专利快速检索-快速检索全球专利，免费商用专利数据库-IPRDB

1. 发明授权

US08844035B2 Techniques for network protection based on subscriber-aware application proxies 有权
标题翻译：基于用户感知应用代理的网络保护技术
公开(公告)号：US08844035B2
公开(公告)日：2014-09-23
申请号：US13369498
申请日：2012-02-09
申请人： Christopher C. O'Rourke , Frank Gerard Bordonaro , Louis Menditto , Robert Batz
发明人： Christopher C. O'Rourke , Frank Gerard Bordonaro , Louis Menditto , Robert Batz
IPC分类号： H04L29/06
CPC分类号： H04L63/0227 , H04L63/1408 , H04L63/1441
摘要： Techniques for responding to intrusions on a packet switched network include receiving user data at a subscriber-aware gateway server between a network access server and a content server. The user data includes subscriber identifier data that indicates a unique identifier for a particular user, network address data that indicates a network address for a host used by the particular user, NAS data that indicates an identifier for the network access server, flow list data that indicates one or more open data packet flows, and suspicious activity data. The suspicious activity data indicates a value for a property of the open data packet flows that indicates suspicious activity. It is determined whether an intrusion condition is satisfied based on the suspicious activity data. If the intrusion condition is satisfied, then the gateway responds based at least in part on user data other than the network address data.
摘要翻译：用于响应分组交换网络上的入侵的技术包括在网络接入服务器和内容服务器之间的用户感知网关服务器处接收用户数据。用户数据包括指示特定用户的唯一标识符的用户标识符数据，指示特定用户使用的主机的网络地址的网络地址数据，指示网络接入服务器的标识符的NAS数据，指示一个或多个打开的数据分组流和可疑活动数据。可疑活动数据表示指示可疑活动的开放数据分组流的属性的值。基于可疑活动数据确定是否满足入侵条件。如果入侵条件满足，则网关至少部分地基于除了网络地址数据之外的用户数据进行响应。

2. 发明授权

US6023733A Efficient path determination in a routed network 失效
标题翻译：路由网络中的高效路径确定
公开(公告)号：US6023733A
公开(公告)日：2000-02-08
申请号：US961355
申请日：1997-10-30
申请人： Ravi Periasamy , Gnanaprakasam Pandian , Frank Gerard Bordonaro , Ramin Naderi , Kushal A. Patel
发明人： Ravi Periasamy , Gnanaprakasam Pandian , Frank Gerard Bordonaro , Ramin Naderi , Kushal A. Patel
IPC分类号： H04L12/56 , G06F13/00
CPC分类号： H04L45/00 , H04L45/12 , H04L45/54 , H04L47/10 , H04L47/125
摘要： The topology of a computer network is represented, for each routing device in the network, as a tree structure with the root of the tree designating the particular routing device. Tree nodes represent LANs, while arcs connecting the nodes represent other routing devices. Thus, the number of first-level links to children off the root is equal to the number of LANs connected to the source routing device, and those first-level links point to nodes representing the LANs (or LAN segments) directly connected to the source routing device. As a result of this representation, each routing device can store a representation of the entire network adequate to facilitate routing, but with much less memory utilization than a list of addresses. Furthermore, because the network is represented at a more general level than that of individual station addresses, changes to the topology of the network can be readily introduced without the need for extensive (e.g., address by address) reconfiguration.
摘要翻译：对于网络中的每个路由设备，计算机网络的拓扑被表示为具有指定特定路由设备的树的根的树结构。树节点表示LAN，而连接节点的弧表示其他路由设备。因此，到根之外的儿童的第一级链接的数量等于连接到源路由设备的LAN的数量，并且那些一级链路指向代表直接连接到源的LAN（或LAN段）的节点路由设备作为该表示的结果，每个路由设备可以存储足够的路由的整个网络的表示，但是比地址列表少得多的存储器利用。此外，因为网络被表示在比单个站地址更一般的级别，所以可以容易地引入对网络拓扑的改变，而不需要广泛的（例如，通过地址的地址）重新配置。

3. 发明授权

US08266696B2 Techniques for network protection based on subscriber-aware application proxies 有权
标题翻译：基于用户感知应用代理的网络保护技术
公开(公告)号：US08266696B2
公开(公告)日：2012-09-11
申请号：US11273112
申请日：2005-11-14
申请人： Christopher C. O'Rourke , Frank Gerard Bordonaro , Louis Menditto , Robert Batz
发明人： Christopher C. O'Rourke , Frank Gerard Bordonaro , Louis Menditto , Robert Batz
IPC分类号： G06F11/00 , G06F12/14 , G06F12/16 , G08B23/00
CPC分类号： H04L63/0227 , H04L63/1408 , H04L63/1441
摘要： Techniques for responding to intrusions on a packet switched network include receiving user data at a subscriber-aware gateway server between a network access server and a content server. The user data includes subscriber identifier data that indicates a unique identifier for a particular user, network address data that indicates a network address for a host used by the particular user, NAS data that indicates an identifier for the network access server, flow list data that indicates one or more open data packet flows, and suspicious activity data. The suspicious activity data indicates a value for a property of the open data packet flows that indicates suspicious activity. It is determined whether an intrusion condition is satisfied based on the suspicious activity data. If the intrusion condition is satisfied, then the gateway responds based at least in part on user data other than the network address data.
摘要翻译：用于响应分组交换网络上的入侵的技术包括在网络接入服务器和内容服务器之间的用户感知网关服务器处接收用户数据。用户数据包括指示特定用户的唯一标识符的用户标识符数据，指示特定用户使用的主机的网络地址的网络地址数据，指示网络接入服务器的标识符的NAS数据，指示一个或多个打开的数据分组流和可疑活动数据。可疑活动数据表示指示可疑活动的开放数据分组流的属性的值。基于可疑活动数据确定是否满足入侵条件。如果入侵条件满足，则网关至少部分地基于除了网络地址数据之外的用户数据进行响应。

4. 发明授权

US06442610B1 Arrangement for controlling network proxy device traffic on a transparently-bridged local area network using token management 有权
标题翻译：使用令牌管理在透明桥接局域网上控制网络代理设备流量的安排
公开(公告)号：US06442610B1
公开(公告)日：2002-08-27
申请号：US09342538
申请日：1999-06-29
申请人： Arun Girdharilal Khanna , Arunkumar Bhushappagala Thippeswamy , Frank Gerard Bordonaro , Scott Allan Bales , Uwe Sellentin
发明人： Arun Girdharilal Khanna , Arunkumar Bhushappagala Thippeswamy , Frank Gerard Bordonaro , Scott Allan Bales , Uwe Sellentin
IPC分类号： G06F1516
CPC分类号： H04L45/00 , H04L45/58 , H04L47/125
摘要： A transparently-bridged wide area network connecting Ethernet/IEEE 802.3-based local area networks uses redundant proxy devices one each LAN for internetwork communications. The proxy devices on a given LAN, implemented as data link switching (DLSw) devices, mediate for proxy services by generation and maintenance of a token between the proxy devices capable of providing the corresponding proxy services. In the case of transfer of a data frame, a proxy device having received a frame from an end station determines whether any other proxy device possess a token authorizing the establishment of a circuit connection via a wide area network for transfer of the frame to another local area network. If the proxy devices determines that another proxy device possess the token, the proxy device lacking the token drops the frame. If the proxy device possesses the token, then the frame can be transferred via the wide area network. Multiple tokens may be used for distributing distinct proxy services between multiple proxy devices. In addition, each proxy device lacking a token monitors for the periodic presence of a “heart-beat” indicating the continued presence of tokens, enabling generation of new tokens if existing tokens are lost. Hence, redundant DLSw-type proxy devices may be implemented on a local area network while maintaining a stable and a robust communications system.
摘要翻译：连接基于以太网/ IEEE 802.3的局域网的透明桥接广域网使用冗余代理设备，每个LAN用于互联网络通信。实现为数据链路交换（DLSw）设备的给定LAN上的代理设备通过生成和维护能够提供相应代理服务的代理设备之间的令牌来调停代理服务。在传送数据帧的情况下，已经从终端站接收到帧的代理设备确定任何其他代理设备是否具有授权通过广域网建立电路连接的令牌，用于将帧传送到另一个本地区域网络。如果代理设备确定另一个代理设备拥有该令牌，那么缺少该令牌的代理设备将丢弃该帧。如果代理设备拥有令牌，则可以通过广域网传输该帧。多个令牌可用于在多个代理设备之间分配不同的代理服务。此外，缺少令牌的每个代理设备都会监视定期存在的“心跳”，指示继续存在令牌，如果现有令牌丢失，则可以生成新的令牌。因此，可以在局域网上实现冗余的DLSw型代理设备，同时保持稳定和健壮的通信系统。

5. 发明申请

US20120137366A1 TECHNIQUES FOR NETWORK PROTECTION BASED ON SUBSCRIBER-AWARE APPLICATION PROXIES 有权
标题翻译：基于订户应用程序代码的网络保护技术
公开(公告)号：US20120137366A1
公开(公告)日：2012-05-31
申请号：US13369498
申请日：2012-02-09
申请人： Christopher C. O'Rourke , Frank Gerard Bordonaro , Louis Menditto , Robert Batz
发明人： Christopher C. O'Rourke , Frank Gerard Bordonaro , Louis Menditto , Robert Batz
IPC分类号： G06F21/00
CPC分类号： H04L63/0227 , H04L63/1408 , H04L63/1441
摘要： Techniques for responding to intrusions on a packet switched network include receiving user data at a subscriber-aware gateway server between a network access server and a content server. The user data includes subscriber identifier data that indicates a unique identifier for a particular user, network address data that indicates a network address for a host used by the particular user, NAS data that indicates an identifier for the network access server, flow list data that indicates one or more open data packet flows, and suspicious activity data. The suspicious activity data indicates a value for a property of the open data packet flows that indicates suspicious activity. It is determined whether an intrusion condition is satisfied based on the suspicious activity data. If the intrusion condition is satisfied, then the gateway responds based at least in part on user data other than the network address data.
摘要翻译：用于响应分组交换网络上的入侵的技术包括在网络接入服务器和内容服务器之间的用户感知网关服务器处接收用户数据。用户数据包括指示特定用户的唯一标识符的用户标识符数据，指示特定用户使用的主机的网络地址的网络地址数据，指示网络接入服务器的标识符的NAS数据，指示一个或多个打开的数据分组流和可疑活动数据。可疑活动数据表示指示可疑活动的开放数据分组流的属性的值。基于可疑活动数据确定是否满足入侵条件。如果入侵条件满足，则网关至少部分地基于除了网络地址数据之外的用户数据进行响应。

6. 发明授权

US06343330B1 Arrangement for preventing looping of explorer frames in a transparent bridging domain having multiple entry points 有权
标题翻译：用于防止具有多个入口点的透明桥接域中的资源管理器帧的循环的布置
公开(公告)号：US06343330B1
公开(公告)日：2002-01-29
申请号：US09318432
申请日：1999-05-25
申请人： Arun Girdharilal Khanna , Arunkumar Bhushappagala Thippeswamy , Frank Gerard Bordonaro , Patricia Ann Webster , Scott Allen Bales , Uwe Sellentin
发明人： Arun Girdharilal Khanna , Arunkumar Bhushappagala Thippeswamy , Frank Gerard Bordonaro , Patricia Ann Webster , Scott Allen Bales , Uwe Sellentin
IPC分类号： G06F1516
CPC分类号： H04L45/34 , H04L12/4625 , H04L45/04 , H04L45/26
摘要： A transparently-bridged wide area network connecting Ethernet/IEEE 802.3-based local area networks uses redundant proxy devices on each LAN for internetwork communications. The proxy devices, implemented as data link switching (DLSw) devices, prevent looping of traffic such as explorer frames by sharing their MAC addresses to enable the proxy devices to recognize data packets from another proxy device. Incoming explorer frames from the wide area network are modified by performing an address substitution, where the source address in a received explorer frame is replaced with the address of the local proxy device. The proxy device then outputs the modified explorer frame onto the local area network. Any other proxy device on that same local network will then be able to detect the modified explorer frame as a frame forwarded by another proxy device, as opposed to a data frame from an end station on that local area network. Hence, redundant DLSw-type proxy devices may be implemented on a local area network while maintaining a stable and a robust communications system.
摘要翻译：连接以太网/ IEEE 802.3的局域网的透明桥接广域网在每个LAN上使用冗余代理设备进行互联网通信。实现为数据链路交换（DLSw）设备的代理设备通过共享其MAC地址来防止诸如资源管理器帧之类的流量循环，以使得代理设备能够识别来自另一代理设备的数据分组。通过执行地址替换来修改来自广域网的传入浏览器帧，其中接收的资源管理器帧中的源地址被替换为本地代理设备的地址。代理设备然后将修改的资源管理器帧输出到局域网上。然后，同一个本地网络上的任何其他代理设备将能够将修改的资源管理器框架检测为由另一个代理设备转发的帧，而不是该局域网上终端站的数据帧。因此，可以在局域网上实现冗余的DLSw型代理设备，同时保持稳定和健壮的通信系统。

7. 发明授权

US6061728A Arrangement for controlling network proxy device traffic on a transparently-bridged local area network using a master proxy device 有权
标题翻译：用于使用主代理设备在透明桥接的局域网上控制网络代理设备流量的布置
公开(公告)号：US6061728A
公开(公告)日：2000-05-09
申请号：US318431
申请日：1999-05-25
申请人： Andrew Joseph Mead , Frank Gerard Bordonaro , John Lautmann , Scott Allen Bales , Uwe Sellentin
发明人： Andrew Joseph Mead , Frank Gerard Bordonaro , John Lautmann , Scott Allen Bales , Uwe Sellentin
IPC分类号： G06F13/00
CPC分类号： H04L12/462
摘要： A transparently-bridged wide area network connecting Ethernet/IEEE 802.3-based local area networks uses redundant proxy devices on each LAN for internetwork communications. The proxy devices on a given LAN, implemented as data link switching (DLSw) devices, identify amongst each other a master proxy device for mediating services to be provided to an end station on the local area network. Each proxy device connected to the local area network sends a request to the identified master proxy device in response to detecting a frame transmitted by an end station on the local area network, for permission to establish a circuit connection for transfer of the frame via a wide area network. The master proxy device, based on prescribed criteria, selects one of the proxy devices for transferring the frame, and sends a grant response to the selected proxy device. The master proxy device sends an "inuse" response as a denial response to the other proxy devices indicating the corresponding request has been denied, thereby avoiding contention for proxy services. Databases within the proxy devices track the request, grants, and denials to minimize generation of repeated requests. The inventory of granted requests may also be modified based on failures detected within the master proxy device, or any proxy device having received grants. Hence, redundant DLSw-type proxy devices may be implemented on a local area network while maintaining a stable and a robust communications system.
摘要翻译：连接以太网/ IEEE 802.3的局域网的透明桥接广域网在每个LAN上使用冗余代理设备进行互联网通信。实现为数据链路交换（DLSw）设备的给定LAN上的代理设备在彼此之间识别主代理设备，用于中介要提供给局域网上终端站的服务。连接到局域网的每个代理设备响应于检测到由局域网上的终端站发送的帧来向所识别的主代理设备发送请求，以允许建立用于经由宽的传输帧的电路连接区域网络。主代理设备基于规定的标准，选择一个代理设备来传送该帧，并向所选择的代理设备发送授权响应。主代理设备发送“使用”响应作为对其他代理设备的拒绝响应，指示相应的请求已经被拒绝，从而避免了代理服务的争用。代理设备内的数据库跟踪请求，授予和拒绝以最小化重复请求的生成。授权请求的清单也可以基于在主代理设备或已经接收到授权的任何代理设备中检测到的故障来修改。因此，可以在局域网上实现冗余的DLSw型代理设备，同时保持稳定和健壮的通信系统。

你已经成功收藏专利！

检索式保存成功!

IPRDB

热门服务

关于我们

友情链接

联系方式