David L Kjendal

6990592, Jan 24, 2006

Sep 20, 2002

10/251140

James Richmond - Newfields NH, US
David L. Kjendal - Newmarket NH, US

Enterasys Networks, Inc. - Andover MA

H04L 9/00
G06F 15/16

713201, 709226, 709229

Controlling a user's usage of network resources, after the user has been authenticated, without using any network resources beyond the user's entry point to the network. A plurality of users may be connected to an entry point of a network of a network device by a shared transmission medium. Each users' usage of network resources is controlled, after such user has been authenticated, without using any network resources beyond such user's entry point to the network. For each one or more users, packet rules may be provisioned to the user's entry point to the network, where such entry point may be shared with other users. The packet rules may be applied to each packet received from the user before any network resources beyond the entry point are used. These packet rules may be associated with an identity of the user and then provisioned to the user's entry point in response to the user being authenticated. If a plurality of users are connected to an entry point by a shared transmission medium, packet rules associated with the users may be provisioned to the entry point and applied to packets received from the users before any network resources beyond the entry point are used.

20030154380, Aug 14, 2003

Feb 8, 2002

10/071873

James Richmond - Newfield NH, US
Paula Dunigan - Deerfield NH, US
David Kjendal - Newmarket NH, US
Steven Pettit - Naperville IL, US

H04L009/00

713/182000, 713/202000

A user's usage of network resources is controlled, after the user has been authenticated, without using any network resources beyond the user's entry point to the network. Packet rules may be provisioned to the user's entry point to the network, and the packet rules may be applied to each packet received from the user before any network resources beyond the entry point are used. These packet rules may be associated with an identity of the user and then provisioned to the user's entry point in response to the user being authenticated. Usage of network resources of a communications network by a user beyond a network device of the communications network that serves as the user's entry point to the communications network is controlled. The port module of the network device is configured with one or more packet rules corresponding to an identity of the user. A packet is received from a device used by the user at the port module, and, before using any of the network resources beyond the network device, the one or more packet rules are applied to the received packet. Another embodiment is provided for controlling usage of network resources of a communications network by a user. The user has an assigned role with respect to the communications network, and the assigned role is associated with one or more packet rules, each packet rule including a condition and action to be taken if a packet received at a device satisfies the condition. A packet including identification information of the user is received from a device of the user at a port module of a network device. The assigned role of the user is determined based on the identification information, and the port module is configured with the one or more packet rules associated with the assigned role of the user.

20160191568, Jun 30, 2016

Sep 1, 2015

14/842508

- San Jose CA, US
David Kjendal - Kensington NH, US
Michael Rash - Mount Airy MD, US
Richard Graham - Derry NH, US

H04L 29/06

A network architecture system that expands the control network administrators have on existing networks. The system provides application identification and usage data, by user, by device and network location. Dynamic traffic mirroring of the system allows for the efficient use of a tool to identify computer applications running on the network. The system includes the ability to embed the tool where needed rather than pervasively based on the use of the dynamic mirroring to bring the packets to the tool. The architecture implemented functions allow the ability to start small with a single application identification tool added to a network management server, examine flows from throughout the network (via mirroring) and upgrade policy control based on real application identification data and usage, then grow to pervasive deployment where virtually all new flows could be identified and controlled via policy. This architecture enables substantially complete application visibility and control.

20140280889, Sep 18, 2014

Mar 15, 2013

13/836371

- Salem NH, US
David Kjendal - Kensington NH, US
Michael Rash - Mount Airy MD, US
Richard Graham - Derry NH, US

ENTERASYS NETWORKS, INC. - Salem NH

H04L 12/26

709224

A network architecture system that expands the control network administrators have on existing networks. The system provides application identification and usage data by user, by device and network location. Dynamic traffic mirroring of the system allows for the efficient use of a tool to identify computer applications running on the network. The system includes the ability to embed the tool where needed rather than pervasively based on the use of the dynamic mirroring to bring the packets to the tool. The architecture implemented functions allow the ability to start small with a single application identification tool added to a network management server, examine flows from throughout the network (via mirroring) and upgrade policy control based on real application identification data and usage, then grow to pervasive deployment where virtually all new flows could be identified and controlled via policy. This architecture enables substantially complete application visibility and control.