专利快速检索-快速检索全球专利，免费商用专利数据库-IPRDB

1. 发明授权

US07093280B2 Internet security system 有权
公开(公告)号：US07093280B2
公开(公告)日：2006-08-15
申请号：US09967893
申请日：2001-09-27
申请人： Yan Ke , Yuming Mao , Wilson Xu , Brian Yean-Shiang Leu
发明人： Yan Ke , Yuming Mao , Wilson Xu , Brian Yean-Shiang Leu
IPC分类号： H04L9/32 , G06F17/00
CPC分类号： H04L63/02 , H04L12/4641 , H04L12/4645 , H04L12/467 , H04L49/25 , H04L49/351 , H04L49/354 , H04L63/0209 , H04L63/0272 , H04L63/08 , H04L63/20
摘要： Methods and apparatus, including computer program products, implementing and using techniques for processing a data packet in a packet forwarding device. A data packet is received. A virtual local area network destination is determined for the received data packet, and a set of rules associated with the virtual local area network destination is identified. The rules are applied to the data packet. If a virtual local area network destination has been determined for the received data packet, the data packet is output to the destination, using the result from the application of the rules. If no destination has been determined, the data packet is dropped. A security system for partitioning security system resources into a plurality of separate security domains that are configurable to enforce one or more policies and to allocate security system resources to the one or more security domains, is also described.

2. 发明授权

US09185075B2 Internet security system 有权
公开(公告)号：US09185075B2
公开(公告)日：2015-11-10
申请号：US11422477
申请日：2006-06-06
申请人： Yan Ke , Yuming Mao , Wilson Xu , Brian Yean-Shiang Leu
发明人： Yan Ke , Yuming Mao , Wilson Xu , Brian Yean-Shiang Leu
IPC分类号： H04L29/06 , H04L12/46 , H04L12/931 , H04L12/947
CPC分类号： H04L63/02 , H04L12/4641 , H04L12/4645 , H04L12/467 , H04L49/25 , H04L49/351 , H04L49/354 , H04L63/0209 , H04L63/0272 , H04L63/08 , H04L63/20
摘要： Methods and apparatus, including computer program products, implementing and using techniques for processing a data packet in a packet forwarding device. A data packet is received. A virtual local area network destination is determined for the received data packet, and a set of rules associated with the virtual local area network destination is identified. The rules are applied to the data packet. If a virtual local area network destination has been determined for the received data packet, the data packet is output to the destination, using the result from the application of the rules. If no destination has been determined, the data packet is dropped. A security system for partitioning security system resources into a plurality of separate security domains that are configurable to enforce one or more policies and to allocate security system resources to the one or more security domains, is also described.

3. 发明申请

US20060209836A1 INTERNET SECURITY SYSTEM 有权
标题翻译：互联网安全系统
公开(公告)号：US20060209836A1
公开(公告)日：2006-09-21
申请号：US11422477
申请日：2006-06-06
申请人： Yan Ke , Yuming Mao , Wilson Xu , Brian Leu
发明人： Yan Ke , Yuming Mao , Wilson Xu , Brian Leu
IPC分类号： H04L12/28 , H04L12/56
CPC分类号： H04L63/02 , H04L12/4641 , H04L12/4645 , H04L12/467 , H04L49/25 , H04L49/351 , H04L49/354 , H04L63/0209 , H04L63/0272 , H04L63/08 , H04L63/20
摘要： Methods and apparatus, including computer program products, implementing and using techniques for processing a data packet in a packet forwarding device. A data packet is received. A virtual local area network destination is determined for the received data packet, and a set of rules associated with the virtual local area network destination is identified. The rules are applied to the data packet. If a virtual local area network destination has been determined for the received data packet, the data packet is output to the destination, using the result from the application of the rules. If no destination has been determined, the data packet is dropped. A security system for partitioning security system resources into a plurality of separate security domains that are configurable to enforce one or more policies and to allocate security system resources to the one or more security domains, is also described.
摘要翻译：方法和装置，包括计算机程序产品，用于在分组转发设备中处理数据分组的实现和使用技术。接收到数据包。确定接收的数据分组的虚拟局域网目的地，并且识别与虚拟局域网目的地相关联的一组规则。规则被应用于数据包。如果已经为接收的数据分组确定了虚拟局域网目的地，则使用规则的应用结果将数据分组输出到目的地。如果没有确定目的地，则丢弃数据包。还描述了用于将安全系统资源划分为可配置为执行一个或多个策略并将安全系统资源分配给所述一个或多个安全域的安全系统资源的安全系统。

4. 发明授权

US08654779B1 Network security device and method 有权
标题翻译：网络安全设备及方法
公开(公告)号：US08654779B1
公开(公告)日：2014-02-18
申请号：US13302808
申请日：2011-11-22
申请人： Yan Ke , Yuming Mao , Jian Tong , Guangsong Huang
发明人： Yan Ke , Yuming Mao , Jian Tong , Guangsong Huang
IPC分类号： H04L12/28
CPC分类号： H04L63/0236 , H04L63/0272 , H04L63/1416
摘要： Methods and apparatus, including computer program products, implementing and using techniques for processing a data packet. An input port receives a data packet, a switching board classifies the data packet, determines whether the data packet should be accepted, and switches the data packet to a management board if the data packet is a first data packet in a session, and to a processing board if the data packet is not a first data packet in a session. A management board receives a data packet from the switching board, examines the data packet and forwards the data packet to one of the processing boards. One or more processing boards receives non-first data packets from the switching board and data packets from the management board and processes the data packets. A firewall and a secure gateway with firewall and virtual private network functionality for processing a data packet are also described.
摘要翻译：方法和装置，包括计算机程序产品，用于处理数据包的实现和使用技术。输入端口接收数据包，交换板对数据包进行分类，确定是否接受数据包，如果数据包是会话中的第一个数据包，则将数据包切换到管理板，处理板，如果数据包不是会话中的第一个数据包。管理板从交换板接收数据包，检查数据包，并将数据包转发到其中一个处理板。一个或多个处理板从交换板和来自管理板的数据分组接收非第一数据分组并处理数据分组。还描述了防火墙和具有用于处理数据分组的防火墙和虚拟专用网络功能的安全网关。

5. 发明授权

US08068487B1 Network security device and method 有权
标题翻译：网络安全设备及方法
公开(公告)号：US08068487B1
公开(公告)日：2011-11-29
申请号：US12551034
申请日：2009-08-31
申请人： Yan Ke , Yuming Mao , Jian Tong , Guangsong Huang
发明人： Yan Ke , Yuming Mao , Jian Tong , Guangsong Huang
IPC分类号： H04L12/28
CPC分类号： H04L63/0236 , H04L63/0272 , H04L63/1416
摘要： A device described herein may include an input port operable to receive data packets; a switching board operable to classify the data packets, determine whether the data packets should be accepted by the device, and determine whether received data packets are first data packets in a session; a management board operable to receive the data packets from the switching board that were determined by the switching board to be the first data packets in a session; and one or more processing boards operable to receive data packets from the switching board that were determined by the switching board to not be the first data packets in a session and to process the received data packets.
摘要翻译：本文描述的设备可以包括可操作以接收数据分组的输入端口; 切换板，用于对数据分组进行分类，确定数据分组是否应该被设备接受，并确定接收的数据分组是否是会话中的第一数据分组; 管理板，其可操作以从交换板接收由交换板确定为会话中的第一数据分组的数据分组; 以及一个或多个处理板，其可操作以从交换板接收由交换板确定的不是会话中的第一数据分组的数据分组，并处理接收到的数据分组。

6. 发明授权

US07774836B1 Method, apparatus and computer program product for a network firewall 有权
标题翻译：网络防火墙的方法，设备和计算机程序产品
公开(公告)号：US07774836B1
公开(公告)日：2010-08-10
申请号：US11461798
申请日：2006-08-02
申请人： Ken Xie , Yan Ke , Yuming Mao
发明人： Ken Xie , Yan Ke , Yuming Mao
IPC分类号： G06F9/00 , G06F17/00
CPC分类号： H04L12/66 , H04L63/0263
摘要： An improved firewall for providing network security is described. The improved firewall provides for dynamic rule generation, as well using conventional fixed rules. This improvement is provided without significant increase in the processing time required for most packets. Additionally, the improved firewall provides for translation of IP addresses between the firewall and the internal network.
摘要翻译：描述了用于提供网络安全性的改进的防火墙。改进的防火墙提供动态规则生成，以及使用传统的固定规则。提供这种改进而不显着增加大多数分组所需的处理时间。此外，改进的防火墙提供了防火墙和内部网络之间的IP地址转换。

7. 发明授权

US07602775B1 Internet security device and method 有权
标题翻译：互联网安全设备和方法
公开(公告)号：US07602775B1
公开(公告)日：2009-10-13
申请号：US11428235
申请日：2006-06-30
申请人： Yan Ke , Yuming Mao , Jian Tong , Guangsong Huang
发明人： Yan Ke , Yuming Mao , Jian Tong , Guangsong Huang
IPC分类号： H04Q11/00
CPC分类号： H04L63/0236 , H04L63/0272 , H04L63/1416
摘要： A device described herein may include an input port operable to receive data packets; a switching board operable to classify the data packets, determine whether the data packets should be accepted by the device, and determine whether received data packets are first data packets in a session; a management board operable to receive the data packets from the switching board that were determined by the switching board to be the first data packets in a session; and one or more processing boards operable to receive data packets from the switching board that were determined by the switching board to not be the first data packets in a session and to process the received data packets.
摘要翻译：本文描述的设备可以包括可操作以接收数据分组的输入端口; 切换板，用于对数据分组进行分类，确定数据分组是否应该被设备接受，并确定接收的数据分组是否是会话中的第一数据分组; 管理板，其可操作以从交换板接收由交换板确定为会话中的第一数据分组的数据分组; 以及一个或多个处理板，其可操作以从交换板接收由交换板确定的不是会话中的第一数据分组的数据分组，并处理接收到的数据分组。

8. 发明授权

US07107612B1 Method, apparatus and computer program product for a network firewall 有权
标题翻译：网络防火墙的方法，设备和计算机程序产品
公开(公告)号：US07107612B1
公开(公告)日：2006-09-12
申请号：US10893283
申请日：2004-07-19
申请人： Ken Xie , Yan Ke , Yuming Mao
发明人： Ken Xie , Yan Ke , Yuming Mao
IPC分类号： G06F7/04 , G06F9/00
CPC分类号： H04L12/66 , H04L63/0263
摘要： An improved firewall for providing network security is described. The improved firewall provides for dynamic rule generation, as well using conventional fixed rules. This improvement is provided without significant increase in the processing time required for most packets. Additionally, the improved firewall provides for translation of IP addresses between the firewall and the internal network.
摘要翻译：描述了用于提供网络安全性的改进的防火墙。改进的防火墙提供动态规则生成，以及使用传统的固定规则。提供这种改进而不显着增加大多数分组所需的处理时间。此外，改进的防火墙提供了防火墙和内部网络之间的IP地址转换。

9. 发明授权

US07823195B1 Method, apparatus and computer program product for a network firewall 有权
公开(公告)号：US07823195B1
公开(公告)日：2010-10-26
申请号：US11842018
申请日：2007-08-20
申请人： Ken Xie , Yan Ke , Yuming Mao
发明人： Ken Xie , Yan Ke , Yuming Mao
IPC分类号： H04L29/06 , G06F17/00 , G06F15/16
CPC分类号： H04L12/66 , H04L63/0263
摘要： An improved firewall for providing network security is described. The improved firewall provides for dynamic rule generation, as well using conventional fixed rules. This improvement is provided without significant increase in the processing time required for most packets. Additionally, the improved firewall provides for translation of IP addresses between the firewall and the internal network.

10. 发明授权

US07095716B1 Internet security device and method 有权
标题翻译：互联网安全设备和方法
公开(公告)号：US07095716B1
公开(公告)日：2006-08-22
申请号：US10112924
申请日：2002-03-28
申请人： Yan Ke , Yuming Mao , Jian Tong , Guangsong Huang
发明人： Yan Ke , Yuming Mao , Jian Tong , Guangsong Huang
IPC分类号： H04J1/16
CPC分类号： H04L63/0236 , H04L63/0272 , H04L63/1416
摘要： Methods and apparatus, including computer program products, implementing and using techniques for processing a data packet. An input port receives a data packet, a switching board classifies the data packet, determines whether the data packet should be accepted, and switches the data packet to a management board if the data packet is a first data packet in a session, and to a processing board if the data packet is not a first data packet in a session. A management board receives a data packet from the switching board, examines the data packet and forwards the data packet to one of the processing boards. One or more processing boards receives non-first data packets from the switching board and data packets from the management board and processes the data packets. A firewall and a secure gateway with firewall and virtual private network functionality for processing a data packet are also described.
摘要翻译：方法和装置，包括计算机程序产品，用于处理数据包的实现和使用技术。输入端口接收数据包，交换板对数据包进行分类，确定是否接受数据包，如果数据包是会话中的第一个数据包，则将数据包切换到管理板，处理板，如果数据包不是会话中的第一个数据包。管理板从交换板接收数据包，检查数据包，并将数据包转发到其中一个处理板。一个或多个处理板从交换板和来自管理板的数据分组接收非第一数据分组并处理数据分组。还描述了防火墙和具有用于处理数据分组的防火墙和虚拟专用网络功能的安全网关。

你已经成功收藏专利！

检索式保存成功!

IPRDB

热门服务

关于我们

友情链接

联系方式