专利快速检索-快速检索全球专利，免费商用专利数据库-IPRDB

1. 发明申请

US20090196178A1 Disconnected Transport Protocol Connectivity 有权
标题翻译：断开传输协议连接
公开(公告)号：US20090196178A1
公开(公告)日：2009-08-06
申请号：US12024031
申请日：2008-01-31
申请人： Randall Stewart , Gopal Dommety , Anantha Ramaiah
发明人： Randall Stewart , Gopal Dommety , Anantha Ramaiah
IPC分类号： G08C15/00
CPC分类号： H04L69/16 , H04W80/06
摘要： In an embodiment, an existing transport protocol connection though a mobile device is recognized as having entered a state of disconnect. A lowest received sequence number is determined from received messages to be transmitted over a disconnected transport protocol connection. A disconnect acknowledgement message with a receive window of zero and a sequence number of one less than the lowest received sequence number is transmitted. The disconnect acknowledge message with a receive window of zero and a sequence number of one less than the lowest received sequence number is continued to be transmitted until the transport protocol connection exits the disconnect state to a connect state.
摘要翻译：在一个实施例中，通过移动设备的现有传输协议连接被识别为已经进入断开状态。从接收到的消息中确定最低的接收序列号，以通过断开的传输协议连接发送。发送具有接收窗口为零且序列号小于最低接收序列号的序列号的断开确认消息。继续发送接收窗口为零且序列号小于最低接收序列号的断开确认消息，直到传输协议连接退出断开状态为连接状态。

2. 发明授权

US07808998B2 Disconnected transport protocol connectivity 有权
标题翻译：断开传输协议连接
公开(公告)号：US07808998B2
公开(公告)日：2010-10-05
申请号：US12024031
申请日：2008-01-31
申请人： Randall Stewart , Gopal Dommety , Anantha Ramaiah
发明人： Randall Stewart , Gopal Dommety , Anantha Ramaiah
IPC分类号： H04L12/28 , H04J3/06
CPC分类号： H04L69/16 , H04W80/06
摘要： In an embodiment, an existing transport protocol connection though a mobile device is recognized as having entered a state of disconnect. A lowest received sequence number is determined from received messages to be transmitted over a disconnected transport protocol connection. A disconnect acknowledgement message with a receive window of zero and a sequence number of one less than the lowest received sequence number is transmitted. The disconnect acknowledge message with a receive window of zero and a sequence number of one less than the lowest received sequence number is continued to be transmitted until the transport protocol connection exits the disconnect state to a connect state.
摘要翻译：在一个实施例中，通过移动设备的现有传输协议连接被识别为已经进入断开状态。从接收到的消息中确定最低的接收序列号，以通过断开的传输协议连接发送。发送具有接收窗口为零且序列号小于最低接收序列号的序列号的断开确认消息。继续发送接收窗口为零且序列号小于最低接收序列号的断开确认消息，直到传输协议连接退出断开状态为连接状态。

3. 发明授权

US07257840B2 Preventing network data injection attacks using duplicate-ACK and reassembly gap approaches 有权
标题翻译：使用重复ACK和重组间隙方法防止网络数据注入攻击
公开(公告)号：US07257840B2
公开(公告)日：2007-08-14
申请号：US10815218
申请日：2004-03-30
申请人： Anantha Ramaiah , Randall Stewart , Peter Lei , Patrick Mahan
发明人： Anantha Ramaiah , Randall Stewart , Peter Lei , Patrick Mahan
IPC分类号： G06F11/30 , G01R31/08 , G06F11/00 , G06F15/16 , G08C15/00 , H04J3/14 , H04J1/16 , H04L12/26
CPC分类号： H04L63/1466 , G06F21/552 , H04L47/27 , H04L47/29 , H04L47/323 , H04L47/34 , H04L63/1416 , H04L63/1458 , H04L69/16 , H04L69/163
摘要： Approaches for preventing TCP data injection attacks in packet-switched networks are disclosed. An ACK message or dummy segment is sent to verify the authenticity of the data in the re-assembly buffer, and to help discard spurious data faster. These approaches involve the sender in detection of spurious data, and make improved use of mechanisms for processing ACK messages that are native to typical TCP implementations. The latter approach may be implemented without modification of the sender's TCP implementation. Further, the receiver's TCP implementation maintains compatibility with RFC 793.
摘要翻译：公开了在分组交换网络中防止TCP数据注入攻击的方法。发送ACK消息或虚拟段以验证重新组装缓冲区中的数据的真实性，并帮助更快地丢弃伪数据。这些方法涉及发送方检测虚假数据，并且改进了用于处理典型TCP实现本身的ACK消息的机制。可以在不修改发送者的TCP实现的情况下实现后一种方法。此外，接收机的TCP实现保持与RFC 793的兼容性。

4. 发明申请

US20050160478A1 Preventing network data injection attacks 有权
标题翻译：防止网络数据注入攻击
公开(公告)号：US20050160478A1
公开(公告)日：2005-07-21
申请号：US10792146
申请日：2004-03-02
申请人： Anantha Ramaiah , Randall Stewart , Peter Lei , Patrick Mahan
发明人： Anantha Ramaiah , Randall Stewart , Peter Lei , Patrick Mahan
IPC分类号： G06F11/30 , G06F15/173 , H04L9/00 , H04L9/32 , H04L12/56 , H04L29/06
CPC分类号： H04L63/1416 , H04L47/27 , H04L47/29 , H04L47/323 , H04L47/34 , H04L63/1458 , H04L69/16 , H04L69/163
摘要： Approaches for preventing TCP data injection attacks in packet-switched networks are disclosed. A first approach provides for dropping received segments that carry ACK values smaller than the next unacknowledged sequence number expected minus the maximum window size. This approach helps keep spurious injected segments out of the TCP re-assembly buffer. In a second approach, heuristics are used to examine the sequence number of a newly arrived segment, and when the sequence number is the next expected, then the newly arrived segment is used and the contents of the re-assembly buffer are not considered. Further, if the data payload of the newly arrived segment overlaps in sequential order with segments already in the re-assembly buffer, the overlapped segments in the re-assembly buffer are considered spurious and are discarded. Thus, this approach helps remove spurious data from the re-assembly buffer if the first approach somehow fails to prevent the data from entering the re-assembly buffer.
摘要翻译：公开了在分组交换网络中防止TCP数据注入攻击的方法。第一种方法提供丢弃接收的段，其携带ACK值小于预期的下一个未确认序列号减去最大窗口大小。这种方法有助于将伪注入的段保留在TCP重新组装缓冲区之外。在第二种方法中，启发式用于检查新到达的段的序列号，当序列号是下一个预期序列号时，则使用新到达的段，并且不考虑重新组装缓冲区的内容。此外，如果新到达的段的数据有效载荷与已经在重新组装缓冲区中的段按顺序重叠，则重组缓冲区中的重叠段被认为是虚假的并被丢弃。因此，如果第一种方法无法防止数据进入重新组装缓冲区，则此方法有助于从重新组装缓冲区中清除虚假数据。

5. 发明申请

US20050160293A1 Preventing network data injection attacks using duplicate-ACK and reassembly gap approaches 有权
标题翻译：使用重复ACK和重组间隙方法防止网络数据注入攻击
公开(公告)号：US20050160293A1
公开(公告)日：2005-07-21
申请号：US10815218
申请日：2004-03-30
申请人： Anantha Ramaiah , Randall Stewart , Peter Lei , Patrick Mahan
发明人： Anantha Ramaiah , Randall Stewart , Peter Lei , Patrick Mahan
IPC分类号： G06F11/30 , G06F15/173 , H04L9/00 , H04L9/32 , H04L12/56 , H04L29/06
CPC分类号： H04L63/1466 , G06F21/552 , H04L47/27 , H04L47/29 , H04L47/323 , H04L47/34 , H04L63/1416 , H04L63/1458 , H04L69/16 , H04L69/163
摘要： Approaches for preventing TCP data injection attacks in packet-switched networks are disclosed. An ACK message or dummy segment is sent to verify the authenticity of the data in the re-assembly buffer, and to help discard spurious data faster. These approaches involve the sender in detection of spurious data, and make improved use of mechanisms for processing ACK messages that are native to typical TCP implementations. The latter approach may be implemented without modification of the sender's TCP implementation. Further, the receiver's TCP implementation maintains compatibility with RFC 793.
摘要翻译：公开了在分组交换网络中防止TCP数据注入攻击的方法。发送ACK消息或虚拟段以验证重新组装缓冲区中的数据的真实性，并帮助更快地丢弃伪数据。这些方法涉及发送方检测虚假数据，并且改进了用于处理典型TCP实现本身的ACK消息的机制。可以在不修改发送者的TCP实现的情况下实现后一种方法。此外，接收机的TCP实现保持与RFC 793的兼容性。

6. 发明授权

US07114181B2 Preventing network data injection attacks 有权
标题翻译：防止网络数据注入攻击
公开(公告)号：US07114181B2
公开(公告)日：2006-09-26
申请号：US10792146
申请日：2004-03-02
申请人： Anantha Ramaiah , Randall Stewart , Peter Lei , Patrick Mahan
发明人： Anantha Ramaiah , Randall Stewart , Peter Lei , Patrick Mahan
IPC分类号： G06F11/28 , G06F11/00 , G06F11/30
CPC分类号： H04L63/1416 , H04L47/27 , H04L47/29 , H04L47/323 , H04L47/34 , H04L63/1458 , H04L69/16 , H04L69/163
摘要： Approaches for preventing TCP data injection attacks in packet-switched networks are disclosed. A first approach provides for dropping received segments that carry ACK values smaller than the next unacknowledged sequence number expected minus the maximum window size. This approach helps keep spurious injected segments out of the TCP re-assembly buffer. In a second approach, heuristics are used to examine the sequence number of a newly arrived segment, and when the sequence number is the next expected, then the newly arrived segment is used and the contents of the re-assembly buffer are not considered. Further, if the data payload of the newly arrived segment overlaps in sequential order with segments already in the re-assembly buffer, the overlapped segments in the re-assembly buffer are considered spurious and are discarded. Thus, this approach helps remove spurious data from the re-assembly buffer if the first approach somehow fails to prevent the data from entering the re-assembly buffer.
摘要翻译：公开了在分组交换网络中防止TCP数据注入攻击的方法。第一种方法提供丢弃接收的段，其携带ACK值小于预期的下一个未确认序列号减去最大窗口大小。这种方法有助于将伪注入的段保留在TCP重新组装缓冲区之外。在第二种方法中，启发式用于检查新到达段的序列号，当序列号为下一个预期序列号时，则使用新到达的段，并且不考虑重新组合缓冲区的内容。此外，如果新到达的段的数据有效载荷与已经在重新组装缓冲区中的段按顺序重叠，则重组缓冲区中的重叠段被认为是虚假的并被丢弃。因此，如果第一种方法无法防止数据进入重新组装缓冲区，则此方法有助于从重新组装缓冲区中清除虚假数据。

7. 发明授权

US08639822B2 Extending application-layer sessions based on out-of-order messages 有权
标题翻译：根据乱序消息扩展应用层会话
公开(公告)号：US08639822B2
公开(公告)日：2014-01-28
申请号：US12986929
申请日：2011-01-07
申请人： Anantha Ramaiah , Keyur Patel , Shrirang Bage
发明人： Anantha Ramaiah , Keyur Patel , Shrirang Bage
IPC分类号： H04L29/06
CPC分类号： H04L49/355
摘要： A method and non-transitory computer-readable medium are disclosed for extending a hold timer that binds an application-layer session when a transport-layer out-of-order message queue includes an out-of-order message for the application-layer session. An application receives an application-layer message from transport protocol logic that is configured to deliver in-order application-layer messages to the application. The received application-layer message is a next in-order application-layer message for an application-layer session that is bound by a hold timer. After an amount time has passed, the application detects an expiration of the hold timer. In response, rather than immediately tearing down the application-layer session, the application inspects an out-of-order queue of the transport protocol logic. The hold timer is extended when the out-of-order queue includes an out-of-order application-layer message for the application-layer session. In one aspect, the transport protocol logic includes an application programming interface that provides the application with access to the out-of-order queue.
摘要翻译：公开了一种方法和非暂时性计算机可读介质，用于在传输层无序消息队列包括用于应用层会话的无序消息时扩展绑定应用层会话的保持定时器。应用程序从传输协议逻辑接收应用层消息，该消息被配置为向应用程序发送按顺序的应用层消息。接收到的应用层消息是由保持定时器绑定的应用层会话的下一个按顺序应用层消息。经过一段时间后，应用程序会检测到保持定时器的到期。作为响应，应用程序不是立即拆除应用程序层会话，而是检查传输协议逻辑的乱序队列。当无序队列包含用于应用层会话的无序应用层消息时，保持定时器被扩展。在一个方面，传输协议逻辑包括向应用程序提供对无序队列的访问的应用编程接口。

8. 发明授权

US07613118B2 Detecting change in a transport protocol window size without data transmission 有权
标题翻译：检测传输协议窗口大小的变化，无需数据传输
公开(公告)号：US07613118B2
公开(公告)日：2009-11-03
申请号：US11133622
申请日：2005-05-19
申请人： Chandrashekhar Appanna , Anantha Ramaiah , Amol Khare
发明人： Chandrashekhar Appanna , Anantha Ramaiah , Amol Khare
IPC分类号： G01R31/08 , G06F12/00
CPC分类号： H04L69/16 , H04L69/163 , Y10S707/99953 , Y10S707/99955
摘要： A method detects a change in TCP receive window size while preventing fragmentation of data. A TCP stack receives a segment that advertises a receive window size of zero. If data needs to be sent, and only if so, a timer is started. When the timer expires, a TCP segment that contains a first sequence number value equal to second sequence number representing sent but unacknowledged data minus one, and a segment length value of zero, is sent. Without sending a fragment of data, this triggers a peer TCP process to send an updated window size. A TCP ACK segment is received and contains an updated receive window size. If the updated receive window size is greater than a specified value, then the data is sent. Otherwise, a counter is incremented, and the steps are re-performed if the counter is less than a specified value.
摘要翻译：一种方法检测TCP接收窗口大小的变化，同时防止数据碎片化。 TCP堆栈接收一个通告接收窗口大小为零的段。如果需要发送数据，并且只有这样，才能启动定时器。当定时器到期时，发送包含表示发送但未确认的数据减去1的第二序列号的第一序列号值和段长度值为零的TCP段。不发送数据片段，这将触发对等TCP进程发送更新的窗口大小。 TCP ACK段被接收并且包含更新的接收窗口大小。如果更新的接收窗口大小大于指定值，则发送数据。否则，计数器递增，如果计数器小于指定值，则重新执行步骤。

9. 发明授权

US07565694B2 Method and apparatus for preventing network reset attacks 有权
标题翻译：防止网络重置攻击的方法和装置
公开(公告)号：US07565694B2
公开(公告)日：2009-07-21
申请号：US10959225
申请日：2004-10-05
申请人： Chandrashekhar Appanna , Anantha Ramaiah
发明人： Chandrashekhar Appanna , Anantha Ramaiah
IPC分类号： G06F11/00 , G06F12/16 , G06F15/18 , G08B23/00
CPC分类号： H04L63/1458 , H04L69/16 , H04L69/163
摘要： A method for improving resistance of network protocols running on transmission control protocol (TCP), such as BGP. For example, a method comprises receiving, from a TCP application, a request to ignore all TCP segments with an RST bit set, except for solicited RST segments; establishing a filter that blocks all but solicited TCP RST segments; receiving a TCP segment with a SYN bit set and a sequence number value within an allowed window for a TCP connection matching the received segment, and for a session of the TCP application; re-configuring the filter to allow TCP RST segments for the connection associated with the received segment; requesting the TCP application to initiate an event that will induce a legitimate sender of the received segment to send a valid TCP RST segment in response; and closing the connection only when a TCP RST segment is received in response.
摘要翻译：一种提高在传输控制协议（TCP）（如BGP）上运行的网络协议的阻力的方法。例如，一种方法包括从TCP应用程序接收除了被请求的RST段之外忽略具有RST位的所有TCP段的请求; 建立一个阻塞所有但被请求的TCP RST段的过滤器; 接收具有SYN位集合的TCP段和在允许的窗口内的序列号值，用于匹配所接收的段的TCP连接以及TCP应用的会话; 重新配置过滤器以允许TCP RST段用于与接收段相关联的连接; 请求TCP应用程序发起一个将导致接收段的合法发送方发送有效的TCP RST段作为响应的事件; 并且只有当接收到TCP RST段作为响应时才关闭连接。

10. 发明授权

US07515525B2 Cooperative TCP / BGP window management for stateful switchover 有权
标题翻译：协同TCP / BGP窗口管理进行状态切换
公开(公告)号：US07515525B2
公开(公告)日：2009-04-07
申请号：US10948732
申请日：2004-09-22
申请人： Chandrashekhar Appanna , Anantha Ramaiah , Lester S. Bird
发明人： Chandrashekhar Appanna , Anantha Ramaiah , Lester S. Bird
IPC分类号： H04L12/26
CPC分类号： H04L47/27 , H04L45/04 , H04L45/586 , H04L69/40
摘要： A system and method for performing stateful switchover with reduced data, such as only metadata about a TCP window state. The metadata comprises a size of TCP packets used to send BGP messages, and which of those have been acknowledged by a neighbor networking device. The networking device comprises a BGP module to establish a BGP session between the networking device and a neighbor networking device. An active transport module within the networking device synchronizes with a standby transport module within the networking device by sending the metadata. A fault detector within the networking device initiates a stateful switchover from the active transport module to the standby transport module responsive to detecting a failure of a process and/or processor. The standby transport module uses the metadata to determine stateful metadata for preserving current BGP and TCP sessions of the networking device with dummy TCP packets having the same size ad sent TCP packets and containing safe BGP message data.
摘要翻译：一种用简单数据进行状态切换的系统和方法，例如仅关于TCP窗口状态的元数据。元数据包括用于发送BGP消息的TCP数据包的大小，以及哪些哪些已被邻居网络设备确认。网络设备包括BGP模块，用于在组网设备和邻居网络设备之间建立BGP会话。网络设备内的主动传输模块通过发送元数据与网络设备内的备用传输模块进行同步。响应于检测到过程和/或处理器的故障，网络设备内的故障检测器启动从主动传输模块到备用传输模块的状态切换。备用传输模块使用元数据来确定有状态元数据，用于保留具有相同大小的发送的TCP数据包并包含安全的BGP消息数据的伪TCP数据包的网络设备的当前BGP和TCP会话。

你已经成功收藏专利！

检索式保存成功!

IPRDB

热门服务

关于我们

友情链接

联系方式