专利快速检索-快速检索全球专利，免费商用专利数据库-IPRDB

1. 发明授权

US07694022B2 Method and system for filtering communications to prevent exploitation of a software vulnerability 有权
标题翻译：用于过滤通信以防止利用软件漏洞的方法和系统
公开(公告)号：US07694022B2
公开(公告)日：2010-04-06
申请号：US10955963
申请日：2004-09-30
申请人： Jason Garms , Chuanxiong Guo , Daniel R. Simon , Jiahe Helen Wang , Alf Peter Zugenmaier
发明人： Jason Garms , Chuanxiong Guo , Daniel R. Simon , Jiahe Helen Wang , Alf Peter Zugenmaier
IPC分类号： G06F15/173 , G06F15/16 , G06F11/00
CPC分类号： H04L63/1408 , H04L63/1433
摘要： A method and system for protecting an application that implements a communication protocol against exploitation of a communication-based vulnerability is provided. A protection system provides a protection policy that specifies how to recognize messages that expose a specific vulnerability and specifies actions to take when the vulnerability is exposed. A protection policy specifies the sequence of messages and their payload characteristics that expose a vulnerability. The protection system may specify the sequences of messages using a message protocol state machine. A message protocol state machine of an application represents the states that the application transitions through as it receives various messages. The message protocol state machine of the protection policy may be a portion of the message protocol state machine of the application relating to the vulnerability. The protection system uses the message protocol state machine to track the states that lead up to the exposing of the vulnerability.
摘要翻译：提供了一种用于保护实现通信协议以免利用基于通信的漏洞的应用的方法和系统。保护系统提供了保护策略，指定如何识别暴露特定漏洞的消息，并指定暴露漏洞时采取的操作。保护策略规定了暴露漏洞的消息及其有效载荷特征的顺序。保护系统可以使用消息协议状态机来指定消息的序列。应用程序的消息协议状态机表示应用程序在接收各种消息时转换的状态。保护策略的消息协议状态机可以是与该漏洞相关的应用的消息协议状态机的一部分。保护系统使用消息协议状态机来跟踪导致该漏洞暴露的状态。

2. 发明申请

US20110296052A1 Virtual Data Center Allocation with Bandwidth Guarantees 有权
标题翻译：虚拟数据中心分配带宽保证
公开(公告)号：US20110296052A1
公开(公告)日：2011-12-01
申请号：US12790433
申请日：2010-05-28
申请人： Chuanxiong Guo , Guohan Lv , Shuang Yang , Jiahe Helen Wang
发明人： Chuanxiong Guo , Guohan Lv , Shuang Yang , Jiahe Helen Wang
IPC分类号： G06F15/16 , G06F9/455
CPC分类号： H04L45/34 , G06F9/5077 , H04L45/00
摘要： A virtual data center allocation architecture with bandwidth guarantees that provides for the creation of multiple virtual data centers from a single physical infrastructure. The virtual data center allocation is accomplished in three steps. First, clusters are created from the servers in the physical infrastructure. Second, a bipartite graph is built to map the virtual machines to the servers located in a particular cluster and finally a path is calculated between two virtual machines. The virtual data centers may be dynamically expanded or contracted based on changing bandwidth guarantees.
摘要翻译：具有带宽的虚拟数据中心分配架构保证了从单一物理基础设施创建多个虚拟数据中心。虚拟数据中心分配通过三个步骤完成。首先，集群是从物理基础架构中的服务器创建的。第二，构建了一个二分图，将虚拟机映射到位于特定集群中的服务器，最后在两个虚拟机之间计算路径。可以基于不断变化的带宽保证来动态扩展或缩小虚拟数据中心。

3. 发明授权

US08667171B2 Virtual data center allocation with bandwidth guarantees 有权
标题翻译：具有带宽保证的虚拟数据中心分配
公开(公告)号：US08667171B2
公开(公告)日：2014-03-04
申请号：US12790433
申请日：2010-05-28
申请人： Chuanxiong Guo , Guohan Lv , Shuang Yang , Jiahe Helen Wang
发明人： Chuanxiong Guo , Guohan Lv , Shuang Yang , Jiahe Helen Wang
IPC分类号： G06F15/16 , G06F12/00
CPC分类号： H04L45/34 , G06F9/5077 , H04L45/00
摘要： A virtual data center allocation architecture with bandwidth guarantees that provides for the creation of multiple virtual data centers from a single physical infrastructure. The virtual data center allocation is accomplished in three steps. First, clusters are created from the servers in the physical infrastructure. Second, a bipartite graph is built to map the virtual machines to the servers located in a particular cluster and finally a path is calculated between two virtual machines. The virtual data centers may be dynamically expanded or contracted based on changing bandwidth guarantees.
摘要翻译：具有带宽的虚拟数据中心分配架构保证了从单一物理基础设施创建多个虚拟数据中心。虚拟数据中心分配通过三个步骤完成。首先，集群是从物理基础架构中的服务器创建的。第二，构建了一个二分图，将虚拟机映射到位于特定集群中的服务器，最后在两个虚拟机之间计算路径。可以基于不断变化的带宽保证来动态扩展或缩小虚拟数据中心。

4. 发明申请

US20050198110A1 Method and system for filtering communications to prevent exploitation of a software vulnerability 有权
标题翻译：用于过滤通信以防止利用软件漏洞的方法和系统
公开(公告)号：US20050198110A1
公开(公告)日：2005-09-08
申请号：US10955963
申请日：2004-09-30
申请人： Jason Garms , Chuanxiong Guo , Daniel Simon , Jiahe Wang , Alf Zugenmaier
发明人： Jason Garms , Chuanxiong Guo , Daniel Simon , Jiahe Wang , Alf Zugenmaier
IPC分类号： G06F21/22 , H04L12/26 , H04L29/06 , G06F15/16 , G06F11/30
CPC分类号： H04L63/1408 , H04L63/1433
摘要： A method and system for protecting an application that implements a communication protocol against exploitation of a communication-based vulnerability is provided. A protection system provides a protection policy that specifies how to recognize messages that expose a specific vulnerability and specifies actions to take when the vulnerability is exposed. A protection policy specifies the sequence of messages and their payload characteristics that expose a vulnerability. The protection system may specify the sequences of messages using a message protocol state machine. A message protocol state machine of an application represents the states that the application transitions through as it receives various messages. The message protocol state machine of the protection policy may be a portion of the message protocol state machine of the application relating to the vulnerability. The protection system uses the message protocol state machine to track the states that lead up to the exposing of the vulnerability.
摘要翻译：提供了一种用于保护实现通信协议以免利用基于通信的漏洞的应用的方法和系统。保护系统提供了保护策略，指定如何识别暴露特定漏洞的消息，并指定暴露漏洞时采取的操作。保护策略规定了暴露漏洞的消息及其有效载荷特征的顺序。保护系统可以使用消息协议状态机来指定消息的序列。应用程序的消息协议状态机表示应用程序在接收各种消息时转换的状态。保护策略的消息协议状态机可以是与该漏洞相关的应用的消息协议状态机的一部分。保护系统使用消息协议状态机来跟踪导致该漏洞暴露的状态。

5. 发明授权

US08180887B2 Geolocation mapping of network devices 有权
标题翻译：网络设备的地理位置映射
公开(公告)号：US08180887B2
公开(公告)日：2012-05-15
申请号：US12336163
申请日：2008-12-16
申请人： Dan Li , Yunxin Liu , Chuanxiong Guo , Yongguang Zhang
发明人： Dan Li , Yunxin Liu , Chuanxiong Guo , Yongguang Zhang
IPC分类号： G06F15/16 , G06F15/173
CPC分类号： H04W4/02 , H04L41/12 , H04L67/18
摘要： A geographic location of a network device is determined using response delay times from internet servers used as landmarks. A coordination server provides to a client a list of area landmark servers (ALS) with known geographic locations. The client probes ALSs, measures response delays, and provides results to the coordination server. The coordination server then provides to the client a list of additional city landmark servers (CLS) within the area. The client probes the CLSs and provides results to the coordination server which then determines the geographic location of the client.
摘要翻译：使用来自用作地标的互联网服务器的响应延迟时间来确定网络设备的地理位置。协调服务器向客户端提供具有已知地理位置的区域地标服务器（ALS）的列表。客户端探测ALS，测量响应延迟，并向协调服务器提供结果。然后，协调服务器向客户端提供该区域内的附加城市地标服务器（CLS）的列表。客户端探测CLS并向协调服务器提供结果，然后协调服务器确定客户端的地理位置。

6. 发明申请

US20100153523A1 SCALABLE INTERCONNECTION OF DATA CENTER SERVERS USING TWO PORTS 审中-公开
标题翻译：使用两个端口的数据中心服务器的可伸缩互连
公开(公告)号：US20100153523A1
公开(公告)日：2010-06-17
申请号：US12336228
申请日：2008-12-16
申请人： Dan Li , Chuanxiong Guo , Kun Tan , Haitao Wu , Yongguang Zhang
发明人： Dan Li , Chuanxiong Guo , Kun Tan , Haitao Wu , Yongguang Zhang
IPC分类号： G06F15/173 , G06F15/16
CPC分类号： H04L45/00 , H04L45/26 , H04L67/1097
摘要： Large numbers of commodity servers in a data center may be inexpensively interconnected using low-cost commodity network switches, a first network port on each commodity server, a second network port on each commodity server, and a traffic-aware routing module executed on each commodity server. Connecting two or more commodity servers via the first network ports on each server to a commodity network switch forms a unit. Connecting two commodity servers in different units forms a group. Each unit has a direct connection via a second network port on a commodity server in the unit to another unit. Each group may have a direct connection via a second network port on a commodity server in the group to another group. Traffic-aware routing modules executed on each commodity server determine routing of data between servers and balance traffic across the first and second ports.
摘要翻译：数据中心中的大量商品服务器可以使用低成本商品网络交换机，每个商品服务器上的第一网络端口，每个商品服务器上的第二网络端口以及在每个商品上执行的流量感知路由模块来廉价互连服务器。通过每个服务器上的第一个网络端口将两个或多个商品服务器连接到商品网络交换机，形成一个单元。连接不同单位的两个商品服务器组成一个组。每个单元通过单元中商品服务器上的第二个网络端口直接连接到另一个单元。每个组可以通过组中的商品服务器上的第二网络端口直接连接到另一组。在每个商品服务器上执行的流量感知路由模块确定服务器之间的数据路由，并平衡第一和第二端口的流量。

7. 发明申请

US20090274043A1 MULTI-LEVEL INTERCONNECTION NETWORK 有权
公开(公告)号：US20090274043A1
公开(公告)日：2009-11-05
申请号：US12113120
申请日：2008-04-30
申请人： Chuanxiong Guo , Songwu Lu , Shi Lei , Kun Tan , Haitao Wu , Yongguang Zhang
发明人： Chuanxiong Guo , Songwu Lu , Shi Lei , Kun Tan , Haitao Wu , Yongguang Zhang
IPC分类号： G06F11/00 , H04L12/56
CPC分类号： H04L45/00 , H04L45/04 , H04L45/46
摘要： A method and system for providing a multi-level interconnection network is provided. A multi-level interconnection network comprises basic cells that are aggregated into higher level cells at each level of the network. At the first level, the basic cells are aggregated into first level cells. Each first level cell is an aggregation of a number of basic cells that is one more than the number of devices in a basic cell. The basic cells of a first level cell are fully connected; that is, each basic cell has a first level link or connection to each other basic cell. In a first level cell, each device of a basic cell has a first level link to each other basic cell. The multi-level interconnection network has higher level cells that are aggregations of lower level cells in a similar manner.

8. 发明授权

US08364816B2 Mapping network addresses to geographical locations 有权
标题翻译：将网络地址映射到地理位置
公开(公告)号：US08364816B2
公开(公告)日：2013-01-29
申请号：US11871810
申请日：2007-10-12
申请人： Chuanxiong Guo , Jiahe H. Wang , Qing Yu , Yongguang Zhang , Yunxin Liu
发明人： Chuanxiong Guo , Jiahe H. Wang , Qing Yu , Yongguang Zhang , Yunxin Liu
IPC分类号： G06F15/16
CPC分类号： H04L61/20 , G06F17/30241 , G06F17/3087
摘要： A network address mapping system is described. The network address mapping system can identify a set of Web pages, collects information from the Web pages indicating geographical locations (“geolocations”), and correlate the geolocations with the network addresses from which the identified Web pages are served. The collected information can be weighted based on various factors, such as its relative position in a Web page. The collected information can then be used to identify a geolocation. The network mapping system can deduce geolocations for portions of ranges of network addresses based on the score, and can infer geolocations for other portions based on the deduced geolocations. This mapping can then be stored in a database and provided as a geomapping service. The network address mapping system is able to map network addresses to geographical locations. Thereafter, when a user's client computing device accesses a Web server, the Web server can easily and accurately determine a geographical location by querying the database storing the mapping or a geomapping service.
摘要翻译：描述网络地址映射系统。网络地址映射系统可以识别一组网页，从指定地理位置（地理位置）的网页收集信息，并将地理位置与所识别的网页从其提供的网络地址相关联。所收集的信息可以基于各种因素加权，例如其在网页中的相对位置。然后可以使用收集的信息来识别地理位置。网络映射系统可以基于分数推断出部分网络地址范围的地理位置，并且可以基于推导的地理位置来推断其他部分的地理位置。然后，该映射可以存储在数据库中并作为地理服务提供。网络地址映射系统能够将网络地址映射到地理位置。此后，当用户的客户计算设备访问Web服务器时，Web服务器可以通过查询存储映射的数据库或地理位置服务来容易且准确地确定地理位置。

9. 发明授权

US08065433B2 Hybrid butterfly cube architecture for modular data centers 有权
标题翻译：用于模块化数据中心的混合蝴蝶立方体架构
公开(公告)号：US08065433B2
公开(公告)日：2011-11-22
申请号：US12351355
申请日：2009-01-09
申请人： Chuanxiong Guo , Guohan Lu , Dan Li , Haitao Wu , Yunfeng Shi , Danfeng Zhang , Yongguang Zhang , Songwu Lu
发明人： Chuanxiong Guo , Guohan Lu , Dan Li , Haitao Wu , Yunfeng Shi , Danfeng Zhang , Yongguang Zhang , Songwu Lu
IPC分类号： G06F15/173 , H03K17/00 , H04L12/28 , H04L12/50
CPC分类号： H04L45/38 , H04L41/00 , H04L45/125 , H04L45/24 , H04L45/28 , H04L45/34 , H04L45/745 , H04L47/125 , H04L47/626 , H04L49/10 , H04L49/3009 , H04L49/356
摘要： A hybrid Butterfly Cube (“BCube”) architecture is described herein. The BCube architecture is a server-centric network architectural design, and includes a plurality of servers. Each of the plurality of servers may have multiple network ports and serve not only as an end host, but also an intermediate relay node for other servers. The BCube architecture further includes a plurality of switches which are arranged in multiple levels. Each switch has a certain number of network ports for connecting to the servers. The BCube architecture provides multiple parallel paths between any two servers. A packet source routing protocol and a BCube source routing (BSR) protocol are used to determine which path is used for routing a packet between any two servers.
摘要翻译：本文描述了混合蝴蝶立方体（“BCube”）结构。 BCube架构是以服务器为中心的网络架构设计，并且包括多个服务器。多个服务器中的每一个可以具有多个网络端口，并且不仅用作终端主机，而且还用于其他服务器的中间中继节点。 BCube架构还包括多个以多个层级布置的开关。每个交换机都有一定数量的网络端口用于连接到服务器。 BCube架构在任何两个服务器之间提供多个并行路径。使用分组源路由协议和BCube源路由（BSR）协议来确定哪个路径用于在任何两个服务器之间路由分组。

10. 发明授权

US07769866B2 Virtual connectivity with subscribe-notify service 有权
标题翻译：与订阅通知服务的虚拟连接
公开(公告)号：US07769866B2
公开(公告)日：2010-08-03
申请号：US10619332
申请日：2003-07-14
申请人： Chuanxiong Guo , Jun Yuan , Qian Zhang , Wenwu Zhu
发明人： Chuanxiong Guo , Jun Yuan , Qian Zhang , Wenwu Zhu
IPC分类号： G06F15/16
CPC分类号： H04L61/2571 , H04L29/12009 , H04L29/12518 , H04L63/12 , H04L67/26 , H04W80/04 , H04W88/18
摘要： A middle layer network protocol enhancement, virtual connectivity (VC) makes the network attachment point changes of local and remote peers transparent to applications that use network services. A virtual connectivity module local to each peer translates communication connection parameters from apparent to real and vice versa, as well as sending and receiving secure connection updates directly to and from peers. Unlike Mobile IP, no routing infrastructure modifications are required. A subscribe-notify service provides connection update notifications when direct peer-to-peer connection updates are not possible, for example, when two communicating peers move simultaneously or when the moving peer is communicating with a peer behind network address translation (NAT). Methods for detecting these conditions are disclosed, as is a virtual connectivity protocol and virtual connectivity module architecture.
摘要翻译：中间层网络协议增强，虚拟连接（VC）使本地和远程对等体的网络连接点更改对使用网络服务的应用程序透明化。每个对等体本地的虚拟连接模块将通信连接参数从明显转换为实际，反之亦然，以及直接向对方发送和接收安全连接更新。与移动IP不同，不需要进行路由基础架构修改。当直接对等连接更新不可行时，例如当两个通信对等体同时移动或当移动对等体与网络地址转换（NAT）之后的对等体通信时，订阅通知服务提供连接更新通知。公开了用于检测这些条件的方法，以及虚拟连接协议和虚拟连接模块架构。

你已经成功收藏专利！

检索式保存成功!

IPRDB

热门服务

关于我们

友情链接

联系方式