for example, MySQL, Oracle, or Microsoft SQL Server relational databases. Also, although the database 312 is shown as a single database in FIG. 2 , the database 312 may actually comprise multiple databases, multiple schemas within one or more databases, and multiples tables within one or more schemas. The database 312 may also be present on one or more other machines, e.g., database servers.
- the database 312 stores customer information regarding enterprises served by the security server 104 , such as a list of valid users, a list of valid cellular cards, the relationships between the individual users and groups within the enterprise, and other customer information.
- the database 312 stores an association between users and cellular data cards.
- the enterprise may allocate a single user to a specific data card.
- the enterprise may associate a group of users with a group of cellular data cards.
- Other types of data may also be stored in the database 312 , such as billing data.
- the security server 104 shown in FIG. 3 also comprises a QoS server 314 .
- the QoS server 314 uploads information from the QoS collector 212 on the client device 102 and stores the QoS data.
- the QoS server 314 can collect data from multiple clients and store it in the database 312 .
- the security server also comprises a QoS tools engine 316 .
- the QoS tools engine 316 displays data made available by the QoS server 314 and other processes, such as the real-time monitor 308 .
- the QoS tools engine 316 provides an aggregation of QoS data in a spreadsheet. In another embodiment, the QoS tools engine 316 provides data using map views, pie charts, and graphs. The QoS tools engine 316 may also provide the capability for setting QoS-based alarms and may provide data to users via a portal.
- the security server 104 also comprises a portal server 318 .
- the portal server 318 may be, for example, a web server. Any standard web server application may be utilized, including Microsoft® Internet Information Server (“IIS”) or Apache.
- IIS Internet Information Server
- Apache Apache
- the security server 104 shown in FIGS. 1 and 3 is illustrated as a single server, it may comprise multiple servers.
- the security server 104 comprises multiple regional servers.
- the description above suggests that data is provided to and queried from the security server 104 by the client 102 , i.e., the client pulls the data.
- the client 102 also comprises a listener (not shown) so that the security server 104 can push data to the client 102 .
- FIG. 4 is a block diagram illustrating the modules present on an enterprise server 106 in one embodiment of the present invention.
- the enterprise server 106 may also be referred to herein as a customer server and may comprise one or more servers for one or more enterprises linked to one or more security servers 104 .
- the enterprise server 106 shown in FIG. 4 comprises a policy server 402 .
- the policy server 402 provides a means for managing the policy rules, including, for example, available VPN profiles, available transports (e.g. Wi-Fi, LAN, PHS, Dialup), firewall rules, such as blacklists and white lists, connection rules, and antivirus rules.
- the policy server 402 may include other rules as well, such as the level of data throttling to perform for each client or group of clients. Data throttling limits the data transfer rate to a particular client 102 so that connection resources can be optimized.
- the policies may be managed at one or more levels. For example, an IT manager may wish to create a VPN profile for the enterprise as a whole, but a different VPN profile for an engineering group since the engineering group needs access to various unique applications.
- the policy server 412 may also provide a mechanism for configuring the location of various servers that the client 102 will utilize. For instance, the policy server 412 may allow an IT manager to specify the IP address of an acceleration server 404 or a vault server 406
- the policy server also allows the IT manager to specify which users receive updates for various components on the client 102 .
- the policy server 402 may also allow the IT manager to perform connection configuration. For instance, the IT manager may use the policy server to specify phone numbers for PHS connections, Wi-Fi SSID's for private connections, and other connection configuration information.
- the enterprise server 106 shown in FIG. 4 also comprises an acceleration server 404 .
- the acceleration server 404 performs processes to improve the performance of data transfer. For instance, the acceleration server 404 may automatically compress images that are to be transferred to a client 102 .
- the acceleration server 404 communicates with the policy server 402 .
- An IT manager sets acceleration rules using the policy server 402 , and the acceleration server 404 uses these rules to determine what level of acceleration to use for a particular communication.
- the IT manager sets a default level of acceleration for all communication and a specific level of acceleration for one group of users. The specific level of acceleration may be referred to as an override.
- the enterprise server 106 also comprises a vault server 406 .
- the vault server comprises two components, an automatic component and an administration component.
- the automatic component integrates with an enterprise's mail server (not shown) and performs operations on emails to and from the mail server.
- the vault server 406 may quarantine an email, automatically encrypt the email before it is sent, add a legal disclaimer to an email, or perform other functions on the email.
- the automatic component of the vault server 406 searches an email based on words or based on the domain or specific address to which the email is addressed or from which the email originated. Using this information, the user can perform functions on the email, such as those described above.
- the administration component of the vault server 406 allows a user to terminate access to secure content, either by a specific user or by all users. It also logs activity. Using one embodiment of the vault server 406 , a user can indicate that a set of users whose employment has been terminated will no longer have access to any secure content. In an alternative embodiment of the vault server 406 , a user can indicate that a given element of secure content, say a price list, is now out of date, and so that piece of secure content will no longer be viewable by any user. When each user accesses the secure content, the vault server 406 logs the event. So for each secure content element, the vault server 406 creates a log of all activity on the secure content.
- the vault server 406 also compresses data. For instance, one embodiment utilizes standard PKZIP compression to compress all content. In another embodiment, an IT manager may identify three types of images and specify a different level of compression for each type of image based on the level of resolution necessary for each type of image.
- the enterprise server 108 also comprises a RADIUS server 408 and LDAP server 410 , which are similar to those described above in relation to the security server 104 .
- the RADIUS server 302 on the security server 104 may proxy to the RADIUS server 408 on the enterprise server 106 .
- data in the LDAP server 410 may be propagated to the LDAP server 204 on the security server 104 .
- the enterprise server 106 also comprises a one-time password (“OTP”) server 412 .
- OTP one-time password
- the OTP server 412 provides a mechanism for authentication.
- the enterprise server 106 uses the OTP server 412 to perform a mutual authentication process.
- the enterprise server 106 also comprises a concentrator 414 .
- the concentrator 414 provides remote access capability to the client 102 .
- the concentrator 414 may serve as a means for terminating a VPN between the client 102 and enterprise server 106 .
- the enterprise server 104 shown in FIG. 4 also comprises a portal server 416 .
- the portal server 416 may comprise a standard web server, such as IIS or Apache.
- the portal server 416 may provide one or more portals.
- the portal server 416 provides two portals, portal one and portal two.
- Portal one provides a configuration interface for managing the various elements shown in FIGS. 2 and 3 , including, for example, the policy server 402 and LDAP server 410 .
- Portal two provides an interface for accessing data, such as QoS data and session data.
- a user may use historical QoS data on portal two to determine how a particular provider is performing in terms of throughput, user connections, and other QoS metrics.
- Portal two may also provide real-time information, such as how many users are currently connected.
- an IT manager determines that twenty users have been rejected by a carrier in the last three minutes due to authentication failure and five users with the same user identifier are currently logged on to five different devices. The IT manager uses this information to detect a potential security problem. Portal two may also be used to set alerts as described above.
- first authentication server 118 and final authentication server 126 may be combined in a single server.
- the system 100 shown in FIG. 1 is merely illustrative, and is used to help explain the illustrative systems and processes discussed below.
- performance metrics are initially collected and stored on a client device 102 .
- the performance metrics may be based on a variety of factors, such as the VPN status, the health of the client device, and the health of the network.
- the client device 102 uploads performance metrics to a QoS server 314 .
- Performance metrics may be uploaded on a real-time or a periodic basis (e.g. daily, weekly, or monthly).
- FIG. 5 is a flowchart illustrating a process for collecting and storing performance metrics in one embodiment of the present invention.
- the client device 102 attempts to open a network connection 502 .
- the connection manager 210 may attempt to re-establish the last successful connection.
- the connection may occur over any available connection type, such as via a LAN or WWAN.
- the client device 102 determines whether the network connection was successful 504 . If the network connection fails, the client device 102 logs the failed connection attempt 506 . For example, the client device may store the time when the connection was attempted, the number of unsuccessful attempts, and the network identifier. The failure may be logged with other performance metrics or separately.
- the QoS collector 212 sends the performance metrics captured from the previous session to the QoS server 314 .
- the transfer does not occur until the connection manager 210 identifies a high-speed connection over which to transmit the data. In other embodiments, slow-speed and high-speed connections are utilized.
- a client device 102 will establish a connection with the security server 104 and upload QoS data to the QoS server 314 in a manner that is transparent to the user.
- the upload process may run as a service, and each time the client device 102 connects to a network, the upload process executes.
- Performance metrics may comprise, for example, QoS statistics, a network node (e.g., base station) identifier, client device performance measures, and other data.
- the performance metrics comprise a transport identifier, a start time, a connection duration, a bytes sent quantity, a bytes received quantity, a data rate up quantity, a data rate down quantity, a protocol identifier, an application identifier, a success code, a signal strength quantity, a network type code, a packet size quantity, a CPU utilization quantity, a memory consumption quantity, a power level quantity, applications executing, a disk space quantity, a device identifier, and a termination cause.
- the client device stores averages of certain metrics, such as data rate up and packet size.
- the QoS collector 212 stores the performance metrics 512 .
- the QoS collector 212 stores the performance metrics as a text file.
- the QoS collector 212 stores the performance metrics in a data store, such as a database.
- storage and transmission of QoS data is minimized by only collecting and storing QoS exceptions. For instance, the number of bytes sent may only be stored and transmitted by the QoS collector 212 if the number falls below a certain threshold or outside a certain predefined range.
- only summary data is sent unless the QoS collector 212 , QoS server 314 , or some other component or process determines that detailed data should be sent as well. For example, a network support person may determine that a connection appears to be suffering from intermittent outages. The network support person can cause the QoS collector 212 and QoS server 314 to begin collecting and storing detailed information regarding the segment of the network that appears to be having problems.
- FIG. 6 is a flowchart illustrating a process for providing a network status to a user interface in one embodiment of the present invention.
- the QoS server 314 first receives performance metrics 602 .
- the QoS server 314 may receive performance metrics from the QoS collector 212 .
- the QoS server 314 may also receive performance metrics by receiving a Simple Network Management Protocol (“SNMP”) trap.
- SNMP trap is a notification event or alert issued by a managed device to a network management device when a significant event occurs.
- a significant event may be a device start or stop, an outage, a fault, or a security violation but is not limited to these events.
- the server relies on SNMP traps for components on the security server 104 that are SNMP aware.
- the QoS collector 314 monitors log files, such as flat files or databases where information is logged.
- the data captured from SNMP traps and from direct monitoring of log files is then combined and stored in a data store.
- the captured data is used to generate a multi-dimensional database so that support personnel or others can query information.
- performance metrics may be discarded based on various criteria. For instance, in one embodiment, a user can choose to discard performance metrics from a particular session. In another embodiment, performance metrics from sessions lasting less than a predetermined duration, such as thirty seconds, may be discarded automatically. Performance metrics may also be discarded after a predetermined period of time, e.g., performance metrics collected and stored for more than three months may be discarded.
- the QoS server 314 also polls client devices 102 or checks log files or database tables.
- the QoS server may utilize a server/agent model to pull information from each device on the network, including, for example, servers, routers, and switches.
- This data collected may comprise the following: VPN status from client devices 102 to the security server 104 (including up state and throughput); static VPNs from the security server 104 to the enterprise server 106 (including up state and throughput); health of each of the physical devices on the network; and health of the services that the network provides.
- the QoS server 314 next determines a status of the network 604 .
- the status of the network may comprise information identifying a problem, such as congestion.
- the status may also comprise other information, such as the cost, stability, or speed of the network or of a portion of the network.
- the QoS server 314 provides the status of the network to a user interface 606 .
- Providing the status of the network to a user interface may comprise generating an alert.
- the user interface may comprise a web portal for providing the status of the network. The portal may be capable of displaying an alert.
- FIG. 7 is a flowchart illustrating a process for determining a status of the network in one embodiment of the present invention.
- the QoS tools engine 316 on the security server 104 loads performance metrics 702 .
- the performance metrics may exist in an XML file, which the QoS tools engine 316 opens and reads.
- the QoS tools engine 316 determines a status of the network 604 .
- the status of the network is based on the performance metrics alone.
- the performance metrics are used in conjunction with other information to determine a status of the network.
- the QoS tools engine 316 may determine the status of the network is a problem, such as congestion 704 . In other embodiments, the QoS tools engine 316 may generate a bill reconciliation status 706 , provide a capacity planning status 708 , generate a carrier audit report 710 , or generate a security related policy 712 . Alternatively, the network status may be sent to the policy server 402 or the enterprise server 106 .
- an enterprise monitors the particular protocols a user or client device is using when accessing the network.
- the enterprise uses this information to determine policies to put into place on the policy server 402 .
- a user may use an application that utilizes HTTP to access various web sites. Based on the URLs of the web sites that the user is accessing, the network usage is mainly streaming media. If the enterprise determines it is necessary, a policy can be set to limit the amount of bandwidth available for these downloads or to blacklist the site or sites that the user is accessing.
- the QoS server 314 helps carriers to identify problems before they become outages. For instance, wireless base stations often degrade in performance before they stop passing data, e.g., a user can send a short message but not a long one. When degradation is sensed, an alert can be provided to the appropriate support person.
- FIG. 8 is a flowchart illustrating a method for providing the status of the network to a user interface in another embodiment of the present invention.
- the QoS tools engine 316 determines a status of the network 604 .
- the status of the network is then provided to a user interface 606 .
- providing the status of the network to the user interface comprises generating an alert 802 .
- An example of an alert may be an auditory buzz or a message.
- the status of the network may be provided to a web portal 804 .
- the user interface may be a spreadsheet 806 .
- data from the QoS server 314 is used by the policy server 402 .
- the fact that a particular connection is more stable or faster than another connection may be used to determine connection preferences.
- the enterprise is able to weigh such information based on factors internal to the enterprise as part of the process of determining rules for the policy server. In such an embodiment, two users sitting in the same location may connect in different ways to the user's respective enterprise network depending on the weighting each enterprise gives to each factor in determining a policy.
- portal server 416 accesses data collected by the QoS server 314 .
- the portal server 416 may access this data by connecting to the security server 104 or by storing the data in a data store on the enterprise server.
- the data accessed by the portal server 416 may be a subset of the data that is collected by the QoS server 314 .
- a user accesses the portal server 416 to view network status information in real-time.
- Such real-time access enables effective and efficient troubleshooting of the network connections and the ability to determine particular carrier's stability. If a network problem exists, the portal may cause an auditory buzz to be output when information is displayed on the portal in relation to the problem.
- the user is provided with summary data.
- the summary data provides information that can be used to perform historical analysis and trend analysis on network connections.
- a statistical model is applied to the data in the QoS server 314 .
- a predetermined threshold is set for various measures. When the threshold is exceeded, an alert is generated. For instance, if the QoS server 314 determines that a single login account is logged into more than five devices or in more than one geographic location simultaneously, an alert is generated identifying a possible intrusion. In such an embodiment, an enterprise can set its own security events based on its particular needs.
- the customer can alert the carrier or other service provider of the potential problem. In this way, the customer is able to identify the party responsible for the problem without the need to contact multiple service providers, e.g., the carrier and network equipment providers.
- a network support person accesses the portal server 318 on the security server 104 .
- the portal server 318 accesses the QoS server 314 or a data store to obtain the data collected by the QoS server 314 .
- the data available on the security provider's portal server 318 may be more extensive than that available via the enterprise's portal server 416 .
- the network support person uses the data available on the portal server 318 to analyze the performance of the network, troubleshoot potential network problems, and perform other support functions, such as capacity planning.
- a carrier may use an embodiment of the present invention to determine where an additional hotspot is necessary to adequately support the carrier's user base.
- the network may not be experiencing any problems; it just may be less expensive to switch to another type of network, such as from a cellular network to a Wi-Fi network.
- the QoS server 314 identifies potential problems with client device 102 . For instance, the QoS server 314 may detect that the CPU or memory utilization of a particular client is above a predefined threshold. In such an embodiment, problems with the client device 102 can be eliminated before attempting to diagnose a problem with the network.
- the portal server 318 provides data that is highly granular.
- the data provides information on aspects of performance that can indicate that a problem is occurring or may soon occur.
- one page provided by the portal server 318 displays a schematic view of the VPNs to and from the security server 104 .
- the portal server 314 causes the portion of the schematic illustrating that VPN to become highlighted.
- a network support person accessing the portal can then easily detect a problem or potential problem. The user can then drill down to the level of detail necessary to diagnose and resolve the problem.
- the information collected by the QoS server 316 is utilized to audit bills from multiple network carriers or other service providers. For instance, the duration of connections made over a particular communication line may be determined based on performance metrics and compared to the invoice for services provided by a carrier.
- the QoS server 314 provides information to a network management system.
- the network management system completes a matrix of properties for each of the networks.
- the matrix may comprise measures such as stability, cost, speed, and geography.
- the matrix is then used to determine which available connection is best for a particular client device 102 , application, time of day, or based on some other variable. For instance, a user in the Denver airport has an available cellular connection with carrier X and an available cellular connection with carrier Y simultaneously.
- the connection manager 210 utilizes the matrix to determine that the congestion on the base station operated by carrier Y is lower than that of carrier X and that the base station of carrier Y drops fewer packets and fewer signals. After evaluating this information, the connection manager 210 connects the user's client device 102 to carrier Y's base station.
Abstract
Systems and methods for monitoring and displaying performance metrics are described. One aspect of one described embodiment includes receiving performance metrics associated with a plurality of network connections to a plurality of networks, each of the plurality of network connections associated with a client device; determining a status of one of the plurality of networks based at least in part on the performance metrics; and providing the status of the one of the plurality of networks to a user interface.
Description
- This application claims priority to Application Ser. No. 60/583,765, filed on Jun. 28, 2004, titled “Controlling Use of a Mobile Work Station Based on Network Environment,” Application Ser. No. 60/598,364, filed on Aug. 3, 2004, titled “Systems and Methods for Enhancing and Optimizing a User's Experience on an Electronic Device,” Application Ser. No. 60/652,121, filed on Feb. 11, 2005, titled “Remote Access Services,” and Application Ser. No. 60/653,411, filed on Feb. 16, 2005, titled “Creating an Environment for Secure Mobile Access Anywhere,” the entirety of all of which are incorporated herein by reference.
- The present invention relates generally to computer networking and, more particularly to systems and methods for monitoring and displaying performance metrics.
- As the workforce becomes more mobile, enterprises often must rely on unfamiliar networks to provide remote network access. Enterprises and their users have increasing options in selecting methods of connecting to the enterprise network as well as other resources, such as the Internet. With this added choice comes added complexity, both in service offerings and the associated charges, as well as the potential for inconsistency in service.
- And each remote method for connecting to an enterprise network offers a tradeoff between cost, performance, and convenience. For instance, a wired network connection might be faster and less costly than a cellular network connection, but less convenient for a mobile user. Also, since each connection type may be purchased from a different network provider, the enterprise must reconcile charges from each of the providers for each of the users accessing the network remotely.
- In conventional networks, enterprises are not able to determine precisely where problems are occurring in provider networks. Further, enterprises are unable to determine the best connection for each individual user given the place where the user is accessing the enterprise's network, Internet, or other service. When the data is available, it is often out-of-date and of less value than real-time data would be.
- Embodiments of the present invention provide systems and methods for monitoring and displaying performance metrics. One aspect of one embodiment of the present invention comprises receiving performance metrics associated with a plurality of network connections to a plurality of networks, each of the plurality of network connections associated with a client device; determining a status of one of the plurality of networks based at least in part on the performance metrics; and providing the status of the one of the plurality of networks to a user interface. In another embodiment, a computer-readable medium (such as, for example random access memory or a computer disk) comprises code for carrying out such a method.
- This illustrative embodiment is mentioned not to limit or define the invention, but to provide one example to aid understanding thereof. Illustrative embodiments are discussed in the Detailed Description, and further description of the invention is provided there. Advantages offered by the various embodiments of the present invention may be further understood by examining this specification.
- These and other features, aspects, and advantages of the present invention are better understood when the following Detailed Description is read with reference to the accompanying drawings, wherein:
-
FIG. 1 is a block diagram showing an illustrative environment for implementation of one embodiment of the present invention; -
FIG. 2 is a block diagram illustrating the modules present on aclient device 102 in one embodiment of the present invention; -
FIG. 3 is a block diagram illustrating the modules present on asecurity server 104 in one embodiment of the present invention; -
FIG. 4 is a block diagram illustrating the modules present on anenterprise server 106 in one embodiment of the present invention; -
FIG. 5 is a flowchart illustrating a process for collecting and storing performance metrics in one embodiment of the present invention; -
FIG. 6 is a flowchart illustrating a process for providing a network status to a user interface in one embodiment of the present invention; -
FIG. 7 is a flowchart illustrating a process for determining a status of the network in one embodiment of the present invention; and -
FIG. 8 is a flowchart illustrating a method for providing the status of the network to a user interface in another embodiment of the present invention. - Embodiments of the present invention provide systems and methods for monitoring and displaying performance metrics. There are multiple embodiments of the present invention. By way of introduction and example, one illustrative embodiment of the present invention provides a method for receiving and analyzing performance metrics associated with various network carriers used by clients of an enterprise to access the enterprise's network.
- The metrics may include information such as throughput rate, protocol used, application identifier, and other performance and network-related measures. A Quality of Service (“QoS”) server uses the performance metrics to determine the status of the networks. For instance, the QoS server may determine that a particular carrier's network in one city or neighborhood in that city is unstable based on the throughput rate of that network segment or based on some other measure.
- The QoS server provides the status of the network to a user and may provide alerts based on predetermined events and thresholds. For instance, in one embodiment, the user accesses a portal. The portal provides a visual alert to the user, indicating that the network segment is unstable. The portal may provide other information as well, such as the relative costs of various networks. In one embodiment, real-time analysis of the data occurs, and information from that real-time analysis is weighted in terms of level of urgency. Based on this level of urgency, a determination is made as to how the information should be dealt with. For instance the data may simply be stored for logging purposes or sent to an internal or external customer service representative.
- In addition to basic performance monitoring, an embodiment of the present invention may provide the enterprise with the ability to define certain events that, when they occur, trigger an alarm on a portal. One example of such a user-defined event might be “if a single user is logged on more than once in geographically disparate areas, post an alert.”
- This introduction is given to introduce the reader to the general subject matter of the application. By no means is the invention limited to such subject matter. Illustrative embodiments are described below.
- Various systems in accordance with the present invention may be constructed. Referring now to the drawings in which like numerals indicate like elements throughout the several figures,
FIG. 1 is a block diagram showing an illustrative environment for implementation of one embodiment of the present invention. The system shown inFIG. 1 includes aclient 102. The client is in communication with asecurity server 104. - Communication with the
security server 104 occurs via anetwork 108. Thenetwork 108 may comprise a public or private network and may include the Internet. The network may also comprise a plurality of networks, including, for example, dedicated phone lines between the various components. In one embodiment, theclient 102 communicates with thesecurity server 104 via a virtual private network (“VPN”) established over the Internet. - The
security server 104 is also in communication with anenterprise server 106 via a network. Thenetwork 108 may comprise various elements, both wired and wireless. In one embodiment, the communication between thesecurity server 104 andenterprise server 106 occurs over a static VPN established over dedicated communication lines. - In one embodiment, a user connects a
client device 102 to thenetwork 108 using a network access user interface. The network access user interface is always on and only allows the user to connect to thenetwork 108 via the interface. The network access user interface automatically causes theclient 102 to connect to thesecurity server 104 through thenetwork 108. Thesecurity server 104 provides value added services to theclient 102 and to one or more enterprises. Access to other services, such as the Internet, may be provided via thesecurity server 104. - Although
FIG. 1 includes only asingle client 102,security server 104, andenterprise server 106, an embodiment of the present invention will typically include a plurality ofclients 102 and may include a plurality ofsecurity servers 104 andenterprise servers 106. -
FIG. 2 is a block diagram illustrating the modules present on aclient device 102 in one embodiment of the present invention. Examples ofclient device 102 are personal computers, digital assistants, personal digital assistants, cellular phones, mobile phones, smart phones, pagers, digital tablets, laptop computers, Internet appliances, and other processor-based devices. In general, aclient device 102 may be any suitable type of processor-based platform that is connected to thenetwork 108, and that interacts with one or more application programs. Theclient device 102 can contain a processor coupled to a computer-readable medium, such as RAM.Client device 102 may operate on any operating system, such as Microsoft® Windows® or Linux. Theclient device 102 is, for example, a laptop computer executing a network access user interface. - The modules shown in
FIG. 2 represent functionality of theclient 102. The modules may be implemented as one or more computer programs that include one or more modules. For instance, in one embodiment, all the modules shown inFIG. 2 are contained within a single network access application. Also, the functionality shown on theclient 102 may be implemented on a server in other embodiments of the present invention. Likewise, functionality shown inFIGS. 3 and 4 as being on a server may be implemented on theclient 102 in some embodiments of the present invention. - The
client 102 shown inFIG. 2 comprises aVPN client 202. TheVPN client 202 allows theclient 102 to connect to theenterprise server 106. In one embodiment of the present invention, theVPN client 202 is used to determine whether or not theVPN client 202 is active and whether or not theVPN client 202 is connected to a VPN server. For instance, an embodiment of the present invention may determine whether or not to connect to a particular service based on whether or not theVPN client 202 is enabled. - In another embodiment of the present invention, the
VPN client 202 is used for four purposes: (1) to manage policy files, which include information, such as a gateway Internet Protocol (IP) address, secrecy and authentication level, and hash; (2) automatically connecting a VPN; (3) automatically disconnecting the VPN; and (4) monitoring the status of the VPN. Each of these four purposes may be affected by other modules, including, for example, theconnection manager 210. - The
client 102 also comprises asecure vault 204. Thesecure vault 204 protects content on theclient 102. In one embodiment, thesecure vault 204 is responsible for storing encrypted content on theclient 102 and allowing access to the encrypted content based on a set of permissions or policies. In such an embodiment, a content creator can provide access via a viewer to secured content and allow a recipient of the content read-only access or allow the recipient to perform other tasks, such as modifying the content and forwarding it to other users. In another embodiment, thesecure vault 204 allows the user to create and distribute secure content toother clients 102, the content creator can decide to send a document to several users and allow two of the users full access and one of the users read-only access. - The
client 102 shown inFIG. 2 also comprises afirewall 206. Thefirewall 206 allows port blocking via predefined policies. For instance, in one embodiment, an information technology (“IT”) manager specifies port blocking based on two zones, a safe zone and a dangerous zone. The IT manager specifies one of these two zones for each of the network interface devices installed on theclient 102. The IT manager is then able to set port-blocking rules by zone on thefirewall 206. - For example, the IT manager may classify a Wireless Fidelity (“Wi-Fi”) network interface as dangerous since it has traditionally been considered fairly unsafe. And the IT manager may apply more restrictive port-blocking rules to the dangerous zone than to the safe zone and network interface devices, such as those used to connect to a wired Local Area Network (“LAN”) or a Personal Handyphone System (“PHS”) cellular connection. The PHS standard is a TDD-TDMA based microcellular wireless communications technology and has been traditionally considered relatively safer than Wi-Fi connections. The PHS cellular connection may also be referred to as a wireless wide area network (“WWAN”) as opposed to a dial-up connection providing access to a wide area network (“WAN”).
- In various other embodiments, the port-blocking rules of the
firewall 206 may be based on time of day, client IP address, terminating IP address, terminating and originating port, protocol, and other variables. In one embodiment, the port-blocking rules are based on policy data associated with individual users logged into theclient 102. - In one embodiment, the port-blocking rules of the
firewall 206 include a blacklist. The blacklist allows an IT manager to prevent an application from executing on theclient 102. For instance, an IT manager may blacklist a DVD player so that a user is unable to view DVD's on theclient 102. Thefirewall 206 may provide a message to the user informing the user that an application is unavailable. - In another embodiment, the
firewall 206 implements a white list. The white list is somewhat more restrictive than the blacklist described above. The white list allows only specified applications to execute. For example, an IT manager may allow only MS Word, Excel, PowerPoint, and Outlook to execute. No other applications will be permitted to execute. Thefirewall 206 may be a custom firewall or a third-party firewall integrated into an embodiment of the present invention. - The embodiment shown in
FIG. 2 also includes an antivirus module 208. The antivirus module 208 shown determines whether policy files, virus dictionary, or other virus-related resources are out of date and provides theclient 102 with a mechanism for updating the files or data. The antivirus module 208 may restrict access to various connections, applications, and other functionality when the policy files are out of date. For instance, the antivirus module 208 may restrict theclient 102 to connecting to a single gateway through which the policy files are available. In one embodiment, the antivirus module 208 comprises a third-party antivirus product that is integrated with the other modules on theclient 102. - The
client 102 also comprises aconnection manager 210, which includes a rules processor. In one embodiment, theconnection manager 210 assigns a priority number to every connection, e.g., one to one hundred, and selects the connection with the highest number to connect to. - The
connection manager 210 may provide a connection to a variety of networks, including, for example, dial-up, LAN, digital subscriber line (“DSL”), cable modem, Wi-Fi, wireless local area network (“WLAN”), PHS, and satellite. - In one embodiment, the
connection manager 210 differentiates between public and private connections. A public connection is a connection provided by a service provider who has a relationship with the administrator of thesecurity server 104, which allows thesecurity server 104 to authenticate the connection. For instance, thesecurity server 104 administrator may have a business arrangement with a hotspot provider. In order to connect, theclient 102 connects to a local access point and the authentication of the user occurs automatically at thesecurity server 104. In contrast, a private connection requires that all aspects of the authentication mechanism for a connection be managed in the absence of thesecurity server 104, although the connection manager may provide certain facilities to allow for automated authentication where possible. - In one embodiment, the
connection manager 210 makes connections available or unavailable to theclient 102 based on policies present on theclient 102. Theconnection manager 210 may also download changes to policy data and transmit quality of service (“QoS”) and other data to thesecurity server 104 or theenterprise server 106. - In one embodiment, the
connection manager 210 determines the type of connections that are available based on signals provided by hardware associated with theclient 102. For example, when theclient 102 passes near a hotspot, a Wi-Fi card in theclient 102 senses the hotspot and sends a signal to theconnection manager 210. For instance, the Wi-Fi card may sense a broadcast service set identifier (“SSID”). Once the signal exceeds a threshold, theconnection manager 210 provides a signal to a user of theclient 102 that the network is available or may automatically connect to the hotspot. Alternatively, the Wi-Fi card may poll for a non-broadcast SSID. Theconnection manager 210 may provide a single connection to theclient 102 at one time or may provide multiple connections to theclient 102. - The
client 102 shown inFIG. 2 also comprises aQoS collector 212. TheQoS collector 212 collects data values, including, for example, the number of bytes sent and received, the average transfer rate, the average signal strength at connection, termination cause, failed connections, and a network identifier. In another embodiment, theQoS collector 212 collects data during the session to determine when a connection provides inconsistent performance. - In one embodiment, the
QoS collector 212 collects data regarding a connection during a session but does not send the data for a session until the next session. Thus, if a session is terminated abnormally, the QoS data will still be collected and transferred successfully. In another embodiment, theQoS collector 212 transfers data only when a particular type of connection is detected, such as a high-speed or low cost connection. - The
client 102 also comprises asession statistics module 214. The session statistics module stores data representing user characteristics. For instance, the sessionstatistic module 214 may store a list of the applications a user generally accesses, how often the user is connected, the typical CPU and memory utilization measure, keyboard sequences, and other characteristics of a user. If a particular user deviates from the expected characteristics by greater than a threshold, such as N standard deviations, and the significance of the statistic is more than a specified amount, thesession statistics module 214 can identify the current user as a potential unauthorized user. - The
session statistics module 214 may perform other tasks as well. For instance, in one embodiment, thesession statistics module 214 pre-loads applications based on a user's general usage patterns. - The
client 102 shown inFIG. 2 also comprises apolicy reader 216. In one embodiment, a company's policies are housed on theenterprise server 106. For instance, individual groups and users within an enterprise are identified and associated with policies, such as what types of connections they are able to access and what a user's VPN profile is. The user may also be able to specify a VPN policy on theclient 102. In such an embodiment, thepolicy reader 216 downloads the policy rules from theenterprise server 106 and accesses local user policies and reconciles any conflicts between the two. - For example, an IT manager may establish a VPN profile to be used by a user when connecting to a Wi-Fi network. However, the user may wish to create a secondary VPN profile to be used if the first VPN becomes unavailable. The
policy reader 216 loads both local and enterprise VPN profiles, resolving any conflict between the two VPN profiles. - In one embodiment, the
policy reader 216 accesses data at an enterprise, department, and user level. In such an embodiment, some of the policy rules may be stored in a lightweight directory access protocol (“LDAP”) server on theclient 102,security server 104, orenterprise server 106. In another embodiment, thepolicy reader 216 receives only changes to policy data and does not typically download all of the policy data at once. Policies downloaded by thepolicy reader 216 may be provided to the rules processor of theconnection manager 210. - The
client 102 may also comprises aclient security module 216. In one embodiment, theclient security module 216 implements a client asset protection process. When theclient security module 216 receives a signal indicating that the client asset protection process is to be executed, theclient security module 216 may, for example, disable devices and interfaces on theclient device 102 and may, in some embodiments, encrypt the hard drive of theclient device 102 so that the files stored on the drive are not easily accessible. - The
client 102 may also comprise a user interface 220. The user interface 220 may control the underlying operating environment or the user's view of the underlying environment. For example, in one embodiment, the user interface 220 supplants the Microsoft® Windows operating system interface from the user's perspective. In other words, the user is unable to access many of the standard Windows features. Such a user interface may be implemented to limit the applications and configuration setting a user is able to access. In some embodiments, such as a personal digital assistant (“PDA”), no user interface is provided by an embodiment of the present invention; the standard PDA user interface is utilized. - The
client 102 shown inFIG. 2 also comprises asecurity agent 222. In some embodiments, thesecurity agent 222 is also referred to as a “bomb.” In one embodiment, an IT manager indicates that thesecurity agent 222 should be activated when theclient 102 next connects to theenterprise server 106. The IT manager may do so because theclient 102 has been reported stolen. Subsequently, theclient 102 connects to theenterprise server 106, either directly or indirectly and receives the message to initiate thesecurity agent 222. - In one embodiment, when the
security agent 222 activates, it stops all applications from being able to run and encrypts the data on the hard drive of theclient 102. For instance, thesecurity agent 222 may implement a white list as described above and then implement a secure vault for all data on theclient 102. Theconnection manager 210 may also be configured so that no connections are possible. - In one such embodiment, since the data is merely encrypted by
security agent 222, rather than erased, the data may be recovered if theclient 102 is subsequently recovered. For instance, the enterprise may retain the key needed for decrypting the local drive. Theclient 102 is returned to the enterprise, which then decrypts the drive. In another embodiment, the data on the local drive of the client is rendered inaccessible by, for example, writing over the data multiple times. - The
client 102 shown inFIG. 2 also comprises an out-of-band communication receiver 224. The out-of-band communication receiver 224 allows the client to receive communications other than through a network-based connection. Theconnection manager 210 may manage the out-of-band communication. For instance, the command to activate thesecurity agent 222 may be transferred via a short messaging service (“SMS”) communication received by the out-of-band communication receiver 224. -
FIG. 3 is a block diagram illustrating the modules present on asecurity server 104 in one embodiment of the present invention. Thesecurity server 104 shown inFIG. 3 comprises a remote authentication dial-in user service (“RADIUS”) server 302, which may also be referred to as an AAA (authentication, authorization, and accounting) server. RADIUS is the standard by which applications and devices communicate with an AAA server. - The RADIUS server 302 provides authentication services on the
security server 104. In some embodiments of the present invention, the RADIUS server 302 proxies to a RADIUS server on theenterprise server 106. In one embodiment, the RADIUS server 302 provides mutual authentication for theclient 102 using Extensible Authentication Protocol Transport Layer Security (“EAP-TLS”). Although EAP-TLS itself is strictly an 802.1x authentication protocol, designed primarily for Wi-Fi connections, the underlying TLS authentication protocol may be deployed in both wired and wireless networks. EAP-TLS performs mutual secured sockets layer (“SSL”) authentication. This requires both theclient device 102 and the RADIUS server 302 to have a certificate. In mutual authentication, each side may prove its identity to the other using its certificate and its private key. - The security server shown in
FIG. 3 also comprises anLDAP server 304. TheLDAP server 304 uses the LDAP protocol, which provides a mechanism for locating users, organizations, and other resources on the network. In one embodiment of the present invention, theLDAP server 304 provides access control at the network layer to various components that an enterprise customer may or may not purchase. For example, a customer may choose to implement a secure vault as described in relation toFIG. 1 . In such a case, the customer or users or groups associated with the customer are also associated with the firewall module. The LDAP entry is then used to determine that the firewall is to be enabled on a client. - In some embodiments, the
LDAP server 304 is implemented as a list of user identifiers not using the LDAP protocol. In another embodiment, data in theLDAP server 304 is propagated from data present in theenterprise server 106. - The
security server 104 shown inFIG. 3 also comprises asession manager 306. Thesession manager 306 controls sessions, including sessions between theclient 102 andenterprise server 106. In some embodiments, thesession manager 306 also determines how to route data requests. For instance, thesession manager 306 may determine that a particular data request should be routed to the Internet rather than to theenterprise server 106. This may be referred to as “splitting the pipe” and provides a mechanism to replace “split tunneling” (a traditional configuration option with most standard VPN clients) at the client device by the more secure split of traffic not intended for the enterprise at the security server, allowing monitoring of all traffic without the enterprise incurring the expense of the extra bandwidth required. - In some embodiments, the
client 102 andenterprise server 106 establish a VPN for communication. In such an embodiment, thesession manager 306 may be unable to route requests to any location other than the enterprise—the packets are encrypted and thus, cannot be separately evaluated. - In one embodiment, the
session manager 306 performs automated authentication of aclient device 102 or user. For example, if thesession manager 306 determines that aclient 102 is approaching a Wi-Fi hotspot, thesession manager 306 is able to pre-populate the hotspot with the certificate that the hotspot requires to authenticate the user. In this manner, the authentication appears very fast to the user. Thesession manager 306 may also control the manner in which data is queued for download to theclient device 102. - In one such embodiment, the
session manager 306 provides two modes for data queuing. In a first mode, thesession manager 306 determines that the network down time will be brief, e.g., the user is moving through a tunnel, which interferes with network access. In such a case, the session manager queues a minimal amount of data. In a second mode, thesession manager 306 determines that the network down time will be of a longer duration, e.g., the user is boarding a plane from New York to Tokyo. In such a case, thesession manager 306 may queue a larger amount of data. In one such embodiment, thesession manager 306 determines the mode by querying the user for the downtime interval. When the user reconnects to thesecurity server 104, thesession manager 306 determines the best manner of downloading the queued data and begins the download. - In one embodiment, the
session manager 306 comprises a packet shaper (not shown). The packet shaper provides various functional capabilities to thesession manager 306. For example, in one embodiment, the packet shaper provides a mechanism for prioritizing packets sent between theenterprise server 106 and theclient 102. In one embodiment, the packet shaper utilizes Multiprotocol Label Switching (“MPLS”). MPLS allows a specific path to be specified for a given sequence of packets. MPLS allows most packets to be forwarded at the switching (layer 2) level rather than at the (routing) layer 3 level. MPLS provides a means for providing QoS for data transmissions, particularly as networks begin to carry more varied traffic. - The
session manager 306 may also provide session persistence capabilities. For instance, in one embodiment, when a user drops a connection or moves from one provider network coverage area to another, theconnection manager 306 persists a virtual connection as the first connection is terminated and the second is initiated. - The
session manager 306 may include a server-side rules engine. The server-side rules engine may use historical information, such as the session statistics described above, for statistical attack determination. For instance,session manager 306 may access a stored statistic regarding aclient device 102 and based on monitoring of the current statistics for theclient device 102 determine that an unauthorized user is using theclient device 102. - The
security server 104 shown inFIG. 3 also comprises a real-time monitor 308. The real-time monitor 308 monitors the status of communications, such as which clients and users are logged on, the amount of data being transferred, ongoing QoS measures, ports in use, and other information. - When the real-
time monitor 308 detects a problem, it may issue an alert to network support. In one embodiment, data from the real-time monitor 308 is provided to users via a portal available on thesecurity server 308. In another embodiment, the real-time portal 308 transfers information to theenterprise server 106, from which users access the data. - The embodiment shown in
FIG. 3 also comprises ahistorical monitor 310. Thehistorical monitor 310 provides information similar to the real-time monitor 310. However, the underlying data is historical in nature. For instance, in one embodiment, thehistorical monitor 310 provides audit information for making intelligent business decisions and for dealing with regulatory compliance issues. - The information available via the
historical monitor 310 may include, for example, historical QoS data, registration compliance data, and metrics consistency data. The historical data monitor 310 may be used to determine that certain clients are not performing optimally by comparing metrics of various clients over time. For instance, by evaluating information available via the historical data monitor 310, a support person may be able to determine that a radio tuner on aspecific client device 102 is failing. If the user of oneclient device 102 is complaining about the availability of service, but other users are able to successfully access service, then the client device's radio may be the problem. - The historical data monitor 310 may also be used to reconcile information captured on the
security server 104 regarding connections and data provided by telecommunication carriers. The data may be used to determine when certain resources need to be increased and when a certain carrier is not performing adequately. - The security server also comprises a
database 312. In embodiments of the present invention, thedatabase 312 may be any type of database, including, for example, MySQL, Oracle, or Microsoft SQL Server relational databases. Also, although thedatabase 312 is shown as a single database inFIG. 2 , thedatabase 312 may actually comprise multiple databases, multiple schemas within one or more databases, and multiples tables within one or more schemas. Thedatabase 312 may also be present on one or more other machines, e.g., database servers. - In one embodiment of the present invention, the
database 312 stores customer information regarding enterprises served by thesecurity server 104, such as a list of valid users, a list of valid cellular cards, the relationships between the individual users and groups within the enterprise, and other customer information. - For example, in one embodiment, the
database 312 stores an association between users and cellular data cards. The enterprise may allocate a single user to a specific data card. Alternatively, the enterprise may associate a group of users with a group of cellular data cards. Other types of data may also be stored in thedatabase 312, such as billing data. - The
security server 104 shown inFIG. 3 also comprises aQoS server 314. TheQoS server 314 uploads information from theQoS collector 212 on theclient device 102 and stores the QoS data. TheQoS server 314 can collect data from multiple clients and store it in thedatabase 312. - The security server also comprises a
QoS tools engine 316. TheQoS tools engine 316 displays data made available by theQoS server 314 and other processes, such as the real-time monitor 308. - In one embodiment, the
QoS tools engine 316 provides an aggregation of QoS data in a spreadsheet. In another embodiment, theQoS tools engine 316 provides data using map views, pie charts, and graphs. TheQoS tools engine 316 may also provide the capability for setting QoS-based alarms and may provide data to users via a portal. - In the embodiment shown in
FIG. 3 , thesecurity server 104 also comprises aportal server 318. Theportal server 318 may be, for example, a web server. Any standard web server application may be utilized, including Microsoft® Internet Information Server (“IIS”) or Apache. - Although the
security server 104 shown inFIGS. 1 and 3 is illustrated as a single server, it may comprise multiple servers. For example, in one embodiment of the present invention, thesecurity server 104 comprises multiple regional servers. - Also, the description above suggests that data is provided to and queried from the
security server 104 by theclient 102, i.e., the client pulls the data. However, in some embodiments, theclient 102 also comprises a listener (not shown) so that thesecurity server 104 can push data to theclient 102. -
FIG. 4 is a block diagram illustrating the modules present on anenterprise server 106 in one embodiment of the present invention. Theenterprise server 106 may also be referred to herein as a customer server and may comprise one or more servers for one or more enterprises linked to one ormore security servers 104. - The
enterprise server 106 shown inFIG. 4 comprises apolicy server 402. Thepolicy server 402 provides a means for managing the policy rules, including, for example, available VPN profiles, available transports (e.g. Wi-Fi, LAN, PHS, Dialup), firewall rules, such as blacklists and white lists, connection rules, and antivirus rules. Thepolicy server 402 may include other rules as well, such as the level of data throttling to perform for each client or group of clients. Data throttling limits the data transfer rate to aparticular client 102 so that connection resources can be optimized. - The policies may be managed at one or more levels. For example, an IT manager may wish to create a VPN profile for the enterprise as a whole, but a different VPN profile for an engineering group since the engineering group needs access to various unique applications.
- The
policy server 412 may also provide a mechanism for configuring the location of various servers that theclient 102 will utilize. For instance, thepolicy server 412 may allow an IT manager to specify the IP address of anacceleration server 404 or avault server 406 - In one embodiment, the policy server also allows the IT manager to specify which users receive updates for various components on the
client 102. Thepolicy server 402 may also allow the IT manager to perform connection configuration. For instance, the IT manager may use the policy server to specify phone numbers for PHS connections, Wi-Fi SSID's for private connections, and other connection configuration information. - The
enterprise server 106 shown inFIG. 4 also comprises anacceleration server 404. Theacceleration server 404 performs processes to improve the performance of data transfer. For instance, theacceleration server 404 may automatically compress images that are to be transferred to aclient 102. - In one embodiment, the
acceleration server 404 communicates with thepolicy server 402. An IT manager sets acceleration rules using thepolicy server 402, and theacceleration server 404 uses these rules to determine what level of acceleration to use for a particular communication. In one embodiment, the IT manager sets a default level of acceleration for all communication and a specific level of acceleration for one group of users. The specific level of acceleration may be referred to as an override. - The
enterprise server 106 also comprises avault server 406. The vault server comprises two components, an automatic component and an administration component. In one embodiment, the automatic component integrates with an enterprise's mail server (not shown) and performs operations on emails to and from the mail server. For instance, thevault server 406 may quarantine an email, automatically encrypt the email before it is sent, add a legal disclaimer to an email, or perform other functions on the email. - In one embodiment, the automatic component of the
vault server 406 searches an email based on words or based on the domain or specific address to which the email is addressed or from which the email originated. Using this information, the user can perform functions on the email, such as those described above. - The administration component of the
vault server 406 allows a user to terminate access to secure content, either by a specific user or by all users. It also logs activity. Using one embodiment of thevault server 406, a user can indicate that a set of users whose employment has been terminated will no longer have access to any secure content. In an alternative embodiment of thevault server 406, a user can indicate that a given element of secure content, say a price list, is now out of date, and so that piece of secure content will no longer be viewable by any user. When each user accesses the secure content, thevault server 406 logs the event. So for each secure content element, thevault server 406 creates a log of all activity on the secure content. - In one embodiment, the
vault server 406 also compresses data. For instance, one embodiment utilizes standard PKZIP compression to compress all content. In another embodiment, an IT manager may identify three types of images and specify a different level of compression for each type of image based on the level of resolution necessary for each type of image. - The
enterprise server 108 also comprises a RADIUS server 408 andLDAP server 410, which are similar to those described above in relation to thesecurity server 104. The RADIUS server 302 on thesecurity server 104 may proxy to the RADIUS server 408 on theenterprise server 106. Similarly, data in theLDAP server 410 may be propagated to theLDAP server 204 on thesecurity server 104. - The
enterprise server 106 also comprises a one-time password (“OTP”)server 412. TheOTP server 412 provides a mechanism for authentication. For instance, in one embodiment of the present invention, theenterprise server 106 uses theOTP server 412 to perform a mutual authentication process. - The
enterprise server 106 also comprises a concentrator 414. The concentrator 414 provides remote access capability to theclient 102. For instance, the concentrator 414 may serve as a means for terminating a VPN between theclient 102 andenterprise server 106. - The
enterprise server 104 shown inFIG. 4 also comprises aportal server 416. Theportal server 416 may comprise a standard web server, such as IIS or Apache. Theportal server 416 may provide one or more portals. For example, in one embodiment, theportal server 416 provides two portals, portal one and portal two. - Portal one provides a configuration interface for managing the various elements shown in
FIGS. 2 and 3 , including, for example, thepolicy server 402 andLDAP server 410. Portal two provides an interface for accessing data, such as QoS data and session data. - For instance, a user may use historical QoS data on portal two to determine how a particular provider is performing in terms of throughput, user connections, and other QoS metrics. Portal two may also provide real-time information, such as how many users are currently connected.
- For instance, in one embodiment, an IT manager determines that twenty users have been rejected by a carrier in the last three minutes due to authentication failure and five users with the same user identifier are currently logged on to five different devices. The IT manager uses this information to detect a potential security problem. Portal two may also be used to set alerts as described above.
- It should be noted that the present invention may comprise systems having a different architecture than that which is shown in
FIG. 1 . For example, in some systems according to the present invention, first authentication server 118 and final authentication server 126 may be combined in a single server. The system 100 shown inFIG. 1 is merely illustrative, and is used to help explain the illustrative systems and processes discussed below. - In one embodiment of the present invention, performance metrics are initially collected and stored on a
client device 102. The performance metrics may be based on a variety of factors, such as the VPN status, the health of the client device, and the health of the network. Theclient device 102 uploads performance metrics to aQoS server 314. Performance metrics may be uploaded on a real-time or a periodic basis (e.g. daily, weekly, or monthly).FIG. 5 is a flowchart illustrating a process for collecting and storing performance metrics in one embodiment of the present invention. - In the embodiment shown in
FIG. 5 , theclient device 102 attempts to open anetwork connection 502. For example, theconnection manager 210 may attempt to re-establish the last successful connection. The connection may occur over any available connection type, such as via a LAN or WWAN. - The
client device 102 then determines whether the network connection was successful 504. If the network connection fails, theclient device 102 logs the failedconnection attempt 506. For example, the client device may store the time when the connection was attempted, the number of unsuccessful attempts, and the network identifier. The failure may be logged with other performance metrics or separately. - In the embodiment shown in
FIG. 5 , if the network connection is successful, theQoS collector 212 sends the performance metrics captured from the previous session to theQoS server 314. By waiting until a subsequent session to send performance metrics, an embodiment of the present invention helps to ensure that the data is successfully transferred. In one embodiment, the transfer does not occur until theconnection manager 210 identifies a high-speed connection over which to transmit the data. In other embodiments, slow-speed and high-speed connections are utilized. - In one embodiment of the present invention, a
client device 102 will establish a connection with thesecurity server 104 and upload QoS data to theQoS server 314 in a manner that is transparent to the user. For instance, the upload process may run as a service, and each time theclient device 102 connects to a network, the upload process executes. - Once a connection failure is logged 506 or performance metrics from the previous session are uploaded 508, the
QoS collector 212 begins collectingperformance metrics 510. Performance metrics may comprise, for example, QoS statistics, a network node (e.g., base station) identifier, client device performance measures, and other data. In one embodiment, the performance metrics comprise a transport identifier, a start time, a connection duration, a bytes sent quantity, a bytes received quantity, a data rate up quantity, a data rate down quantity, a protocol identifier, an application identifier, a success code, a signal strength quantity, a network type code, a packet size quantity, a CPU utilization quantity, a memory consumption quantity, a power level quantity, applications executing, a disk space quantity, a device identifier, and a termination cause. In one embodiment of the present invention the client device stores averages of certain metrics, such as data rate up and packet size. - Once the
QoS collector 212 has collected performance metrics, theQoS collector 212 stores theperformance metrics 512. In one embodiment, theQoS collector 212 stores the performance metrics as a text file. In another embodiment, theQoS collector 212 stores the performance metrics in a data store, such as a database. - In one embodiment, storage and transmission of QoS data is minimized by only collecting and storing QoS exceptions. For instance, the number of bytes sent may only be stored and transmitted by the
QoS collector 212 if the number falls below a certain threshold or outside a certain predefined range. In another embodiment, only summary data is sent unless theQoS collector 212,QoS server 314, or some other component or process determines that detailed data should be sent as well. For example, a network support person may determine that a connection appears to be suffering from intermittent outages. The network support person can cause theQoS collector 212 andQoS server 314 to begin collecting and storing detailed information regarding the segment of the network that appears to be having problems. -
FIG. 6 is a flowchart illustrating a process for providing a network status to a user interface in one embodiment of the present invention. In the embodiment shown inFIG. 6 , theQoS server 314 first receivesperformance metrics 602. For instance, theQoS server 314 may receive performance metrics from theQoS collector 212. - The
QoS server 314 may also receive performance metrics by receiving a Simple Network Management Protocol (“SNMP”) trap. A SNMP trap is a notification event or alert issued by a managed device to a network management device when a significant event occurs. A significant event may be a device start or stop, an outage, a fault, or a security violation but is not limited to these events. - The server relies on SNMP traps for components on the
security server 104 that are SNMP aware. In one embodiment, for components that are not SNMP aware or to augment SNMP traps, theQoS collector 314 monitors log files, such as flat files or databases where information is logged. The data captured from SNMP traps and from direct monitoring of log files is then combined and stored in a data store. In one embodiment, the captured data is used to generate a multi-dimensional database so that support personnel or others can query information. - In some embodiments, performance metrics may be discarded based on various criteria. For instance, in one embodiment, a user can choose to discard performance metrics from a particular session. In another embodiment, performance metrics from sessions lasting less than a predetermined duration, such as thirty seconds, may be discarded automatically. Performance metrics may also be discarded after a predetermined period of time, e.g., performance metrics collected and stored for more than three months may be discarded.
- In one embodiment, the
QoS server 314 alsopolls client devices 102 or checks log files or database tables. For instance, the QoS server may utilize a server/agent model to pull information from each device on the network, including, for example, servers, routers, and switches. This data collected may comprise the following: VPN status fromclient devices 102 to the security server 104 (including up state and throughput); static VPNs from thesecurity server 104 to the enterprise server 106 (including up state and throughput); health of each of the physical devices on the network; and health of the services that the network provides. - The
QoS server 314 next determines a status of the network 604. The status of the network may comprise information identifying a problem, such as congestion. The status may also comprise other information, such as the cost, stability, or speed of the network or of a portion of the network. - Once the
QoS server 314 has received performance metrics and determined a status of the network, theQoS server 314 provides the status of the network to a user interface 606. Providing the status of the network to a user interface may comprise generating an alert. Alternatively, the user interface may comprise a web portal for providing the status of the network. The portal may be capable of displaying an alert. -
FIG. 7 is a flowchart illustrating a process for determining a status of the network in one embodiment of the present invention. In the embodiment shown, theQoS tools engine 316 on thesecurity server 104loads performance metrics 702. For instance, the performance metrics may exist in an XML file, which theQoS tools engine 316 opens and reads. - The
QoS tools engine 316 then determines a status of the network 604. In one embodiment of the present invention, the status of the network is based on the performance metrics alone. In other embodiments, the performance metrics are used in conjunction with other information to determine a status of the network. - The
QoS tools engine 316 may determine the status of the network is a problem, such ascongestion 704. In other embodiments, theQoS tools engine 316 may generate a bill reconciliation status 706, provide a capacity planning status 708, generate acarrier audit report 710, or generate a security relatedpolicy 712. Alternatively, the network status may be sent to thepolicy server 402 or theenterprise server 106. - In one embodiment, an enterprise monitors the particular protocols a user or client device is using when accessing the network. The enterprise uses this information to determine policies to put into place on the
policy server 402. For instance, a user may use an application that utilizes HTTP to access various web sites. Based on the URLs of the web sites that the user is accessing, the network usage is mainly streaming media. If the enterprise determines it is necessary, a policy can be set to limit the amount of bandwidth available for these downloads or to blacklist the site or sites that the user is accessing. - In one embodiment, the
QoS server 314 helps carriers to identify problems before they become outages. For instance, wireless base stations often degrade in performance before they stop passing data, e.g., a user can send a short message but not a long one. When degradation is sensed, an alert can be provided to the appropriate support person. -
FIG. 8 is a flowchart illustrating a method for providing the status of the network to a user interface in another embodiment of the present invention. In the embodiment shown, theQoS tools engine 316 determines a status of the network 604. The status of the network is then provided to a user interface 606. In one embodiment, providing the status of the network to the user interface comprises generating analert 802. An example of an alert may be an auditory buzz or a message. In another embodiment, the status of the network may be provided to a web portal 804. In yet another embodiment, the user interface may be a spreadsheet 806. - In one embodiment, data from the
QoS server 314 is used by thepolicy server 402. For instance, the fact that a particular connection is more stable or faster than another connection may be used to determine connection preferences. The enterprise is able to weigh such information based on factors internal to the enterprise as part of the process of determining rules for the policy server. In such an embodiment, two users sitting in the same location may connect in different ways to the user's respective enterprise network depending on the weighting each enterprise gives to each factor in determining a policy. - For example, in one
embodiment portal server 416 accesses data collected by theQoS server 314. Theportal server 416 may access this data by connecting to thesecurity server 104 or by storing the data in a data store on the enterprise server. The data accessed by theportal server 416 may be a subset of the data that is collected by theQoS server 314. In such an embodiment, a user accesses theportal server 416 to view network status information in real-time. Such real-time access enables effective and efficient troubleshooting of the network connections and the ability to determine particular carrier's stability. If a network problem exists, the portal may cause an auditory buzz to be output when information is displayed on the portal in relation to the problem. - In another embodiment, the user is provided with summary data. The summary data provides information that can be used to perform historical analysis and trend analysis on network connections.
- In one embodiment, a statistical model is applied to the data in the
QoS server 314. In another embodiment, a predetermined threshold is set for various measures. When the threshold is exceeded, an alert is generated. For instance, if theQoS server 314 determines that a single login account is logged into more than five devices or in more than one geographic location simultaneously, an alert is generated identifying a possible intrusion. In such an embodiment, an enterprise can set its own security events based on its particular needs. - Once the customer identifies a potential problem, the customer can alert the carrier or other service provider of the potential problem. In this way, the customer is able to identify the party responsible for the problem without the need to contact multiple service providers, e.g., the carrier and network equipment providers.
- In another embodiment, a network support person accesses the
portal server 318 on thesecurity server 104. Theportal server 318 accesses theQoS server 314 or a data store to obtain the data collected by theQoS server 314. The data available on the security provider'sportal server 318 may be more extensive than that available via the enterprise'sportal server 416. The network support person uses the data available on theportal server 318 to analyze the performance of the network, troubleshoot potential network problems, and perform other support functions, such as capacity planning. - For example, a carrier may use an embodiment of the present invention to determine where an additional hotspot is necessary to adequately support the carrier's user base. The network may not be experiencing any problems; it just may be less expensive to switch to another type of network, such as from a cellular network to a Wi-Fi network.
- In one embodiment of the present invention, the
QoS server 314 identifies potential problems withclient device 102. For instance, theQoS server 314 may detect that the CPU or memory utilization of a particular client is above a predefined threshold. In such an embodiment, problems with theclient device 102 can be eliminated before attempting to diagnose a problem with the network. - The
portal server 318 provides data that is highly granular. The data provides information on aspects of performance that can indicate that a problem is occurring or may soon occur. For example, one page provided by theportal server 318 displays a schematic view of the VPNs to and from thesecurity server 104. When a potential problem is detected with one of the VPNs, theportal server 314 causes the portion of the schematic illustrating that VPN to become highlighted. A network support person accessing the portal can then easily detect a problem or potential problem. The user can then drill down to the level of detail necessary to diagnose and resolve the problem. - In one embodiment, the information collected by the
QoS server 316 is utilized to audit bills from multiple network carriers or other service providers. For instance, the duration of connections made over a particular communication line may be determined based on performance metrics and compared to the invoice for services provided by a carrier. - In another embodiment of the present invention, the
QoS server 314 provides information to a network management system. The network management system completes a matrix of properties for each of the networks. The matrix may comprise measures such as stability, cost, speed, and geography. The matrix is then used to determine which available connection is best for aparticular client device 102, application, time of day, or based on some other variable. For instance, a user in the Denver airport has an available cellular connection with carrier X and an available cellular connection with carrier Y simultaneously. Theconnection manager 210 utilizes the matrix to determine that the congestion on the base station operated by carrier Y is lower than that of carrier X and that the base station of carrier Y drops fewer packets and fewer signals. After evaluating this information, theconnection manager 210 connects the user'sclient device 102 to carrier Y's base station. - The foregoing description of the embodiments, including preferred embodiments, of the invention has been presented only for the purpose of illustration and description and is not intended to be exhaustive or to limit the invention to the precise forms disclosed. Numerous modifications and adaptations thereof will be apparent to those skilled in the art without departing from the spirit and scope of the present invention.
Claims (18)
1. A method comprising:
receiving performance metrics associated with a plurality of network connections to a plurality of networks, each of the plurality of network connections associated with a client device;
determining a status of one of the plurality of networks based at least in part on the performance metrics; and
providing the status of one of the plurality of networks to a user interface.
2. The method of claim 1 , wherein receiving performance metrics comprises receiving an SNMP trap.
3. The method of claim 1 , wherein the performance metrics comprise a VPN status.
4. The method of claim 3 , wherein the VPN status comprises the VPN state and the VPN throughput.
5. The method of claim 1 , wherein the performance metrics comprise a measure of health of the client device.
6. The method of claim 1 , wherein the performance metrics comprise a measure of health of the network.
7. The method of claim 1 , wherein the performance metrics comprise at least one datum selected from the group consisting of a network node identifier, a transport identifier, a start time, a connection duration, a bytes sent quantity, a bytes received quantity, a data rate up quantity, a data rate down quantity, a protocol identifier, an application identifier, a success code, a signal strength quantity, a network type code, a packet size quantity, a CPU utilization quantity, a memory consumption quantity, a power level quantity, a disk space quantity, a device identifier, and a termination cause.
8. The method of claim 1 , wherein the status of the one of the plurality of networks comprises a problem.
9. The method of claim 8 , wherein the problem comprises congestion.
10. The method of claim 8 , wherein the status of the one of the plurality of networks comprises a bill reconciliation status.
11. The method of claim 8 , wherein the status of the one of the plurality of networks comprises a capacity planning status.
12. The method of claim 1 , further comprising generating a carrier audit report comprising the status of the one of the plurality of networks.
13. The method of claim 12 , wherein the carrier audit report comprises a plurality of carriers.
14. The method of claim 1 , further comprising generating a security-related policy based at least in part on the performance metrics.
15. The method of claim 1 , wherein providing the status of the one of the plurality of networks to a user interface comprises generating an alert.
16. The method of claim 1 , wherein the user interface comprises a web portal.
17. A computer-readable medium on which is encoded program code, the program code comprising:
program code for receiving performance metrics associated with a plurality of network connections, each of the plurality of network connections associated with a client device and a network;
program code for determining a status of the one of the plurality of networks based at least in part on the performance metrics; and
program code for providing the status of the one of the plurality of networks to a user interface.
18. A system comprising:
a real-time monitor operable to:
receive performance metrics associated with a plurality of network connections, each of the plurality of network connections associated with a client device and a network;
determine a status of one of the plurality of networks based at least in part on the performance metrics; and
a portal in communication with the real-time monitor and operable to provide the status of the one of the plurality of networks in a user interface.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
US11/167,745 US20060072583A1 (en) | 2004-06-28 | 2005-06-27 | Systems and methods for monitoring and displaying performance metrics |
Applications Claiming Priority (5)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
US58376504P | 2004-06-28 | 2004-06-28 | |
US59836404P | 2004-08-03 | 2004-08-03 | |
US65212105P | 2005-02-11 | 2005-02-11 | |
US65341105P | 2005-02-16 | 2005-02-16 | |
US11/167,745 US20060072583A1 (en) | 2004-06-28 | 2005-06-27 | Systems and methods for monitoring and displaying performance metrics |
Publications (1)
Publication Number | Publication Date |
---|---|
US20060072583A1 true US20060072583A1 (en) | 2006-04-06 |
Family
ID=35044584
Family Applications (6)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
US11/154,800 Active 2028-09-04 US7760882B2 (en) | 2004-06-28 | 2005-06-16 | Systems and methods for mutual authentication of network nodes |
US11/167,747 Abandoned US20060075467A1 (en) | 2004-06-28 | 2005-06-27 | Systems and methods for enhanced network access |
US11/167,744 Abandoned US20060075472A1 (en) | 2004-06-28 | 2005-06-27 | System and method for enhanced network client security |
US11/167,745 Abandoned US20060072583A1 (en) | 2004-06-28 | 2005-06-27 | Systems and methods for monitoring and displaying performance metrics |
US11/167,837 Abandoned US20060075506A1 (en) | 2004-06-28 | 2005-06-27 | Systems and methods for enhanced electronic asset protection |
US11/170,608 Abandoned US20060023738A1 (en) | 2004-06-28 | 2005-06-28 | Application specific connection module |
Family Applications Before (3)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
US11/154,800 Active 2028-09-04 US7760882B2 (en) | 2004-06-28 | 2005-06-16 | Systems and methods for mutual authentication of network nodes |
US11/167,747 Abandoned US20060075467A1 (en) | 2004-06-28 | 2005-06-27 | Systems and methods for enhanced network access |
US11/167,744 Abandoned US20060075472A1 (en) | 2004-06-28 | 2005-06-27 | System and method for enhanced network client security |
Family Applications After (2)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
US11/167,837 Abandoned US20060075506A1 (en) | 2004-06-28 | 2005-06-27 | Systems and methods for enhanced electronic asset protection |
US11/170,608 Abandoned US20060023738A1 (en) | 2004-06-28 | 2005-06-28 | Application specific connection module |
Country Status (4)
Country | Link |
---|---|
US (6) | US7760882B2 (en) |
EP (4) | EP1766926A1 (en) |
JP (4) | JP2008505400A (en) |
WO (7) | WO2006012058A1 (en) |
Cited By (23)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
WO2007043033A1 (en) | 2005-10-13 | 2007-04-19 | Markport Limited | Mobile network user terminal status monitoring |
US20070140129A1 (en) * | 2005-12-21 | 2007-06-21 | Packethop, Inc. | Ad-hoc network routing metric optimization |
US20070288554A1 (en) * | 2006-05-26 | 2007-12-13 | The Pnc Financial Services Group, Inc. | Network management |
US20070288567A1 (en) * | 2006-05-26 | 2007-12-13 | The Pnc Financial Services | Network management |
US20070288545A1 (en) * | 2006-05-26 | 2007-12-13 | The Pnc Financial Services Group, Inc. | Network Management |
WO2008063728A2 (en) * | 2006-11-20 | 2008-05-29 | At & T Knowledge Ventures, L.P. | Methods and apparatus to manage bandwidth in a wireless network |
US20090100440A1 (en) * | 2007-10-15 | 2009-04-16 | International Business Machines Corporation | Display of data used for system performance analysis |
US20110078108A1 (en) * | 2009-09-29 | 2011-03-31 | Oracle International Corporation | Agentless data collection |
US20120066204A1 (en) * | 2010-09-14 | 2012-03-15 | Microsoft Corporation | Providing lightweight multidimensional online data storage for web service usage reporting |
US20120289187A1 (en) * | 2010-02-01 | 2012-11-15 | Netmotion Wireless, Inc. | Public wireless network performance management system with mobile device data collection agents |
US8417814B1 (en) * | 2004-09-22 | 2013-04-09 | Symantec Corporation | Application quality of service envelope |
US20130157708A1 (en) * | 2011-12-17 | 2013-06-20 | Motorola Solutions, Inc. | Method and apparatus for selecting one of a plurality of networks for an application service based upon performance metrics for the application service |
US20130294392A1 (en) * | 2011-04-21 | 2013-11-07 | Huizhou Tcl Mobile Communication Co., Ltd. | Mobile terminal and access point name managing method thereof |
US20150113589A1 (en) * | 2013-10-01 | 2015-04-23 | Robert K. Lemaster | Authentication server enhancements |
US9274842B2 (en) | 2010-06-29 | 2016-03-01 | Microsoft Technology Licensing, Llc | Flexible and safe monitoring of computers |
WO2016040073A1 (en) * | 2014-09-08 | 2016-03-17 | Intel Corporation | Automatic device configuration |
US20160105345A1 (en) * | 2014-10-13 | 2016-04-14 | Belkin International Inc. | Mesh network transmission decisions based on node performance metrics |
US20180109502A1 (en) * | 2005-01-13 | 2018-04-19 | International Business Machines Corporation | System and method for providing a proxied contact management system |
US10031831B2 (en) | 2015-04-23 | 2018-07-24 | International Business Machines Corporation | Detecting causes of performance regression to adjust data systems |
CN108768694A (en) * | 2018-04-25 | 2018-11-06 | 安徽展航信息科技发展有限公司 | A kind of campus hot spot autonomous management platform |
US10805195B2 (en) * | 2015-06-12 | 2020-10-13 | Level 3 Communications, Llc | Network operational flaw detection using metrics |
US10887316B2 (en) * | 2017-10-27 | 2021-01-05 | Cleverdome, Inc. | Software defined network for creating a trusted network system |
US10949322B2 (en) | 2019-04-08 | 2021-03-16 | Hewlett Packard Enterprise Development Lp | Collecting performance metrics of a device |
Families Citing this family (259)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US7146176B2 (en) | 2000-06-13 | 2006-12-05 | Shared Spectrum Company | System and method for reuse of communications spectrum for fixed and mobile applications with efficient method to mitigate interference |
EP1540446A2 (en) | 2002-08-27 | 2005-06-15 | TD Security, Inc., dba Trust Digital, LLC | Enterprise-wide security system for computer devices |
US7801171B2 (en) | 2002-12-02 | 2010-09-21 | Redknee Inc. | Method for implementing an Open Charging (OC) middleware platform and gateway system |
US7457865B2 (en) * | 2003-01-23 | 2008-11-25 | Redknee Inc. | Method for implementing an internet protocol (IP) charging and rating middleware platform and gateway system |
US7703128B2 (en) | 2003-02-13 | 2010-04-20 | Microsoft Corporation | Digital identity management |
US7409010B2 (en) * | 2003-06-10 | 2008-08-05 | Shared Spectrum Company | Method and system for transmitting signals with reduced spurious emissions |
US7440441B2 (en) | 2003-06-16 | 2008-10-21 | Redknee Inc. | Method and system for Multimedia Messaging Service (MMS) rating and billing |
US7873347B2 (en) * | 2003-06-19 | 2011-01-18 | Redknee Inc. | Method for implementing a Wireless Local Area Network (WLAN) gateway system |
WO2005064498A1 (en) * | 2003-12-23 | 2005-07-14 | Trust Digital, Llc | System and method for enforcing a security policy on mobile devices using dynamically generated security profiles |
GB2431321B (en) * | 2005-10-12 | 2010-06-09 | Hewlett Packard Development Co | Propagation of malicious code through an information technology network |
JP4748774B2 (en) * | 2004-06-02 | 2011-08-17 | キヤノン株式会社 | Encrypted communication system and system |
US20060041515A1 (en) * | 2004-08-13 | 2006-02-23 | Sbc Knowledge Ventures, L.P. | On-site point-of-sale billing system which manages public use of wired or wireless access network |
US7602748B2 (en) * | 2004-08-13 | 2009-10-13 | Verizon Business Global Llc | Fixed-mobile communications with mid-session mode switching |
US8572676B2 (en) * | 2008-11-06 | 2013-10-29 | Mcafee, Inc. | System, method, and device for mediating connections between policy source servers, corporate repositories, and mobile devices |
US8495700B2 (en) * | 2005-02-28 | 2013-07-23 | Mcafee, Inc. | Mobile data security system and methods |
US8677125B2 (en) * | 2005-03-31 | 2014-03-18 | Alcatel Lucent | Authenticating a user of a communication device to a wireless network to which the user is not associated with |
US7603696B2 (en) * | 2005-06-10 | 2009-10-13 | Intel Corporation | Hybrid distributed firewall apparatus, systems, and methods |
US7836306B2 (en) * | 2005-06-29 | 2010-11-16 | Microsoft Corporation | Establishing secure mutual trust using an insecure password |
KR20080021834A (en) * | 2005-06-29 | 2008-03-07 | 엔엑스피 비 브이 | Security system and method for securing the integrity of at least one arrangement comprising multiple devices |
US8904529B2 (en) * | 2005-09-07 | 2014-12-02 | International Business Machines Corporation | Automated deployment of protection agents to devices connected to a computer network |
US8607045B2 (en) * | 2005-09-09 | 2013-12-10 | Emc Corporation | Tokencode exchanges for peripheral authentication |
GB2430580B (en) * | 2005-09-13 | 2008-04-09 | Roke Manor Research | A method of authenticating access points on a wireless network |
US20090254997A1 (en) * | 2005-09-21 | 2009-10-08 | Fathy Fouad Yassa | Method and apparatus for content rights management |
KR100727993B1 (en) * | 2005-10-04 | 2007-06-14 | 삼성전자주식회사 | Method and apparatus for data push service using data pull model |
US9055093B2 (en) * | 2005-10-21 | 2015-06-09 | Kevin R. Borders | Method, system and computer program product for detecting at least one of security threats and undesirable computer files |
US20070118653A1 (en) * | 2005-11-22 | 2007-05-24 | Sabre Inc. | System, method, and computer program product for throttling client traffic |
US7979549B2 (en) * | 2005-11-30 | 2011-07-12 | Microsoft Corporation | Network supporting centralized management of QoS policies |
US20070124485A1 (en) * | 2005-11-30 | 2007-05-31 | Microsoft Corporation | Computer system implementing quality of service policy |
US7775427B2 (en) * | 2005-12-31 | 2010-08-17 | Broadcom Corporation | System and method for binding a smartcard and a smartcard reader |
US8285850B1 (en) * | 2006-01-19 | 2012-10-09 | Symantec Operating Corporation | Configuration and dynamic detection of connection-based backup policies |
WO2007085175A1 (en) * | 2006-01-24 | 2007-08-02 | Huawei Technologies Co., Ltd. | Authentication method, system and authentication center based on end to end communication in the mobile network |
US20070180499A1 (en) * | 2006-01-31 | 2007-08-02 | Van Bemmel Jeroen | Authenticating clients to wireless access networks |
US8533338B2 (en) | 2006-03-21 | 2013-09-10 | Japan Communications, Inc. | Systems and methods for providing secure communications for transactions |
US7564816B2 (en) * | 2006-05-12 | 2009-07-21 | Shared Spectrum Company | Method and system for determining spectrum availability within a network |
US8155649B2 (en) * | 2006-05-12 | 2012-04-10 | Shared Spectrum Company | Method and system for classifying communication signals in a dynamic spectrum access system |
US9538388B2 (en) * | 2006-05-12 | 2017-01-03 | Shared Spectrum Company | Method and system for dynamic spectrum access |
US8184653B2 (en) * | 2007-08-15 | 2012-05-22 | Shared Spectrum Company | Systems and methods for a cognitive radio having adaptable characteristics |
US8997170B2 (en) * | 2006-12-29 | 2015-03-31 | Shared Spectrum Company | Method and device for policy-based control of radio |
US8027249B2 (en) | 2006-10-18 | 2011-09-27 | Shared Spectrum Company | Methods for using a detector to monitor and detect channel occupancy |
US8055204B2 (en) | 2007-08-15 | 2011-11-08 | Shared Spectrum Company | Methods for detecting and classifying signals transmitted over a radio frequency spectrum |
US8326313B2 (en) * | 2006-05-12 | 2012-12-04 | Shared Spectrum Company | Method and system for dynamic spectrum access using detection periods |
US8270613B2 (en) * | 2006-05-29 | 2012-09-18 | Nec Corporation | System for disabling unauthorized person, encryption device, encryption method, and program |
US8943573B2 (en) | 2006-06-16 | 2015-01-27 | Fmt Worldwide Pty Ltd | Authentication system and process |
US7719427B2 (en) * | 2006-08-18 | 2010-05-18 | Chung Yuan Christian University | Wireless pH measurement system |
US8782745B2 (en) * | 2006-08-25 | 2014-07-15 | Qwest Communications International Inc. | Detection of unauthorized wireless access points |
US8457594B2 (en) * | 2006-08-25 | 2013-06-04 | Qwest Communications International Inc. | Protection against unauthorized wireless access points |
US8775621B2 (en) * | 2006-08-31 | 2014-07-08 | Redknee Inc. | Policy services |
US7907938B2 (en) * | 2006-08-31 | 2011-03-15 | Alcatel-Lucent Usa Inc. | Apparatus and method for data transmission in a wireless communications network |
US8150933B2 (en) | 2006-09-08 | 2012-04-03 | Research In Motion Limited | Apparatus and method for delivering messages over multiple mediums |
DE602006009932D1 (en) * | 2006-09-08 | 2009-12-03 | Research In Motion Ltd | Method and device for message transmission over multiple media |
US20080064442A1 (en) * | 2006-09-11 | 2008-03-13 | Utstarcom, :Inc. | Identity and payment modem module for handsets |
US20080070544A1 (en) * | 2006-09-19 | 2008-03-20 | Bridgewater Systems Corp. | Systems and methods for informing a mobile node of the authentication requirements of a visited network |
US8095124B2 (en) * | 2006-10-20 | 2012-01-10 | Verizon Patent And Licensing Inc. | Systems and methods for managing and monitoring mobile data, content, access, and usage |
US8259568B2 (en) * | 2006-10-23 | 2012-09-04 | Mcafee, Inc. | System and method for controlling mobile device access to a network |
US8719431B2 (en) | 2006-10-26 | 2014-05-06 | Blackberry Limited | Transient WLAN connection profiles |
US7942738B2 (en) | 2006-11-15 | 2011-05-17 | Cfph, Llc | Verifying a gaming device is in communications with a gaming server |
US10068421B2 (en) | 2006-11-16 | 2018-09-04 | Cfph, Llc | Using a first device to verify whether a second device is communicating with a server |
US7942739B2 (en) | 2006-11-15 | 2011-05-17 | Cfph, Llc | Storing information from a verification device and accessing the information from a gaming device to verify that the gaming device is communicating with a server |
US7942741B2 (en) * | 2006-11-15 | 2011-05-17 | Cfph, Llc | Verifying whether a device is communicating with a server |
US8012015B2 (en) | 2006-11-15 | 2011-09-06 | Cfph, Llc | Verifying whether a gaming device is communicating with a gaming server |
US7942740B2 (en) | 2006-11-15 | 2011-05-17 | Cfph, Llc | Verifying a first device is in communications with a server by storing a value from the first device and accessing the value from a second device |
US7942742B2 (en) * | 2006-11-15 | 2011-05-17 | Cfph, Llc | Accessing identification information to verify a gaming device is in communications with a server |
EP2346211A3 (en) * | 2006-11-21 | 2011-10-26 | Research in Motion Limited | Displaying a list of connection profiles of wireless local area networks |
US20080229382A1 (en) * | 2007-03-14 | 2008-09-18 | Motorola, Inc. | Mobile access terminal security function |
US10237217B1 (en) * | 2013-08-02 | 2019-03-19 | Sprint Communications Company L.P. | Controlling access to content based on access network type |
US8954745B2 (en) * | 2007-04-03 | 2015-02-10 | Alcatel Lucent | Method and apparatus for generating one-time passwords |
WO2008130511A1 (en) * | 2007-04-19 | 2008-10-30 | Apple Inc. | Personal area network systems and devices and methods for use thereof |
US8364139B2 (en) * | 2007-04-19 | 2013-01-29 | Apple Inc. | Personal area network systems and devices and methods for use thereof |
US8331987B2 (en) * | 2007-04-19 | 2012-12-11 | Apple Inc. | Personal area network systems and devices and methods for use thereof |
US8369846B2 (en) * | 2007-04-19 | 2013-02-05 | Apple Inc. | Personal area network systems and devices and methods for use thereof |
WO2008139126A1 (en) * | 2007-05-15 | 2008-11-20 | Educentric Limited | Connecting to the internet |
US8326353B1 (en) | 2007-06-27 | 2012-12-04 | ENORCOM Corporation | Customizable mobile device |
US8311513B1 (en) | 2007-06-27 | 2012-11-13 | ENORCOM Corporation | Automated mobile system |
US8200978B2 (en) * | 2007-07-06 | 2012-06-12 | Gong Ling LI | Security device and method incorporating multiple varying password generator |
EP2112842B1 (en) * | 2007-07-27 | 2013-08-21 | Research In Motion Limited | Wireless communication systems |
US20090037735A1 (en) * | 2007-08-01 | 2009-02-05 | O'farrell David | Method and system for delivering secure messages to a computer desktop |
US20110082779A1 (en) * | 2007-09-13 | 2011-04-07 | Redknee Inc. | Billing profile manager |
FI20075667A (en) | 2007-09-25 | 2009-04-09 | Teliasonera Ab | Improved access request management |
US8600964B2 (en) * | 2007-09-28 | 2013-12-03 | Avaya Inc. | Methods and apparatus for providing customer treatment information over a network |
US9775096B2 (en) * | 2007-10-08 | 2017-09-26 | Qualcomm Incorporated | Access terminal configuration and access control |
US9167505B2 (en) * | 2007-10-08 | 2015-10-20 | Qualcomm Incorporated | Access management for wireless communication |
US9055511B2 (en) * | 2007-10-08 | 2015-06-09 | Qualcomm Incorporated | Provisioning communication nodes |
US9177313B1 (en) * | 2007-10-18 | 2015-11-03 | Jpmorgan Chase Bank, N.A. | System and method for issuing, circulating and trading financial instruments with smart features |
ES2492668T3 (en) * | 2007-11-29 | 2014-09-10 | Jasper Wireless, Inc. | Method and devices to improve manageability in wireless data communication systems |
CA2708670C (en) | 2007-12-27 | 2016-10-04 | Redknee Inc. | Policy-based communication system and method |
US8904031B2 (en) * | 2007-12-31 | 2014-12-02 | Genesys Telecommunications Laboratories, Inc. | Federated uptake throttling |
US20090178131A1 (en) * | 2008-01-08 | 2009-07-09 | Microsoft Corporation | Globally distributed infrastructure for secure content management |
ES2563553T3 (en) | 2008-04-01 | 2016-03-15 | Novo Nordisk A/S | Insulin-albumin conjugates |
US9179399B2 (en) | 2008-05-12 | 2015-11-03 | Blackberry Limited | Methods and apparatus for use in facilitating access to a communication service via a WLAN hotspot |
US8910255B2 (en) * | 2008-05-27 | 2014-12-09 | Microsoft Corporation | Authentication for distributed secure content management system |
US8141129B2 (en) * | 2008-05-29 | 2012-03-20 | Microsoft Corporation | Centrally accessible policy repository |
US8331901B2 (en) | 2009-01-28 | 2012-12-11 | Headwater Partners I, Llc | Device assisted ambient services |
US8402111B2 (en) | 2009-01-28 | 2013-03-19 | Headwater Partners I, Llc | Device assisted services install |
US8626115B2 (en) | 2009-01-28 | 2014-01-07 | Headwater Partners I Llc | Wireless network service interfaces |
US8832777B2 (en) | 2009-03-02 | 2014-09-09 | Headwater Partners I Llc | Adapting network policies based on device service processor configuration |
US8346225B2 (en) | 2009-01-28 | 2013-01-01 | Headwater Partners I, Llc | Quality of service for device assisted services |
US8275830B2 (en) | 2009-01-28 | 2012-09-25 | Headwater Partners I Llc | Device assisted CDR creation, aggregation, mediation and billing |
US8635335B2 (en) | 2009-01-28 | 2014-01-21 | Headwater Partners I Llc | System and method for wireless network offloading |
US8548428B2 (en) | 2009-01-28 | 2013-10-01 | Headwater Partners I Llc | Device group partitions and settlement platform |
US8589541B2 (en) | 2009-01-28 | 2013-11-19 | Headwater Partners I Llc | Device-assisted services for protecting network capacity |
US8406748B2 (en) | 2009-01-28 | 2013-03-26 | Headwater Partners I Llc | Adaptive ambient services |
JP4903754B2 (en) * | 2008-06-23 | 2012-03-28 | Necシステムテクノロジー株式会社 | Unauthorized terminal access control system, management terminal, management server, unauthorized terminal access control method, management terminal control method, management server control method, and program |
US20100017889A1 (en) * | 2008-07-17 | 2010-01-21 | Symantec Corporation | Control of Website Usage Via Online Storage of Restricted Authentication Credentials |
US8427305B2 (en) * | 2008-08-12 | 2013-04-23 | John J. Madsen | Global positioning satellite [GPS] based recovery device and risk management system for portable computing devices and data |
US8600405B2 (en) | 2008-08-12 | 2013-12-03 | Apogee Technology Consultants, Llc | Location-based recovery device and risk management system for portable computing devices and data |
WO2010022156A2 (en) * | 2008-08-19 | 2010-02-25 | Shared Spectrum Company | Method and system for dynamic spectrum access using specialty detectors and improved networking |
US20100115624A1 (en) * | 2008-11-05 | 2010-05-06 | Appsware Wireless, Llc | Method and system for securing data from a point of sale device over a lan |
US20100115600A1 (en) * | 2008-11-05 | 2010-05-06 | Appsware Wireless, Llc | Method and system for securing data from an external network to a point of sale device |
US20100115599A1 (en) * | 2008-11-05 | 2010-05-06 | Appsware Wireless, Llc | Method and system for securing data from a point of sale device over an external network |
US8966610B2 (en) * | 2008-11-05 | 2015-02-24 | Apriva, Llc | Method and system for securing data from a non-point of sale device over an external network |
US20100115127A1 (en) * | 2008-11-05 | 2010-05-06 | Appsware Wireless, Llc | Method and system for securing data from a non-point of sale device over a lan |
US20100125897A1 (en) * | 2008-11-20 | 2010-05-20 | Rahul Jain | Methods and apparatus for establishing a dynamic virtual private network connection |
US9755842B2 (en) | 2009-01-28 | 2017-09-05 | Headwater Research Llc | Managing service user discovery and service launch object placement on a device |
US10064055B2 (en) | 2009-01-28 | 2018-08-28 | Headwater Research Llc | Security, fraud detection, and fraud mitigation in device-assisted services systems |
US9955332B2 (en) | 2009-01-28 | 2018-04-24 | Headwater Research Llc | Method for child wireless device activation to subscriber account of a master wireless device |
US9954975B2 (en) | 2009-01-28 | 2018-04-24 | Headwater Research Llc | Enhanced curfew and protection associated with a device group |
US9706061B2 (en) | 2009-01-28 | 2017-07-11 | Headwater Partners I Llc | Service design center for device assisted services |
US10484858B2 (en) | 2009-01-28 | 2019-11-19 | Headwater Research Llc | Enhanced roaming services and converged carrier networks with device assisted services and a proxy |
US9609510B2 (en) | 2009-01-28 | 2017-03-28 | Headwater Research Llc | Automated credential porting for mobile devices |
US9351193B2 (en) | 2009-01-28 | 2016-05-24 | Headwater Partners I Llc | Intermediate networking devices |
US10715342B2 (en) | 2009-01-28 | 2020-07-14 | Headwater Research Llc | Managing service user discovery and service launch object placement on a device |
US11218854B2 (en) | 2009-01-28 | 2022-01-04 | Headwater Research Llc | Service plan design, user interfaces, application programming interfaces, and device management |
US9392462B2 (en) | 2009-01-28 | 2016-07-12 | Headwater Partners I Llc | Mobile end-user device with agent limiting wireless data communication for specified background applications based on a stored policy |
US10237757B2 (en) | 2009-01-28 | 2019-03-19 | Headwater Research Llc | System and method for wireless network offloading |
US10798252B2 (en) | 2009-01-28 | 2020-10-06 | Headwater Research Llc | System and method for providing user notifications |
US9253663B2 (en) | 2009-01-28 | 2016-02-02 | Headwater Partners I Llc | Controlling mobile device communications on a roaming network based on device state |
US10264138B2 (en) | 2009-01-28 | 2019-04-16 | Headwater Research Llc | Mobile device and service management |
US9557889B2 (en) | 2009-01-28 | 2017-01-31 | Headwater Partners I Llc | Service plan design, user interfaces, application programming interfaces, and device management |
US9980146B2 (en) | 2009-01-28 | 2018-05-22 | Headwater Research Llc | Communications device with secure data path processing agents |
US9572019B2 (en) | 2009-01-28 | 2017-02-14 | Headwater Partners LLC | Service selection set published to device agent with on-device service selection |
US10057775B2 (en) | 2009-01-28 | 2018-08-21 | Headwater Research Llc | Virtualized policy and charging system |
US10248996B2 (en) | 2009-01-28 | 2019-04-02 | Headwater Research Llc | Method for operating a wireless end-user device mobile payment agent |
US8793758B2 (en) | 2009-01-28 | 2014-07-29 | Headwater Partners I Llc | Security, fraud detection, and fraud mitigation in device-assisted services systems |
US9647918B2 (en) | 2009-01-28 | 2017-05-09 | Headwater Research Llc | Mobile device and method attributing media services network usage to requesting application |
US9571559B2 (en) | 2009-01-28 | 2017-02-14 | Headwater Partners I Llc | Enhanced curfew and protection associated with a device group |
US10200541B2 (en) | 2009-01-28 | 2019-02-05 | Headwater Research Llc | Wireless end-user device with divided user space/kernel space traffic policy system |
US10783581B2 (en) | 2009-01-28 | 2020-09-22 | Headwater Research Llc | Wireless end-user device providing ambient or sponsored services |
US9578182B2 (en) | 2009-01-28 | 2017-02-21 | Headwater Partners I Llc | Mobile device and service management |
US9858559B2 (en) | 2009-01-28 | 2018-01-02 | Headwater Research Llc | Network service plan design |
US9565707B2 (en) | 2009-01-28 | 2017-02-07 | Headwater Partners I Llc | Wireless end-user device with wireless data attribution to multiple personas |
US8745191B2 (en) | 2009-01-28 | 2014-06-03 | Headwater Partners I Llc | System and method for providing user notifications |
US10492102B2 (en) | 2009-01-28 | 2019-11-26 | Headwater Research Llc | Intermediate networking devices |
US10841839B2 (en) | 2009-01-28 | 2020-11-17 | Headwater Research Llc | Security, fraud detection, and fraud mitigation in device-assisted services systems |
US9270559B2 (en) | 2009-01-28 | 2016-02-23 | Headwater Partners I Llc | Service policy implementation for an end-user device having a control application or a proxy agent for routing an application traffic flow |
US10326800B2 (en) | 2009-01-28 | 2019-06-18 | Headwater Research Llc | Wireless network service interfaces |
US10779177B2 (en) | 2009-01-28 | 2020-09-15 | Headwater Research Llc | Device group partitions and settlement platform |
CN102379139B (en) * | 2009-01-30 | 2015-04-29 | 惠普开发有限公司 | Dynamically applying a control policy to a network |
US8527774B2 (en) * | 2009-05-28 | 2013-09-03 | Kaazing Corporation | System and methods for providing stateless security management for web applications using non-HTTP communications protocols |
US20100319004A1 (en) * | 2009-06-16 | 2010-12-16 | Microsoft Corporation | Policy Management for the Cloud |
US8904519B2 (en) * | 2009-06-18 | 2014-12-02 | Verisign, Inc. | Shared registration system multi-factor authentication |
US7685629B1 (en) | 2009-08-05 | 2010-03-23 | Daon Holdings Limited | Methods and systems for authenticating users |
US8443202B2 (en) | 2009-08-05 | 2013-05-14 | Daon Holdings Limited | Methods and systems for authenticating users |
US7865937B1 (en) | 2009-08-05 | 2011-01-04 | Daon Holdings Limited | Methods and systems for authenticating users |
US20110084799A1 (en) * | 2009-10-13 | 2011-04-14 | Pitney Bowes Inc. | Lock system including an electronic key and a passive lock |
US8296403B2 (en) * | 2009-10-23 | 2012-10-23 | Novell, Inc. | Network address allocation using a user identity |
US8769614B1 (en) * | 2009-12-29 | 2014-07-01 | Akamai Technologies, Inc. | Security framework for HTTP streaming architecture |
US9197420B2 (en) * | 2010-01-06 | 2015-11-24 | International Business Machines Corporation | Using information in a digital certificate to authenticate a network of a wireless access point |
US20110185166A1 (en) * | 2010-01-28 | 2011-07-28 | Microsoft Corporation | Slider Control for Security Grouping and Enforcement |
US8996649B2 (en) | 2010-02-05 | 2015-03-31 | Qualcomm Incorporated | Utilizing policies for offload and flow mobility in wireless communications |
US8819208B2 (en) | 2010-03-05 | 2014-08-26 | Solidfire, Inc. | Data deletion in a distributed data storage system |
US8424072B2 (en) * | 2010-03-09 | 2013-04-16 | Microsoft Corporation | Behavior-based security system |
US8826030B2 (en) * | 2010-03-22 | 2014-09-02 | Daon Holdings Limited | Methods and systems for authenticating users |
JP5510000B2 (en) * | 2010-03-31 | 2014-06-04 | ソニー株式会社 | Content transmission apparatus, content reproduction system, content transmission method, and program |
US8935384B2 (en) | 2010-05-06 | 2015-01-13 | Mcafee Inc. | Distributed data revocation using data commands |
BR112013012356B1 (en) * | 2010-11-19 | 2021-03-09 | Nagravision S.A. | method to detect cloned software |
US8914841B2 (en) * | 2010-11-24 | 2014-12-16 | Tufin Software Technologies Ltd. | Method and system for mapping between connectivity requests and a security rule set |
US9609587B2 (en) | 2011-01-31 | 2017-03-28 | Synchronoss Technologies, Inc. | System and method for host and OS agnostic management of connected devices through network controlled state alteration |
US8593967B2 (en) * | 2011-03-08 | 2013-11-26 | Medium Access Systems Private Limited | Method and system of intelligently load balancing of Wi-Fi access point apparatus in a WLAN |
US20120230189A1 (en) * | 2011-03-08 | 2012-09-13 | Medium Access Systems Private Limited | System and method of transferring Wi-Fi clients between SSIDs |
US8554912B1 (en) * | 2011-03-14 | 2013-10-08 | Sprint Communications Company L.P. | Access management for wireless communication devices failing authentication for a communication network |
US9716619B2 (en) | 2011-03-31 | 2017-07-25 | NextPlane, Inc. | System and method of processing media traffic for a hub-based system federating disparate unified communications systems |
ES2450469T3 (en) * | 2011-04-08 | 2014-03-24 | Siemens Aktiengesellschaft | Access protection device for an automation network |
US8806192B2 (en) * | 2011-05-04 | 2014-08-12 | Microsoft Corporation | Protected authorization for untrusted clients |
US8775533B2 (en) * | 2011-05-20 | 2014-07-08 | Microsoft Corporation | Auto connect in peer-to-peer network |
US9565708B2 (en) | 2011-05-20 | 2017-02-07 | Microsoft Technology Licensing, Llc | Auto-connect in a peer-to-peer network |
US8806023B2 (en) | 2011-05-20 | 2014-08-12 | Microsoft Corporation | Auto-connect in a peer-to-peer network |
US8751306B2 (en) * | 2011-06-20 | 2014-06-10 | Microsoft Corporation | Virtual identity manager |
US9838269B2 (en) | 2011-12-27 | 2017-12-05 | Netapp, Inc. | Proportional quality of service based on client usage and system metrics |
US9054992B2 (en) | 2011-12-27 | 2015-06-09 | Solidfire, Inc. | Quality of service policy sets |
US9479488B2 (en) | 2012-01-26 | 2016-10-25 | Facebook, Inc. | Network access based on social-networking information |
US8904013B2 (en) * | 2012-01-26 | 2014-12-02 | Facebook, Inc. | Social hotspot |
US8977231B2 (en) * | 2012-01-27 | 2015-03-10 | Microsoft Technology Licensing, Llc | Tracking data usage under a schematized data plan |
US9497212B2 (en) | 2012-05-21 | 2016-11-15 | Fortinet, Inc. | Detecting malicious resources in a network based upon active client reputation monitoring |
US11469914B2 (en) * | 2012-08-10 | 2022-10-11 | Viasat, Inc. | System, method and apparatus for subscriber user interfaces |
US9088891B2 (en) | 2012-08-13 | 2015-07-21 | Wells Fargo Bank, N.A. | Wireless multi-factor authentication with captive portals |
US9143498B2 (en) | 2012-08-30 | 2015-09-22 | Aerohive Networks, Inc. | Internetwork authentication |
WO2014059521A1 (en) * | 2012-10-16 | 2014-04-24 | The Ultimate Software Group Of Canada, Inc. | System, apparatus, and method for providing workforce management |
EP2725761B1 (en) * | 2012-10-24 | 2020-07-29 | Facebook, Inc. | Network access based on social-networking information |
US9769803B2 (en) * | 2012-11-29 | 2017-09-19 | Nokia Technologies Oy | Methods for device-to-device connection re-establishment and related user equipments and radio access node |
US8990883B2 (en) * | 2013-01-02 | 2015-03-24 | International Business Machines Corporation | Policy-based development and runtime control of mobile applications |
US20160014127A1 (en) * | 2013-01-16 | 2016-01-14 | Behzad Mohebbi | Methods and apparatus for hybrid access to a core network based on proxied authentication |
US8875295B2 (en) * | 2013-02-22 | 2014-10-28 | Bitdefender IPR Management Ltd. | Memory introspection engine for integrity protection of virtual machines |
US8856330B2 (en) | 2013-03-04 | 2014-10-07 | Fmr Llc | System for determining whether to block internet access of a portable system based on its current network configuration |
US9762679B2 (en) | 2013-03-15 | 2017-09-12 | Aerohive Networks, Inc. | Providing stateless network services |
US9769056B2 (en) | 2013-03-15 | 2017-09-19 | Aerohive Networks, Inc. | Gateway using multicast to unicast conversion |
US20140359457A1 (en) * | 2013-05-30 | 2014-12-04 | NextPlane, Inc. | User portal to a hub-based system federating disparate unified communications systems |
US9705840B2 (en) | 2013-06-03 | 2017-07-11 | NextPlane, Inc. | Automation platform for hub-based system federating disparate unified communications systems |
CN104219218B (en) * | 2013-06-04 | 2018-05-08 | 新华三技术有限公司 | A kind of method and device of active safety defence |
US10432753B2 (en) | 2013-08-16 | 2019-10-01 | Fujitsu Limited | Demand response event dissemination system and method |
US10116697B2 (en) | 2013-09-20 | 2018-10-30 | Open Text Sa Ulc | System and method for geofencing |
EP2851833B1 (en) | 2013-09-20 | 2017-07-12 | Open Text S.A. | Application Gateway Architecture with Multi-Level Security Policy and Rule Promulgations |
US10824756B2 (en) | 2013-09-20 | 2020-11-03 | Open Text Sa Ulc | Hosted application gateway architecture with multi-level security policy and rule promulgations |
CN103533600A (en) * | 2013-10-23 | 2014-01-22 | 华为技术有限公司 | Method and terminal for accessing network |
US9973534B2 (en) * | 2013-11-04 | 2018-05-15 | Lookout, Inc. | Methods and systems for secure network connections |
US9565164B2 (en) * | 2013-11-12 | 2017-02-07 | Facebook, Inc. | Techniques to rate-adjust data usage with a virtual private network |
US9226119B2 (en) * | 2013-11-20 | 2015-12-29 | Qualcomm Incorporated | Using sensor data to provide information for proximally-relevant group communications |
JP6329267B2 (en) * | 2013-12-20 | 2018-05-23 | マカフィー, エルエルシー | Intelligent firewall access rules |
US20150188949A1 (en) * | 2013-12-31 | 2015-07-02 | Lookout, Inc. | Cloud-based network security |
JP6245277B2 (en) * | 2014-01-06 | 2017-12-13 | 富士通株式会社 | Communication management system, communication management method, and management apparatus |
US20150244795A1 (en) | 2014-02-21 | 2015-08-27 | Solidfire, Inc. | Data syncing in a distributed system |
KR102144509B1 (en) * | 2014-03-06 | 2020-08-14 | 삼성전자주식회사 | Proximity communication method and apparatus |
CN104065652B (en) * | 2014-06-09 | 2015-10-14 | 北京石盾科技有限公司 | A kind of auth method, device, system and relevant device |
US9992619B2 (en) | 2014-08-12 | 2018-06-05 | Aerohive Networks, Inc. | Network device based proximity beacon locating |
JP2016057876A (en) * | 2014-09-10 | 2016-04-21 | 富士通株式会社 | Information processing apparatus, input/output control program, and input/output control method |
SE539602C2 (en) | 2014-10-09 | 2017-10-17 | Kelisec Ab | Generating a symmetric encryption key |
SE538304C2 (en) | 2014-10-09 | 2016-05-03 | Kelisec Ab | Improved installation of a terminal in a secure system |
SE540133C2 (en) * | 2014-10-09 | 2018-04-10 | Kelisec Ab | Improved system for establishing a secure communication channel |
SE539271C2 (en) | 2014-10-09 | 2017-06-07 | Kelisec Ab | Mutual authentication |
SE542460C2 (en) | 2014-10-09 | 2020-05-12 | Kelisec Ab | Improved security through authenticaton tokens |
US10278054B2 (en) * | 2015-04-21 | 2019-04-30 | Electronics And Telecommunications Research Institute | Method and apparatus for communicating in wireless personal area network communication system |
US10298563B2 (en) | 2015-04-29 | 2019-05-21 | Hewlett Packard Enterprise Development Lp | Multi-factor authorization for IEEE 802.1x-enabled networks |
US10826928B2 (en) * | 2015-07-10 | 2020-11-03 | Reliaquest Holdings, Llc | System and method for simulating network security threats and assessing network security |
US11593075B2 (en) | 2015-11-03 | 2023-02-28 | Open Text Sa Ulc | Streamlined fast and efficient application building and customization systems and methods |
US10171505B2 (en) * | 2015-12-14 | 2019-01-01 | International Business Machines Corporation | Preventative enterprise change management |
US11388037B2 (en) | 2016-02-25 | 2022-07-12 | Open Text Sa Ulc | Systems and methods for providing managed services |
US10291612B2 (en) * | 2016-03-22 | 2019-05-14 | Go Daddy Operating Company, LLC | Bi-directional authentication between a media repository and a hosting provider |
US10929022B2 (en) | 2016-04-25 | 2021-02-23 | Netapp. Inc. | Space savings reporting for storage system supporting snapshot and clones |
US10791093B2 (en) * | 2016-04-29 | 2020-09-29 | Avago Technologies International Sales Pte. Limited | Home network traffic isolation |
WO2017210198A1 (en) | 2016-05-31 | 2017-12-07 | Lookout, Inc. | Methods and systems for detecting and preventing network connection compromise |
US10395040B2 (en) | 2016-07-18 | 2019-08-27 | vThreat, Inc. | System and method for identifying network security threats and assessing network security |
US10642763B2 (en) | 2016-09-20 | 2020-05-05 | Netapp, Inc. | Quality of service policy sets |
FR3057689A1 (en) * | 2016-10-14 | 2018-04-20 | Safran Identity and Security | METHOD AND SYSTEM FOR PROVIDING TOKEN IN A HOST CARD EMULATION SYSTEM HAVING A FIRST AND A SECOND DEVICE |
BR112019008890A2 (en) * | 2016-11-03 | 2019-07-09 | Interdigital Patent Holdings Inc | method performed by a station and station |
US10382203B1 (en) * | 2016-11-22 | 2019-08-13 | Amazon Technologies, Inc. | Associating applications with Internet-of-things (IoT) devices using three-way handshake |
KR101862861B1 (en) * | 2017-01-11 | 2018-07-04 | 주식회사 코인플러그 | Method for providing payment gateway service in use of unspent transaction output based protocol and servers using the same |
US10432730B1 (en) | 2017-01-25 | 2019-10-01 | United States Of America As Represented By The Secretary Of The Air Force | Apparatus and method for bus protection |
US10296477B2 (en) | 2017-03-30 | 2019-05-21 | United States of America as represented by the Secretary of the AirForce | Data bus logger |
US10218697B2 (en) | 2017-06-09 | 2019-02-26 | Lookout, Inc. | Use of device risk evaluation to manage access to services |
CN111066043B (en) * | 2017-06-22 | 2023-10-31 | 摩根大通国家银行 | System and method for realizing information network between banks |
US10943749B2 (en) | 2018-03-15 | 2021-03-09 | Crestron Electronics, Inc. | Wall mounted control device with interchangeable buttons |
US11233696B1 (en) * | 2018-03-23 | 2022-01-25 | Amazon Technologies, Inc. | Preconfiguring a device for a network |
CN108764907B (en) * | 2018-05-30 | 2022-03-01 | 招商银行股份有限公司 | Asset retrieving method, system and computer readable storage medium |
US11088829B2 (en) | 2018-09-04 | 2021-08-10 | International Business Machines Corporation | Securing a path at a node |
US11038671B2 (en) | 2018-09-04 | 2021-06-15 | International Business Machines Corporation | Shared key processing by a storage device to secure links |
US10764291B2 (en) | 2018-09-04 | 2020-09-01 | International Business Machines Corporation | Controlling access between nodes by a key server |
US11025413B2 (en) | 2018-09-04 | 2021-06-01 | International Business Machines Corporation | Securing a storage network using key server authentication |
US10833860B2 (en) | 2018-09-04 | 2020-11-10 | International Business Machines Corporation | Shared key processing by a host to secure links |
US11038698B2 (en) | 2018-09-04 | 2021-06-15 | International Business Machines Corporation | Securing a path at a selected node |
US10833856B2 (en) | 2018-09-04 | 2020-11-10 | International Business Machines Corporation | Automatic re-authentication of links using a key server |
US10917840B2 (en) * | 2018-09-13 | 2021-02-09 | International Business Machines Corporation | Selecting a communication service provider according to constraint criteria |
US11316901B1 (en) | 2019-06-06 | 2022-04-26 | NortonLifeLock Inc. | Systems and methods for protecting users |
US11863588B2 (en) * | 2019-08-07 | 2024-01-02 | Cisco Technology, Inc. | Dynamically tailored trust for secure application-service networking in an enterprise |
CN110798456A (en) * | 2019-10-22 | 2020-02-14 | 北京天融信网络安全技术有限公司 | SSLVPN authentication method and intranet resource access and data acquisition method |
US11523282B2 (en) * | 2020-02-05 | 2022-12-06 | Lookout Inc. | Use of geolocation to improve security while protecting privacy |
US11336438B2 (en) * | 2020-03-31 | 2022-05-17 | EMC IP Holding Company LLC | Remote approval and execution of restricted operations |
US11561917B2 (en) * | 2020-09-23 | 2023-01-24 | Hewlett Packard Enterprise Development Lp | USB connection management |
US11722459B1 (en) * | 2021-06-07 | 2023-08-08 | Wells Fargo Bank, N.A. | Cumulative sum model for IP deny lists |
US20230006880A1 (en) * | 2021-06-30 | 2023-01-05 | Microsoft Technology Licensing, Llc | Local edge authority platform |
JP2023141050A (en) * | 2022-03-23 | 2023-10-05 | 富士フイルムビジネスイノベーション株式会社 | Information processing device and information processing program |
Citations (86)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US5406261A (en) * | 1993-01-11 | 1995-04-11 | Glenn; James T. | Computer security apparatus and method |
US5500517A (en) * | 1994-09-02 | 1996-03-19 | Gemplus Card International | Apparatus and method for data transfer between stand alone integrated circuit smart card terminal and remote computer of system operator |
US5748084A (en) * | 1996-11-18 | 1998-05-05 | Isikoff; Jeremy M. | Device security system |
US5835737A (en) * | 1996-05-10 | 1998-11-10 | Apple Computer, Inc. | Method and apparatus for arbitrating access to selected computer system devices |
US5936526A (en) * | 1998-01-13 | 1999-08-10 | Micron Electronics, Inc. | Apparatus for generating an alarm in a portable computer system |
US5953536A (en) * | 1996-09-30 | 1999-09-14 | Intel Corporation | Software-implemented tool for monitoring power management in a computer system |
US5958058A (en) * | 1997-07-18 | 1999-09-28 | Micron Electronics, Inc. | User-selectable power management interface with application threshold warnings |
US6070240A (en) * | 1997-08-27 | 2000-05-30 | Ensure Technologies Incorporated | Computer access control |
US6085084A (en) * | 1997-09-24 | 2000-07-04 | Christmas; Christian | Automated creation of a list of disallowed network points for use in connection blocking |
US6198920B1 (en) * | 1995-06-01 | 2001-03-06 | Padcom, Inc. | Apparatus and method for intelligent routing of data between a remote device and a host system |
US6272112B1 (en) * | 1997-11-13 | 2001-08-07 | Fujitsu Limited | Repeating unit testing system and communication apparatus as well as communication method |
US20020039359A1 (en) * | 1997-12-31 | 2002-04-04 | At&T Corporation | Hybrid fiber twisted pair local loop network service architecture |
US20020052968A1 (en) * | 2000-01-31 | 2002-05-02 | Rudy Bonefas | Messaging method and apparatus for routing messages in a client server environment over multiple wireless and wireline networks |
US6418533B2 (en) * | 1997-08-29 | 2002-07-09 | Compaq Information Technologies Group, L.P. | “J” system for securing a portable computer which optionally requires an entry of an invalid power on password (POP), by forcing an entry of a valid POP |
US20020099957A1 (en) * | 2001-01-24 | 2002-07-25 | Michael Kramer | Establishing a secure connection with a private corporate network over a public network |
US20020133584A1 (en) * | 2001-01-17 | 2002-09-19 | Greuel James R. | Method and apparatus for customizably calculating and displaying health of a computer network |
US20030005331A1 (en) * | 1998-08-06 | 2003-01-02 | Cryptek Secure Communications, Llc | Multi-level security network system |
US20030051140A1 (en) * | 2001-09-13 | 2003-03-13 | Buddhikot Milind M. | Scheme for authentication and dynamic key exchange |
US20030056116A1 (en) * | 2001-05-18 | 2003-03-20 | Bunker Nelson Waldo | Reporter |
US20030053331A1 (en) * | 2001-08-22 | 2003-03-20 | Motorola, Inc. | Magnetoresistive level generator and method |
US20030063624A1 (en) * | 1998-12-15 | 2003-04-03 | Lucent Technologies Inc. | Call admission control methods and apparatus for improving route selection in packet networks |
US6546425B1 (en) * | 1998-10-09 | 2003-04-08 | Netmotion Wireless, Inc. | Method and apparatus for providing mobile and other intermittent connectivity in a computing environment |
US20030084350A1 (en) * | 2001-11-01 | 2003-05-01 | International Business Machines Corporation | System and method for secure configuration of sensitive web services |
US6564047B1 (en) * | 2000-08-28 | 2003-05-13 | Motorola Inc. | Advanced air time management |
US20030204748A1 (en) * | 2002-04-30 | 2003-10-30 | Tom Chiu | Auto-detection of wireless network accessibility |
US20030212548A1 (en) * | 2002-05-13 | 2003-11-13 | Petty Norman W. | Apparatus and method for improved voice activity detection |
US20030217166A1 (en) * | 2002-05-17 | 2003-11-20 | Mario Dal Canto | System and method for provisioning universal stateless digital and computing services |
US20030221039A1 (en) * | 2002-05-22 | 2003-11-27 | International Business Machines Corporation | Data caching on bridge following disconnect |
US6657956B1 (en) * | 1996-03-07 | 2003-12-02 | Bull Cp8 | Method enabling secure access by a station to at least one server, and device using same |
US20030235307A1 (en) * | 2002-06-13 | 2003-12-25 | Kazuhiro Miyamoto | Encryption and decryption program |
US20030236627A1 (en) * | 1997-12-04 | 2003-12-25 | Baker Hughes Incorporated | Use of MWD assembly for multiple-well drilling |
US20030236827A1 (en) * | 2002-06-24 | 2003-12-25 | Cisco Technology, Inc. | Adaptive feedback technique implemented in Mobile IP networks |
US20040017360A1 (en) * | 2002-05-02 | 2004-01-29 | Emerson Harry E. | Computer keyboard having a single key providing a shift-tab function |
US20040030887A1 (en) * | 2002-08-07 | 2004-02-12 | Harrisville-Wolff Carol L. | System and method for providing secure communications between clients and service providers |
US20040039807A1 (en) * | 2002-04-25 | 2004-02-26 | Angel Boveda De Miguel | Methods and arrangements in a telecommunication network |
US20040039607A1 (en) * | 1998-10-30 | 2004-02-26 | Steve Savitz | Medication and specimen management system |
US20040052259A1 (en) * | 2002-09-16 | 2004-03-18 | Agilent Technologies, Inc. | Measuring network operational parameters as experienced by network operational traffic |
US20040064293A1 (en) * | 2002-09-30 | 2004-04-01 | Hamilton David B. | Method and system for storing and reporting network performance metrics using histograms |
US6725379B1 (en) * | 1999-08-11 | 2004-04-20 | Dell Products L.P. | Stolen computer detection and protection |
US20040082351A1 (en) * | 2002-06-28 | 2004-04-29 | Ilkka Westman | User group creation |
US20040087213A1 (en) * | 2002-08-16 | 2004-05-06 | Chi-Lei Kao | Plug used for connection with a usb receptacle |
US20040110488A1 (en) * | 2002-12-10 | 2004-06-10 | Nokia Corporation | System and method for performing security functions of a mobile station |
US20040123150A1 (en) * | 2002-12-18 | 2004-06-24 | Michael Wright | Protection of data accessible by a mobile device |
US20040137964A1 (en) * | 2002-09-13 | 2004-07-15 | Steven Lynch | Wireless communication device and method for responding to solicitations |
US20040143470A1 (en) * | 1999-08-20 | 2004-07-22 | Myrick Conrad B. | Structure and method of modeling integrated business and information technology frameworks and architecture in support of a business |
US20040186901A1 (en) * | 2002-09-05 | 2004-09-23 | Alain Guigui | System for managing user profile data |
US20040193694A1 (en) * | 1999-11-10 | 2004-09-30 | Randy Salo | Application gateway systems |
US20040199545A1 (en) * | 2001-08-14 | 2004-10-07 | Frederico Wagner | Networked disposal and replenishment apparatus |
US6813498B1 (en) * | 2000-10-27 | 2004-11-02 | Lucent Technologies Inc. | Apparatus, method and system for detection and recovery of missing wireless devices in communication systems |
US20040218605A1 (en) * | 2003-04-30 | 2004-11-04 | Telefonaktiebolaget Lm Ericsson (Publ) | Method for access selection |
US20040218587A1 (en) * | 2003-04-29 | 2004-11-04 | Sung-Hoon Kim | Private EV-DO system sharing public network data location register and data service method |
US20040235522A1 (en) * | 2003-05-21 | 2004-11-25 | Alan Lin | Card facility for freely communicating with network systems |
US20040235514A1 (en) * | 2001-07-18 | 2004-11-25 | Stephen Bloch | Data security device |
US20040259538A1 (en) * | 2001-10-16 | 2004-12-23 | Victor Agbegnenou | Wireless multipurpose communication system |
US20040268240A1 (en) * | 2003-06-11 | 2004-12-30 | Vincent Winchel Todd | System for normalizing and archiving schemas |
US20050020315A1 (en) * | 2003-07-22 | 2005-01-27 | Robertson Ian M. | Security for mobile communications device |
US20050025184A1 (en) * | 1998-10-07 | 2005-02-03 | Dowling Eric Morgan | Virtual connection of a remote unit to a server |
US20050050323A1 (en) * | 2003-09-02 | 2005-03-03 | Authenture, Inc. | Communication session encryption and authentication system |
US6865162B1 (en) * | 2000-12-06 | 2005-03-08 | Cisco Technology, Inc. | Elimination of clipping associated with VAD-directed silence suppression |
US20050125474A1 (en) * | 2003-12-05 | 2005-06-09 | International Business Machines Corporation | Method and structure for transform regression |
US20050160280A1 (en) * | 2003-05-15 | 2005-07-21 | Caslin Michael F. | Method and system for providing fraud detection for remote access services |
US20050198491A1 (en) * | 2004-03-03 | 2005-09-08 | Cisco Technology, Inc., A Corporation Of California | Network security enhancement methods and devices |
US6947755B1 (en) * | 2001-03-16 | 2005-09-20 | Gould Lawrence A | Systems and methods for distributed processing of location information associated with emergency 911 wireless transmissions |
US20050216736A1 (en) * | 2004-03-24 | 2005-09-29 | Smith Ned M | System and method for combining user and platform authentication in negotiated channel security protocols |
US20050273592A1 (en) * | 2004-05-20 | 2005-12-08 | International Business Machines Corporation | System, method and program for protecting communication |
US6996728B2 (en) * | 2002-04-26 | 2006-02-07 | Hewlett-Packard Development Company, L.P. | Managing power consumption based on utilization statistics |
US7003282B1 (en) * | 1998-07-07 | 2006-02-21 | Nokia Corporation | System and method for authentication in a mobile communications system |
US20060059265A1 (en) * | 2002-08-27 | 2006-03-16 | Seppo Keronen | Terminal connectivity system |
US7051236B2 (en) * | 2002-06-13 | 2006-05-23 | Dell Products L.P. | Wirelessly network-connected, battery-powered information handling system featuring prevention of data corruption after wake-up by a network event |
US20060149414A1 (en) * | 2004-12-30 | 2006-07-06 | Carrier Corporation | Remote web access control of multiple home comfort systems |
US7089425B2 (en) * | 2003-03-18 | 2006-08-08 | Ci4 Technologies, Inc. | Remote access authorization of local content |
US7089553B1 (en) * | 2000-10-12 | 2006-08-08 | International Business Machines Corporation | Method, system, computer program product, and article of manufacture for downloading a remote computer program according to a stored configuration |
US7107349B2 (en) * | 2002-09-30 | 2006-09-12 | Danger, Inc. | System and method for disabling and providing a notification for a data processing device |
US20060294219A1 (en) * | 2003-10-03 | 2006-12-28 | Kazuki Ogawa | Network system based on policy rule |
US7170999B1 (en) * | 2002-08-28 | 2007-01-30 | Napster, Inc. | Method of and apparatus for encrypting and transferring files |
US20070125620A1 (en) * | 2003-06-03 | 2007-06-07 | Sorenson Timothy N | Methods and systems for providing products, such as digital content including games, ring tones, and/or graphics; and services, such as computer network service including internet service |
US7239862B1 (en) * | 2002-09-19 | 2007-07-03 | Cellco Partnership | Method of and system for processing prepaid wireless data communications |
US7240366B2 (en) * | 2002-05-17 | 2007-07-03 | Microsoft Corporation | End-to-end authentication of session initiation protocol messages using certificates |
US7272230B2 (en) * | 2001-04-18 | 2007-09-18 | Pumpkin House Incorporated | Encryption system and control method thereof |
US7305548B2 (en) * | 2001-10-22 | 2007-12-04 | Microsoft Corporation | Using atomic messaging to increase the security of transferring data across a network |
US20070280109A1 (en) * | 2004-03-03 | 2007-12-06 | Jussi Jaatinen | Method, a Device and a System for Transferring Data |
US7370349B2 (en) * | 2002-01-18 | 2008-05-06 | Peoplechart Corporation | Method and system for protecting information on a computer system |
US7389123B2 (en) * | 2003-04-29 | 2008-06-17 | Sony Ericsson Mobile Communications Ab | Mobile apparatus with remote lock and control function |
US7392390B2 (en) * | 2001-12-12 | 2008-06-24 | Valve Corporation | Method and system for binding kerberos-style authenticators to single clients |
US7409061B2 (en) * | 2000-11-29 | 2008-08-05 | Noatak Software Llc | Method and system for secure distribution of subscription-based game software |
US7437550B2 (en) * | 1999-12-02 | 2008-10-14 | Ponoi Corp. | System for providing session-based network privacy, private, persistent storage, and discretionary access control for sharing private data |
Family Cites Families (73)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
IE872626L (en) | 1987-09-29 | 1988-04-01 | Smithkline Beckman Corp | Affinity adsorbents for glycopeptide antibiotics. |
JPH06253308A (en) * | 1993-03-01 | 1994-09-09 | Fujitsu Ltd | Video communication control system |
US5473692A (en) * | 1994-09-07 | 1995-12-05 | Intel Corporation | Roving software license for a hardware agent |
US5627886A (en) * | 1994-09-22 | 1997-05-06 | Electronic Data Systems Corporation | System and method for detecting fraudulent network usage patterns using real-time network monitoring |
JP4086259B2 (en) * | 1995-08-04 | 2008-05-14 | 株式会社東芝 | Communications system |
US5864757A (en) * | 1995-12-12 | 1999-01-26 | Bellsouth Corporation | Methods and apparatus for locking communications devices |
US5974237A (en) | 1996-12-18 | 1999-10-26 | Northern Telecom Limited | Communications network monitoring |
US6181925B1 (en) * | 1997-04-09 | 2001-01-30 | Cellco Partnership | Method and apparatus for fraud control in a cellular telephone switch |
JPH10303880A (en) | 1997-05-01 | 1998-11-13 | Digital Vision Lab:Kk | Service providing system |
WO1999000958A1 (en) | 1997-06-26 | 1999-01-07 | British Telecommunications Plc | Data communications |
US6118324A (en) * | 1997-06-30 | 2000-09-12 | Xilinx, Inc. | Output driver with reduced ground bounce |
US6608676B1 (en) * | 1997-08-01 | 2003-08-19 | Kla-Tencor Corporation | System for detecting anomalies and/or features of a surface |
US6168522B1 (en) * | 1998-03-31 | 2001-01-02 | Walker Digital, Llc | Method and apparatus for operating a gaming device to dispense a specified amount |
AU4926999A (en) | 1998-07-20 | 2000-02-14 | Easynet Access Inc. | Internet billing |
US6490679B1 (en) * | 1999-01-18 | 2002-12-03 | Shym Technology, Inc. | Seamless integration of application programs with security key infrastructure |
US6542729B1 (en) * | 1999-04-27 | 2003-04-01 | Qualcomm Inc. | System and method for minimizing fraudulent usage of a mobile telephone |
WO2000078004A2 (en) | 1999-06-10 | 2000-12-21 | Alcatel Internetworking, Inc. | Policy based network architecture |
EP1059782A3 (en) | 1999-06-10 | 2004-02-04 | Lucent Technologies Inc. | Method and apparatus for dynamically allocating bandwidth utilization in a packet telephony network |
US6910135B1 (en) * | 1999-07-07 | 2005-06-21 | Verizon Corporate Services Group Inc. | Method and apparatus for an intruder detection reporting and response system |
US6965948B1 (en) | 1999-11-12 | 2005-11-15 | Telefonaktiebolaget Lm Ericsson (Publ) | Method and apparatus for selective network access |
US6643701B1 (en) * | 1999-11-17 | 2003-11-04 | Sun Microsystems, Inc. | Method and apparatus for providing secure communication with a relay in a network |
GB2359220A (en) * | 2000-02-03 | 2001-08-15 | Orange Personal Comm Serv Ltd | Handover in accordance with a network policy |
US6386894B2 (en) * | 2000-04-28 | 2002-05-14 | Texas Instruments Incorporated | Versatile interconnection scheme for beverage quality and control sensors |
DE10024584A1 (en) | 2000-05-19 | 2002-01-17 | Deutsche Telekom Mobil | Method for operating a dual or multi-band mobile radio terminal and mobile radio terminal |
US6662023B1 (en) * | 2000-07-06 | 2003-12-09 | Nokia Mobile Phones Ltd. | Method and apparatus for controlling and securing mobile phones that are lost, stolen or misused |
AU2001289010A1 (en) | 2000-09-12 | 2002-03-26 | Netmotion Wireless, Inc. | Method and apparatus for providing mobile and other intermittent connectivity ina computing environment |
WO2002041580A1 (en) | 2000-11-14 | 2002-05-23 | Siemens Aktiengesellschaft | Device and method for selecting network accesses |
JP2002158985A (en) * | 2000-11-17 | 2002-05-31 | Hitachi Ltd | Digital contents distribution system, digital contents distributing method, digital contents distributor, information processor, and digital contents recording medium |
US6973576B2 (en) * | 2000-12-27 | 2005-12-06 | Margent Development, Llc | Digital content security system |
US20020087623A1 (en) * | 2000-12-30 | 2002-07-04 | Eatough David A. | Method and apparatus for determining network topology and/or managing network related tasks |
JP2002238067A (en) * | 2001-02-07 | 2002-08-23 | Mitsubishi Electric Corp | Mobile communication system, hands-off method, and program for making computer execute the method |
JP3744361B2 (en) * | 2001-02-16 | 2006-02-08 | 株式会社日立製作所 | Security management system |
WO2002077816A1 (en) | 2001-03-21 | 2002-10-03 | Bot, Inc. | Intelligent software agent system architecture |
US7096269B2 (en) * | 2001-03-30 | 2006-08-22 | Hitachi, Ltd. | Path selection methods for storage based remote copy |
US7421083B2 (en) * | 2001-04-05 | 2008-09-02 | General Instrument Corporation | System for seamlessly updating service keys with automatic recovery |
US7603703B2 (en) | 2001-04-12 | 2009-10-13 | International Business Machines Corporation | Method and system for controlled distribution of application code and content data within a computer network |
US20030088517A1 (en) * | 2001-04-13 | 2003-05-08 | Xyleco, Inc. | System and method for controlling access and use of private information |
WO2002091662A1 (en) * | 2001-05-01 | 2002-11-14 | Vasco Data Security, Inc. | Use and generation of a session key in a secure socket layer connection |
US20020186845A1 (en) * | 2001-06-11 | 2002-12-12 | Santanu Dutta | Method and apparatus for remotely disabling and enabling access to secure transaction functions of a mobile terminal |
US7546629B2 (en) * | 2002-03-06 | 2009-06-09 | Check Point Software Technologies, Inc. | System and methodology for security policy arbitration |
US20040107360A1 (en) * | 2002-12-02 | 2004-06-03 | Zone Labs, Inc. | System and Methodology for Policy Enforcement |
US7681034B1 (en) | 2001-12-12 | 2010-03-16 | Chang-Ping Lee | Method and apparatus for securing electronic data |
US20040019786A1 (en) * | 2001-12-14 | 2004-01-29 | Zorn Glen W. | Lightweight extensible authentication protocol password preprocessing |
US7299349B2 (en) * | 2002-01-31 | 2007-11-20 | Microsoft Corporation | Secure end-to-end notification |
EP1479257B1 (en) | 2002-02-26 | 2009-03-25 | Nokia Corporation | Method and device for adapting the configuration of an application of a mobile terminal to an accessible data connection |
US20030188162A1 (en) * | 2002-03-29 | 2003-10-02 | Brant Candelore | Locking a hard drive to a host |
US7054624B2 (en) * | 2002-04-02 | 2006-05-30 | X-Cyte, Inc. | Safeguarding user data stored in mobile communications devices |
US6880079B2 (en) * | 2002-04-25 | 2005-04-12 | Vasco Data Security, Inc. | Methods and systems for secure transmission of information using a mobile device |
AU2003242944A1 (en) * | 2002-07-10 | 2004-02-02 | Koninklijke Philips Electronics N.V. | Interface selection from multiple networks |
JP2004062416A (en) * | 2002-07-26 | 2004-02-26 | Nippon Telegr & Teleph Corp <Ntt> | Method for preventing illegal access, method for downloading security policy, personal computer, and policy server |
US7042867B2 (en) * | 2002-07-29 | 2006-05-09 | Meshnetworks, Inc. | System and method for determining physical location of a node in a wireless network during an authentication check of the node |
TW537466U (en) * | 2002-08-01 | 2003-06-11 | Handlink Technologies Inc | Portable network transmission device |
US6754193B2 (en) | 2002-08-01 | 2004-06-22 | Motorola, Inc. | Method and base station controller for operating in accordance with a wireless communication protocol |
US20040028069A1 (en) * | 2002-08-07 | 2004-02-12 | Tindal Glen D. | Event bus with passive queuing and active routing |
EP1540446A2 (en) | 2002-08-27 | 2005-06-15 | TD Security, Inc., dba Trust Digital, LLC | Enterprise-wide security system for computer devices |
EP1547299B1 (en) * | 2002-09-17 | 2012-11-14 | Broadcom Corporation | Method and system for providing multiple encryption in a multi-band multi-protocol hybrid wired/wireless network |
US7448067B2 (en) * | 2002-09-30 | 2008-11-04 | Intel Corporation | Method and apparatus for enforcing network security policies |
JP4274770B2 (en) * | 2002-10-01 | 2009-06-10 | 株式会社エヌ・ティ・ティ・ドコモ | Authentication settlement method, service providing apparatus, and authentication settlement system |
AU2003279246A1 (en) * | 2002-10-10 | 2004-05-04 | Action Engine Corporation | Method and apparatus for remote control and updating of wireless mobile devices |
JP4509930B2 (en) * | 2002-10-17 | 2010-07-21 | ヴォウダフォン・グループ・ピーエルシー | Facilitating and authenticating transactions |
US7020476B2 (en) * | 2002-12-23 | 2006-03-28 | Steelcloud, Inc. | Wireless network security |
US7734549B2 (en) * | 2002-12-31 | 2010-06-08 | Motorola, Inc. | Methods and apparatus for managing secured software for a wireless device |
US7421503B1 (en) * | 2003-01-17 | 2008-09-02 | Cisco Technology, Inc. | Method and apparatus for providing multiple authentication types using an authentication protocol that supports a single type |
US7295119B2 (en) * | 2003-01-22 | 2007-11-13 | Wireless Valley Communications, Inc. | System and method for indicating the presence or physical location of persons or devices in a site specific representation of a physical environment |
EP1455499B1 (en) * | 2003-03-03 | 2009-09-09 | Nokia Corporation | Security element commanding method and mobile terminal |
US20040205749A1 (en) * | 2003-03-26 | 2004-10-14 | Lockheed Martin Corporation | System for enabling application software of data acquisition devices |
US7355506B2 (en) * | 2003-10-01 | 2008-04-08 | Microsoft Corporation | Systems and methods for deterring theft of electronic devices |
US20050186954A1 (en) * | 2004-02-20 | 2005-08-25 | Tom Kenney | Systems and methods that provide user and/or network personal data disabling commands for mobile devices |
US7549048B2 (en) * | 2004-03-19 | 2009-06-16 | Microsoft Corporation | Efficient and secure authentication of computing systems |
DK1443801T3 (en) * | 2004-04-06 | 2006-07-31 | Phonak Ag | Hearing aid and method for activating the same |
US20050262361A1 (en) * | 2004-05-24 | 2005-11-24 | Seagate Technology Llc | System and method for magnetic storage disposal |
US7444517B2 (en) * | 2004-06-03 | 2008-10-28 | International Business Machines Corporation | Method for protecting a user's password |
US7725716B2 (en) * | 2004-06-28 | 2010-05-25 | Japan Communications, Inc. | Methods and systems for encrypting, transmitting, and storing electronic information and files |
-
2005
- 2005-06-16 US US11/154,800 patent/US7760882B2/en active Active
- 2005-06-16 WO PCT/US2005/021526 patent/WO2006012058A1/en active Application Filing
- 2005-06-27 EP EP05763450A patent/EP1766926A1/en not_active Withdrawn
- 2005-06-27 WO PCT/US2005/022983 patent/WO2006004785A1/en active Application Filing
- 2005-06-27 EP EP05763690A patent/EP1766927A1/en not_active Withdrawn
- 2005-06-27 WO PCT/US2005/022586 patent/WO2006012346A1/en active Application Filing
- 2005-06-27 US US11/167,747 patent/US20060075467A1/en not_active Abandoned
- 2005-06-27 JP JP2007519370A patent/JP2008505400A/en active Pending
- 2005-06-27 US US11/167,744 patent/US20060075472A1/en not_active Abandoned
- 2005-06-27 US US11/167,745 patent/US20060072583A1/en not_active Abandoned
- 2005-06-27 US US11/167,837 patent/US20060075506A1/en not_active Abandoned
- 2005-06-27 WO PCT/US2005/022984 patent/WO2006004786A1/en active Application Filing
- 2005-06-27 JP JP2007519369A patent/JP2008504792A/en active Pending
- 2005-06-27 WO PCT/US2005/022982 patent/WO2006004784A1/en active Application Filing
- 2005-06-28 EP EP05764450A patent/EP1766928A2/en not_active Withdrawn
- 2005-06-28 US US11/170,608 patent/US20060023738A1/en not_active Abandoned
- 2005-06-28 JP JP2007519432A patent/JP2008504631A/en active Pending
- 2005-06-28 EP EP05768707A patent/EP1766931A1/en not_active Withdrawn
- 2005-06-28 WO PCT/US2005/023278 patent/WO2006004928A2/en active Application Filing
- 2005-06-28 WO PCT/US2005/023280 patent/WO2006004930A1/en active Application Filing
- 2005-06-28 JP JP2007519430A patent/JP2008504630A/en active Pending
Patent Citations (89)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US5406261A (en) * | 1993-01-11 | 1995-04-11 | Glenn; James T. | Computer security apparatus and method |
US5500517A (en) * | 1994-09-02 | 1996-03-19 | Gemplus Card International | Apparatus and method for data transfer between stand alone integrated circuit smart card terminal and remote computer of system operator |
US6198920B1 (en) * | 1995-06-01 | 2001-03-06 | Padcom, Inc. | Apparatus and method for intelligent routing of data between a remote device and a host system |
US6418324B1 (en) * | 1995-06-01 | 2002-07-09 | Padcom, Incorporated | Apparatus and method for transparent wireless communication between a remote device and host system |
US6657956B1 (en) * | 1996-03-07 | 2003-12-02 | Bull Cp8 | Method enabling secure access by a station to at least one server, and device using same |
US5835737A (en) * | 1996-05-10 | 1998-11-10 | Apple Computer, Inc. | Method and apparatus for arbitrating access to selected computer system devices |
US5953536A (en) * | 1996-09-30 | 1999-09-14 | Intel Corporation | Software-implemented tool for monitoring power management in a computer system |
US5748084A (en) * | 1996-11-18 | 1998-05-05 | Isikoff; Jeremy M. | Device security system |
US5958058A (en) * | 1997-07-18 | 1999-09-28 | Micron Electronics, Inc. | User-selectable power management interface with application threshold warnings |
US6070240A (en) * | 1997-08-27 | 2000-05-30 | Ensure Technologies Incorporated | Computer access control |
US6418533B2 (en) * | 1997-08-29 | 2002-07-09 | Compaq Information Technologies Group, L.P. | “J” system for securing a portable computer which optionally requires an entry of an invalid power on password (POP), by forcing an entry of a valid POP |
US6085084A (en) * | 1997-09-24 | 2000-07-04 | Christmas; Christian | Automated creation of a list of disallowed network points for use in connection blocking |
US6272112B1 (en) * | 1997-11-13 | 2001-08-07 | Fujitsu Limited | Repeating unit testing system and communication apparatus as well as communication method |
US20030236627A1 (en) * | 1997-12-04 | 2003-12-25 | Baker Hughes Incorporated | Use of MWD assembly for multiple-well drilling |
US20020039359A1 (en) * | 1997-12-31 | 2002-04-04 | At&T Corporation | Hybrid fiber twisted pair local loop network service architecture |
US5936526A (en) * | 1998-01-13 | 1999-08-10 | Micron Electronics, Inc. | Apparatus for generating an alarm in a portable computer system |
US7003282B1 (en) * | 1998-07-07 | 2006-02-21 | Nokia Corporation | System and method for authentication in a mobile communications system |
US20030005331A1 (en) * | 1998-08-06 | 2003-01-02 | Cryptek Secure Communications, Llc | Multi-level security network system |
US20050025184A1 (en) * | 1998-10-07 | 2005-02-03 | Dowling Eric Morgan | Virtual connection of a remote unit to a server |
US6546425B1 (en) * | 1998-10-09 | 2003-04-08 | Netmotion Wireless, Inc. | Method and apparatus for providing mobile and other intermittent connectivity in a computing environment |
US20040039607A1 (en) * | 1998-10-30 | 2004-02-26 | Steve Savitz | Medication and specimen management system |
US20030063624A1 (en) * | 1998-12-15 | 2003-04-03 | Lucent Technologies Inc. | Call admission control methods and apparatus for improving route selection in packet networks |
US6725379B1 (en) * | 1999-08-11 | 2004-04-20 | Dell Products L.P. | Stolen computer detection and protection |
US20040143470A1 (en) * | 1999-08-20 | 2004-07-22 | Myrick Conrad B. | Structure and method of modeling integrated business and information technology frameworks and architecture in support of a business |
US20040193694A1 (en) * | 1999-11-10 | 2004-09-30 | Randy Salo | Application gateway systems |
US7437550B2 (en) * | 1999-12-02 | 2008-10-14 | Ponoi Corp. | System for providing session-based network privacy, private, persistent storage, and discretionary access control for sharing private data |
US20020052968A1 (en) * | 2000-01-31 | 2002-05-02 | Rudy Bonefas | Messaging method and apparatus for routing messages in a client server environment over multiple wireless and wireline networks |
US6564047B1 (en) * | 2000-08-28 | 2003-05-13 | Motorola Inc. | Advanced air time management |
US7089553B1 (en) * | 2000-10-12 | 2006-08-08 | International Business Machines Corporation | Method, system, computer program product, and article of manufacture for downloading a remote computer program according to a stored configuration |
US6813498B1 (en) * | 2000-10-27 | 2004-11-02 | Lucent Technologies Inc. | Apparatus, method and system for detection and recovery of missing wireless devices in communication systems |
US7409061B2 (en) * | 2000-11-29 | 2008-08-05 | Noatak Software Llc | Method and system for secure distribution of subscription-based game software |
US6865162B1 (en) * | 2000-12-06 | 2005-03-08 | Cisco Technology, Inc. | Elimination of clipping associated with VAD-directed silence suppression |
US20020133584A1 (en) * | 2001-01-17 | 2002-09-19 | Greuel James R. | Method and apparatus for customizably calculating and displaying health of a computer network |
US20020099957A1 (en) * | 2001-01-24 | 2002-07-25 | Michael Kramer | Establishing a secure connection with a private corporate network over a public network |
US6947755B1 (en) * | 2001-03-16 | 2005-09-20 | Gould Lawrence A | Systems and methods for distributed processing of location information associated with emergency 911 wireless transmissions |
US7272230B2 (en) * | 2001-04-18 | 2007-09-18 | Pumpkin House Incorporated | Encryption system and control method thereof |
US20030056116A1 (en) * | 2001-05-18 | 2003-03-20 | Bunker Nelson Waldo | Reporter |
US7054594B2 (en) * | 2001-07-18 | 2006-05-30 | Data Transfer & Communication Limited | Data security device |
US20040235514A1 (en) * | 2001-07-18 | 2004-11-25 | Stephen Bloch | Data security device |
US20040199545A1 (en) * | 2001-08-14 | 2004-10-07 | Frederico Wagner | Networked disposal and replenishment apparatus |
US20030053331A1 (en) * | 2001-08-22 | 2003-03-20 | Motorola, Inc. | Magnetoresistive level generator and method |
US20030051140A1 (en) * | 2001-09-13 | 2003-03-13 | Buddhikot Milind M. | Scheme for authentication and dynamic key exchange |
US20040259538A1 (en) * | 2001-10-16 | 2004-12-23 | Victor Agbegnenou | Wireless multipurpose communication system |
US7305548B2 (en) * | 2001-10-22 | 2007-12-04 | Microsoft Corporation | Using atomic messaging to increase the security of transferring data across a network |
US7392391B2 (en) * | 2001-11-01 | 2008-06-24 | International Business Machines Corporation | System and method for secure configuration of sensitive web services |
US20030084350A1 (en) * | 2001-11-01 | 2003-05-01 | International Business Machines Corporation | System and method for secure configuration of sensitive web services |
US7392390B2 (en) * | 2001-12-12 | 2008-06-24 | Valve Corporation | Method and system for binding kerberos-style authenticators to single clients |
US7370349B2 (en) * | 2002-01-18 | 2008-05-06 | Peoplechart Corporation | Method and system for protecting information on a computer system |
US20040039807A1 (en) * | 2002-04-25 | 2004-02-26 | Angel Boveda De Miguel | Methods and arrangements in a telecommunication network |
US6996728B2 (en) * | 2002-04-26 | 2006-02-07 | Hewlett-Packard Development Company, L.P. | Managing power consumption based on utilization statistics |
US20030204748A1 (en) * | 2002-04-30 | 2003-10-30 | Tom Chiu | Auto-detection of wireless network accessibility |
US20040017360A1 (en) * | 2002-05-02 | 2004-01-29 | Emerson Harry E. | Computer keyboard having a single key providing a shift-tab function |
US20030212548A1 (en) * | 2002-05-13 | 2003-11-13 | Petty Norman W. | Apparatus and method for improved voice activity detection |
US7240366B2 (en) * | 2002-05-17 | 2007-07-03 | Microsoft Corporation | End-to-end authentication of session initiation protocol messages using certificates |
US20030217166A1 (en) * | 2002-05-17 | 2003-11-20 | Mario Dal Canto | System and method for provisioning universal stateless digital and computing services |
US20030221039A1 (en) * | 2002-05-22 | 2003-11-27 | International Business Machines Corporation | Data caching on bridge following disconnect |
US7051236B2 (en) * | 2002-06-13 | 2006-05-23 | Dell Products L.P. | Wirelessly network-connected, battery-powered information handling system featuring prevention of data corruption after wake-up by a network event |
US20030235307A1 (en) * | 2002-06-13 | 2003-12-25 | Kazuhiro Miyamoto | Encryption and decryption program |
US20030236827A1 (en) * | 2002-06-24 | 2003-12-25 | Cisco Technology, Inc. | Adaptive feedback technique implemented in Mobile IP networks |
US20040082351A1 (en) * | 2002-06-28 | 2004-04-29 | Ilkka Westman | User group creation |
US20040030887A1 (en) * | 2002-08-07 | 2004-02-12 | Harrisville-Wolff Carol L. | System and method for providing secure communications between clients and service providers |
US20040087213A1 (en) * | 2002-08-16 | 2004-05-06 | Chi-Lei Kao | Plug used for connection with a usb receptacle |
US20060059265A1 (en) * | 2002-08-27 | 2006-03-16 | Seppo Keronen | Terminal connectivity system |
US7170999B1 (en) * | 2002-08-28 | 2007-01-30 | Napster, Inc. | Method of and apparatus for encrypting and transferring files |
US20040186901A1 (en) * | 2002-09-05 | 2004-09-23 | Alain Guigui | System for managing user profile data |
US20040137964A1 (en) * | 2002-09-13 | 2004-07-15 | Steven Lynch | Wireless communication device and method for responding to solicitations |
US20040052259A1 (en) * | 2002-09-16 | 2004-03-18 | Agilent Technologies, Inc. | Measuring network operational parameters as experienced by network operational traffic |
US7239862B1 (en) * | 2002-09-19 | 2007-07-03 | Cellco Partnership | Method of and system for processing prepaid wireless data communications |
US7107349B2 (en) * | 2002-09-30 | 2006-09-12 | Danger, Inc. | System and method for disabling and providing a notification for a data processing device |
US20040064293A1 (en) * | 2002-09-30 | 2004-04-01 | Hamilton David B. | Method and system for storing and reporting network performance metrics using histograms |
US20040110488A1 (en) * | 2002-12-10 | 2004-06-10 | Nokia Corporation | System and method for performing security functions of a mobile station |
US20040123150A1 (en) * | 2002-12-18 | 2004-06-24 | Michael Wright | Protection of data accessible by a mobile device |
US7089425B2 (en) * | 2003-03-18 | 2006-08-08 | Ci4 Technologies, Inc. | Remote access authorization of local content |
US20040218587A1 (en) * | 2003-04-29 | 2004-11-04 | Sung-Hoon Kim | Private EV-DO system sharing public network data location register and data service method |
US7389123B2 (en) * | 2003-04-29 | 2008-06-17 | Sony Ericsson Mobile Communications Ab | Mobile apparatus with remote lock and control function |
US20040218605A1 (en) * | 2003-04-30 | 2004-11-04 | Telefonaktiebolaget Lm Ericsson (Publ) | Method for access selection |
US20050160280A1 (en) * | 2003-05-15 | 2005-07-21 | Caslin Michael F. | Method and system for providing fraud detection for remote access services |
US20040235522A1 (en) * | 2003-05-21 | 2004-11-25 | Alan Lin | Card facility for freely communicating with network systems |
US20070125620A1 (en) * | 2003-06-03 | 2007-06-07 | Sorenson Timothy N | Methods and systems for providing products, such as digital content including games, ring tones, and/or graphics; and services, such as computer network service including internet service |
US20040268240A1 (en) * | 2003-06-11 | 2004-12-30 | Vincent Winchel Todd | System for normalizing and archiving schemas |
US20050020315A1 (en) * | 2003-07-22 | 2005-01-27 | Robertson Ian M. | Security for mobile communications device |
US20050050323A1 (en) * | 2003-09-02 | 2005-03-03 | Authenture, Inc. | Communication session encryption and authentication system |
US20060294219A1 (en) * | 2003-10-03 | 2006-12-28 | Kazuki Ogawa | Network system based on policy rule |
US20050125474A1 (en) * | 2003-12-05 | 2005-06-09 | International Business Machines Corporation | Method and structure for transform regression |
US20070280109A1 (en) * | 2004-03-03 | 2007-12-06 | Jussi Jaatinen | Method, a Device and a System for Transferring Data |
US20050198491A1 (en) * | 2004-03-03 | 2005-09-08 | Cisco Technology, Inc., A Corporation Of California | Network security enhancement methods and devices |
US20050216736A1 (en) * | 2004-03-24 | 2005-09-29 | Smith Ned M | System and method for combining user and platform authentication in negotiated channel security protocols |
US20050273592A1 (en) * | 2004-05-20 | 2005-12-08 | International Business Machines Corporation | System, method and program for protecting communication |
US20060149414A1 (en) * | 2004-12-30 | 2006-07-06 | Carrier Corporation | Remote web access control of multiple home comfort systems |
Cited By (43)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US8417814B1 (en) * | 2004-09-22 | 2013-04-09 | Symantec Corporation | Application quality of service envelope |
US20180109502A1 (en) * | 2005-01-13 | 2018-04-19 | International Business Machines Corporation | System and method for providing a proxied contact management system |
WO2007043033A1 (en) | 2005-10-13 | 2007-04-19 | Markport Limited | Mobile network user terminal status monitoring |
US20090067394A1 (en) * | 2005-10-13 | 2009-03-12 | Gertjan Van Wingerde | Mobile Network user Terminal Status Monitoring |
US7710896B2 (en) * | 2005-12-21 | 2010-05-04 | Sri International | Ad-hoc network routing metric optimization |
US20070140129A1 (en) * | 2005-12-21 | 2007-06-21 | Packethop, Inc. | Ad-hoc network routing metric optimization |
US20070288545A1 (en) * | 2006-05-26 | 2007-12-13 | The Pnc Financial Services Group, Inc. | Network Management |
US20070288567A1 (en) * | 2006-05-26 | 2007-12-13 | The Pnc Financial Services | Network management |
US20070288554A1 (en) * | 2006-05-26 | 2007-12-13 | The Pnc Financial Services Group, Inc. | Network management |
US8135819B2 (en) | 2006-05-26 | 2012-03-13 | The Pnc Financial Services Group, Inc. | Methods and systems for network management using periodic status messages in automated teller machines |
US7752306B2 (en) | 2006-05-26 | 2010-07-06 | The Pnc Financial Services Group, Inc. | Network management for automated teller machines |
US7761550B2 (en) | 2006-05-26 | 2010-07-20 | The Pnc Financial Services Group, Inc. | Network management for a plurality of agents using periodic status messages |
US7814191B2 (en) | 2006-05-26 | 2010-10-12 | The Pnc Financial Services Group, Inc. | Methods and systems for network management using periodic status messages |
US20100274881A1 (en) * | 2006-05-26 | 2010-10-28 | Komlenic Todd M | Methods and systems for network management using periodic status messages |
WO2008063728A3 (en) * | 2006-11-20 | 2008-11-13 | At & T Knowledge Ventures Lp | Methods and apparatus to manage bandwidth in a wireless network |
US7924793B2 (en) | 2006-11-20 | 2011-04-12 | At&T Intellectual Property I, L.P. | Methods and apparatus to manage bandwidth in a wireless network |
WO2008063728A2 (en) * | 2006-11-20 | 2008-05-29 | At & T Knowledge Ventures, L.P. | Methods and apparatus to manage bandwidth in a wireless network |
US8140919B2 (en) * | 2007-10-15 | 2012-03-20 | International Business Machines Corporation | Display of data used for system performance analysis |
US20090100440A1 (en) * | 2007-10-15 | 2009-04-16 | International Business Machines Corporation | Display of data used for system performance analysis |
US20110078108A1 (en) * | 2009-09-29 | 2011-03-31 | Oracle International Corporation | Agentless data collection |
US9514024B2 (en) * | 2009-09-29 | 2016-12-06 | Oracle International Corporation | Agentless data collection |
US20120289187A1 (en) * | 2010-02-01 | 2012-11-15 | Netmotion Wireless, Inc. | Public wireless network performance management system with mobile device data collection agents |
US10198398B2 (en) * | 2010-02-01 | 2019-02-05 | Netmotion Wireless, Inc. | Public wireless network performance management system with mobile device data collection agents |
US10298477B2 (en) | 2010-06-29 | 2019-05-21 | Microsoft Technology Licensing, Llc | Flexible and safe monitoring of computers |
US9274842B2 (en) | 2010-06-29 | 2016-03-01 | Microsoft Technology Licensing, Llc | Flexible and safe monitoring of computers |
US8396828B2 (en) * | 2010-09-14 | 2013-03-12 | Microsoft Corporation | Providing lightweight multidimensional online data storage for web service usage reporting |
US20120066204A1 (en) * | 2010-09-14 | 2012-03-15 | Microsoft Corporation | Providing lightweight multidimensional online data storage for web service usage reporting |
US20130294392A1 (en) * | 2011-04-21 | 2013-11-07 | Huizhou Tcl Mobile Communication Co., Ltd. | Mobile terminal and access point name managing method thereof |
US8989740B2 (en) * | 2011-12-17 | 2015-03-24 | Motorola Solutions, Inc. | Method and apparatus for selecting one of a plurality of networks for an application service based upon performance metrics for the application service |
US20130157708A1 (en) * | 2011-12-17 | 2013-06-20 | Motorola Solutions, Inc. | Method and apparatus for selecting one of a plurality of networks for an application service based upon performance metrics for the application service |
US20150113589A1 (en) * | 2013-10-01 | 2015-04-23 | Robert K. Lemaster | Authentication server enhancements |
US9578005B2 (en) * | 2013-10-01 | 2017-02-21 | Robert K Lemaster | Authentication server enhancements |
TWI620452B (en) * | 2014-09-08 | 2018-04-01 | 英特爾公司 | Automatic device configuration |
CN106576216A (en) * | 2014-09-08 | 2017-04-19 | 英特尔公司 | Automatic device configuration |
WO2016040073A1 (en) * | 2014-09-08 | 2016-03-17 | Intel Corporation | Automatic device configuration |
US10411958B2 (en) | 2014-09-08 | 2019-09-10 | Intel Corporation | Automatic device configuration |
US20160105345A1 (en) * | 2014-10-13 | 2016-04-14 | Belkin International Inc. | Mesh network transmission decisions based on node performance metrics |
US9819556B2 (en) * | 2014-10-13 | 2017-11-14 | Belkin International Inc. | Mesh network transmission decisions based on node performance metrics |
US10031831B2 (en) | 2015-04-23 | 2018-07-24 | International Business Machines Corporation | Detecting causes of performance regression to adjust data systems |
US10805195B2 (en) * | 2015-06-12 | 2020-10-13 | Level 3 Communications, Llc | Network operational flaw detection using metrics |
US10887316B2 (en) * | 2017-10-27 | 2021-01-05 | Cleverdome, Inc. | Software defined network for creating a trusted network system |
CN108768694A (en) * | 2018-04-25 | 2018-11-06 | 安徽展航信息科技发展有限公司 | A kind of campus hot spot autonomous management platform |
US10949322B2 (en) | 2019-04-08 | 2021-03-16 | Hewlett Packard Enterprise Development Lp | Collecting performance metrics of a device |
Also Published As
Publication number | Publication date |
---|---|
WO2006012058A1 (en) | 2006-02-02 |
JP2008505400A (en) | 2008-02-21 |
WO2006004786A1 (en) | 2006-01-12 |
WO2006004930A1 (en) | 2006-01-12 |
US20060075467A1 (en) | 2006-04-06 |
WO2006004785A1 (en) | 2006-01-12 |
US20060064588A1 (en) | 2006-03-23 |
WO2006004928A2 (en) | 2006-01-12 |
EP1766926A1 (en) | 2007-03-28 |
EP1766928A2 (en) | 2007-03-28 |
US20060075506A1 (en) | 2006-04-06 |
WO2006004928A3 (en) | 2006-05-18 |
JP2008504792A (en) | 2008-02-14 |
JP2008504631A (en) | 2008-02-14 |
US20060075472A1 (en) | 2006-04-06 |
US7760882B2 (en) | 2010-07-20 |
JP2008504630A (en) | 2008-02-14 |
US20060023738A1 (en) | 2006-02-02 |
EP1766931A1 (en) | 2007-03-28 |
WO2006012346A1 (en) | 2006-02-02 |
WO2006004784A1 (en) | 2006-01-12 |
EP1766927A1 (en) | 2007-03-28 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US20060072583A1 (en) | Systems and methods for monitoring and displaying performance metrics | |
US9609460B2 (en) | Cloud based mobile device security and policy enforcement | |
US9473537B2 (en) | Cloud based mobile device management systems and methods | |
US10554402B2 (en) | System for retrieval of email certificates from remote certificate repository | |
US9369433B1 (en) | Cloud based social networking policy and compliance systems and methods | |
US9350644B2 (en) | Secure and lightweight traffic forwarding systems and methods to cloud based network security systems | |
US8522318B2 (en) | Enabling dynamic authentication with different protocols on the same port for a switch | |
US7355996B2 (en) | Systems and methods for adaptive monitoring with bandwidth constraints | |
US7865584B2 (en) | Network service performance monitoring apparatus and methods | |
EP1949644B1 (en) | Remote access to resources | |
US20020075844A1 (en) | Integrating public and private network resources for optimized broadband wireless access and method | |
US7324804B2 (en) | Systems and methods for dynamic sensor discovery and selection | |
US8041812B2 (en) | System and method for supplicant based accounting and access | |
US20050246767A1 (en) | Method and apparatus for network security based on device security status | |
US20080155645A1 (en) | Network-implemented method using client's geographic location to determine protection suite | |
US10469671B2 (en) | Network-based per-application data usage limitations | |
US8656154B1 (en) | Cloud based service logout using cryptographic challenge response | |
US6985697B2 (en) | Method and system for wirelessly managing the operation of a network appliance over a limited distance | |
CN105187380A (en) | Secure access method and system | |
US20050068912A1 (en) | Method and system for wirelessly providing an update to a network appliance | |
US10986136B1 (en) | Methods for application management and monitoring and devices thereof | |
CA2287094C (en) | Method and apparatus for providing a process for registering with a plurality of independent services | |
US20220321607A1 (en) | Security enforcement and assurance utilizing policy control framework and security enhancement of analytics function in communication network | |
CN111385113B (en) | Differential access method and system for VPN server cluster |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
AS | Assignment |
Owner name: JAPAN COMMUNICATIONS, INC., JAPAN Free format text: ASSIGNMENT OF ASSIGNORS INTEREST;ASSIGNORS:SANDA, FRANK SEIJI;FUKUDA, NAOHISA;LAVES, EDWARD W.;AND OTHERS;REEL/FRAME:017109/0119;SIGNING DATES FROM 20050912 TO 20060119 |
|
STCB | Information on status: application discontinuation |
Free format text: ABANDONED -- FAILURE TO RESPOND TO AN OFFICE ACTION |