Identity-based networking

Description

BACKGROUND

A wide area network (WAN) is a computer network covering a large geographical area. Typically, a WAN is used to connect local area networks (LANs) together. A WAN can involve a vast array of network devices, network resources, and the like. The most well-known WAN is the Internet.

Organizations often have a separate LAN for every regional office. Each LAN is connected to each other thereby forming the organization's WAN. When a user travels from one office to another, the user can access his/her network resources over the WAN, such as email, calendar and task list. However, the user will not have the same IP address, access to local network resources, firewall settings, etc., because the user is accessing the LAN remotely.

The foregoing examples of the related art and limitations related therewith are intended to be illustrative and not exclusive. Other limitations of the related art will become apparent to those of skill in the art upon a reading of the specification and a study of the drawings.

SUMMARY

The following embodiments and aspects thereof are described and illustrated in conjunction with systems, tools, and methods that are meant to be exemplary and illustrative, not limiting in scope. In various embodiments, one or more of the above-described problems have been reduced or eliminated, while other embodiments are directed to other improvements.

A technique for identity based networking involves virtual LAN (VLAN) tunneling between mobility domains. An example of a system according to the technique includes a WAN, a first VLAN, a second VLAN, and a network database. The first VLAN, the second VLAN and the network database are coupled to the WAN. The network database includes VLAN information. In operation, a client that is authorized on the second VLAN attempts to connect to the first VLAN. A switch in the WAN performs a lookup in the network database and determines that the client is authorized on the second VLAN. Based on this information, the client is connected to the second VLAN using VLAN tunneling.

In alternate embodiments, the switch can be a network domain member and the system can further include a network domain seed. The network domain seed can be coupled to the network domain member and the network database can be stored on the network domain seed. In order to perform a lookup in the network database, the network domain member can query the network domain seed for information.

In another embodiment, the system can further include a second network domain seed and a second network domain member. The second network domain seed can be coupled to the first network domain seed and the second network domain member. The first network domain member can tunnel to the second network domain seed to connect the client to the second VLAN. In another example, the network database can be stored on the second network domain seed and can include IP addresses for switches on the WAN, VLAN names, and VLAN tunnel affinities.

In another embodiment, the system can further include a third network domain member that supports the second VLAN. The second network domain member can have a first tunnel affinity and the third network domain member can have a second tunnel affinity. The client can tunnel to the network domain member with the highest tunnel affinity. In other embodiments, the network domain seeds and the network domain members can be in geographically distinct locations.

In another embodiment, the system can further include a first access point, a second access point, and a third access point. Each of the access points can be coupled to the switch. The access points can be used to triangulate the position of the client in order to pinpoint the client's exact location.

An example of a method according to the technique involves receiving a log-in request from a client. The log-in request is received on a first VLAN. VLAN information associated with the client configuration on a second VLAN is provided. Using the VLAN information, the client is determined to be configured on the second VLAN. The client is then connected to the second VLAN using VLAN tunneling.

In additional embodiments, the method can involve a first network domain member and a second network domain member. The log-in request can be received by the first network domain member. The first network domain member can tunnel to the second network domain member in order to connect the client to the second VLAN. The method can also involve a network domain seed and a network database. The network domain seed can be queried for the VLAN information and a lookup can be performed in the network database.

In another embodiment, information can be retrieved from a plurality of network domain seeds that are coupled to the WAN. The VLAN information can include tunnel affinity information of two network domain members. The tunnel affinities can be compared and the client connected to the network domain member with the highest tunnel affinity.

Advantageously, the technique can be used to connect a remote client to an appropriate VLAN over WAN links. This technique allows a remote user to have the same experience as if connected locally. For example, the client can have the same IP address, network permissions and access to network resources while being in a geographically distinct location. These and other advantages of the present invention will become apparent to those skilled in the art upon a reading of the following descriptions and a study of the several figures of the drawings.

BRIEF DESCRIPTION OF THE DRAWINGS

Embodiments of the inventions are illustrated in the figures. However, the embodiments and figures are illustrative rather than limiting; they provide examples of the invention.

FIG. 1 depicts an example of a system for identity based networking.

FIG. 2 depicts an alternative example of a system for identity based networking.

FIG. 3 depicts an alternative example of a system for identity based networking.

FIG. 4 depicts an alternative example of a system for identity based networking.

FIG. 5 depicts an example of a location system.

FIG. 6 depicts a flow chart of an example of a method for identity based networking.

FIG. 7 depicts a flow chart of an alternative example of a method for identity based networking.

FIG. 8 depicts a flow chart of an alternative example of a method for identity based networking.

FIG. 9 depicts a flow chart of an alternative example of a method for identify based networking.

FIG. 10 depicts a flow chart of an example of a method for client location.

DETAILED DESCRIPTION

In the following description, several specific details are presented to provide a thorough understanding of embodiments of the invention. One skilled in the relevant art will recognize, however, that the invention can be practiced without one or more of the specific details, or in combination with other components, etc. In other instances, well-known implementations or operations are not shown or described in detail to avoid obscuring aspects of various embodiments, of the invention.

FIG. 1 depicts an example of a system 100 for identity based networking. In the example of FIG. 1, the system 100 includes a WAN 102, a first VLAN 104, a second VLAN 106, and a network database 108. In the example of FIG. 1, the WAN 102 is coupled to the first VLAN 104 and the second VLAN 106. The network database 108 is also coupled to the WAN 102.

In an embodiment, the network database 108 can contain a variety of information, including, but not limited to, VLAN information, tunnel affinity information, an IP address for switches and/or clients on the WAN and/or VLAN, a mac address for switches and/or clients on the WAN and/or VLAN, log-in information, network permissions, etc. In another embodiment, the network database can be a forwarding database, such as is described in co-pending U.S. patent application Ser. No. 11/351,104 by Manish Tiwari entitled “System and Method for Network Integrity,” filed Feb. 8, 2006, which is incorporated herein by reference. The network database 108 can be populated by relaying network information from switches over the WAN 102 and storing the network information in the network database 108. In another embodiment, the network database 108 can be duplicatively stored on any number of switches in the network. Additionally, the network database 108 can be distributed and shared among the switches in the network rather than stored in a central location.

In the example of FIG. 1, in operation, a client 110 attempts to connect to the first VLAN 104. The attempt can be facilitated in any convenient and/or know manner, manual or automatic, including, but not limited to, logging into the network, connecting to the network via a wired or wireless connection, being detected by network components, attempting to use network resources, etc. A switch (not shown) on the network performs a lookup in the network database 108. The network database 108 contains information that the client is authorized on the second VLAN 106. Based on this information, the client 110 is connected to the second VLAN 106 via VLAN tunneling 112.

VLAN tunneling 112 can be accomplished using any convenient and/or known technique. By way of example but not limitation, tunneling can be executed on the application layer, transport layer, network layer and/or data link layer in a data network system. Tunneling can be achieved using a variety of protocols (depending on the network layer utilized), such as, by way of example and not limitation, the DNS, TLS/SSL, TFTP, FTP, HTTP, IMAP, IRC, NNTP, POP3, SIP, SMTP, SNMP, SSH, TELNET, BitTorrent, RTP, rlogin, ENRP, TCP, UDP, DCCP, SCTP, IL, RUDP, IPv4, IPv6, ICMP, IGMP, ARP, RARP, Wi-Fi, Token ring, PPP, SLIP, FDDI, ATM, Frame Relay, and/or SMDS protocol. In other embodiments, additional layers and protocols can be used that facilitate VLAN tunneling.

FIG. 2 depicts an alternative example of a system 200 for identity based networking. In the example of FIG. 2, the system 200 includes a WAN 202, a VLAN 204 and a VLAN 206. In the example of FIG. 2, the WAN 202 includes a network domain seed 208. The VLAN 204 includes a network domain member 210 and the VLAN 206 includes a network domain 212.

In the example of FIG. 2, the WAN 202 is connected to the VLAN 204 and the VLAN 206. The connection is facilitated by the network domain seed 208 which is coupled to the network domain member 210 and the network domain member 212. A network database 214 is located on the network domain seed 208. In alternate embodiments, the network database 214 can be located in any convenient and/or known location, including, but not limited to, the network domain member 210 and/or the network domain member 212.

In the example of FIG. 2, in operation, a client 216 attempts to connect to the VLAN 204. The client 216 attempts this connection by logging on to the network through the network domain member 210. In an embodiment, the client 216 can be a wired or wireless client and the network domain member 210 can be a switch that provides wired or wireless access. In another embodiment, the network domain member 210 can be a switch as described in co-pending U.S. patent application Ser. No. 11/351,104 by Manish Tiwari entitled “System and Method for Network Integrity,” filed Feb. 8, 2006.

In the example of FIG. 2, in operation, after the client 216 attempts to log-on to the network, the network domain member 210 queries the network domain seed 208 for VLAN information. The network domain seed 208 performs a lookup in the network database 214. The network database 214 provides that the client 216 is authorized on the VLAN 206. The network domain seed 208 relays the information to the network domain member 210. Based on the information, the network domain member 210 creates a tunnel 218 to the network domain member 212 facilitating the connection of the client 216 to the VLAN 206.

FIG. 3 depicts an alternative example of a system 300 for identity based networking. In the example of FIG. 3, the system 300 includes a network domain seed 302, a network domain seed 304, a network domain member 306, a network domain member 308, a network database 310, and a network database 312. The network domain seed 302 is coupled to the network domain seed 304 and the network domain member 306. The network domain seed 304 is additionally coupled to the network domain member 308. In the example of FIG. 3, the network database 310 is stored on the network domain seed 302 and the network database 304 is stored on the network domain seed 312. In an embodiment, the network database 310 and the network database 312 store the same information. In other embodiments, the information stored in the network databases 310, 312 can be different.

In the example of FIG. 3, in operation, a client 314, who may be authorized on a second VLAN, attempts to connect to the network domain member 306 which supports a first VLAN. The network domain member 306 queries the network domain seed 302 for VLAN information. The network domain seed 310 performs a lookup in the network database 310. The network database 310 is populated with information received from the network domain seed 312. In another embodiment, the network database 310 could be populated with information received from theoretically any number of network domain seeds. In an embodiment, the information can be used to identify the VLAN(s) each network domain member supports. In an alternative embodiment, one or both of the network databases can be removed and the network domain seed 302 can query the network domain seed 304 to determine which VLAN the network domain member 308 supports.

In the example of FIG. 3, in operation, after performing a lookup in the network database 310, the network domain seed 302 relays VLAN information to the network domain member 306. The VLAN information provides, for example, that the client 314 is authorized on the second VLAN. The VLAN information may also provide that the second VLAN is supported by the network domain member 308. Based on the VLAN information, the network domain member 306 tunnels to the network domain member 308. Advantageously, the client 314 is connected to the second VLAN via a VLAN tunnel 316.

FIG. 4 depicts an alternative example of a system 400 for identity based networks. In the example of FIG. 4, the system 400 includes a network domain seed 402, a network domain seed 404, a network domain member 406, a network domain member 408, a network domain member 410, and a network database 412. As shown, the network domain seed 402 is coupled to the network domain seed 404. The network domain member 406 is coupled to the network domain seed 402. The network domain member 408 and the network domain member 410 are coupled to the network domain seed 404. The network database 412 is coupled to and accessible by the network domain seed 402 and the network domain seed 404. In the example of FIG. 4, the network domain member 406 supports a first VLAN while the network domain member 408 and the network domain member 410 support a second VLAN.

In the example of FIG. 4, in operation, a client 414 attempts to connect to the network domain member 406. The network domain member 406 queries the network domain seed 402 for VLAN information. The network domain seed 402 retrieves VLAN information from the network database 412. The VLAN information provides, for example, that the client 414 is authorized on the second VLAN. The VLAN information may also provide that the network domain member 408 and/or the network domain member 410 support the second VLAN. In addition, the VLAN information may provide that the tunnel affinity for the network domain member 408 is higher than the tunnel affinity for the network domain member 410. Based on this information, the network domain member 406 creates a VLAN tunnel 416 to the network domain member 408 and the client 414 is connected to the second VLAN.

FIG. 5 depicts a location system 500. In the example of FIG. 5, the system 500 includes a switch 502, an access point 504, an access point 506, and an access point 508. The access point 504, the access point 506 and the access point 508 are coupled to the switch 502. The switch 502 can be network domain member and/or a network domain seed. The access points can provide wired and/or wireless access to a network. Further, the switch and access points can be as describe in co-pending U.S. patent application Ser. No. 11/351,104 by Manish Tiwari entitled “System and Method for Network Integrity,” filed Feb. 8, 2006.

In the example of FIG. 5, in operation, a client 510 is detected by the system 500. Specifically, in the example of FIG. 5, the access point 504, the access point 506 and the access point 508 detect the client 510. The client 510 can detected by any known and/or convenient technique, including, by way of example but not limitation, sniffing for transmitted packets, monitoring access of network resources, providing network connectivity, etc. Once the client 510 is detected by the access points 504, 506, 508, the precise location of the client 510 can be calculated using any convenient and/or known technique, including, by way of example but not limitation, triangulation techniques in one or more dimensions. In other embodiments, additional access points can be coupled to the switch 502 or access points can be taken away. If additional access points are coupled to the switch 502, the location of the client may become more precise while if access points are taken away, the location of the client may become less defined.

FIG. 6 depicts a flowchart 600 of an example of a method for identity based networking. FIG. 6 is intended to illustrate connecting a client to an appropriate VLAN using VLAN tunneling. In the example of FIG. 6, the flowchart 600 starts at module 602 where a log-in request is received. The log-in request can be received by any convenient and/or known device on a network, including, by way of example and not limitation, a switch, access point, router, computer, server, etc. In addition, the log-in request can be made by a client and/or any other convenient and/or known device that can log-in to a network.

In the example of FIG. 6, the flowchart 600 continues at module 604 where VLAN information is retrieved. The VLAN information can be retrieved by any convenient and/or known device using any convenient and/or known technique. By way of example but not limitation, a first switch can query a second switch for VLAN information. The second switch can relay the information to the first switch in response to the query. In another example, a switch can perform a look-up in a network database to retrieve VLAN information. The network database can be located on the switch itself or accessible over the network. In yet another example, a first switch can query a second switch and the second switch can perform a lookup in a network database. The network database can be located on the second switch or accessible by the second switch over a network.

In the example of FIG. 6, the flowchart 600 continues at module 606 where an appropriate VLAN is determined. The appropriate VLAN can be determined by the VLAN information retrieved. In addition, the appropriate VLAN can be determined by a combination of the VLAN information retrieved and the characteristics of the log-in request.

In the example of FIG. 6, the flowchart 600 continues at module 608 where a connection to the appropriate VLAN is established. The connection can be established using any convenient and/or known technique. For example, and not limitation, a VLAN tunnel can be created for a client that is authorized on a VLAN supported by a remote switch.

FIG. 7 depicts a flowchart 700 of an alternative example of a method for identity based networking. FIG. 7 is intended to illustrate retrieving VLAN information. In the example of FIG. 7, the flowchart 700 starts at module 702 where VLAN information is queried. The query can be facilitated using any known and/or convenient technique capable of retrieving information from a database. For example, and not limitation, a first switch can query a second switch and/or a network database for VLAN information.

In the example of FIG. 7, the flowchart 700 continues at module 704 where a lookup is performed in a network database. The lookup can be performed by any device coupled to the database and/or any device that the database is stored. For example, and not limitation, the second switch can perform a lookup in a network database located locally and relay the retrieved information to the first switch. In another example, the first switch can perform a lookup in a network database that is coupled to the network.

FIG. 8 depicts a flowchart 800 of an alternative example of a method for identify based networking. FIG. 8 is intended to illustrate another method of retrieving VLAN information. In the example of 8, the flowchart 800 starts at module 802 where VLAN information is queried. The query can be facilitated using any known and/or convenient technique capable of retrieving information from a database. For example, and not limitation, a network domain member can query a network domain seed for VLAN information.

In the example of FIG. 8, the flowchart 800 continues at module 804 where information is retrieved from a plurality of network domain seeds. The information can be stored on the plurality of network domain seeds and/or can be accessed by the network domain seeds over the network. For example, and not limitation, after receiving a query, a network domain seed can query all other network domain seeds for VLAN information and relay the retrieved information to the network domain member.

FIG. 9 depicts a flowchart 900 of an alternative example of a method for identify based networking. FIG. 9 is intended to illustrate a method of connecting to a switch having the highest tunnel affinity. In the example of FIG. 9, the flowchart 900 starts with module 902 where tunnel affinity information is compared. The tunnel affinity information can be compared for two switches that support the same VLAN. For example, and not limitation, a client that is authorized on a VLAN can connect to any member that supports the VLAN. If two or more members support the VLAN, then the tunnel affinity for each member is compared and a connection is made to the member with the highest tunneling affinity.

In the example of FIG. 9, the flowchart 900 continues with module 904 where a connection is made to the member with the highest tunnel affinity. The connection can be made using any known and/or convenient technique capable of connecting one network member to another. For example, and not limitation, a first network member can create a VLAN tunnel to a second network member in order to connect a client to an authorized VLAN.

FIG. 10 depicts a flowchart 1000 of an example of a method for client location. FIG. 10 is intended to illustrate a method of locating a client that is accessing a network. In the example of FIG. 10, the flowchart 1000 starts with module 1002 where a client's location is queried. The query for a client's location can be made by any convenient and/or known device coupled to the network. For example, and not limitation, the query can be made by via a command line interface, network management software, computer, switch, router and/or any other convenient and/or known device capable of sending commands on a network.

In the example of FIG. 10, the flowchart 1000 continues at module 1004 where the location of the initial log-in request in returned. In one example, the location of the client can be sent from a switch that received the client's initial log-in request. In another example, the location of the client can be sent from a network domain seed that provided VLAN information to a switch that queried for the information. In yet another example, the switches on the ends of a VLAN tunnel can return the location of the initial log-in request.

Using the systems and/or methods depicted in the above examples, the client has the same experience from a remote location as the client would have from being local. For example, a client can have the same IP address, same network permissions, and same access to network resources even though the client logs-on in a geographically distinct area. These characteristics are extremely beneficial in lower costs and increasing efficiency.

As used herein, the term “embodiment” means an embodiment that serves to illustrate by way of example but not limitation.

It will be appreciated to those skilled in the art that the preceding examples and embodiments are exemplary and not limiting to the scope of the present invention. It is intended that all permutations, enhancements, equivalents, and improvements thereto that are apparent to those skilled in the art upon a reading of the specification and a study of the drawings are included within the true spirit and scope of the present invention. It is therefore intended that the following appended claims include all such modifications, permutations and equivalents as fall within the true spirit and scope of the present invention.

Claims

1. A system, comprising: a first network domain seed configured to be coupled to (1) a first network domain member supporting a first virtual local area network (VLAN) and (2) a network database storing authorization information of a client, the first network domain seed being physically separate from the first network domain member;the first network domain seed configured to be coupled to a second network domain seed coupled to (1) a second network domain member supporting a second VLAN and (2) the network database, the second network domain seed being physically separate from the second network domain member;the first network domain seed configured to receive a query from the first network domain member, the query indicating that the client is attempting to connect to the second VLAN through the first network domain member;the first network domain seed configured (1) to perform a lookup in the network database based on the query to determine that the client is authorized on the second network domain member, and (2) authorize the client to connect to the second network domain member through the first network domain member via VLAN tunneling.
2. The system of claim 1, wherein the network database is stored remotely from both the first network domain seed and the second network domain seed.
3. The system of claim 1, wherein the network database is stored on the second network domain seed.
4. The system of claim 1, wherein the second network domain member has a first tunnel affinity with respect to the first VLAN, the system further comprising: a third network domain member configured to support the second VLAN, the third network domain member having a second tunnel affinity with respect to the first VLAN;in operation, the first network domain member tunneling to the second network domain member instead of the third network domain member based, at least in part, on the first tunnel affinity.
5. The system of claim 1, wherein the first network domain seed, the second network domain seed, the first network domain member, and the second network domain member are in geographically distinct locations.
6. The system of claim 1, wherein the network database includes IP addresses for network switches, VLAN names, and VLAN tunnel affinities.
7. A system as recited in claim 1, further comprising at least three access points configured to be coupled to the first network domain member, a location of the client being determinable by triangulation using data detected by the at least three access points.
8. A method comprising: receiving, at a first network domain member, a log-in request from a client coupled to the first network domain member supporting a first virtual local area network (VLAN), the first network domain member being physically separate from a first network domain seed;sending, from the first network domain member a query to the first network domain seed requesting VLAN information associated with a client configuration on a second network domain member supporting a second VLAN;receiving the VLAN information at the first network domain member;determining, using the VLAN information, that the client is configured on the second network domain member; andconnecting the client from the first network domain member to the second network domain member via VLAN tunneling.
9. The method of claim 8, wherein a network database storing the VLAN information is stored locally with respect to the first network domain seed.
10. The method of claim 8, the method further comprising sending a query to a second network domain seed supporting the second network domain member requesting VLAN information associated with the client configuration.
11. The method of claim 8, wherein the VLAN information includes tunnel affinity information of (1) the second network domain member with respect to the first network domain member, and (2) a third network domain member supporting the second VLAN with respect to the first network domain member, further comprising: defining a comparison between the tunnel affinity information of the second network domain member to the tunnel affinity information of the third network domain member; andconnecting the client to the first network domain member via the second network domain member based on the comparison.
12. The method of claim 8, further comprising: querying for a location of the client; andreturning a location of a network domain member that received an initial log-in request of the client.
13. A system comprising: a first network domain member configured to (1) support a first virtual local area network (VLAN) and (2) receive a log-in request from a client (i) coupled to a first network domain member, and (ii) authorized to connect to a second VLAN, the first network domain member being physically separate from a network domain seed;the first network domain member configured to query a network domain seed for VLAN information associated with a client configuration on the second network domain member;the first network domain member configured to connect the client to the second VLAN via a VLAN tunnel based on the VLAN information received in response to the query.
14. The system of claim 13, wherein a network database is stored locally with respect to the first network domain seed.
15. The system of claim 13, wherein the first network domain member is configured to query a second network domain seed coupled to the second network domain member.
16. The system of claim 13, wherein the VLAN information includes tunnel affinity information of (1) the second network domain member with respect to the first network domain member, and (2) a third network domain member supporting the second VLAN with respect to the first network domain member, wherein: the first network domain member is configured to define a comparison of the tunnel affinity information of the second network domain member to the tunnel affinity information of the third network domain member; andthe first network domain member is configured to connect the client to the first network domain member via the second network domain member based on the comparison.
17. The system of claim 13, wherein: the first network domain member is configured to query the client's location;the first network domain member is configured to include the client's location in the log-in request.

CROSS-REFERENCE TO RELATED APPLICATIONS

This Application is a continuation of U.S. application Ser. No. 11/400,165, filed on Apr. 5, 2006 (now U.S. Pat. No. 7,551,619), which claims the benefit of U.S. Provisional Application No. 60/727,025 filed on Oct. 13, 2005, and U.S. Provisional Application No. 60/728,096 filed on Oct. 18, 2005, all of which are incorporated by reference.

US Referenced Citations (254)

Number	Name	Date	Kind
3641433	Mifflin et al.	Feb 1972	A
4168400	De Couasnon et al.	Sep 1979	A
4176316	DeRoas et al.	Nov 1979	A
4247908	Lockhart et al.	Jan 1981	A
4291401	Bachmann	Sep 1981	A
4291409	Weinberg et al.	Sep 1981	A
4409470	Shepard et al.	Oct 1983	A
4460120	Shepard et al.	Jul 1984	A
4475208	Ricketts	Oct 1984	A
4494238	Groth, Jr.	Jan 1985	A
4500987	Hasegawa	Feb 1985	A
4503533	Tobagi et al.	Mar 1985	A
4550414	Guinon et al.	Oct 1985	A
4562415	McBiles	Dec 1985	A
4630264	Wah et al.	Dec 1986	A
4635221	Kerr	Jan 1987	A
4639914	Winters	Jan 1987	A
4644523	Horwitz	Feb 1987	A
4672658	Kavehrad	Jun 1987	A
4673805	Shepard et al.	Jun 1987	A
4707839	Andren et al.	Nov 1987	A
4730340	Frazier	Mar 1988	A
4736095	Shepard et al.	Apr 1988	A
4740792	Sagey et al.	Apr 1988	A
4758717	Shepard et al.	Jul 1988	A
4760586	Takeda	Jul 1988	A
4789983	Acampora et al.	Dec 1988	A
4829540	Waggener et al.	May 1989	A
4850009	Zook et al.	Jul 1989	A
4872182	Mcrae et al.	Oct 1989	A
4894842	Brockhaven et al.	Jan 1990	A
4901307	Gilhousen et al.	Feb 1990	A
4933952	Albrieux et al.	Jun 1990	A
4933953	Yagi	Jun 1990	A
4995053	Simpson et al.	Feb 1991	A
5008899	Yamamoto	Apr 1991	A
5029183	Tymes	Jul 1991	A
5103459	Gilhousen et al.	Apr 1992	A
5103461	Tymes	Apr 1992	A
5142550	Tymes	Aug 1992	A
5151919	Dent	Sep 1992	A
5157687	Tymes	Oct 1992	A
5187575	Lim	Feb 1993	A
5231633	Hluchy et al.	Jul 1993	A
5280498	Tymes et al.	Jan 1994	A
5285494	Sprecher et al.	Feb 1994	A
5339316	Diepstraten	Aug 1994	A
5371783	Rose et al.	Dec 1994	A
5418812	Reyes et al.	May 1995	A
5448569	Huang et al.	Sep 1995	A
5450615	Fortune et al.	Sep 1995	A
5465401	Thompson	Nov 1995	A
5479441	Tymes et al.	Dec 1995	A
5483676	Mahany et al.	Jan 1996	A
5491644	Pickering et al.	Feb 1996	A
5517495	Lund	May 1996	A
5519762	Bartlett	May 1996	A
5528621	Heiman et al.	Jun 1996	A
5561841	Markus	Oct 1996	A
5568513	Croft et al.	Oct 1996	A
5584048	Wieczorek	Dec 1996	A
5598532	Liron	Jan 1997	A
5630207	Gitlin et al.	May 1997	A
5640414	Blakeney et al.	Jun 1997	A
5649289	Wang et al.	Jul 1997	A
5668803	Tymes et al.	Sep 1997	A
5774460	Schiffel et al.	Jun 1998	A
5793303	Koga	Aug 1998	A
5794128	Brockel et al.	Aug 1998	A
5812589	Sealander et al.	Sep 1998	A
5815811	Pinard et al.	Sep 1998	A
5828960	Tang et al.	Oct 1998	A
5838907	Hansen	Nov 1998	A
5844900	Hong et al.	Dec 1998	A
5872968	Knox et al.	Feb 1999	A
5875179	Tikalsky	Feb 1999	A
5887259	Zicker et al.	Mar 1999	A
5896561	Schrader et al.	Apr 1999	A
5915214	Reece et al.	Jun 1999	A
5920821	Seazholtz et al.	Jul 1999	A
5933607	Tate et al.	Aug 1999	A
5949988	Feisullin et al.	Sep 1999	A
5953669	Stratis et al.	Sep 1999	A
5960335	Umemoto et al.	Sep 1999	A
5982779	Krishnakumar et al.	Nov 1999	A
5987062	Engwer et al.	Nov 1999	A
5987328	Ephremides et al.	Nov 1999	A
6005853	Wang et al.	Dec 1999	A
6011784	Brown	Jan 2000	A
6041240	McCarthy et al.	Mar 2000	A
6078568	Wright	Jun 2000	A
6088591	Trompower et al.	Jul 2000	A
6101539	Kennelly et al.	Aug 2000	A
6118771	Tajika et al.	Sep 2000	A
6119009	Baranger et al.	Sep 2000	A
6160804	Ahmed et al.	Dec 2000	A
6188649	Birukawa et al.	Feb 2001	B1
6199032	Anderson	Mar 2001	B1
6208629	Jaszewski et al.	Mar 2001	B1
6208841	Wallace et al.	Mar 2001	B1
6218930	Katzenberg et al.	Apr 2001	B1
6240078	Kuhnel et al.	May 2001	B1
6240083	Wright	May 2001	B1
6256300	Ahmed et al.	Jul 2001	B1
6256334	Adachi	Jul 2001	B1
6262988	Vig	Jul 2001	B1
6285662	Watannabe	Sep 2001	B1
6304596	Yamano et al.	Oct 2001	B1
6317599	Rappaport et al.	Nov 2001	B1
6336035	Somoza et al.	Jan 2002	B1
6336152	Richman et al.	Jan 2002	B1
6347091	Wallentin et al.	Feb 2002	B1
6356758	Almeida et al.	Mar 2002	B1
6393290	Ufongene	May 2002	B1
6404772	Beach et al.	Jun 2002	B1
6473449	Cafarella et al.	Oct 2002	B1
6493679	Rappaport et al.	Dec 2002	B1
6496290	Lee	Dec 2002	B1
6512916	Forbes, Jr.	Jan 2003	B1
6580700	Pinard et al.	Jun 2003	B1
6587680	Ala-Laurila et al.	Jul 2003	B1
6614787	Jain et al.	Sep 2003	B1
6624762	End, III	Sep 2003	B1
6625454	Rappaport et al.	Sep 2003	B1
6631267	Clarkson et al.	Oct 2003	B1
6659947	Carter et al.	Dec 2003	B1
6661787	O'Connell et al.	Dec 2003	B1
6687498	McKenna et al.	Feb 2004	B2
6697415	Mahany	Feb 2004	B1
6725260	Philyaw	Apr 2004	B1
6747961	Ahmed et al.	Jun 2004	B1
6760324	Scott et al.	Jul 2004	B1
6839338	Amara et al.	Jan 2005	B1
6839348	Tang et al.	Jan 2005	B2
6879812	Agrawal et al.	Apr 2005	B2
6957067	Iyer et al.	Oct 2005	B1
6973622	Rappaport et al.	Dec 2005	B1
6978301	Tindal	Dec 2005	B2
7020438	Sinivaara et al.	Mar 2006	B2
7020773	Otway et al.	Mar 2006	B1
7024394	Ashour et al.	Apr 2006	B1
7062566	Amara et al.	Jun 2006	B2
7068999	Ballai	Jun 2006	B2
7110756	Diener	Sep 2006	B2
7116979	Backes et al.	Oct 2006	B2
7146166	Backes et al.	Dec 2006	B2
7155518	Forslow et al.	Dec 2006	B2
7221927	Kolar et al.	May 2007	B2
7224970	Smith et al.	May 2007	B2
7263366	Miyashita	Aug 2007	B2
7280495	Zweig et al.	Oct 2007	B1
7317914	Adya et al.	Jan 2008	B2
7324468	Fischer	Jan 2008	B2
7324487	Saito	Jan 2008	B2
7359676	Hrastar	Apr 2008	B2
7370362	Olson et al.	May 2008	B2
7376080	Riddle et al.	May 2008	B1
7421248	Laux et al.	Sep 2008	B1
7466678	Cromer et al.	Dec 2008	B2
7483390	Rover et al.	Jan 2009	B2
7489648	Griswold	Feb 2009	B2
7509096	Palm et al.	Mar 2009	B2
7529925	Harkins	May 2009	B2
7551619	Tiwari	Jun 2009	B2
7573859	Taylor	Aug 2009	B2
7577453	Matta	Aug 2009	B2
20010024953	Balogh	Sep 2001	A1
20020052205	Belostotsky et al.	May 2002	A1
20020060995	Cervello et al.	May 2002	A1
20020069278	Forslow	Jun 2002	A1
20020095486	Bahl	Jul 2002	A1
20020101868	Clear et al.	Aug 2002	A1
20020176437	Busch et al.	Nov 2002	A1
20020191572	Weinstein et al.	Dec 2002	A1
20030014646	Buddhikot et al.	Jan 2003	A1
20030018889	Burnett et al.	Jan 2003	A1
20030055959	Sato	Mar 2003	A1
20030107590	Levillain et al.	Jun 2003	A1
20030134642	Kostic et al.	Jul 2003	A1
20030135762	Macaulay	Jul 2003	A1
20030174706	Shankar et al.	Sep 2003	A1
20030227934	White et al.	Dec 2003	A1
20040003285	Whelan et al.	Jan 2004	A1
20040019857	Teig et al.	Jan 2004	A1
20040025044	Day	Feb 2004	A1
20040047320	Eglin	Mar 2004	A1
20040053632	Nikkelen et al.	Mar 2004	A1
20040062267	Minami et al.	Apr 2004	A1
20040064560	Zhang et al.	Apr 2004	A1
20040068668	Lor et al.	Apr 2004	A1
20040095914	Katsube et al.	May 2004	A1
20040095932	Astarabadi et al.	May 2004	A1
20040120370	Lupo	Jun 2004	A1
20040143428	Rappaport et al.	Jul 2004	A1
20040165545	Cook	Aug 2004	A1
20040208570	Reader	Oct 2004	A1
20040221042	Meier	Nov 2004	A1
20040230370	Tzamaloukas	Nov 2004	A1
20040236702	Fink et al.	Nov 2004	A1
20040255167	Knight	Dec 2004	A1
20040259555	Rappaport et al.	Dec 2004	A1
20050030929	Swier et al.	Feb 2005	A1
20050037818	Seshadri et al.	Feb 2005	A1
20050054326	Rogers	Mar 2005	A1
20050058132	Okano et al.	Mar 2005	A1
20050059405	Thomson et al.	Mar 2005	A1
20050059406	Thomson et al.	Mar 2005	A1
20050064873	Karaoguz et al.	Mar 2005	A1
20050068925	Palm et al.	Mar 2005	A1
20050073980	Thomson et al.	Apr 2005	A1
20050097618	Arling et al.	May 2005	A1
20050122977	Lieberman	Jun 2005	A1
20050128989	Bhagwat et al.	Jun 2005	A1
20050157730	Grant et al.	Jul 2005	A1
20050180358	Kolar et al.	Aug 2005	A1
20050181805	Gallagher	Aug 2005	A1
20050193103	Drabik	Sep 2005	A1
20050223111	Bhandaru et al.	Oct 2005	A1
20050239461	Verma et al.	Oct 2005	A1
20050240665	Gu et al.	Oct 2005	A1
20050245269	Demirhan et al.	Nov 2005	A1
20050259597	Benedetto et al.	Nov 2005	A1
20050273442	Bennett et al.	Dec 2005	A1
20050276218	Ooghe et al.	Dec 2005	A1
20060045050	Floros et al.	Mar 2006	A1
20060104224	Singh et al.	May 2006	A1
20060128415	Horikoshi et al.	Jun 2006	A1
20060161983	Cothrell et al.	Jul 2006	A1
20060174336	Chen	Aug 2006	A1
20060189311	Cromer et al.	Aug 2006	A1
20060200862	Olson et al.	Sep 2006	A1
20060245393	Bajic	Nov 2006	A1
20060248331	Harkins	Nov 2006	A1
20060276192	Dutta et al.	Dec 2006	A1
20070025265	Porras et al.	Feb 2007	A1
20070064718	Ekl et al.	Mar 2007	A1
20070070937	Demirhan et al.	Mar 2007	A1
20070083924	Lu	Apr 2007	A1
20070086378	Matta et al.	Apr 2007	A1
20070091889	Xiao et al.	Apr 2007	A1
20070189222	Kolar et al.	Aug 2007	A1
20070260720	Morain	Nov 2007	A1
20080008117	Alizadeh-Shabdiz	Jan 2008	A1
20080013481	Simons et al.	Jan 2008	A1
20080056200	Johnson	Mar 2008	A1
20080056211	Kim et al.	Mar 2008	A1
20080096575	Aragon et al.	Apr 2008	A1
20080107077	Murphy	May 2008	A1
20080114784	Murphy	May 2008	A1
20080117822	Murphy et al.	May 2008	A1
20080151844	Tiwari	Jun 2008	A1
20080162921	Chesnutt et al.	Jul 2008	A1
20090031044	Barrack et al.	Jan 2009	A1
20090198999	Harkins	Aug 2009	A1

Foreign Referenced Citations (5)

Number	Date	Country
WO-9403986	Feb 1994	WO
WO-9911003	Mar 1999	WO
WO-03085544	Oct 2003	WO
WO-2004095192	Nov 2004	WO
WO-2004095800	Nov 2004	WO

Related Publications (1)

	Number	Date	Country
	20090257437 A1	Oct 2009	US

Provisional Applications (2)

	Number	Date	Country
	60727025	Oct 2005	US
	60728096	Oct 2005	US

Continuations (1)

	Number	Date	Country
Parent	11400165	Apr 2006	US
Child	12489295		US

Identity-based networking

Information

Patent Number

Date Filed

Date Issued

Inventors

Original Assignees

Examiners

CPC

US Classifications

Field of Search

US

International Classifications

Disclaimer

Term Extension

Abstract