会员体验
专利管家(专利管理)
工作空间(专利管理)
风险监控(情报监控)
数据分析(专利分析)
侵权分析(诉讼无效)
联系我们
交流群
官方交流:
QQ群: 891211   
微信请扫码    >>>
现在联系顾问~
热词
    • 5. 发明申请
    • ALLOWING TCP ACK TO PASS A GATEWAY WHILE QUEUING DATA FOR PARSING
    • 允许TCP ACK通过网关在队列数据进行分配
    • US20090067416A1
    • 2009-03-12
    • US11854299
    • 2007-09-12
    • Humberto TavaresChris O'RourkeRobert BatzFranklin Jones
    • Humberto TavaresChris O'RourkeRobert BatzFranklin Jones
    • H04L12/56
    • H04L1/1607H04L47/10H04L2001/0092
    • In one embodiment, a method for providing an ACK packet while queuing data is provided. One or more packets in a series of packets may be received from a client at a gateway. The gateway determines that a packet in the series of packets has not been received. The one or more packets are then queued. The queued packets may have included an ACK for one or more previously sent packets. Thus, if the gateway had forwarded the one or more packets that are queued, then the ACK would have been received by the server. However, the one or more packets are queued and thus the ACK included in the packets is not sent with the queued packets. Even though the plurality of packets are queued, an acknowledgement packet is generated and then sent for the previously sent packets. The acknowledgement packet acknowledges to the server that the one or more previously sent packets were received by the client. The server may then continue transmitting packets to the client and knows it does not need to retransmit the one or more previously sent packets.
    • 在一个实施例中,提供了一种在排队数据期间提供ACK分组的方法。 一系列分组中的一个或多个分组可以从网关的客户端接收。 网关确定未收到一系列数据包中的数据包。 然后将一个或多个数据包排队。 排队的分组可以包括用于一个或多个先前发送的分组的ACK。 因此,如果网关转发了排队的一个或多个数据包,则该服务器将接收该ACK。 然而,一个或多个分组被排队,因此包中的ACK不与排队的分组一起发送。 即使多个分组被排队,生成确认分组,然后发送给先前发送的分组。 确认分组向服务器确认客户端接收到一个或多个先前发送的分组。 然后,服务器可以继续向客户端发送分组,并且知道它不需要重传一个或多个先前发送的分组。
    • 6. 发明授权
    • Allowing TCP ACK to pass a gateway while queuing data for parsing
    • 允许TCP ACK在排队数据进行解析时通过网关
    • US09049015B2
    • 2015-06-02
    • US11854299
    • 2007-09-12
    • Humberto TavaresChris O'RourkeRobert BatzFranklin Jones
    • Humberto TavaresChris O'RourkeRobert BatzFranklin Jones
    • H04L12/56H04L12/26H04L12/24H04L12/66H04L1/16H04L12/801H04L1/00
    • H04L1/1607H04L47/10H04L2001/0092
    • In one embodiment, a method for providing an ACK packet while queuing data is provided. One or more packets in a series of packets may be received from a client at a gateway. The gateway determines that a packet in the series of packets has not been received. The one or more packets are then queued. The queued packets may have included an ACK for one or more previously sent packets. Thus, if the gateway had forwarded the one or more packets that are queued, then the ACK would have been received by the server. However, the one or more packets are queued and thus the ACK included in the packets is not sent with the queued packets. Even though the plurality of packets are queued, an acknowledgement packet is generated and then sent for the previously sent packets. The acknowledgement packet acknowledges to the server that the one or more previously sent packets were received by the client. The server may then continue transmitting packets to the client and knows it does not need to retransmit the one or more previously sent packets.
    • 在一个实施例中,提供了一种在排队数据期间提供ACK分组的方法。 一系列分组中的一个或多个分组可以从网关的客户端接收。 网关确定未收到一系列数据包中的数据包。 然后将一个或多个数据包排队。 排队的分组可以包括用于一个或多个先前发送的分组的ACK。 因此,如果网关转发了排队的一个或多个数据包,则该服务器将接收该ACK。 然而,一个或多个分组被排队,因此包中的ACK不与排队的分组一起发送。 即使多个分组被排队,生成确认分组,然后发送给先前发送的分组。 确认分组向服务器确认客户端接收到一个或多个先前发送的分组。 然后,服务器可以继续向客户端发送分组,并且知道它不需要重传一个或多个先前发送的分组。
    • 7. 发明授权
    • Techniques for network protection based on subscriber-aware application proxies
    • 基于用户感知应用代理的网络保护技术
    • US08844035B2
    • 2014-09-23
    • US13369498
    • 2012-02-09
    • Christopher C. O'RourkeFrank Gerard BordonaroLouis MendittoRobert Batz
    • Christopher C. O'RourkeFrank Gerard BordonaroLouis MendittoRobert Batz
    • H04L29/06
    • H04L63/0227H04L63/1408H04L63/1441
    • Techniques for responding to intrusions on a packet switched network include receiving user data at a subscriber-aware gateway server between a network access server and a content server. The user data includes subscriber identifier data that indicates a unique identifier for a particular user, network address data that indicates a network address for a host used by the particular user, NAS data that indicates an identifier for the network access server, flow list data that indicates one or more open data packet flows, and suspicious activity data. The suspicious activity data indicates a value for a property of the open data packet flows that indicates suspicious activity. It is determined whether an intrusion condition is satisfied based on the suspicious activity data. If the intrusion condition is satisfied, then the gateway responds based at least in part on user data other than the network address data.
    • 用于响应分组交换网络上的入侵的技术包括在网络接入服务器和内容服务器之间的用户感知网关服务器处接收用户数据。 用户数据包括指示特定用户的唯一标识符的用户标识符数据,指示特定用户使用的主机的网络地址的网络地址数据,指示网络接入服务器的标识符的NAS数据, 指示一个或多个打开的数据分组流和可疑活动数据。 可疑活动数据表示指示可疑活动的开放数据分组流的属性的值。 基于可疑活动数据确定是否满足入侵条件。 如果入侵条件满足,则网关至少部分地基于除了网络地址数据之外的用户数据进行响应。
    • 8. 发明授权
    • Techniques for network protection based on subscriber-aware application proxies
    • 基于用户感知应用代理的网络保护技术
    • US08266696B2
    • 2012-09-11
    • US11273112
    • 2005-11-14
    • Christopher C. O'RourkeFrank Gerard BordonaroLouis MendittoRobert Batz
    • Christopher C. O'RourkeFrank Gerard BordonaroLouis MendittoRobert Batz
    • G06F11/00G06F12/14G06F12/16G08B23/00
    • H04L63/0227H04L63/1408H04L63/1441
    • Techniques for responding to intrusions on a packet switched network include receiving user data at a subscriber-aware gateway server between a network access server and a content server. The user data includes subscriber identifier data that indicates a unique identifier for a particular user, network address data that indicates a network address for a host used by the particular user, NAS data that indicates an identifier for the network access server, flow list data that indicates one or more open data packet flows, and suspicious activity data. The suspicious activity data indicates a value for a property of the open data packet flows that indicates suspicious activity. It is determined whether an intrusion condition is satisfied based on the suspicious activity data. If the intrusion condition is satisfied, then the gateway responds based at least in part on user data other than the network address data.
    • 用于响应分组交换网络上的入侵的技术包括在网络接入服务器和内容服务器之间的用户感知网关服务器处接收用户数据。 用户数据包括指示特定用户的唯一标识符的用户标识符数据,指示特定用户使用的主机的网络地址的网络地址数据,指示网络接入服务器的标识符的NAS数据, 指示一个或多个打开的数据分组流和可疑活动数据。 可疑活动数据表示指示可疑活动的开放数据分组流的属性的值。 基于可疑活动数据确定是否满足入侵条件。 如果入侵条件满足,则网关至少部分地基于除了网络地址数据之外的用户数据进行响应。
    • 9. 发明授权
    • Techniques for load balancing subscriber-aware application proxies
    • 用于负载平衡用户感知应用代理的技术
    • US07738452B1
    • 2010-06-15
    • US11158751
    • 2005-06-22
    • Christopher C. O'RourkeRobert BatzKevin Shatzkamer
    • Christopher C. O'RourkeRobert BatzKevin Shatzkamer
    • H04L12/28H04L12/56
    • H04L67/2819H04L47/125H04L67/02H04L67/04H04L67/2823H04L67/306H04L67/327H04L69/08H04W28/08
    • Techniques for distributing network traffic from an access server to a service gateway include receiving, at a load balancer, sticky table data that indicates an association between a particular subscriber IP address and a particular subscriber-aware service gateway in a gateway cluster. An input data packet is received with an input source address and an input transport-layer destination. If it is determined that the input transport-layer destination indicates a type of payload that uses a service gateway, then the particular service gateway associated with the particular subscriber is determined based on the sticky table and IP address in the input source address. An output data packet is directed to the particular service gateway using a link-layer or networking-layer destination address. These techniques allow a load balancer to be located anywhere on the network and to bypass a subscriber-aware service gateway for some data traffic.
    • 用于将网络流量从接入服务器分配到服务网关的技术包括在负载平衡器处接收指示特定用户IP地址和网关集群中的特定用户感知服务网关之间的关联的粘性表数据。 用输入源地址和输入传输层目的地接收输入数据分组。 如果确定输入传输层目的地指示使用服务网关的有效载荷的类型,则基于输入源地址中的粘性表和IP地址确定与特定用户相关联的特定服务网关。 使用链路层或网络层目的地址将输出数据分组引导到特定服务网关。 这些技术允许负载平衡器位于网络上的任何地方,并绕过用户感知的服务网关以获取某些数据流量。
    • 10. 发明申请
    • TECHNIQUES FOR NETWORK PROTECTION BASED ON SUBSCRIBER-AWARE APPLICATION PROXIES
    • 基于订户应用程序代码的网络保护技术
    • US20120137366A1
    • 2012-05-31
    • US13369498
    • 2012-02-09
    • Christopher C. O'RourkeFrank Gerard BordonaroLouis MendittoRobert Batz
    • Christopher C. O'RourkeFrank Gerard BordonaroLouis MendittoRobert Batz
    • G06F21/00
    • H04L63/0227H04L63/1408H04L63/1441
    • Techniques for responding to intrusions on a packet switched network include receiving user data at a subscriber-aware gateway server between a network access server and a content server. The user data includes subscriber identifier data that indicates a unique identifier for a particular user, network address data that indicates a network address for a host used by the particular user, NAS data that indicates an identifier for the network access server, flow list data that indicates one or more open data packet flows, and suspicious activity data. The suspicious activity data indicates a value for a property of the open data packet flows that indicates suspicious activity. It is determined whether an intrusion condition is satisfied based on the suspicious activity data. If the intrusion condition is satisfied, then the gateway responds based at least in part on user data other than the network address data.
    • 用于响应分组交换网络上的入侵的技术包括在网络接入服务器和内容服务器之间的用户感知网关服务器处接收用户数据。 用户数据包括指示特定用户的唯一标识符的用户标识符数据,指示特定用户使用的主机的网络地址的网络地址数据,指示网络接入服务器的标识符的NAS数据, 指示一个或多个打开的数据分组流和可疑活动数据。 可疑活动数据表示指示可疑活动的开放数据分组流的属性的值。 基于可疑活动数据确定是否满足入侵条件。 如果入侵条件满足,则网关至少部分地基于除了网络地址数据之外的用户数据进行响应。