Patents by Inventor Roger A. Chickering

Roger A. Chickering has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).

  • Patent number: 10523656
    Abstract: A policy device grants access to a client device, without authenticating the client device, when the client device provides a session identifier to the policy device that was previously granted to the client device by a second policy device upon authenticating the client device by the second policy device. In one example, a policy device includes a network interface that receives a session identifier from a client device, wherein the policy device comprises an individually administered autonomous policy server, and an authorization module that grants the client device access to a network protected by the policy device based on the session identifier without authenticating the client device by the policy device. In this manner, the client device need not provide authentication information multiple times within a short time span, and the policy device can deallocate resources when a session migrates to a second policy device.
    Type: Grant
    Filed: August 20, 2018
    Date of Patent: December 31, 2019
    Assignee: Pulse Secure, LLC
    Inventor: Roger A. Chickering
  • Publication number: 20190097995
    Abstract: A policy device grants access to a client device, without authenticating the client device, when the client device provides a session identifier to the policy device that was previously granted to the client device by a second policy device upon authenticating the client device by the second policy device. In one example, a policy device includes a network interface that receives a session identifier from a client device, wherein the policy device comprises an individually administered autonomous policy server, and an authorization module that grants the client device access to a network protected by the policy device based on the session identifier without authenticating the client device by the policy device. In this manner, the client device need not provide authentication information multiple times within a short time span, and the policy device can deallocate resources when a session migrates to a second policy device.
    Type: Application
    Filed: August 20, 2018
    Publication date: March 28, 2019
    Inventor: Roger A. Chickering
  • Patent number: 10075432
    Abstract: A device may include an authentication server and a server. The authentication server may receive a first form of a password from a client device in accordance with an authentication protocol, and authenticate the client device based on a comparison of the first form to a value derived from a second form of the password stored in a password database, where the comparison fails when the first form is not comparable to a value derived from the second form. The server may establish a secure connection to the client, receive a plain-text password from the client device over the secure connection, authenticate the client device by comparing a value derived from the plain-text password with a value derived from the second form, and update the password database with a third form of the password that permits the authentication server to successfully authenticate the client device when the authentication server receives the first form.
    Type: Grant
    Filed: July 13, 2016
    Date of Patent: September 11, 2018
    Assignee: Pulse Secure, LLC
    Inventors: Andy Tsang, Roger A. Chickering, Clifford E. Kahn, Jeffrey C. Venable, Sr.
  • Patent number: 10057239
    Abstract: A policy device grants access to a client device, without authenticating the client device, when the client device provides a session identifier to the policy device that was previously granted to the client device by a second policy device upon authenticating the client device by the second policy device. In one example, a policy device includes a network interface that receives a session identifier from a client device, wherein the policy device comprises an individually administered autonomous policy server, and an authorization module that grants the client device access to a network protected by the policy device based on the session identifier without authenticating the client device by the policy device. In this manner, the client device need not provide authentication information multiple times within a short time span, and the policy device can deallocate resources when a session migrates to a second policy device.
    Type: Grant
    Filed: December 31, 2009
    Date of Patent: August 21, 2018
    Assignee: Pulse Secure, LLC
    Inventor: Roger A. Chickering
  • Patent number: 10050804
    Abstract: Methods, systems, and computer programs are presented for managing a network in the presence of layer-2 loops. One method includes an operation for detecting, by a network device, a loop at a layer 2 of a network. The network device is configured to execute a network device operation system (ndOS), where network devices executing ndOS share a global switch table. The method further includes an operation for blocking ports associated with the loop where incoming packets received at the blocked ports are discarded except for loop-probe packets. Further, the method includes operations for sending loop-probe packets by one or more network devices executing ndOS through one or more ports, and for unblocking a first port of the blocked ports based on the loop-probe packets when a lack of receipt of a loop-probe packet within a predetermined amount of time is detected for the first blocked port which indicates that the first blocked port is not part of the loop.
    Type: Grant
    Filed: June 1, 2016
    Date of Patent: August 14, 2018
    Assignee: Pluribus Networks, Inc.
    Inventors: Roger Chickering, Sunay Tripathi
  • Patent number: 9858104
    Abstract: A network switch includes ports, memory, and a processor. The switch is operable to switch packets of a layer 2 network, and the memory is for storing a tunneling engine computer program. The processor executes the tunneling engine, where the processor identifies a second switch operable to switch layer-2 network packets. The identification includes detecting that the second switch is connected to the network switch over a layer 3 connection, and the tunneling engine creates a tunnel over the layer 3 connection between the switches to exchange layer-2 packets. The tunnels encapsulates and decapsulates the packets that are exchanged between the switches. When the processor determines that a packet from a first node to a second node that is connected to the second switch, the processor creates an encapsulation flow on the network switch to encapsulate packets from the first node to the second node over the tunnel.
    Type: Grant
    Filed: September 21, 2015
    Date of Patent: January 2, 2018
    Assignee: Pluribus Networks, Inc.
    Inventors: Sunay Tripathi, Roger Chickering, Jon Gainsley
  • Publication number: 20170353328
    Abstract: Methods, systems, and computer programs are presented for managing a network in the presence of layer-2 loops. One method includes an operation for detecting, by a network device, a loop at a layer 2 of a network. The network device is configured to execute a network device operation system (ndOS), where network devices executing ndOS share a global switch table. The method further includes an operation for blocking ports associated with the loop where incoming packets received at the blocked ports are discarded except for loop-probe packets. Further, the method includes operations for sending loop-probe packets by one or more network devices executing ndOS through one or more ports, and for unblocking a first port of the blocked ports based on the loop-probe packets when a lack of receipt of a loop-probe packet within a predetermined amount of time is detected for the first blocked port which indicates that the first blocked port is not part of the loop.
    Type: Application
    Filed: June 1, 2016
    Publication date: December 7, 2017
    Inventors: Roger Chickering, Sunay Tripathi
  • Patent number: 9621502
    Abstract: A graphical user interface between a user of a computer service and the computer service includes a list of other users of the computer service selected by the user as significant to the user and an icon associated with one of the other listed users indicating that a communication has occurred between the user and the other user.
    Type: Grant
    Filed: July 8, 2016
    Date of Patent: April 11, 2017
    Assignee: AOL Inc.
    Inventors: Mitchell Chapin Green, Roger Chickering, David Gang
  • Patent number: 9596268
    Abstract: A system includes a virtual machine (VM) server and a policy engine server. The VM server includes two or more guest operating systems and an agent. The agent is configured to collect information from the two or more guest operating systems. The policy engine server is configured to: receive the information from the agent; generate access control information for a first guest OS, of the two or more guest operating systems, based on the information; and configure an enforcer based on the access control information.
    Type: Grant
    Filed: February 12, 2015
    Date of Patent: March 14, 2017
    Assignee: Juniper Networks, Inc.
    Inventors: Krishna Narayanaswamy, Roger A. Chickering, Steven A. Malmskog
  • Patent number: 9497179
    Abstract: A method may include obtaining a layer two identification of an endpoint that is seeking access to a network, the endpoint omitting an agent to communicate a layer three address of the endpoint to a policy node, applying one or more authentication rules based on the layer two identification of the endpoint, assigning the layer three address to the endpoint, learning, by the policy node, the layer three address of the endpoint, and provisioning layer three access for the endpoint to the network based on the learned layer three address.
    Type: Grant
    Filed: January 6, 2014
    Date of Patent: November 15, 2016
    Assignee: Juniper Networks, Inc.
    Inventor: Roger A. Chickering
  • Publication number: 20160323228
    Abstract: A graphical user interface between a user of a computer service and the computer service includes a list of other users of the computer service selected by the user as significant to the user and an icon associated with one of the other listed users indicating that a communication has occurred between the user and the other user.
    Type: Application
    Filed: July 8, 2016
    Publication date: November 3, 2016
    Inventors: Mitchell Chapin GREEN, Roger CHICKERING, David GANG
  • Publication number: 20160323263
    Abstract: A device may include an authentication server and a server. The authentication server may receive a first form of a password from a client device in accordance with an authentication protocol, and authenticate the client device based on a comparison of the first form to a value derived from a second form of the password stored in a password database, where the comparison fails when the first form is not comparable to a value derived from the second form. The server may establish a secure connection to the client, receive a plain-text password from the client device over the secure connection, authenticate the client device by comparing a value derived from the plain-text password with a value derived from the second form, and update the password database with a third form of the password that permits the authentication server to successfully authenticate the client device when the authentication server receives the first form.
    Type: Application
    Filed: July 13, 2016
    Publication date: November 3, 2016
    Inventors: Andy Tsang, Roger A. Chickering, Clifford E. Kahn, Jeffrey C. Venable, SR.
  • Patent number: 9479538
    Abstract: An endpoint integrity system controls access to resources of a protected network for endpoint devices attempting to access the protected network. The system may include a number of evaluation modules that communicate with an endpoint device. The evaluation modules generate policy results for the endpoint device, in which each of the policy results assume one of three or more states, called a multi-state policy result. The multi-state policy results are combined to produce a combined Boolean policy result.
    Type: Grant
    Filed: January 31, 2014
    Date of Patent: October 25, 2016
    Assignee: Juniper Networks, Inc.
    Inventors: Roger Chickering, Stephen R. Hanna, Paul Funk, Panagiotis Kougiouris, Paul James Kirner
  • Patent number: 9401913
    Abstract: A device may include an authentication server and a server. The authentication server may receive a first form of a password from a client device in accordance with an authentication protocol, and authenticate the client device based on a comparison of the first form to a value derived from a second form of the password stored in a password database, where the comparison fails when the first form is not comparable to a value derived from the second form. The server may establish a secure connection to the client, receive a plain-text password from the client device over the secure connection, authenticate the client device by comparing a value derived from the plain-text password with a value derived from the second form, and update the password database with a third form of the password that permits the authentication server to successfully authenticate the client device when the authentication server receives the first form.
    Type: Grant
    Filed: March 17, 2015
    Date of Patent: July 26, 2016
    Assignee: Pulse Secure, LLC
    Inventors: Andy Tsang, Roger A. Chickering, Clifford E. Kahn, Jeffrey C. Venable, Sr.
  • Patent number: 9398010
    Abstract: In general, techniques are described for provisioning layer two access in computer networks. A network device located in a public network comprising an interface and a control unit may implement the techniques. The interface establishes a session with a mobile device. The control unit requests security state data identifying a security state of the mobile device via the established session. The interface receives a mobile device identifier and the security state data from the mobile device via the session. The mobile device identifier identifies the mobile device. The control unit publishes the security state information to a database such that the security state information is associated with the mobile device identifier.
    Type: Grant
    Filed: March 23, 2015
    Date of Patent: July 19, 2016
    Assignee: Pulse Secure LLC
    Inventors: Roger A. Chickering, Jeffrey C. Venable, Sr.
  • Patent number: 9391941
    Abstract: A graphical user interface between a user of a computer service and the computer service includes a list of other users of the computer service selected by the user as significant to the user and an icon associated with one of the other listed users indicating that a communication has occurred between the user and the other user.
    Type: Grant
    Filed: July 17, 2015
    Date of Patent: July 12, 2016
    Assignee: AOL Inc.
    Inventors: Mitchell Chapin Green, Roger Chickering, David Gang
  • Patent number: 9350704
    Abstract: A method may include determining one or more rules and communicating the one or more rules to a firewall, where the firewall receives a data unit and determines, based on the one or more rules, whether to forward the data unit to a destination address; receiving a redirection of a device from the firewall when the firewall determines not to forward the data unit to the destination address; receiving an indication that the firewall did not forward the data unit to the destination address; and determining a new rule to allow the firewall to forward the data unit to the destination address and communicating the new rule to the firewall; and redirecting the device to the destination address.
    Type: Grant
    Filed: August 8, 2014
    Date of Patent: May 24, 2016
    Assignee: Juniper Networks, Inc.
    Inventor: Roger A. Chickering
  • Publication number: 20160087885
    Abstract: A network switch includes ports, memory, and a processor. The switch is operable to switch packets of a layer 2 network, and the memory is for storing a tunneling engine computer program. The processor executes the tunneling engine, where the processor identifies a second switch operable to switch layer-2 network packets. The identification includes detecting that the second switch is connected to the network switch over a layer 3 connection, and the tunneling engine creates a tunnel over the layer 3 connection between the switches to exchange layer-2 packets. The tunnels encapsulates and decapsulates the packets that are exchanged between the switches. When the processor determines that a packet from a first node to a second node that is connected to the second switch, the processor creates an encapsulation flow on the network switch to encapsulate packets from the first node to the second node over the tunnel.
    Type: Application
    Filed: September 21, 2015
    Publication date: March 24, 2016
    Inventors: Sunay Tripathi, Roger Chickering, Jon Gainsley
  • Patent number: 9264420
    Abstract: A method may include authenticating a device to a first server, where the device includes an agent; receiving a request, in the first server from a second server, to verify the authenticity of the device, where the device is not authenticated to the second server; sending a browser plug-in to the device to communicate with the agent for verifying the authenticity of the device; receiving, in the first server, a message from the agent verifying the authenticity of the device; and sending a message from the first server to the second server to authenticate the device to the second server.
    Type: Grant
    Filed: January 6, 2014
    Date of Patent: February 16, 2016
    Assignee: Juniper Networks, Inc.
    Inventors: Roger A. Chickering, Paul Funk
  • Publication number: 20150358271
    Abstract: A graphical user interface between a user of a computer service and the computer service includes a list of other users of the computer service selected by the user as significant to the user and an icon associated with one of the other listed users indicating that a communication has occurred between the user and the other user.
    Type: Application
    Filed: July 17, 2015
    Publication date: December 10, 2015
    Inventors: Mitchell Chapin GREEN, Roger CHICKERING, David GANG