会员体验
专利管家(专利管理)
工作空间(专利管理)
风险监控(情报监控)
数据分析(专利分析)
侵权分析(诉讼无效)
联系我们
交流群
官方交流:
QQ群: 891211   
微信请扫码    >>>
现在联系顾问~
下载
著录项
PDF全文
热词
    • 1. 再颁专利
      USRE39360E1 System for signatureless transmission and reception of data packets between computer networks 有权
    • System for signatureless transmission and reception of data packets between computer networks
    • USRE39360E1
    • 2006-10-17
    • US09136954
    • 1998-08-19
    • Ashar AzizGeoffrey MulliganMartin PattersonGlenn Scott
    • Ashar AzizGeoffrey MulliganMartin PattersonGlenn Scott
    • H04L9/00
    • H04L63/0428H04L12/22H04L12/4625H04L63/164H04L2212/00
    • A system for automatically encrypting and decrypting data packet sent from a source host to a destination host across a public internetwork. A tunnelling bridge is positioned at each network, and intercepts all packets transmitted to or from its associated network. The tunnelling bridge includes tables indicated pairs of hosts or pairs of networks between which packets should be encrypted. When a packet is transmitted from a first host, the tunnelling bridge of that host's network intercepts the packet, and determines from its header information whether packets from that host that are directed to the specified destination host should be encrypted; or, alternatively, whether packets from the source host's network that are directed to the destination host's network should be encrypted. If so, the packet is encrypted, and transmitted to the destination network along with an encapsulation header indicating source and destination information: either source and destination host addresses, or the broadcast addresses of the source and destination networks (in the latter case, concealing by encryption the hosts' respective addresses). An identifier of the source network's tunnelling bridge may also be included in the encapsulation header. At the destination network, the associated tunnelling bridge intercepts the packet, inspects the encapsulation header, from an internal table determines whether the packet was encrypted, and from either the source (host or network) address or the tunnelling bridge identifier determines whether and how the packet was encrypted. If the packet was encrypted, it is now decrypted using a key stored in the destination tunnelling bridge's memory, and is sent on to the destination host. The tunnelling bridge identifier is used particularly in an embodiment where a given network has more than one tunnelling bridge, and hence multiple possible encryption/decryption schemes and keys. In an alternative embodiment, the automatic encryption and decryption may be carried out by the source and destination hosts themselves, without the use of additional tunnelling bridges, in which case the encapsulation header includes the source and destination host addresses.
    • 基本信息 添加关注 加入工作空间 PDF全文 PDF下载 全文下载 相似专利 双屏查看 权利要求书 说明书全文 Global Dossier Espacenet 法律信息 同族专利 专利引用
    • 2. 发明授权
      US5548646A System for signatureless transmission and reception of data packets between computer networks 失效
    • System for signatureless transmission and reception of data packets between computer networks
    • US5548646A
    • 1996-08-20
    • US306337
    • 1994-09-15
    • Ashar AzizGeoffrey MulliganMartin PattersonGlenn Scott
    • Ashar AzizGeoffrey MulliganMartin PattersonGlenn Scott
    • G06F12/00H04L12/22H04L12/46H04L29/06H04K1/00
    • H04L63/0428H04L12/22H04L12/4625H04L63/164H04L2212/00
    • A system for automatically encrypting and decrypting data packet sent from a source host to a destination host across a public internetwork. A tunnelling bridge is positioned at each network, and intercepts all packets transmitted to or from its associated network. The tunnelling bridge includes tables indicated pairs of hosts or pairs of networks between which packets should be encrypted. When a packet is transmitted from a first host, the tunnelling bridge of that host's network intercepts the packet, and determines from its header information whether packets from that host that are directed to the specified destination host should be encrypted; or, alternatively, whether packets from the source host's network that are directed to the destination host's network should be encrypted. If so, the packet is encrypted, and transmitted to the destination network along with an encapsulation header indicating source and destination information: either source and destination host addresses, or the broadcast addresses of the source and destination networks (in the latter case, concealing by encryption the hosts' respective addresses). An identifier of the source network's tunnelling bridge may also be included in the encapsulation header. At the destination network, the associated tunnelling bridge intercepts the packet, inspects the encapsulation header, from an internal table determines whether the packet was encrypted, and from either the source (host or network) address or the tunnelling bridge identifier determines whether and how the packet was encrypted. If the packet was encrypted, it is now decrypted using a key stored in the destination tunnelling bridge's memory, and is sent on to the destination host. The tunnelling bridge identifier is used particularly in an embodiment where a given network has more than one tunnelling bridge, and hence multiple possible encryption/decryption schemes and keys. In an alternative embodiment, the automatic encryption and decryption may be carried out by the source and destination hosts themselves, without the use of additional tunnelling bridges, in which case the encapsulation header includes the source and destination host addresses.
    • 基本信息 添加关注 加入工作空间 PDF全文 PDF下载 全文下载 相似专利 双屏查看 权利要求书 说明书全文 Global Dossier Espacenet 法律信息 同族专利 专利引用
    • 3. 发明授权
      US5884025A System for packet filtering of data packet at a computer network interface 失效
    • System for packet filtering of data packet at a computer network interface
    • 在计算机网络接口上对数据包进行数据包过滤的系统
    • US5884025A
    • 1999-03-16
    • US795373
    • 1997-02-04
    • Geoffrey G. BaehrWilliam DanielsonThomas L. LyonGeoffrey MulliganMartin PattersonGlenn C. ScottCarolyn Turbyfill
    • Geoffrey G. BaehrWilliam DanielsonThomas L. LyonGeoffrey MulliganMartin PattersonGlenn C. ScottCarolyn Turbyfill
    • G06F13/00H04L29/06H04L9/00G06F15/163
    • H04L63/0236
    • A system for screening data packets transmitted between a network to be protected, such as a private network, and another network, such as a public network. The system includes a dedicated computer with multiple (specifically, three) types of network ports: one connected to each of the private and public networks, and one connected to a proxy network that contains a predetermined number of the hosts and services, some of which may mirror a subset of those found on the private network. The proxy network is isolated from the private network, so it cannot be used as a jumping off point for intruders. Packets received at the screen (either into or out of a host in the private network) are filtered based upon their contents, state information and other criteria, including their source and destination, and actions are taken by the screen depending upon the determination of the filtering phase. The packets may be allowed through, with or without alteration of their data, IP (internet protocol) address, etc., or they may be dropped, with or without an error message generated to the sender of the packet. Packets may be sent with or without alteration to a host on the proxy network that performs some or all of the functions of the intended destination host as specified by a given packet. The passing through of packets without the addition of any network address pertaining to the screening system allows the screening system to function without being identifiable by such an address, and therefore it is more difficult to target as an IP entity, e.g. by intruders.
    • 一种用于筛选在诸如专用网络的被保护网络之间传送的数据分组和诸如公共网络的另一网络之间的数据分组的系统。 该系统包括具有多个(具体为三个)类型的网络端口的专用计算机:一个连接到每个私有和公共网络,以及一个连接到代理网络,其包含预定数量的主机和服务,其中一些 可能会反映在专用网络中发现的一个子集。 代理网络与专用网络隔离,因此不能作为入侵者的跳点使用。 根据其内容,状态信息和其他标准(包括其源和目的地),屏幕上接收到的数据包(进入或离开专用网络中的主机)被过滤,并且屏幕采取行动,这取决于 过滤阶段。 可以允许数据包通过或不改变其数据,IP(因特网协议)地址等,或者可以丢弃具有或不发送到分组的发送者的错误消息。 可以向代理网络上的主机发送或不进行分组,该主机执行由给定分组指定的预期目的地主机的一些或全部功能。 通过分组而不添加与筛选系统相关的任何网络地址,允许筛选系统在不被该地址识别的情况下起作用,因此更难以将其定位为IP实体。 由入侵者
    • 基本信息 添加关注 加入工作空间 PDF全文 PDF下载 全文下载 相似专利 双屏查看 权利要求书 说明书全文 Global Dossier Espacenet 法律信息 同族专利 专利引用
    • 4. 发明授权
      US5878231A System for packet filtering of data packets at a computer network interface 失效
    • System for packet filtering of data packets at a computer network interface
    • 用于在计算机网络接口处对数据分组进行分组过滤的系统
    • US5878231A
    • 1999-03-02
    • US795374
    • 1997-02-04
    • Geoffrey G. BaehrWilliam DanielsonThomas L. LyonGeoffrey MulliganMartin PattersonGlenn C. ScottCarolyn Turbyfill
    • Geoffrey G. BaehrWilliam DanielsonThomas L. LyonGeoffrey MulliganMartin PattersonGlenn C. ScottCarolyn Turbyfill
    • G06F13/00H04L29/06G06F13/38G06F15/17
    • H04L63/0236
    • A system for screening data packets transmitted between a network to be protected, such as a private network, and another network, such as a public network. The system includes a dedicated computer with multiple (specifically, three) types of network ports: one connected to each of the private and public networks, and one connected to a proxy network that contains a predetermined number of the hosts and services, some of which may mirror a subset of those found on the private network. The proxy network is isolated from the private network, so it cannot be used as a jumping off point for intruders. Packets received at the screen (either into or out of a host in the private network) are filtered based upon their contents, state information and other criteria, including their source and destination, and actions are taken by the screen depending upon the determination of the filtering phase. The packets may be allowed through, with or without alteration of their data, IP (internet protocol) address, etc., or they may be dropped, with or without an error message generated to the sender of the packet. Packets may be sent with or without alteration to a host on the proxy network that performs some or all of the functions of the intended destination host as specified by a given packet. The passing through of packets without the addition of any network address pertaining to the screening system allows the screening system to function without being identifiable by such an address, and therefore it is more difficult to target as an IP entity, e.g. by intruders.
    • 一种用于筛选在诸如专用网络的被保护网络之间传送的数据分组和诸如公共网络的另一网络之间的数据分组的系统。 该系统包括具有多个(具体为三个)类型的网络端口的专用计算机:一个连接到每个私有和公共网络,以及一个连接到代理网络,其包含预定数量的主机和服务,其中一些 可能会反映在专用网络中发现的一个子集。 代理网络与专用网络隔离,因此不能作为入侵者的跳点使用。 根据其内容,状态信息和其他标准(包括其源和目的地),屏幕上接收到的数据包(进入或离开专用网络中的主机)被过滤,并且屏幕采取行动,这取决于 过滤阶段。 可以允许数据包通过或不改变其数据,IP(因特网协议)地址等,或者可以丢弃具有或不发送到分组的发送者的错误消息。 可以向代理网络上的主机发送或不进行分组,该主机执行由给定分组指定的预期目的地主机的一些或全部功能。 通过分组而不添加与筛选系统相关的任何网络地址,允许筛选系统在不被该地址识别的情况下起作用,因此更难以将其定位为IP实体。 由入侵者
    • 基本信息 添加关注 加入工作空间 PDF全文 PDF下载 全文下载 相似专利 双屏查看 权利要求书 说明书全文 Global Dossier Espacenet 法律信息 同族专利 专利引用
    • 6. 发明授权
      US06212190B1 Method and system for generating data packets on a heterogeneous network 失效
    • Method and system for generating data packets on a heterogeneous network
    • 用于在异构网络上生成数据包的方法和系统
    • US06212190B1
    • 2001-04-03
    • US08880200
    • 1997-06-23
    • Geoffrey Mulligan
    • Geoffrey Mulligan
    • H04L1228
    • H04L47/10H04L29/06H04L47/36H04L69/32H04L69/324H04L69/326
    • An improved method and system for generating packets for transmission over different routes on a network is presented. In a large network such as the Internet, each route over the network carries different size packets which are not compatible unless they are fragmented into smaller segments. Initially, the technique determines a maximum transmission unit (MTU) capable of being transmitted over a predetermined route. Next, the size of each packet to be transmitted over the network is compared with the MTU size. If the comparison indicates the packet is larger than the MTU, the packet must be processed further before it can be transmitted over the route. The additional processing initially divides the total number of transmission units contained within the packet by the MTU value. The integer result of this division is temporarily stored in a DCOUNT variable and the remainder of the division in a RCOUNT variable. If the remainder in RCOUNT is non-zero, the value in DCOUNT is incremented by one. The DCOUNT value indicates the minimum number of datagrams for sending a packet using the present technique. Next, the transmission units contained in the original packet are redistributed equally into DCOUNT packets and then sent over the network route.
    • 提出了一种改进的方法和系统,用于生成用于在网络上的不同路由上传输的分组。 在诸如因特网的大型网络中,网络上的每个路由携带不兼容的分组,除非它们被分段成较小的分段。 最初,该技术确定能够通过预定路线发送的最大传输单元(MTU)。 接下来,将通过网络发送的每个分组的大小与MTU大小进行比较。 如果比较指示分组大于MTU,则在通过路由传输之前,分组必须进一步处理。 附加处理最初将分组中包含的传输单元的总数除以MTU值。 该除法的整数结果暂时存储在一个DCOUNT变量中,其余的除以RCOUNT变量。 如果RCOUNT中的余数不为零,则DCOUNT中的值将增加1。 DCOUNT值表示使用本技术发送数据包的数据报的最小数量。 接下来,包含在原始分组中的传输单元被均等地重新分配到DCOUNT分组中,然后通过网络路由发送。
    • 基本信息 添加关注 加入工作空间 PDF全文 PDF下载 全文下载 相似专利 双屏查看 权利要求书 说明书全文 Espacenet 法律信息 同族专利 专利引用
每页展示10个专利
每页展示10个专利
每页展示20个专利
每页展示50个专利
每页展示100个专利

IPRDB

最新中国发明专利 最新美国发明专利 技术领域 专利库 专利分类库 国际专利分类库

热门服务

会员版试用 API 数据接口 找代理 知嘟嘟专利交易 排行榜 大学排行榜 专利百科

关于我们

平台介绍 战略合作 网站地图

友情链接

知嘟嘟专利交易 国家知识产权局 中国商标网

联系方式


©2019-2023 上海吉码数字技术有限公司 版权所有,并保留所有权利 沪ICP备20016256号-6 沪公网安备31011702005475号