专利快速检索-快速检索全球专利，免费商用专利数据库-IPRDB

1. 发明授权

US08891550B2 Platform independent configuration of multiple network services 有权
标题翻译：平台独立配置多个网络服务
公开(公告)号：US08891550B2
公开(公告)日：2014-11-18
申请号：US11355023
申请日：2006-02-15
申请人： Lap T. Huynh , Dinakaran Joseph , Linwood H. Overby, Jr. , Mark T. Wright
发明人： Lap T. Huynh , Dinakaran Joseph , Linwood H. Overby, Jr. , Mark T. Wright
IPC分类号： H04J3/16 , H04J3/22 , H04L29/06
CPC分类号： H04L63/105 , H04L63/166
摘要： Embodiments of the present invention address deficiencies of the art in respect to network services protocol implementation configuration and provide a method, system and computer program product for platform independent configuration of multiple network services protocol implementations. In one embodiment of the invention, a method for configuring a network services protocol implementation can include configuring a platform independent configuration for a network services protocol implementation. Thereafter, a target node can be selected to receive a deployment of the network services protocol implementation and the configured platform independent configuration can be transformed into a platform specific configuration for the target node. Finally, the transformed platform specific configuration can be deployed onto the target node.
摘要翻译：本发明的实施例解决了关于网络服务协议实现配置的本领域的缺陷，并提供了用于多个网络服务协议实现的用于独立于平台的配置的方法，系统和计算机程序产品。在本发明的一个实施例中，用于配置网络服务协议实现的方法可以包括为网络服务协议实现配置与平台无关的配置。此后，可以选择目标节点以接收网络服务协议实现的部署，并且将配置的平台无关配置转换为目标节点的平台特定配置。最后，转换的平台特定配置可以部署到目标节点上。

2. 发明授权

US09715401B2 Securing live migration of a virtual machine from a secure virtualized computing environment, over an unsecured network, to a different virtualized computing environment 有权
公开(公告)号：US09715401B2
公开(公告)日：2017-07-25
申请号：US12210249
申请日：2008-09-15
申请人： Wesley M. Devine , Sivaram Gottimukkala , Lap T. Huynh , Dinakaran Joseph , Michael S. Law , Linwood H. Overby, Jr.
发明人： Wesley M. Devine , Sivaram Gottimukkala , Lap T. Huynh , Dinakaran Joseph , Michael S. Law , Linwood H. Overby, Jr.
IPC分类号： G06F9/455
CPC分类号： G06F9/45558 , G06F9/4856 , G06F2009/4557
摘要： In an embodiment of the invention, a method for secure live migration of a virtual machine (VM) in a virtualized computing environment can include selecting a VM in a secure virtualized computing environment for live migration to a different virtualized computing environment and blocking data communications with the selected VM and other VMs in the secure virtualized computing environment. The selected VM can be live migrated to the different virtualized computing environment and the VM can be restarted in the different virtualized computing environment. Notably, a secure communicative link can be established between the restarted VM and at least one other of the VMs in the secure virtualized computing environment. Finally, data communications between the restarted VM and the at least one other of the VMs can be enabled over the secure communicative link.

3. 发明申请

US20100071025A1 SECURING LIVE MIGRATION OF A VIRTUAL MACHINE WITHIN A SERVICE LANDSCAPE 有权
标题翻译：维护虚拟机在服务环境中的实时移动
公开(公告)号：US20100071025A1
公开(公告)日：2010-03-18
申请号：US12210249
申请日：2008-09-15
申请人： Wesley M. Devine , Sivaram Gottimukkala , Lap T. Huynh , Dinakaran Joseph , Michael S. Law , Linwood H. Overby, JR.
发明人： Wesley M. Devine , Sivaram Gottimukkala , Lap T. Huynh , Dinakaran Joseph , Michael S. Law , Linwood H. Overby, JR.
IPC分类号： H04L9/00 , G06F21/00 , G06F9/455
CPC分类号： G06F9/45558 , G06F9/4856 , G06F2009/4557
摘要： In an embodiment of the invention, a method for secure live migration of a virtual machine (VM) in a virtualized computing environment can include selecting a VM in a secure virtualized computing environment for live migration to a different virtualized computing environment and blocking data communications with the selected VM and other VMs in the secure virtualized computing environment. The selected VM can be live migrated to the different virtualized computing environment and the VM cna be restarted in the different virtualized computing environment. Notably, a secure communicative link can be established between the restarted VM and at least one other of the VMs in the secure virtualized computing environment. Finally, data communications between the restarted VM and the at least one other of the VMs can be enabled over the secure communicative link.
摘要翻译：在本发明的一个实施例中，用于虚拟计算环境中的虚拟机（VM）的安全实时迁移的方法可以包括在安全虚拟化计算环境中选择虚拟机，以便实时迁移到不同的虚拟化计算环境并阻止与安全虚拟化计算环境中选定的虚拟机和其他虚拟机。所选择的虚拟机可以实时迁移到不同的虚拟化计算环境中，并且在不同的虚拟化计算环境中重新启动VM。值得注意的是，可以在重新启动的VM和安全虚拟化计算环境中的至少另一个VM之间建立安全的通信链路。最后，可以通过安全通信链路来启用重新启动的VM与至少另一个VM之间的数据通信。

4. 发明授权

US08925081B2 Application based intrusion detection 有权
标题翻译：基于应用的入侵检测
公开(公告)号：US08925081B2
公开(公告)日：2014-12-30
申请号：US13469357
申请日：2012-05-11
申请人： Lap T. Huynh , Linwood H. Overby, Jr.
发明人： Lap T. Huynh , Linwood H. Overby, Jr.
IPC分类号： H04L29/06 , G06F21/55
CPC分类号： G06F21/554
摘要： Intrusion detection is performed by communicating an initialization request from an intrusion detection system enabled application to an intrusion module to begin intrusion detection. Also, a request is communicated to a policy transfer agent to provide an intrusion detection system policy specifically configured for the application. The application identifies where in the application code the intrusion detection system policy is to be checked against an incoming or outgoing communication. Information obtained by the application program is selectively evaluated against information in the intrusion detection system policy. A conditional response is made based upon information in the intrusion detection system policy if an intrusion associated with the application program is detected.
摘要翻译：通过将初始化请求从入侵检测系统启用的应用程序传送到入侵模块以开始入侵检测来执行入侵检测。而且，请求被传送给策略传输代理，以提供专门为应用配置的入侵检测系统策略。该应用程序在应用程序代码中识别入侵检测系统策略要根据传入或传出通信进行检查。根据入侵检测系统策略中的信息选择性地评估由应用程序获得的信息。如果检测到与应用程序相关联的入侵，则基于入侵检测系统策略中的信息进行条件响应。

5. 发明申请

US20120222087A1 APPLICATION BASED INTRUSION DETECTION 有权
标题翻译：基于应用的入侵检测
公开(公告)号：US20120222087A1
公开(公告)日：2012-08-30
申请号：US13469357
申请日：2012-05-11
申请人： Lap T. Huynh , Linwood H. Overby, JR.
发明人： Lap T. Huynh , Linwood H. Overby, JR.
IPC分类号： G06F21/00 , G06F11/00 , G06F17/00
CPC分类号： G06F21/554
摘要： Intrusion detection is performed by communicating an initialization request from an intrusion detection system enabled application to an intrusion module to begin intrusion detection. Also, a request is communicated to a policy transfer agent to provide an intrusion detection system policy specifically configured for the application. The application identifies where in the application code the intrusion detection system policy is to be checked against an incoming or outgoing communication. Information obtained by the application program is selectively evaluated against information in the intrusion detection system policy. A conditional response is made based upon information in the intrusion detection system policy if an intrusion associated with the application program is detected.
摘要翻译：通过将初始化请求从入侵检测系统启用的应用程序传送到入侵模块以开始入侵检测来执行入侵检测。而且，请求被传送给策略传输代理，以提供专门为应用配置的入侵检测系统策略。该应用程序在应用程序代码中识别入侵检测系统策略要根据传入或传出通信进行检查。根据入侵检测系统策略中的信息选择性地评估由应用程序获得的信息。如果检测到与应用程序相关联的入侵，则基于入侵检测系统策略中的信息进行条件响应。

6. 发明申请

US20120198542A1 Shared Security Device 审中-公开
标题翻译：共享安全设备
公开(公告)号：US20120198542A1
公开(公告)日：2012-08-02
申请号：US13423788
申请日：2012-03-19
申请人： Lap T. Huynh , Constantinos Kassimis , Jeffrey A. Lucovsky , Linwood H. Overby, JR. , Jerry W. Stevens
发明人： Lap T. Huynh , Constantinos Kassimis , Jeffrey A. Lucovsky , Linwood H. Overby, JR. , Jerry W. Stevens
IPC分类号： G06F21/00 , G06F15/16
CPC分类号： H04L63/0227 , H04W4/00 , H04W8/26
摘要： A mechanism is provided for sharing one or more security appliances. A trusted system component associated with an application of a plurality of applications in a logically partitioned data processing system sets a destination address of a received packet to an address of a security appliance shared by the plurality of applications. The trusted system component sends the received packet to the security appliance. The trusted system component receives a response from the security appliance. The trusted system component determines whether the response indicates permitting the received packet to proceed to the intended recipient. The trusted system component sends the received packet to the recipient in response to the response indicating permitting the received packet to proceed.
摘要翻译：提供了一种用于共享一个或多个安全设备的机制。与逻辑分区数据处理系统中的多个应用的应用相关联的可信系统组件将接收到的分组的目的地地址设置为由多个应用共享的安全设备的地址。可信系统组件将接收到的数据包发送到安全设备。可信系统组件接收来自安全设备的响应。可信系统组件确定响应是否指示允许接收到的分组进行到预期接收者。可信系统组件响应于指示允许所接收的分组继续进行的响应，将接收的分组发送给接收者。

7. 发明授权

US08220052B2 Application based intrusion detection 有权
标题翻译：基于应用的入侵检测
公开(公告)号：US08220052B2
公开(公告)日：2012-07-10
申请号：US10457908
申请日：2003-06-10
申请人： Lap T. Huynh , Linwood H. Overby, Jr.
发明人： Lap T. Huynh , Linwood H. Overby, Jr.
IPC分类号： H04L29/06
CPC分类号： G06F21/554
摘要： A method of detecting an intrusion into a computer. At least one communication to an application program is selectively evaluated by the application program accessing an intrusion detection service to evaluate the communication.
摘要翻译：一种检测入侵计算机的方法。通过访问入侵检测服务的应用程序来选择性地评估对应用程序的至少一个通信以评估通信。

8. 发明申请

US20110126194A1 SHARED SECURITY DEVICE 审中-公开
标题翻译：共享安全设备
公开(公告)号：US20110126194A1
公开(公告)日：2011-05-26
申请号：US12624762
申请日：2009-11-24
申请人： Lap T. Huynh , Constantinos Kassimis , Jeffrey A. Lucovsky , Linwood H. Overby, JR. , Jerry W. Stevens
发明人： Lap T. Huynh , Constantinos Kassimis , Jeffrey A. Lucovsky , Linwood H. Overby, JR. , Jerry W. Stevens
IPC分类号： G06F21/00 , G06F9/455
CPC分类号： H04L63/0227 , H04W4/00 , H04W8/26
摘要： A mechanism is provided for sharing one or more security appliances. A trusted system component associated with an application of a plurality of applications in a logically partitioned data processing system sets a destination address of a received packet to an address of a security appliance shared by the plurality of applications. The trusted system component sends the received packet to the security appliance. The trusted system component receives a response from the security appliance. The trusted system component determines whether the response indicates permitting the received packet to proceed to the intended recipient. The trusted system component sends the received packet to the recipient in response to the response indicating permitting the received packet to proceed.
摘要翻译：提供了一种用于共享一个或多个安全设备的机制。与逻辑分区数据处理系统中的多个应用的应用相关联的可信系统组件将接收到的分组的目的地地址设置为由多个应用共享的安全设备的地址。可信系统组件将接收到的数据包发送到安全设备。可信系统组件接收来自安全设备的响应。可信系统组件确定响应是否指示允许接收到的分组进行到预期接收者。可信系统组件响应于指示允许所接收的分组继续进行的响应，将接收的分组发送给接收者。

9. 发明申请

US20080259790A1 RELIABLE AND RESILIENT END-TO-END CONNECTIVITY FOR HETEROGENEOUS NETWORKS 失效
标题翻译：可靠和灵活的异构网络的端到端连接
公开(公告)号：US20080259790A1
公开(公告)日：2008-10-23
申请号：US11738499
申请日：2007-04-22
申请人： Dinakaran Joseph , Jon K. Franks , Christopher N. Freeman , Sivaram Gottimukkala , Jason P. Hawrysz , Lap T. Huynh , Barry Mosakowski
发明人： Dinakaran Joseph , Jon K. Franks , Christopher N. Freeman , Sivaram Gottimukkala , Jason P. Hawrysz , Lap T. Huynh , Barry Mosakowski
IPC分类号： H04J1/16
CPC分类号： H04L41/022
摘要： Embodiments of the present invention address deficiencies of the art in respect to connectivity management in a heterogeneous network and provide a method, system and computer program product for resilient and reliable end-to-end connectivity in a heterogeneous network. In one embodiment of the invention, a method for resilient and reliable end-to-end connectivity in a heterogeneous network environment can be provided. The method can include creating an instance of an abstracted network resource model (NRM) for a heterogeneous network environment of different network resource nodes. The method further can include binding an application endpoint in the instance of the abstracted NRM with a connectivity endpoint for a first of the different network resource nodes. The method yet further can include detecting an outage in the first of the different network resource nodes. Finally, the method can include re-binding the application endpoint to a second of the different network resource nodes in response to detecting the outage.
摘要翻译：本发明的实施例解决了异构网络中的连接性管理方面的技术缺陷，并提供了用于异构网络中的弹性和可靠的端到端连接的方法，系统和计算机程序产品。在本发明的一个实施例中，可以提供一种用于异构网络环境中的弹性且可靠的端到端连接的方法。该方法可以包括为不同网络资源节点的异构网络环境创建抽象网络资源模型（NRM）的实例。该方法还可以包括将抽象NRM的实例中的应用端点与第一个不同网络资源节点的连接性端点绑定。该方法还可以包括检测第一不同网络资源节点中的中断。最后，该方法可以包括响应于检测到中断而将应用端点重新绑定到不同网络资源节点中的第二个。

10. 发明授权

US07912968B2 End-to-end (e2e) service level agreement (SLA) compliance across both managed and unmanaged network segments 失效
标题翻译：托管和非托管网段的端到端（e2e）服务级别协议（SLA）合规性
公开(公告)号：US07912968B2
公开(公告)日：2011-03-22
申请号：US11847294
申请日：2007-08-29
申请人： Michael E. Baskey , Mandis S. Beigi , Sivaram Gottimukkala , Lap T. Huynh , Dinakaran Joseph , Einar Lueck , Debanjan Saha , Sambit Sahu , Dinesh C. Verma
发明人： Michael E. Baskey , Mandis S. Beigi , Sivaram Gottimukkala , Lap T. Huynh , Dinakaran Joseph , Einar Lueck , Debanjan Saha , Sambit Sahu , Dinesh C. Verma
IPC分类号： G06F15/16
CPC分类号： H04L43/0852 , H04L41/5003 , H04L41/5009 , H04L41/5019 , H04L47/10 , H04L47/18 , H04L47/20 , H04L47/2425 , H04L47/283
摘要： Embodiments of the present invention address deficiencies of the art in respect to e2e SLA support in a network of both manageable and unmanageable portions and provide a method, system and computer program product for e2e SLA compliance across both managed and unmanaged network segments. In one embodiment of the invention, a method for e2e SLA compliance across both managed and unmanaged network segments can be provided. The method can include identifying both a managed segment and an unmanaged segment of an e2e network for a communications path implicated by an SLA, determining an observed delay for the unmanaged segment of the e2e network, computing from a desired delay for the communications path and the observed delay a differential delay, and constraining the managed segment to meet the differential delay in order to assure meeting the desired delay for the communications path implicated by the SLA.
摘要翻译：本发明的实施例解决了在可管理和不可管理部分的网络中关于e2e SLA支持的本领域的缺点，并且提供了用于在被管理网络段和非管理网段之间实现e2e SLA兼容的方法，系统和计算机程序产品。在本发明的一个实施例中，可以提供一种用于在被管理网络段和非管理网段之间执行e2e SLA兼容的方法。该方法可以包括识别由SLA所涉及的通信路径的e2e网络的管理段和非托管段，确定e2e网络的非管理段的观察到的延迟，从通信路径的期望延迟和观察延迟差分延迟，并限制被管理段以满足差分延迟，以便确保满足SLA所涉及的通信路径的期望延迟。

你已经成功收藏专利！

检索式保存成功!

IPRDB

热门服务

关于我们

友情链接

联系方式