专利快速检索-快速检索全球专利，免费商用专利数据库-IPRDB

1. 发明授权

US09258275B2 System and method for dynamic security insertion in network virtualization 有权
标题翻译：网络虚拟化中动态安全插入的系统和方法
公开(公告)号：US09258275B2
公开(公告)日：2016-02-09
申请号：US13861220
申请日：2013-04-11
申请人： Yi Sun , Meng Xu , Jia-Jyi Roger Lian , Choung-Yaw Michael Shieh
发明人： Yi Sun , Meng Xu , Jia-Jyi Roger Lian , Choung-Yaw Michael Shieh
IPC分类号： G06F9/00 , G06F15/16 , G06F17/00 , H04L29/06 , H04L12/725 , H04L12/64 , H04L29/08 , H04L12/721 , H04L12/701
CPC分类号： H04L63/0227 , H04L12/6418 , H04L45/00 , H04L45/306 , H04L45/44 , H04L67/327
摘要： A method and apparatus for dynamic security insertion into virtualized networks is described. The method may include receiving, at a network device from a second network device, a data packet and application data extracted from the data packet. The method may also include generating a routing decision for a network connection associated with the data packet based, at least in part, on the application data. Furthermore, the method may include transmitting the routing decision for the data packet to the second device for the second device to route the data based on the routing decision.
摘要翻译：描述了用于动态安全插入到虚拟网络中的方法和装置。该方法可以包括在网络设备处从第二网络设备接收从数据分组提取的数据分组和应用数据。该方法还可以包括至少部分地基于应用数据生成与数据分组相关联的网络连接的路由决定。此外，该方法可以包括将用于数据分组的路由决定发送到第二设备以使第二设备基于路由决定来路由数据。

2. 发明授权

US08955093B2 Cooperative network security inspection 有权
标题翻译：合作网络安全检查
公开(公告)号：US08955093B2
公开(公告)日：2015-02-10
申请号：US13860408
申请日：2013-04-10
申请人： Choung-Yaw Michael Shieh , Meng Xu , Yi Sun , Jia-Jyi Roger Lian
发明人： Choung-Yaw Michael Shieh , Meng Xu , Yi Sun , Jia-Jyi Roger Lian
IPC分类号： H04L29/06
CPC分类号： H04L63/0218 , H04L63/0227 , H04L63/0263
摘要： A network system includes a security device and a network access device. The network access device is to receive a packet from a source node destined to a destination node, and to examine a data structure maintained by the network access device to determine whether the data structure stores a data member having a predetermined value, the data member indicating whether the packet should undergo security processing. If the data member matches the predetermined value, the packet is transmitted to a security device associated with the network access device to allow the security device to perform content inspection, and in response to a response received from the security device, the packet is routed to the destination node dependent upon the response. The packet is routed to the destination node without forwarding the packet to the security device.
摘要翻译：网络系统包括安全设备和网络接入设备。网络接入设备是从目的地节点的源节点接收分组，并检查由网络接入设备维护的数据结构，以确定数据结构是否存储具有预定值的数据成员，数据成员指示是否应该进行安全处理。如果数据成员与预定值相匹配，则将分组发送到与网络接入设备相关联的安全设备，以允许安全设备执行内容检查，并且响应于从安全设备接收到的响应，将分组路由到目标节点取决于响应。分组被路由到目的地节点，而不将分组转发到安全设备。

3. 发明申请

US20130275592A1 ADAPTIVE SESSION FORWARDING FOLLOWING VIRTUAL MACHINE MIGRATION DETECTION 审中-公开
标题翻译：针对虚拟机移动检测的自适应会话
公开(公告)号：US20130275592A1
公开(公告)日：2013-10-17
申请号：US13860404
申请日：2013-04-10
申请人： Meng Xu , Yi Sun , Hsisheng Wang , Choung-Yaw Michael Shieh
发明人： Meng Xu , Yi Sun , Hsisheng Wang , Choung-Yaw Michael Shieh
IPC分类号： H04L12/56
CPC分类号： H04L45/14 , G06F9/45558 , G06F2009/4557 , G06F2009/45595 , H04L45/02 , H04L63/0209 , H04L63/20
摘要： A network system includes a first network access device having an input/output (IO) module of a firewall to capture a packet of a network session originated from a first node associated with the first network access device, a first security device having a firewall processing module to determine based on the captured packet whether the first node is a destination node that is receiving VM migration from a second node that is associated with a second network access device. The first security device is to update a first flow table within the first network access device. The network system further includes a second security device to receive a message from the first security device concerning the VM migration to update a second flow table of the second network access device, such that further network traffic of the network session is routed to the first node without interrupting the network session.
摘要翻译：网络系统包括具有防火墙的输入/输出（IO）模块的第一网络接入设备，用于捕获从与第一网络接入设备相关联的第一节点发起的网络会话的分组，具有防火墙处理的第一安全设备模块，以基于所捕获的分组确定所述第一节点是否是从与第二网络接入设备相关联的第二节点接收VM迁移的目的地节点。第一安全设备是更新第一网络接入设备内的第一流表。网络系统还包括第二安全设备，用于从第一安全设备接收关于VM迁移的消息以更新第二网络接入设备的第二流表，使得网络会话的另外的网络业务路由到第一节点而不会中断网络会话。

4. 发明授权

US09294302B2 Non-fragmented IP packet tunneling in a network 有权
标题翻译：网络中非分片IP分组隧道
公开(公告)号：US09294302B2
公开(公告)日：2016-03-22
申请号：US13847881
申请日：2013-03-20
申请人： Yi Sun , Meng Xu , Choung-Yaw Michael Shieh
发明人： Yi Sun , Meng Xu , Choung-Yaw Michael Shieh
IPC分类号： H04L12/46 , H04L29/06
CPC分类号： H04L12/4633 , H04L69/166
摘要： A method and apparatus is disclosed herein for IP packet tunneling in a network. In one embodiment, the method comprises receiving, at a first network device, a first IP packet of a IP connection; creating a second IP packet by replacing information in a field in the first IP packet with a session ID identifying the IP connection; and forwarding, by the first network device, the second IP packet to the second network device in the distributed network environment.
摘要翻译：本文公开了一种用于网络中的IP分组隧道的方法和装置。在一个实施例中，该方法包括在第一网络设备处接收IP连接的第一IP分组; 通过用识别IP连接的会话ID替换第一IP分组中的字段中的信息来创建第二IP分组; 以及由所述第一网络设备将所述第二IP分组转发到所述分布式网络环境中的所述第二网络设备。

5. 发明申请

US20130291088A1 COOPERATIVE NETWORK SECURITY INSPECTION 有权
标题翻译：合作网络安全检查
公开(公告)号：US20130291088A1
公开(公告)日：2013-10-31
申请号：US13860408
申请日：2013-04-10
申请人： Choung-Yaw Michael Shieh , Meng Xu , Yi Sun , Jia-Jyi Roger Lian
发明人： Choung-Yaw Michael Shieh , Meng Xu , Yi Sun , Jia-Jyi Roger Lian
IPC分类号： H04L29/06
CPC分类号： H04L63/0218 , H04L63/0227 , H04L63/0263
摘要： A network system includes a security device and a network access device. The network access device is to receive a packet from a source node destined to a destination node, and to examine a data structure maintained by the network access device to determine whether the data structure stores a data member having a predetermined value, the data member indicating whether the packet should undergo security processing. If the data member matches the predetermined value, the packet is transmitted to a security device associated with the network access device to allow the security device to perform content inspection, and in response to a response received from the security device, the packet is routed to the destination node dependent upon the response. The packet is routed to the destination node without forwarding the packet to the security device.
摘要翻译：网络系统包括安全设备和网络接入设备。网络接入设备是从目的地节点的源节点接收分组，并检查由网络接入设备维护的数据结构，以确定数据结构是否存储具有预定值的数据成员，数据成员指示是否应该进行安全处理。如果数据成员与预定值相匹配，则将分组发送到与网络接入设备相关联的安全设备，以允许安全设备执行内容检查，并且响应于从安全设备接收到的响应，将分组路由到目标节点取决于响应。分组被路由到目的地节点，而不将分组转发到安全设备。

6. 发明申请

US20130263245A1 DISTRIBUTED TCP SYN FLOOD PROTECTION 有权
标题翻译：分布式TCP SYN FLOOD保护
公开(公告)号：US20130263245A1
公开(公告)日：2013-10-03
申请号：US13794367
申请日：2013-03-11
申请人： Yi Sun , Meng Xu , Louis Cheung , Choung-Yaw Michael Shieh
发明人： Yi Sun , Meng Xu , Louis Cheung , Choung-Yaw Michael Shieh
IPC分类号： H04L29/06
CPC分类号： H04L63/0209 , H04L63/1458
摘要： A method and apparatus is disclosed herein for TCP SYN flood protection. In one embodiment, a TCP SYN flood protection arrangement comprises a first device operable to process packet input and output functions, including performing sender verification with respect to a connection initiation from a sender for a first TCP connection between the sender and a destination server and a second device, separate from the first device, to perform one or more security processing operations on packets of the first TCP connection from the sender after the first device verifies the sender is legitimate.
摘要翻译：本文公开了用于TCP SYN防洪的方法和装置。在一个实施例中，TCP SYN泛洪保护装置包括可操作以处理分组输入和输出功能的第一设备，包括相对于来自发送方的发送方与发送方与目的地服务器之间的第一TCP连接的连接发起执行发送方验证，以及所述第二设备与所述第一设备分离，以在所述第一设备验证所述发送者是合法之后，对来自所述发送者的所述第一TCP连接的分组执行一个或多个安全处理操作。

7. 发明申请

US20130250956A1 NON-FRAGMENTED IP PACKET TUNNELING IN A NETWORK 有权
标题翻译：网络中的非易碎IP分组隧道
公开(公告)号：US20130250956A1
公开(公告)日：2013-09-26
申请号：US13847881
申请日：2013-03-20
申请人： Yi Sun , Meng Xu , Choung-Yaw Michael Shieh
发明人： Yi Sun , Meng Xu , Choung-Yaw Michael Shieh
IPC分类号： H04L12/46
CPC分类号： H04L12/4633 , H04L69/166
摘要： A method and apparatus is disclosed herein for IP packet tunneling in a network. In one embodiment, the method comprises receiving, at a first network device, a first IP packet of a IP connection; creating a second IP packet by replacing information in a field in the first IP packet with a session ID identifying the IP connection; and forwarding, by the first network device, the second IP packet to the second network device in the distributed network environment.
摘要翻译：本文公开了一种用于网络中的IP分组隧道的方法和装置。在一个实施例中，该方法包括在第一网络设备处接收IP连接的第一IP分组; 通过用识别IP连接的会话ID替换第一IP分组中的字段中的信息来创建第二IP分组; 以及由所述第一网络设备将所述第二IP分组转发到所述分布式网络环境中的所述第二网络设备。

8. 发明授权

US09742732B2 Distributed TCP SYN flood protection 有权
公开(公告)号：US09742732B2
公开(公告)日：2017-08-22
申请号：US13794367
申请日：2013-03-11
申请人： Yi Sun , Meng Xu , Lee Cheung , Choung-Yaw Michael Shieh
发明人： Yi Sun , Meng Xu , Lee Cheung , Choung-Yaw Michael Shieh
IPC分类号： H04L29/06
CPC分类号： H04L63/0209 , H04L63/1458
摘要： A method and apparatus is disclosed herein for TCP SYN flood protection. In one embodiment, a TCP SYN flood protection arrangement comprises a first device operable to process packet input and output functions, including performing sender verification with respect to a connection initiation from a sender for a first TCP connection between the sender and a destination server and a second device, separate from the first device, to perform one or more security processing operations on packets of the first TCP connection from the sender after the first device verifies the sender is legitimate.

9. 发明授权

US09419941B2 Distributed computer network zone based security architecture 有权
标题翻译：基于分布式计算机网络区域的安全架构
公开(公告)号：US09419941B2
公开(公告)日：2016-08-16
申请号：US13849315
申请日：2013-03-22
申请人： Yi Sun , Meng Xu , Lee Cheung , Hsisheng Wang , Chuong-Yaw Michael Shieh
发明人： Yi Sun , Meng Xu , Lee Cheung , Hsisheng Wang , Chuong-Yaw Michael Shieh
IPC分类号： H04L29/06
CPC分类号： H04L63/0209 , H04L63/104
摘要： A method and apparatus is disclosed herein for distributed zone-based security. In one embodiment, the method comprises: determining an ingress security zone associated with an ingress of a first network device based on a first key and a media access control (MAC) address of a source of a packet; determining an egress security zone of a second network device based on a MAC address of a destination for the packet and a second key; performing a policy lookup based on the ingress security zone and the egress security zone to identify a policy to apply to the packet; and applying the policy to the packet.
摘要翻译：本文公开了一种用于分布式区域安全性的方法和装置。在一个实施例中，该方法包括：基于分组的源的第一密钥和媒体访问控制（MAC）地址来确定与第一网络设备的入口相关联的入口安全区域; 基于所述分组的目的地的MAC地址和第二密钥来确定第二网络设备的出口安全区域; 基于进入安全区域和出口安全区域执行策略查找，以识别应用于分组的策略; 并将策略应用于数据包。

10. 发明授权

US10333827B2 Adaptive session forwarding following virtual machine migration detection 有权
公开(公告)号：US10333827B2
公开(公告)日：2019-06-25
申请号：US13860404
申请日：2013-04-10
申请人： Meng Xu , Yi Sun , Hsisheng Wang , Choung-Yaw Shieh
发明人： Meng Xu , Yi Sun , Hsisheng Wang , Choung-Yaw Shieh
IPC分类号： G06F15/173 , H04L12/721 , H04L29/06 , G06F9/455 , H04L12/751
摘要： A network system includes a first network access device having an input/output (IO) module of a firewall to capture a packet of a network session originated from a first node associated with the first network access device, a first security device having a firewall processing module to determine based on the captured packet whether the first node is a destination node that is receiving VM migration from a second node that is associated with a second network access device. The first security device is to update a first flow table within the first network access device. The network system further includes a second security device to receive a message from the first security device concerning the VM migration to update a second flow table of the second network access device, such that further network traffic of the network session is routed to the first node without interrupting the network session.

你已经成功收藏专利！

检索式保存成功!

IPRDB

热门服务

关于我们

友情链接

联系方式