专利快速检索-快速检索全球专利，免费商用专利数据库-IPRDB

1. 发明申请

US20130291088A1 COOPERATIVE NETWORK SECURITY INSPECTION 有权
标题翻译：合作网络安全检查
公开(公告)号：US20130291088A1
公开(公告)日：2013-10-31
申请号：US13860408
申请日：2013-04-10
申请人： Choung-Yaw Michael Shieh , Meng Xu , Yi Sun , Jia-Jyi Roger Lian
发明人： Choung-Yaw Michael Shieh , Meng Xu , Yi Sun , Jia-Jyi Roger Lian
IPC分类号： H04L29/06
CPC分类号： H04L63/0218 , H04L63/0227 , H04L63/0263
摘要： A network system includes a security device and a network access device. The network access device is to receive a packet from a source node destined to a destination node, and to examine a data structure maintained by the network access device to determine whether the data structure stores a data member having a predetermined value, the data member indicating whether the packet should undergo security processing. If the data member matches the predetermined value, the packet is transmitted to a security device associated with the network access device to allow the security device to perform content inspection, and in response to a response received from the security device, the packet is routed to the destination node dependent upon the response. The packet is routed to the destination node without forwarding the packet to the security device.
摘要翻译：网络系统包括安全设备和网络接入设备。网络接入设备是从目的地节点的源节点接收分组，并检查由网络接入设备维护的数据结构，以确定数据结构是否存储具有预定值的数据成员，数据成员指示是否应该进行安全处理。如果数据成员与预定值相匹配，则将分组发送到与网络接入设备相关联的安全设备，以允许安全设备执行内容检查，并且响应于从安全设备接收到的响应，将分组路由到目标节点取决于响应。分组被路由到目的地节点，而不将分组转发到安全设备。

2. 发明授权

US09258275B2 System and method for dynamic security insertion in network virtualization 有权
标题翻译：网络虚拟化中动态安全插入的系统和方法
公开(公告)号：US09258275B2
公开(公告)日：2016-02-09
申请号：US13861220
申请日：2013-04-11
申请人： Yi Sun , Meng Xu , Jia-Jyi Roger Lian , Choung-Yaw Michael Shieh
发明人： Yi Sun , Meng Xu , Jia-Jyi Roger Lian , Choung-Yaw Michael Shieh
IPC分类号： G06F9/00 , G06F15/16 , G06F17/00 , H04L29/06 , H04L12/725 , H04L12/64 , H04L29/08 , H04L12/721 , H04L12/701
CPC分类号： H04L63/0227 , H04L12/6418 , H04L45/00 , H04L45/306 , H04L45/44 , H04L67/327
摘要： A method and apparatus for dynamic security insertion into virtualized networks is described. The method may include receiving, at a network device from a second network device, a data packet and application data extracted from the data packet. The method may also include generating a routing decision for a network connection associated with the data packet based, at least in part, on the application data. Furthermore, the method may include transmitting the routing decision for the data packet to the second device for the second device to route the data based on the routing decision.
摘要翻译：描述了用于动态安全插入到虚拟网络中的方法和装置。该方法可以包括在网络设备处从第二网络设备接收从数据分组提取的数据分组和应用数据。该方法还可以包括至少部分地基于应用数据生成与数据分组相关联的网络连接的路由决定。此外，该方法可以包括将用于数据分组的路由决定发送到第二设备以使第二设备基于路由决定来路由数据。

3. 发明授权

US08955093B2 Cooperative network security inspection 有权
标题翻译：合作网络安全检查
公开(公告)号：US08955093B2
公开(公告)日：2015-02-10
申请号：US13860408
申请日：2013-04-10
申请人： Choung-Yaw Michael Shieh , Meng Xu , Yi Sun , Jia-Jyi Roger Lian
发明人： Choung-Yaw Michael Shieh , Meng Xu , Yi Sun , Jia-Jyi Roger Lian
IPC分类号： H04L29/06
CPC分类号： H04L63/0218 , H04L63/0227 , H04L63/0263
摘要： A network system includes a security device and a network access device. The network access device is to receive a packet from a source node destined to a destination node, and to examine a data structure maintained by the network access device to determine whether the data structure stores a data member having a predetermined value, the data member indicating whether the packet should undergo security processing. If the data member matches the predetermined value, the packet is transmitted to a security device associated with the network access device to allow the security device to perform content inspection, and in response to a response received from the security device, the packet is routed to the destination node dependent upon the response. The packet is routed to the destination node without forwarding the packet to the security device.
摘要翻译：网络系统包括安全设备和网络接入设备。网络接入设备是从目的地节点的源节点接收分组，并检查由网络接入设备维护的数据结构，以确定数据结构是否存储具有预定值的数据成员，数据成员指示是否应该进行安全处理。如果数据成员与预定值相匹配，则将分组发送到与网络接入设备相关联的安全设备，以允许安全设备执行内容检查，并且响应于从安全设备接收到的响应，将分组路由到目标节点取决于响应。分组被路由到目的地节点，而不将分组转发到安全设备。

4. 发明申请

US20130117801A1 VIRTUAL SECURITY BOUNDARY FOR PHYSICAL OR VIRTUAL NETWORK DEVICES 有权
标题翻译：物理或虚拟网络设备的虚拟安全边界
公开(公告)号：US20130117801A1
公开(公告)日：2013-05-09
申请号：US13288872
申请日：2011-11-03
申请人： Choung-Yaw Michael Shieh , Jia-Jyi Roger Lian
发明人： Choung-Yaw Michael Shieh , Jia-Jyi Roger Lian
IPC分类号： G06F17/00
CPC分类号： H04L63/0209 , H04L63/0272 , H04L63/104
摘要： A method and apparatus is disclosed herein for using a virtual security boundary. In one embodiment, the method comprises receiving information from a virtual machine after the virtual machine has been moved from a first physical location in a network to a second physical location in the network, where the information identifies the virtual machine as one previously assigned to a security boundary; determining that access to the virtual machine at the first physical location was permitted by the security gateway; assigning the virtual machine at the second physical location to the security boundary, and applying a security policy associated with the security boundary to communications between the network and the virtual machine at the second physical location.
摘要翻译：本文公开了一种使用虚拟安全边界的方法和装置。在一个实施例中，该方法包括在虚拟机已经从网络中的第一物理位置移动到网络中的第二物理位置之后从虚拟机接收信息，其中信息将虚拟机标识为先前分配给安全边界; 确定在所述安全网关允许对所述第一物理位置处的所述虚拟机的访问; 将所述第二物理位置处的所述虚拟机分配到所述安全边界，以及将与所述安全边界相关联的安全策略应用于所述第二物理位置处的所述网络和所述虚拟机之间的通信。

5. 发明授权

US08813169B2 Virtual security boundary for physical or virtual network devices 有权
标题翻译：物理或虚拟网络设备的虚拟安全边界
公开(公告)号：US08813169B2
公开(公告)日：2014-08-19
申请号：US13288872
申请日：2011-11-03
申请人： Choung-Yaw Michael Shieh , Jia-Jyi Roger Lian
发明人： Choung-Yaw Michael Shieh , Jia-Jyi Roger Lian
IPC分类号： G06F17/00 , H04L29/06
CPC分类号： H04L63/0209 , H04L63/0272 , H04L63/104
摘要： A method and apparatus is disclosed herein for using a virtual security boundary. In one embodiment, the method comprises receiving information from a virtual machine after the virtual machine has been moved from a first physical location in a network to a second physical location in the network, where the information identifies the virtual machine as one previously assigned to a security boundary; determining that access to the virtual machine at the first physical location was permitted by the security gateway; assigning the virtual machine at the second physical location to the security boundary, and applying a security policy associated with the security boundary to communications between the network and the virtual machine at the second physical location.
摘要翻译：本文公开了一种使用虚拟安全边界的方法和装置。在一个实施例中，该方法包括在虚拟机已经从网络中的第一物理位置移动到网络中的第二物理位置之后从虚拟机接收信息，其中信息将虚拟机标识为先前分配给安全边界; 确定在所述安全网关允许对所述第一物理位置处的所述虚拟机的访问; 将所述第二物理位置处的所述虚拟机分配到所述安全边界，以及将与所述安全边界相关联的安全策略应用于所述第二物理位置处的所述网络和所述虚拟机之间的通信。

你已经成功收藏专利！

检索式保存成功!

IPRDB

热门服务

关于我们

友情链接

联系方式