Patents by Inventor Roger Chickering
Roger Chickering has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).
-
Patent number: 10523656Abstract: A policy device grants access to a client device, without authenticating the client device, when the client device provides a session identifier to the policy device that was previously granted to the client device by a second policy device upon authenticating the client device by the second policy device. In one example, a policy device includes a network interface that receives a session identifier from a client device, wherein the policy device comprises an individually administered autonomous policy server, and an authorization module that grants the client device access to a network protected by the policy device based on the session identifier without authenticating the client device by the policy device. In this manner, the client device need not provide authentication information multiple times within a short time span, and the policy device can deallocate resources when a session migrates to a second policy device.Type: GrantFiled: August 20, 2018Date of Patent: December 31, 2019Assignee: Pulse Secure, LLCInventor: Roger A. Chickering
-
Publication number: 20190097995Abstract: A policy device grants access to a client device, without authenticating the client device, when the client device provides a session identifier to the policy device that was previously granted to the client device by a second policy device upon authenticating the client device by the second policy device. In one example, a policy device includes a network interface that receives a session identifier from a client device, wherein the policy device comprises an individually administered autonomous policy server, and an authorization module that grants the client device access to a network protected by the policy device based on the session identifier without authenticating the client device by the policy device. In this manner, the client device need not provide authentication information multiple times within a short time span, and the policy device can deallocate resources when a session migrates to a second policy device.Type: ApplicationFiled: August 20, 2018Publication date: March 28, 2019Inventor: Roger A. Chickering
-
Patent number: 10075432Abstract: A device may include an authentication server and a server. The authentication server may receive a first form of a password from a client device in accordance with an authentication protocol, and authenticate the client device based on a comparison of the first form to a value derived from a second form of the password stored in a password database, where the comparison fails when the first form is not comparable to a value derived from the second form. The server may establish a secure connection to the client, receive a plain-text password from the client device over the secure connection, authenticate the client device by comparing a value derived from the plain-text password with a value derived from the second form, and update the password database with a third form of the password that permits the authentication server to successfully authenticate the client device when the authentication server receives the first form.Type: GrantFiled: July 13, 2016Date of Patent: September 11, 2018Assignee: Pulse Secure, LLCInventors: Andy Tsang, Roger A. Chickering, Clifford E. Kahn, Jeffrey C. Venable, Sr.
-
Patent number: 10057239Abstract: A policy device grants access to a client device, without authenticating the client device, when the client device provides a session identifier to the policy device that was previously granted to the client device by a second policy device upon authenticating the client device by the second policy device. In one example, a policy device includes a network interface that receives a session identifier from a client device, wherein the policy device comprises an individually administered autonomous policy server, and an authorization module that grants the client device access to a network protected by the policy device based on the session identifier without authenticating the client device by the policy device. In this manner, the client device need not provide authentication information multiple times within a short time span, and the policy device can deallocate resources when a session migrates to a second policy device.Type: GrantFiled: December 31, 2009Date of Patent: August 21, 2018Assignee: Pulse Secure, LLCInventor: Roger A. Chickering
-
Patent number: 10050804Abstract: Methods, systems, and computer programs are presented for managing a network in the presence of layer-2 loops. One method includes an operation for detecting, by a network device, a loop at a layer 2 of a network. The network device is configured to execute a network device operation system (ndOS), where network devices executing ndOS share a global switch table. The method further includes an operation for blocking ports associated with the loop where incoming packets received at the blocked ports are discarded except for loop-probe packets. Further, the method includes operations for sending loop-probe packets by one or more network devices executing ndOS through one or more ports, and for unblocking a first port of the blocked ports based on the loop-probe packets when a lack of receipt of a loop-probe packet within a predetermined amount of time is detected for the first blocked port which indicates that the first blocked port is not part of the loop.Type: GrantFiled: June 1, 2016Date of Patent: August 14, 2018Assignee: Pluribus Networks, Inc.Inventors: Roger Chickering, Sunay Tripathi
-
Patent number: 9858104Abstract: A network switch includes ports, memory, and a processor. The switch is operable to switch packets of a layer 2 network, and the memory is for storing a tunneling engine computer program. The processor executes the tunneling engine, where the processor identifies a second switch operable to switch layer-2 network packets. The identification includes detecting that the second switch is connected to the network switch over a layer 3 connection, and the tunneling engine creates a tunnel over the layer 3 connection between the switches to exchange layer-2 packets. The tunnels encapsulates and decapsulates the packets that are exchanged between the switches. When the processor determines that a packet from a first node to a second node that is connected to the second switch, the processor creates an encapsulation flow on the network switch to encapsulate packets from the first node to the second node over the tunnel.Type: GrantFiled: September 21, 2015Date of Patent: January 2, 2018Assignee: Pluribus Networks, Inc.Inventors: Sunay Tripathi, Roger Chickering, Jon Gainsley
-
Publication number: 20170353328Abstract: Methods, systems, and computer programs are presented for managing a network in the presence of layer-2 loops. One method includes an operation for detecting, by a network device, a loop at a layer 2 of a network. The network device is configured to execute a network device operation system (ndOS), where network devices executing ndOS share a global switch table. The method further includes an operation for blocking ports associated with the loop where incoming packets received at the blocked ports are discarded except for loop-probe packets. Further, the method includes operations for sending loop-probe packets by one or more network devices executing ndOS through one or more ports, and for unblocking a first port of the blocked ports based on the loop-probe packets when a lack of receipt of a loop-probe packet within a predetermined amount of time is detected for the first blocked port which indicates that the first blocked port is not part of the loop.Type: ApplicationFiled: June 1, 2016Publication date: December 7, 2017Inventors: Roger Chickering, Sunay Tripathi
-
Patent number: 9621502Abstract: A graphical user interface between a user of a computer service and the computer service includes a list of other users of the computer service selected by the user as significant to the user and an icon associated with one of the other listed users indicating that a communication has occurred between the user and the other user.Type: GrantFiled: July 8, 2016Date of Patent: April 11, 2017Assignee: AOL Inc.Inventors: Mitchell Chapin Green, Roger Chickering, David Gang
-
Patent number: 9596268Abstract: A system includes a virtual machine (VM) server and a policy engine server. The VM server includes two or more guest operating systems and an agent. The agent is configured to collect information from the two or more guest operating systems. The policy engine server is configured to: receive the information from the agent; generate access control information for a first guest OS, of the two or more guest operating systems, based on the information; and configure an enforcer based on the access control information.Type: GrantFiled: February 12, 2015Date of Patent: March 14, 2017Assignee: Juniper Networks, Inc.Inventors: Krishna Narayanaswamy, Roger A. Chickering, Steven A. Malmskog
-
Patent number: 9497179Abstract: A method may include obtaining a layer two identification of an endpoint that is seeking access to a network, the endpoint omitting an agent to communicate a layer three address of the endpoint to a policy node, applying one or more authentication rules based on the layer two identification of the endpoint, assigning the layer three address to the endpoint, learning, by the policy node, the layer three address of the endpoint, and provisioning layer three access for the endpoint to the network based on the learned layer three address.Type: GrantFiled: January 6, 2014Date of Patent: November 15, 2016Assignee: Juniper Networks, Inc.Inventor: Roger A. Chickering
-
Publication number: 20160323263Abstract: A device may include an authentication server and a server. The authentication server may receive a first form of a password from a client device in accordance with an authentication protocol, and authenticate the client device based on a comparison of the first form to a value derived from a second form of the password stored in a password database, where the comparison fails when the first form is not comparable to a value derived from the second form. The server may establish a secure connection to the client, receive a plain-text password from the client device over the secure connection, authenticate the client device by comparing a value derived from the plain-text password with a value derived from the second form, and update the password database with a third form of the password that permits the authentication server to successfully authenticate the client device when the authentication server receives the first form.Type: ApplicationFiled: July 13, 2016Publication date: November 3, 2016Inventors: Andy Tsang, Roger A. Chickering, Clifford E. Kahn, Jeffrey C. Venable, SR.
-
Publication number: 20160323228Abstract: A graphical user interface between a user of a computer service and the computer service includes a list of other users of the computer service selected by the user as significant to the user and an icon associated with one of the other listed users indicating that a communication has occurred between the user and the other user.Type: ApplicationFiled: July 8, 2016Publication date: November 3, 2016Inventors: Mitchell Chapin GREEN, Roger CHICKERING, David GANG
-
Patent number: 9479538Abstract: An endpoint integrity system controls access to resources of a protected network for endpoint devices attempting to access the protected network. The system may include a number of evaluation modules that communicate with an endpoint device. The evaluation modules generate policy results for the endpoint device, in which each of the policy results assume one of three or more states, called a multi-state policy result. The multi-state policy results are combined to produce a combined Boolean policy result.Type: GrantFiled: January 31, 2014Date of Patent: October 25, 2016Assignee: Juniper Networks, Inc.Inventors: Roger Chickering, Stephen R. Hanna, Paul Funk, Panagiotis Kougiouris, Paul James Kirner
-
Patent number: 9401913Abstract: A device may include an authentication server and a server. The authentication server may receive a first form of a password from a client device in accordance with an authentication protocol, and authenticate the client device based on a comparison of the first form to a value derived from a second form of the password stored in a password database, where the comparison fails when the first form is not comparable to a value derived from the second form. The server may establish a secure connection to the client, receive a plain-text password from the client device over the secure connection, authenticate the client device by comparing a value derived from the plain-text password with a value derived from the second form, and update the password database with a third form of the password that permits the authentication server to successfully authenticate the client device when the authentication server receives the first form.Type: GrantFiled: March 17, 2015Date of Patent: July 26, 2016Assignee: Pulse Secure, LLCInventors: Andy Tsang, Roger A. Chickering, Clifford E. Kahn, Jeffrey C. Venable, Sr.
-
Patent number: 9398010Abstract: In general, techniques are described for provisioning layer two access in computer networks. A network device located in a public network comprising an interface and a control unit may implement the techniques. The interface establishes a session with a mobile device. The control unit requests security state data identifying a security state of the mobile device via the established session. The interface receives a mobile device identifier and the security state data from the mobile device via the session. The mobile device identifier identifies the mobile device. The control unit publishes the security state information to a database such that the security state information is associated with the mobile device identifier.Type: GrantFiled: March 23, 2015Date of Patent: July 19, 2016Assignee: Pulse Secure LLCInventors: Roger A. Chickering, Jeffrey C. Venable, Sr.
-
Patent number: 9391941Abstract: A graphical user interface between a user of a computer service and the computer service includes a list of other users of the computer service selected by the user as significant to the user and an icon associated with one of the other listed users indicating that a communication has occurred between the user and the other user.Type: GrantFiled: July 17, 2015Date of Patent: July 12, 2016Assignee: AOL Inc.Inventors: Mitchell Chapin Green, Roger Chickering, David Gang
-
Patent number: 9350704Abstract: A method may include determining one or more rules and communicating the one or more rules to a firewall, where the firewall receives a data unit and determines, based on the one or more rules, whether to forward the data unit to a destination address; receiving a redirection of a device from the firewall when the firewall determines not to forward the data unit to the destination address; receiving an indication that the firewall did not forward the data unit to the destination address; and determining a new rule to allow the firewall to forward the data unit to the destination address and communicating the new rule to the firewall; and redirecting the device to the destination address.Type: GrantFiled: August 8, 2014Date of Patent: May 24, 2016Assignee: Juniper Networks, Inc.Inventor: Roger A. Chickering
-
Publication number: 20160087885Abstract: A network switch includes ports, memory, and a processor. The switch is operable to switch packets of a layer 2 network, and the memory is for storing a tunneling engine computer program. The processor executes the tunneling engine, where the processor identifies a second switch operable to switch layer-2 network packets. The identification includes detecting that the second switch is connected to the network switch over a layer 3 connection, and the tunneling engine creates a tunnel over the layer 3 connection between the switches to exchange layer-2 packets. The tunnels encapsulates and decapsulates the packets that are exchanged between the switches. When the processor determines that a packet from a first node to a second node that is connected to the second switch, the processor creates an encapsulation flow on the network switch to encapsulate packets from the first node to the second node over the tunnel.Type: ApplicationFiled: September 21, 2015Publication date: March 24, 2016Inventors: Sunay Tripathi, Roger Chickering, Jon Gainsley
-
Patent number: 9264420Abstract: A method may include authenticating a device to a first server, where the device includes an agent; receiving a request, in the first server from a second server, to verify the authenticity of the device, where the device is not authenticated to the second server; sending a browser plug-in to the device to communicate with the agent for verifying the authenticity of the device; receiving, in the first server, a message from the agent verifying the authenticity of the device; and sending a message from the first server to the second server to authenticate the device to the second server.Type: GrantFiled: January 6, 2014Date of Patent: February 16, 2016Assignee: Juniper Networks, Inc.Inventors: Roger A. Chickering, Paul Funk
-
Publication number: 20150358271Abstract: A graphical user interface between a user of a computer service and the computer service includes a list of other users of the computer service selected by the user as significant to the user and an icon associated with one of the other listed users indicating that a communication has occurred between the user and the other user.Type: ApplicationFiled: July 17, 2015Publication date: December 10, 2015Inventors: Mitchell Chapin GREEN, Roger CHICKERING, David GANG