Patents by Inventor Paul Funk
Paul Funk has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).
-
Patent number: 9479538Abstract: An endpoint integrity system controls access to resources of a protected network for endpoint devices attempting to access the protected network. The system may include a number of evaluation modules that communicate with an endpoint device. The evaluation modules generate policy results for the endpoint device, in which each of the policy results assume one of three or more states, called a multi-state policy result. The multi-state policy results are combined to produce a combined Boolean policy result.Type: GrantFiled: January 31, 2014Date of Patent: October 25, 2016Assignee: Juniper Networks, Inc.Inventors: Roger Chickering, Stephen R. Hanna, Paul Funk, Panagiotis Kougiouris, Paul James Kirner
-
Patent number: 9264420Abstract: A method may include authenticating a device to a first server, where the device includes an agent; receiving a request, in the first server from a second server, to verify the authenticity of the device, where the device is not authenticated to the second server; sending a browser plug-in to the device to communicate with the agent for verifying the authenticity of the device; receiving, in the first server, a message from the agent verifying the authenticity of the device; and sending a message from the first server to the second server to authenticate the device to the second server.Type: GrantFiled: January 6, 2014Date of Patent: February 16, 2016Assignee: Juniper Networks, Inc.Inventors: Roger A. Chickering, Paul Funk
-
Patent number: 8800006Abstract: A method may include authenticating a node over layer 2 in a network based on authentication rules; sending a node authentication code to the node; and providing layer 3 network access based on the node authentication code.Type: GrantFiled: August 31, 2012Date of Patent: August 5, 2014Assignee: Juniper Networks, Inc.Inventors: Roger Chickering, Derek Brown, Paul Funk, Oliver Tavakoli
-
Publication number: 20140150053Abstract: An endpoint integrity system controls access to resources of a protected network for endpoint devices attempting to access the protected network. The system may include a number of evaluation modules that communicate with an endpoint device. The evaluation modules generate policy results for the endpoint device, in which each of the policy results assume one of three or more states, called a multi-state policy result. The multi-state policy results are combined to produce a combined Boolean policy result.Type: ApplicationFiled: January 31, 2014Publication date: May 29, 2014Applicant: JUNIPER NETWORKS, INC.Inventors: Roger CHICKERING, Stephen R. HANNA, Paul FUNK, Panagiotis KOUGIOURIS, Paul James KIRNER
-
Publication number: 20140137225Abstract: A method may include authenticating a device to a first server, where the device includes an agent; receiving a request, in the first server from a second server, to verify the authenticity of the device, where the device is not authenticated to the second server; sending a browser plug-in to the device to communicate with the agent for verifying the authenticity of the device; receiving, in the first server, a message from the agent verifying the authenticity of the device; and sending a message from the first server to the second server to authenticate the device to the second server.Type: ApplicationFiled: January 6, 2014Publication date: May 15, 2014Applicant: Juniper Networks, Inc.Inventors: Roger A. CHICKERING, Paul Funk
-
Patent number: 8644167Abstract: An endpoint integrity system controls access to resources of a protected network for endpoint devices attempting to access the protected network. The system may include a number of evaluation modules that communicate with an endpoint device. The evaluation modules generate policy results for the endpoint device, in which each of the policy results assume one of three or more states, called a multi-state policy result. The multi-state policy results are combined to produce a combined Boolean policy result.Type: GrantFiled: January 14, 2013Date of Patent: February 4, 2014Assignee: Juniper Networks, Inc.Inventors: Roger Allen Chickering, Stephen Hanna, Paul Funk, Panagiotis Kougiouris, Paul James Kirner
-
Patent number: 8627493Abstract: A method may include authenticating a device to a first server, where the device includes an agent; receiving a request, in the first server from a second server, to verify the authenticity of the device, where the device is not authenticated to the second server; sending a browser plug-in to the device to communicate with the agent for verifying the authenticity of the device; receiving, in the first server, a message from the agent verifying the authenticity of the device; and sending a message from the first server to the second server to authenticate the device to the second server.Type: GrantFiled: January 8, 2008Date of Patent: January 7, 2014Assignee: Juniper Networks, Inc.Inventors: Roger A. Chickering, Paul Funk
-
Patent number: 8369224Abstract: An endpoint integrity system controls access to resources of a protected network for endpoint devices attempting to access the protected network. The system may include a number of evaluation modules that communicate with an endpoint device. The evaluation modules generate policy results for the endpoint device, in which each of the policy results assume one of three or more states, called a multi-state policy result. The multi-state policy results are combined to produce a combined Boolean policy result.Type: GrantFiled: September 8, 2006Date of Patent: February 5, 2013Assignee: Juniper Networks, Inc.Inventors: Roger Chickering, Stephen R. Hanna, Paul Funk, Panagiotis Kouriouris, Paul James Kirner
-
Publication number: 20120331530Abstract: A method may include authenticating a node over layer 2 in a network based on authentication rules; sending a node authentication code to the node; and providing layer 3 network access based on the node authentication code.Type: ApplicationFiled: August 31, 2012Publication date: December 27, 2012Applicant: Juniper Networks, Inc.Inventors: Roger Chickering, Derek Brown, Paul Funk, Oliver Tavakoli
-
Patent number: 8281371Abstract: A method may include authenticating a node over layer 2 in a network based on authentication rules; sending a node authentication code to the node; and providing layer 3 network access based on the node authentication code.Type: GrantFiled: April 30, 2007Date of Patent: October 2, 2012Assignee: Juniper Networks, Inc.Inventors: Roger Chickering, Derek Brown, Paul Funk, Oliver Tavakoli
-
Patent number: 8225095Abstract: Communicating keys between network devices on a network using asymmetric cryptographic techniques, for which asymmetric keys may be derived from a single (same) password. Knowledge or partial knowledge of the password may be the only information shared between parties prior to execution of a key exchange, and may be the only criteria by which one party will base trust in the other. A first network device may encrypt a key using a password-based key derived from a password, and authenticate a second device based on the second network device's ability to decrypt the encrypted key using a key derived from the same password. Knowledge of the password may be conveyed by the second device to the first device—a session key may be generated as a function of the decrypted key, and a function of this session key may be communicated from the second device to the first device.Type: GrantFiled: December 22, 2010Date of Patent: July 17, 2012Assignee: Juniper Networks, Inc.Inventor: Paul Funk
-
Patent number: 8108904Abstract: A controller may receive a request from an endpoint and determine whether the endpoint connects via a first network or a second network. The controller may download first software to the endpoint when the endpoint connects via the first network, where the first software facilitates authentication of the endpoint via another device and instructs the endpoint to not store information regarding the controller. The controller may download second software to the endpoint when the endpoint connects via the second network, where the second software facilitates authentication of the endpoint by the device and instructs the endpoint to store information regarding the controller.Type: GrantFiled: September 29, 2006Date of Patent: January 31, 2012Assignee: Juniper Networks, Inc.Inventors: Roger Chickering, Paul Funk
-
Publication number: 20110107101Abstract: Communicating keys between network devices on a network using asymmetric cryptographic techniques, for which asymmetric keys may be derived from a single (same) password. Knowledge or partial knowledge of the password may be the only information shared between parties prior to execution of a key exchange, and may be the only criteria by which one party will base trust in the other. A first network device may encrypt a key using a password-based key derived from a password, and authenticate a second device based on the second network device's ability to decrypt the encrypted key using a key derived from the same password. Knowledge of the password may be conveyed by the second device to the first device—a session key may be generated as a function of the decrypted key, and a function of this session key may be communicated from the second device to the first device.Type: ApplicationFiled: December 22, 2010Publication date: May 5, 2011Applicant: JUNIPER NETWORKS, INC.Inventor: Paul Funk
-
Patent number: 7886335Abstract: In general, techniques are described for managing multiple access policies in a network access control system. An endpoint device may send, to a policy decision point (“PDP”), a request to communicate on a network. When the PDP receives such an access request, the PDP typically identifies a set of access policies to be enforced with regard to the endpoint device and causes the identified access policies to be enforced with regard to the endpoint device. These access policies may specify rights to communicate on networks and/or rights to communicate with server resources and/or endpoint configuration requirements. However, because the endpoint device may issue multiple access requests, conflicting sets of access policies may potentially be enforced with regard to the endpoint device. The techniques described herein ensure that only a consistent set of access policies are enforced with regard to the endpoint device when accessing the network.Type: GrantFiled: July 12, 2007Date of Patent: February 8, 2011Assignee: Juniper Networks, Inc.Inventors: Roger A. Chickering, Paul Funk, Paul J. Kirner
-
Patent number: 7861078Abstract: Communicating keys between network devices on a network using asymmetric cryptographic techniques, for which asymmetric keys may be derived from a single (same) password. Knowledge or partial knowledge of the password may be the only information shared between parties prior to execution of a key exchange, and may be the only criteria by which one party will base trust in the other. A first network device may encrypt a key using a password-based key derived from a password, and authenticate a second device based on the second network device's ability to decrypt the encrypted key using a key derived from the same password. Knowledge of the password may be conveyed by the second device to the first device—a session key may be generated as a function of the decrypted key, and a function of this session key may be communicated from the second device to the first device.Type: GrantFiled: October 13, 2006Date of Patent: December 28, 2010Assignee: Juniper Networks, Inc.Inventor: Paul Funk
-
Publication number: 20100306542Abstract: Communicating keys between network devices on a network using asymmetric cryptographic techniques, for which asymmetric keys may be derived from a single (same) password. Knowledge or partial knowledge of the password may be the only information shared between parties prior to execution of a key exchange, and may be the only criteria by which one party will base trust in the other. A first network device may encrypt a key using a password-based key derived from a password, and authenticate a second device based on the second network device's ability to decrypt the encrypted key using a key derived from the same password. Knowledge of the password may be conveyed by the second device to the first device—a session key may be generated as a function of the decrypted key, and a function of this session key may be communicated from the second device to the first device.Type: ApplicationFiled: October 13, 2006Publication date: December 2, 2010Inventor: Paul Funk
-
Patent number: 7363500Abstract: Systems and methods for preventing a Man-in-the-Middle attack on a communications network, without combining encryption keys of an inner authentication protocol and a tunneling protocol encapsulating the inner authentication protocol. The performance of a hash function may be split between two network devices on the communications network. For example, in response to a challenge issued by a tunnel server, a client may initiate performance of a hash function using only a first part only of the challenge and generate an intermediate result of the hash function (i.e., a preliminary hash). The client then may transmit the preliminary hash to the tunnel server as part of a response to the challenge. The tunnel server then may complete the hash function using the preliminary hash and the remaining part of the challenge to produce a final hash. The final hash then may be used to authenticate a user.Type: GrantFiled: December 3, 2003Date of Patent: April 22, 2008Assignee: Juniper Networks, Inc.Inventor: Paul Funk
-
Publication number: 20050125663Abstract: Systems and methods for preventing a Man-in-the-Middle attack on a communications network, without combining encryption keys of an inner authentication protocol and a tunneling protocol encapsulating the inner authentication protocol. The performance of a hash function may be split between two network devices on the communications network. For example, in response to a challenge issued by a tunnel server, a client may initiate performance of a hash function using only a first part only of the challenge and generate an intermediate result of the hash function (i.e., a preliminary hash). The client then may transmit the preliminary hash to the tunnel server as part of a response to the challenge. The tunnel server then may complete the hash function using the preliminary hash and the remaining part of the challenge to produce a final hash. The final hash then may be used to authenticate a user.Type: ApplicationFiled: December 3, 2003Publication date: June 9, 2005Applicant: Funk Software, Inc.Inventor: Paul Funk
-
Publication number: 20050046183Abstract: A flexible air hose comprises a plurality of hose sections, each having at one end a female portion and at an opposite end a male portion coupled inside the female portion of an adjacent hose section. A loop coupling fastener is attached to an inside surface of the female portion, and a corresponding area of an outside surface of the male portion. A single slit extends from an end edge of the female portion of the hose section longitudinally along the hose section such that the female portion can be opened along the slit to facilitate positioning the male portion inside the female portion. A flap can be provided to cover the slit, and extend past the slit end to reduce air leakage. A wear strip can be wrapped around the hose.Type: ApplicationFiled: September 2, 2003Publication date: March 3, 2005Inventors: Donald Adams, James Yausie, Paul Funk, Robert Kallio
-
Patent number: 5721779Abstract: Apparatus for verifying the identity of a party are disclosed, the apparatus including a database memory that stores a password signal encrypted by operation of a one-way commutative function; a number generator that generates an non-repeating number or signal representative thereof; and a processor element that can generate a challenge signal as a function of the number signal and a selected one-way commutative function and that can further generate a key signal as a function of the encrypted password signal and the number. The system includes a communication port for transmitting the generated challenge signal to a party requesting access to the secure system and for receiving a response from the party; and further includes a comparator element for comparing the received response with the generated key signal and for generating a match signal that indicates whether the response signal received from the party is substantially identical to the encrypted password signal stored in the database memory.Type: GrantFiled: August 28, 1995Date of Patent: February 24, 1998Assignee: Funk Software, Inc.Inventor: Paul Funk