专利快速检索-快速检索全球专利，免费商用专利数据库-IPRDB

1. 发明授权

US09529995B2 Auto discovery of virtual machines 有权
标题翻译：自动发现虚拟机
公开(公告)号：US09529995B2
公开(公告)日：2016-12-27
申请号：US13291739
申请日：2011-11-08
申请人： Choung-Yaw Michael Shieh
发明人： Choung-Yaw Michael Shieh
IPC分类号： G06F15/16 , G06F21/53 , H04L12/24 , G06F9/455
CPC分类号： G06F21/53 , G06F9/45558 , G06F2009/45575 , G06F2009/45587 , H04L41/12
摘要： A method and apparatus is disclosed herein for performing auto discovery of virtual machines. In one embodiment, the method includes monitoring, using an interface of the device, one or more packets being sent from one or more virtual machines, the one or more packets being sent determining, using a processor of the device, if one of the monitored packets includes a discovery packet from one virtual machine of the one or more virtual machines, wherein the discovery packet includes an address of a destination location; sending, using the interface of the device, a reply packet to the one virtual machine using an address in the discovery packet identified in the monitored packets, the reply packet including an Internet Protocol (IP) address of the device.
摘要翻译：本文公开了一种用于执行虚拟机的自动发现的方法和装置。在一个实施例中，所述方法包括使用所述设备的接口来监视从一个或多个虚拟机发送的一个或多个分组，所述一个或多个分组被发送，使用所述设备的处理器确定所监测的分组包括来自所述一个或多个虚拟机的一个虚拟机的发现分组，其中所述发现分组包括目的地位置的地址; 使用所述设备的接口向所述一个虚拟机发送使用所监视的分组中标识的发现分组中的地址的应答分组，所述应答分组包括所述设备的因特网协议（IP）地址。

2. 发明授权

US08612744B2 Distributed firewall architecture using virtual machines 有权
标题翻译：使用虚拟机的分布式防火墙体系结构
公开(公告)号：US08612744B2
公开(公告)日：2013-12-17
申请号：US13363088
申请日：2012-01-31
申请人： Choung-Yaw Michael Shieh
发明人： Choung-Yaw Michael Shieh
IPC分类号： H04L29/06 , G06F21/00
CPC分类号： H04L63/0218 , H04L63/0236
摘要： A distributed firewall of a gateway device includes at least one IO module for performing IO functionality of the distributed firewall, at least one security processing module for performing security functionality of the distributed firewall and a firewall controller for managing the IO module and the security processing module. Each of the at least one IO and security processing modules is executed within a virtual machine. In response to a packet received from an ingress interface, the at least one IO module is to identify a security processing module corresponding to a connections session associated with the packet, to transmit the packet to the identified security processing module to perform a security process on the packet, and in response to a signal received from the identified security processing module indicating that the security process has been completed, to transmit the packet to the egress interface.
摘要翻译：网关设备的分布式防火墙包括用于执行分布式防火墙的IO功能的至少一个IO模块，用于执行分布式防火墙的安全功能的至少一个安全处理模块和用于管理IO模块和安全处理模块的防火墙控制器。所述至少一个IO和安全处理模块中的每一个在虚拟机内执行。响应于从入口接口接收到的分组，所述至少一个IO模块用于识别对应于与所述分组相关联的连接会话的安全处理模块，以将分组发送到所识别的安全处理模块，以执行对并且响应于从所识别的安全处理模块接收到的指示安全处理已经完成的信号，将分组发送到出口接口。

3. 发明授权

US09294302B2 Non-fragmented IP packet tunneling in a network 有权
标题翻译：网络中非分片IP分组隧道
公开(公告)号：US09294302B2
公开(公告)日：2016-03-22
申请号：US13847881
申请日：2013-03-20
申请人： Yi Sun , Meng Xu , Choung-Yaw Michael Shieh
发明人： Yi Sun , Meng Xu , Choung-Yaw Michael Shieh
IPC分类号： H04L12/46 , H04L29/06
CPC分类号： H04L12/4633 , H04L69/166
摘要： A method and apparatus is disclosed herein for IP packet tunneling in a network. In one embodiment, the method comprises receiving, at a first network device, a first IP packet of a IP connection; creating a second IP packet by replacing information in a field in the first IP packet with a session ID identifying the IP connection; and forwarding, by the first network device, the second IP packet to the second network device in the distributed network environment.
摘要翻译：本文公开了一种用于网络中的IP分组隧道的方法和装置。在一个实施例中，该方法包括在第一网络设备处接收IP连接的第一IP分组; 通过用识别IP连接的会话ID替换第一IP分组中的字段中的信息来创建第二IP分组; 以及由所述第一网络设备将所述第二IP分组转发到所述分布式网络环境中的所述第二网络设备。

4. 发明申请

US20130291088A1 COOPERATIVE NETWORK SECURITY INSPECTION 有权
标题翻译：合作网络安全检查
公开(公告)号：US20130291088A1
公开(公告)日：2013-10-31
申请号：US13860408
申请日：2013-04-10
申请人： Choung-Yaw Michael Shieh , Meng Xu , Yi Sun , Jia-Jyi Roger Lian
发明人： Choung-Yaw Michael Shieh , Meng Xu , Yi Sun , Jia-Jyi Roger Lian
IPC分类号： H04L29/06
CPC分类号： H04L63/0218 , H04L63/0227 , H04L63/0263
摘要： A network system includes a security device and a network access device. The network access device is to receive a packet from a source node destined to a destination node, and to examine a data structure maintained by the network access device to determine whether the data structure stores a data member having a predetermined value, the data member indicating whether the packet should undergo security processing. If the data member matches the predetermined value, the packet is transmitted to a security device associated with the network access device to allow the security device to perform content inspection, and in response to a response received from the security device, the packet is routed to the destination node dependent upon the response. The packet is routed to the destination node without forwarding the packet to the security device.
摘要翻译：网络系统包括安全设备和网络接入设备。网络接入设备是从目的地节点的源节点接收分组，并检查由网络接入设备维护的数据结构，以确定数据结构是否存储具有预定值的数据成员，数据成员指示是否应该进行安全处理。如果数据成员与预定值相匹配，则将分组发送到与网络接入设备相关联的安全设备，以允许安全设备执行内容检查，并且响应于从安全设备接收到的响应，将分组路由到目标节点取决于响应。分组被路由到目的地节点，而不将分组转发到安全设备。

5. 发明授权

US09191327B2 Distributed service processing of network gateways using virtual machines 有权
标题翻译：使用虚拟机的网络网关的分布式服务处理
公开(公告)号：US09191327B2
公开(公告)日：2015-11-17
申请号：US13363082
申请日：2012-01-31
申请人： Choung-Yaw Michael Shieh
发明人： Choung-Yaw Michael Shieh
IPC分类号： H04L12/803 , H04L29/06 , H04L12/813
CPC分类号： H04L67/32 , G06F9/45533 , G06F9/45558 , G06F2009/45595 , H04L41/0896 , H04L47/125 , H04L47/20 , H04L63/0209 , H04L65/1033 , H04L67/10 , H04L67/14 , H04W28/20
摘要： A network gateway device includes an ingress interface, an egress interface, and a load balancing module coupled to the ingress and egress interfaces. The load balancing module configured to receive a packet from the ingress interface, determine a set of a plurality of processes corresponding a connections session associated with the packet based on a policy. For each of the identified processes, the load balancing module is to identify a service processing module executed by a virtual machine that is capable of handling the identified process, and to send the packet to the identified service processing module to perform the identified process on the packet. The packet is then transmitted to the egress interface of the gateway device to be forwarded to a destination.
摘要翻译：网络网关设备包括入口接口，出口接口和耦合到入口和出口接口的负载均衡模块。所述负载平衡模块被配置为从所述入口接口接收分组，基于策略来确定与所述分组相关联的连接会话的多个进程的集合。对于每个所识别的进程，负载平衡模块是识别由能够处理所识别的进程的虚拟机执行的服务处理模块，并且将该分组发送到所识别的服务处理模块，以在所述进程上执行所识别的进程包。然后将分组发送到网关设备的出口接口，以转发到目的地。

6. 发明申请

US20130263245A1 DISTRIBUTED TCP SYN FLOOD PROTECTION 有权
标题翻译：分布式TCP SYN FLOOD保护
公开(公告)号：US20130263245A1
公开(公告)日：2013-10-03
申请号：US13794367
申请日：2013-03-11
申请人： Yi Sun , Meng Xu , Louis Cheung , Choung-Yaw Michael Shieh
发明人： Yi Sun , Meng Xu , Louis Cheung , Choung-Yaw Michael Shieh
IPC分类号： H04L29/06
CPC分类号： H04L63/0209 , H04L63/1458
摘要： A method and apparatus is disclosed herein for TCP SYN flood protection. In one embodiment, a TCP SYN flood protection arrangement comprises a first device operable to process packet input and output functions, including performing sender verification with respect to a connection initiation from a sender for a first TCP connection between the sender and a destination server and a second device, separate from the first device, to perform one or more security processing operations on packets of the first TCP connection from the sender after the first device verifies the sender is legitimate.
摘要翻译：本文公开了用于TCP SYN防洪的方法和装置。在一个实施例中，TCP SYN泛洪保护装置包括可操作以处理分组输入和输出功能的第一设备，包括相对于来自发送方的发送方与发送方与目的地服务器之间的第一TCP连接的连接发起执行发送方验证，以及所述第二设备与所述第一设备分离，以在所述第一设备验证所述发送者是合法之后，对来自所述发送者的所述第一TCP连接的分组执行一个或多个安全处理操作。

7. 发明申请

US20130250956A1 NON-FRAGMENTED IP PACKET TUNNELING IN A NETWORK 有权
标题翻译：网络中的非易碎IP分组隧道
公开(公告)号：US20130250956A1
公开(公告)日：2013-09-26
申请号：US13847881
申请日：2013-03-20
申请人： Yi Sun , Meng Xu , Choung-Yaw Michael Shieh
发明人： Yi Sun , Meng Xu , Choung-Yaw Michael Shieh
IPC分类号： H04L12/46
CPC分类号： H04L12/4633 , H04L69/166
摘要： A method and apparatus is disclosed herein for IP packet tunneling in a network. In one embodiment, the method comprises receiving, at a first network device, a first IP packet of a IP connection; creating a second IP packet by replacing information in a field in the first IP packet with a session ID identifying the IP connection; and forwarding, by the first network device, the second IP packet to the second network device in the distributed network environment.
摘要翻译：本文公开了一种用于网络中的IP分组隧道的方法和装置。在一个实施例中，该方法包括在第一网络设备处接收IP连接的第一IP分组; 通过用识别IP连接的会话ID替换第一IP分组中的字段中的信息来创建第二IP分组; 以及由所述第一网络设备将所述第二IP分组转发到所述分布式网络环境中的所述第二网络设备。

8. 发明申请

US20130111542A1 SECURITY POLICY TOKENIZATION 审中-公开
标题翻译：安全政策制定
公开(公告)号：US20130111542A1
公开(公告)日：2013-05-02
申请号：US13285814
申请日：2011-10-31
申请人： Choung-Yaw Michael Shieh
发明人： Choung-Yaw Michael Shieh
IPC分类号： G06F21/00
CPC分类号： H04L63/0236 , H04L63/0263
摘要： A method and apparatus is disclosed herein for using one or more dynamic policies that each have one or more parameters that are instantiated with results of applying one or more other policies. In one embodiment, the method comprises storing a set of policies in a memory, wherein at least one of the policies includes one activatable policy that is conditionally activated during run-time, receiving network traffic using a network interface, applying at least one other policy in the set of policies to the received network traffic, activating the one activatable policy in response to the received network traffic and using results of applying said at least one other policy, and applying the one activatable policy to subsequently received network traffic.
摘要翻译：本文公开了一种用于使用一个或多个动态策略的方法和装置，每个动态策略具有通过应用一个或多个其他策略的结果来实例化的一个或多个参数。在一个实施例中，该方法包括将一组策略存储在存储器中，其中至少一个策略包括在运行期间有条件地激活的一个可激活策略，使用网络接口接收网络流量，应用至少一个其他策略在对所接收的网络流量的一组策略中，响应于所接收的网络流量激活一个可激活策略，并使用应用所述至少一个其他策略的结果，并将所述一个可激活策略应用于随后接收的网络流量。

9. 发明授权

US09621568B2 Systems and methods for distributed threat detection in a computer network 有权
公开(公告)号：US09621568B2
公开(公告)日：2017-04-11
申请号：US14480318
申请日：2014-09-08
申请人： Choung-Yaw Michael Shieh
发明人： Choung-Yaw Michael Shieh
IPC分类号： H04L29/06
CPC分类号： H04L63/1408 , H04L63/1433 , H04L63/145 , H04L63/1491
摘要： A method and apparatus for distributed threat detection in a computer network is described. The method may include receiving, by a threat detection system of a first computer network, a request for a service from a threat sensor of a second computer network, the service requested of the threat sensor within the second computer network from a network element of the second computer network. The method may also include emulating the service identified in the request to generate a response to the request, and sending the response to the threat sensor for forwarding to the network element within the second computer network. Furthermore, the method may include analyzing one or more communications between the threat detection system and the network element during emulation of the service requested by the network element to determine whether the network element is a threat to the second network.

10. 发明授权

US09258275B2 System and method for dynamic security insertion in network virtualization 有权
标题翻译：网络虚拟化中动态安全插入的系统和方法
公开(公告)号：US09258275B2
公开(公告)日：2016-02-09
申请号：US13861220
申请日：2013-04-11
申请人： Yi Sun , Meng Xu , Jia-Jyi Roger Lian , Choung-Yaw Michael Shieh
发明人： Yi Sun , Meng Xu , Jia-Jyi Roger Lian , Choung-Yaw Michael Shieh
IPC分类号： G06F9/00 , G06F15/16 , G06F17/00 , H04L29/06 , H04L12/725 , H04L12/64 , H04L29/08 , H04L12/721 , H04L12/701
CPC分类号： H04L63/0227 , H04L12/6418 , H04L45/00 , H04L45/306 , H04L45/44 , H04L67/327
摘要： A method and apparatus for dynamic security insertion into virtualized networks is described. The method may include receiving, at a network device from a second network device, a data packet and application data extracted from the data packet. The method may also include generating a routing decision for a network connection associated with the data packet based, at least in part, on the application data. Furthermore, the method may include transmitting the routing decision for the data packet to the second device for the second device to route the data based on the routing decision.
摘要翻译：描述了用于动态安全插入到虚拟网络中的方法和装置。该方法可以包括在网络设备处从第二网络设备接收从数据分组提取的数据分组和应用数据。该方法还可以包括至少部分地基于应用数据生成与数据分组相关联的网络连接的路由决定。此外，该方法可以包括将用于数据分组的路由决定发送到第二设备以使第二设备基于路由决定来路由数据。

你已经成功收藏专利！

检索式保存成功!

IPRDB

热门服务

关于我们

友情链接

联系方式