会员体验
专利管家(专利管理)
工作空间(专利管理)
风险监控(情报监控)
数据分析(专利分析)
侵权分析(诉讼无效)
联系我们
交流群
官方交流:
QQ群: 891211   
微信请扫码    >>>
现在联系顾问~
热词
    • 2. 发明授权
    • Arrangement for controlling network proxy device traffic on a transparently-bridged local area network using token management
    • 使用令牌管理在透明桥接局域网上控制网络代理设备流量的安排
    • US06442610B1
    • 2002-08-27
    • US09342538
    • 1999-06-29
    • Arun Girdharilal KhannaArunkumar Bhushappagala ThippeswamyFrank Gerard BordonaroScott Allan BalesUwe Sellentin
    • Arun Girdharilal KhannaArunkumar Bhushappagala ThippeswamyFrank Gerard BordonaroScott Allan BalesUwe Sellentin
    • G06F1516
    • H04L45/00H04L45/58H04L47/125
    • A transparently-bridged wide area network connecting Ethernet/IEEE 802.3-based local area networks uses redundant proxy devices one each LAN for internetwork communications. The proxy devices on a given LAN, implemented as data link switching (DLSw) devices, mediate for proxy services by generation and maintenance of a token between the proxy devices capable of providing the corresponding proxy services. In the case of transfer of a data frame, a proxy device having received a frame from an end station determines whether any other proxy device possess a token authorizing the establishment of a circuit connection via a wide area network for transfer of the frame to another local area network. If the proxy devices determines that another proxy device possess the token, the proxy device lacking the token drops the frame. If the proxy device possesses the token, then the frame can be transferred via the wide area network. Multiple tokens may be used for distributing distinct proxy services between multiple proxy devices. In addition, each proxy device lacking a token monitors for the periodic presence of a “heart-beat” indicating the continued presence of tokens, enabling generation of new tokens if existing tokens are lost. Hence, redundant DLSw-type proxy devices may be implemented on a local area network while maintaining a stable and a robust communications system.
    • 连接基于以太网/ IEEE 802.3的局域网的透明桥接广域网使用冗余代理设备,每个LAN用于互联网络通信。 实现为数据链路交换(DLSw)设备的给定LAN上的代理设备通过生成和维护能够提供相应代理服务的代理设备之间的令牌来调停代理服务。 在传送数据帧的情况下,已经从终端站接收到帧的代理设备确定任何其他代理设备是否具有授权通过广域网建立电路连接的令牌,用于将帧传送到另一个本地 区域网络。 如果代理设备确定另一个代理设备拥有该令牌,那么缺少该令牌的代理设备将丢弃该帧。 如果代理设备拥有令牌,则可以通过广域网传输该帧。 多个令牌可用于在多个代理设备之间分配不同的代理服务。 此外,缺少令牌的每个代理设备都会监视定期存在的“心跳”,指示继续存在令牌,如果现有令牌丢失,则可以生成新的令牌。 因此,可以在局域网上实现冗余的DLSw型代理设备,同时保持稳定和健壮的通信系统。
    • 3. 发明授权
    • Arrangement for controlling network proxy device traffic on a
transparently-bridged local area network using a master proxy device
    • 用于使用主代理设备在透明桥接的局域网上控制网络代理设备流量的布置
    • US6061728A
    • 2000-05-09
    • US318431
    • 1999-05-25
    • Andrew Joseph MeadFrank Gerard BordonaroJohn LautmannScott Allen BalesUwe Sellentin
    • Andrew Joseph MeadFrank Gerard BordonaroJohn LautmannScott Allen BalesUwe Sellentin
    • G06F13/00
    • H04L12/462
    • A transparently-bridged wide area network connecting Ethernet/IEEE 802.3-based local area networks uses redundant proxy devices on each LAN for internetwork communications. The proxy devices on a given LAN, implemented as data link switching (DLSw) devices, identify amongst each other a master proxy device for mediating services to be provided to an end station on the local area network. Each proxy device connected to the local area network sends a request to the identified master proxy device in response to detecting a frame transmitted by an end station on the local area network, for permission to establish a circuit connection for transfer of the frame via a wide area network. The master proxy device, based on prescribed criteria, selects one of the proxy devices for transferring the frame, and sends a grant response to the selected proxy device. The master proxy device sends an "inuse" response as a denial response to the other proxy devices indicating the corresponding request has been denied, thereby avoiding contention for proxy services. Databases within the proxy devices track the request, grants, and denials to minimize generation of repeated requests. The inventory of granted requests may also be modified based on failures detected within the master proxy device, or any proxy device having received grants. Hence, redundant DLSw-type proxy devices may be implemented on a local area network while maintaining a stable and a robust communications system.
    • 连接以太网/ IEEE 802.3的局域网的透明桥接广域网在每个LAN上使用冗余代理设备进行互联网通信。 实现为数据链路交换(DLSw)设备的给定LAN上的代理设备在彼此之间识别主代理设备,用于中介要提供给局域网上终端站的服务。 连接到局域网的每个代理设备响应于检测到由局域网上的终端站发送的帧来向所识别的主代理设备发送请求,以允许建立用于经由宽的传输帧的电路连接 区域网络。 主代理设备基于规定的标准,选择一个代理设备来传送该帧,并向所选择的代理设备发送授权响应。 主代理设备发送“使用”响应作为对其他代理设备的拒绝响应,指示相应的请求已经被拒绝,从而避免了代理服务的争用。 代理设备内的数据库跟踪请求,授予和拒绝以最小化重复请求的生成。 授权请求的清单也可以基于在主代理设备或已经接收到授权的任何代理设备中检测到的故障来修改。 因此,可以在局域网上实现冗余的DLSw型代理设备,同时保持稳定和健壮的通信系统。
    • 4. 发明授权
    • Techniques for network protection based on subscriber-aware application proxies
    • 基于用户感知应用代理的网络保护技术
    • US08844035B2
    • 2014-09-23
    • US13369498
    • 2012-02-09
    • Christopher C. O'RourkeFrank Gerard BordonaroLouis MendittoRobert Batz
    • Christopher C. O'RourkeFrank Gerard BordonaroLouis MendittoRobert Batz
    • H04L29/06
    • H04L63/0227H04L63/1408H04L63/1441
    • Techniques for responding to intrusions on a packet switched network include receiving user data at a subscriber-aware gateway server between a network access server and a content server. The user data includes subscriber identifier data that indicates a unique identifier for a particular user, network address data that indicates a network address for a host used by the particular user, NAS data that indicates an identifier for the network access server, flow list data that indicates one or more open data packet flows, and suspicious activity data. The suspicious activity data indicates a value for a property of the open data packet flows that indicates suspicious activity. It is determined whether an intrusion condition is satisfied based on the suspicious activity data. If the intrusion condition is satisfied, then the gateway responds based at least in part on user data other than the network address data.
    • 用于响应分组交换网络上的入侵的技术包括在网络接入服务器和内容服务器之间的用户感知网关服务器处接收用户数据。 用户数据包括指示特定用户的唯一标识符的用户标识符数据,指示特定用户使用的主机的网络地址的网络地址数据,指示网络接入服务器的标识符的NAS数据, 指示一个或多个打开的数据分组流和可疑活动数据。 可疑活动数据表示指示可疑活动的开放数据分组流的属性的值。 基于可疑活动数据确定是否满足入侵条件。 如果入侵条件满足,则网关至少部分地基于除了网络地址数据之外的用户数据进行响应。
    • 5. 发明授权
    • Efficient path determination in a routed network
    • 路由网络中的高效路径确定
    • US6023733A
    • 2000-02-08
    • US961355
    • 1997-10-30
    • Ravi PeriasamyGnanaprakasam PandianFrank Gerard BordonaroRamin NaderiKushal A. Patel
    • Ravi PeriasamyGnanaprakasam PandianFrank Gerard BordonaroRamin NaderiKushal A. Patel
    • H04L12/56G06F13/00
    • H04L45/00H04L45/12H04L45/54H04L47/10H04L47/125
    • The topology of a computer network is represented, for each routing device in the network, as a tree structure with the root of the tree designating the particular routing device. Tree nodes represent LANs, while arcs connecting the nodes represent other routing devices. Thus, the number of first-level links to children off the root is equal to the number of LANs connected to the source routing device, and those first-level links point to nodes representing the LANs (or LAN segments) directly connected to the source routing device. As a result of this representation, each routing device can store a representation of the entire network adequate to facilitate routing, but with much less memory utilization than a list of addresses. Furthermore, because the network is represented at a more general level than that of individual station addresses, changes to the topology of the network can be readily introduced without the need for extensive (e.g., address by address) reconfiguration.
    • 对于网络中的每个路由设备,计算机网络的拓扑被表示为具有指定特定路由设备的树的根的树结构。 树节点表示LAN,而连接节点的弧表示其他路由设备。 因此,到根之外的儿童的第一级链接的数量等于连接到源路由设备的LAN的数量,并且那些一级链路指向代表直接连接到源的LAN(或LAN段)的节点 路由设备 作为该表示的结果,每个路由设备可以存储足够的路由的整个网络的表示,但是比地址列表少得多的存储器利用。 此外,因为网络被表示在比单个站地址更一般的级别,所以可以容易地引入对网络拓扑的改变,而不需要广泛的(例如,通过地址的地址)重新配置。
    • 6. 发明申请
    • TECHNIQUES FOR NETWORK PROTECTION BASED ON SUBSCRIBER-AWARE APPLICATION PROXIES
    • 基于订户应用程序代码的网络保护技术
    • US20120137366A1
    • 2012-05-31
    • US13369498
    • 2012-02-09
    • Christopher C. O'RourkeFrank Gerard BordonaroLouis MendittoRobert Batz
    • Christopher C. O'RourkeFrank Gerard BordonaroLouis MendittoRobert Batz
    • G06F21/00
    • H04L63/0227H04L63/1408H04L63/1441
    • Techniques for responding to intrusions on a packet switched network include receiving user data at a subscriber-aware gateway server between a network access server and a content server. The user data includes subscriber identifier data that indicates a unique identifier for a particular user, network address data that indicates a network address for a host used by the particular user, NAS data that indicates an identifier for the network access server, flow list data that indicates one or more open data packet flows, and suspicious activity data. The suspicious activity data indicates a value for a property of the open data packet flows that indicates suspicious activity. It is determined whether an intrusion condition is satisfied based on the suspicious activity data. If the intrusion condition is satisfied, then the gateway responds based at least in part on user data other than the network address data.
    • 用于响应分组交换网络上的入侵的技术包括在网络接入服务器和内容服务器之间的用户感知网关服务器处接收用户数据。 用户数据包括指示特定用户的唯一标识符的用户标识符数据,指示特定用户使用的主机的网络地址的网络地址数据,指示网络接入服务器的标识符的NAS数据, 指示一个或多个打开的数据分组流和可疑活动数据。 可疑活动数据表示指示可疑活动的开放数据分组流的属性的值。 基于可疑活动数据确定是否满足入侵条件。 如果入侵条件满足,则网关至少部分地基于除了网络地址数据之外的用户数据进行响应。
    • 7. 发明授权
    • Techniques for network protection based on subscriber-aware application proxies
    • 基于用户感知应用代理的网络保护技术
    • US08266696B2
    • 2012-09-11
    • US11273112
    • 2005-11-14
    • Christopher C. O'RourkeFrank Gerard BordonaroLouis MendittoRobert Batz
    • Christopher C. O'RourkeFrank Gerard BordonaroLouis MendittoRobert Batz
    • G06F11/00G06F12/14G06F12/16G08B23/00
    • H04L63/0227H04L63/1408H04L63/1441
    • Techniques for responding to intrusions on a packet switched network include receiving user data at a subscriber-aware gateway server between a network access server and a content server. The user data includes subscriber identifier data that indicates a unique identifier for a particular user, network address data that indicates a network address for a host used by the particular user, NAS data that indicates an identifier for the network access server, flow list data that indicates one or more open data packet flows, and suspicious activity data. The suspicious activity data indicates a value for a property of the open data packet flows that indicates suspicious activity. It is determined whether an intrusion condition is satisfied based on the suspicious activity data. If the intrusion condition is satisfied, then the gateway responds based at least in part on user data other than the network address data.
    • 用于响应分组交换网络上的入侵的技术包括在网络接入服务器和内容服务器之间的用户感知网关服务器处接收用户数据。 用户数据包括指示特定用户的唯一标识符的用户标识符数据,指示特定用户使用的主机的网络地址的网络地址数据,指示网络接入服务器的标识符的NAS数据, 指示一个或多个打开的数据分组流和可疑活动数据。 可疑活动数据表示指示可疑活动的开放数据分组流的属性的值。 基于可疑活动数据确定是否满足入侵条件。 如果入侵条件满足,则网关至少部分地基于除了网络地址数据之外的用户数据进行响应。