专利快速检索-快速检索全球专利，免费商用专利数据库-IPRDB

1. 发明申请

US20070005973A1 Approaches for switching transport protocol connection keys 有权
标题翻译：切换传输协议连接密钥的方法
公开(公告)号：US20070005973A1
公开(公告)日：2007-01-04
申请号：US11173690
申请日：2005-07-01
申请人： Satish Mynam , Anantha Ramaiah , Chandrashekhar Appanna , Keyur Patel
发明人： Satish Mynam , Anantha Ramaiah , Chandrashekhar Appanna , Keyur Patel
IPC分类号： H04L9/00
CPC分类号： H04L63/123 , H04L9/0891 , H04L9/3239 , H04L9/3247 , H04L2209/38 , H04L2209/80
摘要： Approaches are disclosed for switching transport protocol connection keys. In a transport protocol module configured to use a first key for signing messages associated with a transport protocol connection, a second key is configured for the transport protocol connection. A first message that is associated with the transport protocol connection is received. The first message includes a first signature. A first and a second message digests are computed for the first message, where the first message digest is based on the first key and the second message digest is based on the second key. The first message is validated if the first signature in the first message matches any one of the first message digest and the second message digest.
摘要翻译：公开了用于切换传输协议连接密钥的方法。在被配置为使用第一密钥来签署与传输协议连接相关联的消息的传输协议模块中，为传输协议连接配置第二密钥。接收与传输协议连接相关联的第一消息。第一个消息包括第一个签名。针对第一消息计算第一和第二消息摘要，其中第一消息摘要基于第一密钥，第二消息摘要基于第二密钥。如果第一消息中的第一个签名与第一个消息摘要和第二个消息摘要中的任何一个匹配，则验证第一个消息。

2. 发明申请

US20070160063A1 Approaches for switching transport protocol connection keys 有权
标题翻译：切换传输协议连接密钥的方法
公开(公告)号：US20070160063A1
公开(公告)日：2007-07-12
申请号：US11329509
申请日：2006-01-10
申请人： Satish Mynam , Anantha Ramaiah , Chandrashekhar Appanna
发明人： Satish Mynam , Anantha Ramaiah , Chandrashekhar Appanna
IPC分类号： H04L12/56
CPC分类号： H04L63/068 , H04L69/16 , H04L69/163
摘要： Approaches are disclosed for switching transport protocol connection keys. A first node sends a keychange request message to a second node, causing the second node to accept subsequent messages digitally signed with a first or second key. The second node sends an acknowledgment message to the first node, causing the first node to accept subsequent messages digitally signed with the first or second key. The first node receives a new message digitally signed with the second key from the second node and determines that there are no remaining messages to be received digitally signed with the first key. In response thereto, the first node only accepts messages digitally signed with the second key and sends a message signed with the second key to the second node, causing the second node to only accept messages digitally signed with the second key.
摘要翻译：公开了用于切换传输协议连接密钥的方法。第一节点向第二节点发送密钥交换请求消息，导致第二节点接受用第一或第二密钥数字签名的后续消息。第二节点向第一节点发送确认消息，使得第一节点接受用第一或第二密钥数字签名的后续消息。第一节点从第二节点接收用第二密钥数字签名的新消息，并确定不存在要用第一密钥数字签名的剩余消息。响应于此，第一节点仅接受用第二密钥数字签名的消息，并将具有第二密钥签名的消息发送到第二节点，使得第二节点仅接受用第二密钥数字签名的消息。

3. 发明授权

US07545810B2 Approaches for switching transport protocol connection keys 有权
标题翻译：切换传输协议连接密钥的方法
公开(公告)号：US07545810B2
公开(公告)日：2009-06-09
申请号：US11173690
申请日：2005-07-01
申请人： Satish K. Mynam , Anantha Ramaiah , Chandrashekhar Appanna , Keyur Patel
发明人： Satish K. Mynam , Anantha Ramaiah , Chandrashekhar Appanna , Keyur Patel
IPC分类号： H04L12/56 , H04L9/14
CPC分类号： H04L63/123 , H04L9/0891 , H04L9/3239 , H04L9/3247 , H04L2209/38 , H04L2209/80
摘要： Approaches are disclosed for switching transport protocol connection keys. In a transport protocol module configured to use a first key for signing messages associated with a transport protocol connection, a second key is configured for the transport protocol connection. A first message that is associated with the transport protocol connection is received. The first message includes a first signature. A first and a second message digests are computed for the first message, where the first message digest is based on the first key and the second message digest is based on the second key. The first message is validated if the first signature in the first message matches any one of the first message digest and the second message digest.
摘要翻译：公开了用于切换传输协议连接密钥的方法。在被配置为使用第一密钥来签署与传输协议连接相关联的消息的传输协议模块中，为传输协议连接配置第二密钥。接收与传输协议连接相关联的第一消息。第一个消息包括第一个签名。针对第一消息计算第一和第二消息摘要，其中第一消息摘要基于第一密钥，第二消息摘要基于第二密钥。如果第一消息中的第一个签名与第一个消息摘要和第二个消息摘要中的任何一个匹配，则验证第一个消息。

4. 发明授权

US07613118B2 Detecting change in a transport protocol window size without data transmission 有权
标题翻译：检测传输协议窗口大小的变化，无需数据传输
公开(公告)号：US07613118B2
公开(公告)日：2009-11-03
申请号：US11133622
申请日：2005-05-19
申请人： Chandrashekhar Appanna , Anantha Ramaiah , Amol Khare
发明人： Chandrashekhar Appanna , Anantha Ramaiah , Amol Khare
IPC分类号： G01R31/08 , G06F12/00
CPC分类号： H04L69/16 , H04L69/163 , Y10S707/99953 , Y10S707/99955
摘要： A method detects a change in TCP receive window size while preventing fragmentation of data. A TCP stack receives a segment that advertises a receive window size of zero. If data needs to be sent, and only if so, a timer is started. When the timer expires, a TCP segment that contains a first sequence number value equal to second sequence number representing sent but unacknowledged data minus one, and a segment length value of zero, is sent. Without sending a fragment of data, this triggers a peer TCP process to send an updated window size. A TCP ACK segment is received and contains an updated receive window size. If the updated receive window size is greater than a specified value, then the data is sent. Otherwise, a counter is incremented, and the steps are re-performed if the counter is less than a specified value.
摘要翻译：一种方法检测TCP接收窗口大小的变化，同时防止数据碎片化。 TCP堆栈接收一个通告接收窗口大小为零的段。如果需要发送数据，并且只有这样，才能启动定时器。当定时器到期时，发送包含表示发送但未确认的数据减去1的第二序列号的第一序列号值和段长度值为零的TCP段。不发送数据片段，这将触发对等TCP进程发送更新的窗口大小。 TCP ACK段被接收并且包含更新的接收窗口大小。如果更新的接收窗口大小大于指定值，则发送数据。否则，计数器递增，如果计数器小于指定值，则重新执行步骤。

5. 发明授权

US07565694B2 Method and apparatus for preventing network reset attacks 有权
标题翻译：防止网络重置攻击的方法和装置
公开(公告)号：US07565694B2
公开(公告)日：2009-07-21
申请号：US10959225
申请日：2004-10-05
申请人： Chandrashekhar Appanna , Anantha Ramaiah
发明人： Chandrashekhar Appanna , Anantha Ramaiah
IPC分类号： G06F11/00 , G06F12/16 , G06F15/18 , G08B23/00
CPC分类号： H04L63/1458 , H04L69/16 , H04L69/163
摘要： A method for improving resistance of network protocols running on transmission control protocol (TCP), such as BGP. For example, a method comprises receiving, from a TCP application, a request to ignore all TCP segments with an RST bit set, except for solicited RST segments; establishing a filter that blocks all but solicited TCP RST segments; receiving a TCP segment with a SYN bit set and a sequence number value within an allowed window for a TCP connection matching the received segment, and for a session of the TCP application; re-configuring the filter to allow TCP RST segments for the connection associated with the received segment; requesting the TCP application to initiate an event that will induce a legitimate sender of the received segment to send a valid TCP RST segment in response; and closing the connection only when a TCP RST segment is received in response.
摘要翻译：一种提高在传输控制协议（TCP）（如BGP）上运行的网络协议的阻力的方法。例如，一种方法包括从TCP应用程序接收除了被请求的RST段之外忽略具有RST位的所有TCP段的请求; 建立一个阻塞所有但被请求的TCP RST段的过滤器; 接收具有SYN位集合的TCP段和在允许的窗口内的序列号值，用于匹配所接收的段的TCP连接以及TCP应用的会话; 重新配置过滤器以允许TCP RST段用于与接收段相关联的连接; 请求TCP应用程序发起一个将导致接收段的合法发送方发送有效的TCP RST段作为响应的事件; 并且只有当接收到TCP RST段作为响应时才关闭连接。

6. 发明授权

US07515525B2 Cooperative TCP / BGP window management for stateful switchover 有权
标题翻译：协同TCP / BGP窗口管理进行状态切换
公开(公告)号：US07515525B2
公开(公告)日：2009-04-07
申请号：US10948732
申请日：2004-09-22
申请人： Chandrashekhar Appanna , Anantha Ramaiah , Lester S. Bird
发明人： Chandrashekhar Appanna , Anantha Ramaiah , Lester S. Bird
IPC分类号： H04L12/26
CPC分类号： H04L47/27 , H04L45/04 , H04L45/586 , H04L69/40
摘要： A system and method for performing stateful switchover with reduced data, such as only metadata about a TCP window state. The metadata comprises a size of TCP packets used to send BGP messages, and which of those have been acknowledged by a neighbor networking device. The networking device comprises a BGP module to establish a BGP session between the networking device and a neighbor networking device. An active transport module within the networking device synchronizes with a standby transport module within the networking device by sending the metadata. A fault detector within the networking device initiates a stateful switchover from the active transport module to the standby transport module responsive to detecting a failure of a process and/or processor. The standby transport module uses the metadata to determine stateful metadata for preserving current BGP and TCP sessions of the networking device with dummy TCP packets having the same size ad sent TCP packets and containing safe BGP message data.
摘要翻译：一种用简单数据进行状态切换的系统和方法，例如仅关于TCP窗口状态的元数据。元数据包括用于发送BGP消息的TCP数据包的大小，以及哪些哪些已被邻居网络设备确认。网络设备包括BGP模块，用于在组网设备和邻居网络设备之间建立BGP会话。网络设备内的主动传输模块通过发送元数据与网络设备内的备用传输模块进行同步。响应于检测到过程和/或处理器的故障，网络设备内的故障检测器启动从主动传输模块到备用传输模块的状态切换。备用传输模块使用元数据来确定有状态元数据，用于保留具有相同大小的发送的TCP数据包并包含安全的BGP消息数据的伪TCP数据包的网络设备的当前BGP和TCP会话。

7. 发明申请

US20060262734A1 Transport protocol connection synchronization 有权
标题翻译：传输协议连接同步
公开(公告)号：US20060262734A1
公开(公告)日：2006-11-23
申请号：US11134686
申请日：2005-05-19
申请人： Chandrashekhar Appanna , Anantha Ramaiah
发明人： Chandrashekhar Appanna , Anantha Ramaiah
IPC分类号： H04L12/28 , H04L12/56
CPC分类号： H04L69/16 , H04L45/121 , H04L69/14 , H04L69/161 , H04L69/163 , H04L69/326
摘要： A system and method supporting synchronization of replicated transport layer connections in a redundant processor telecommunications network element. One method involves receiving, at a network element comprising an active transport protocol process coupled to a standby transport protocol process, information identifying a newly created transport layer connection maintained at the active transport protocol process; assigning a unique connection identifier to the transport layer connection; sending the unique connection identifier, in association with other, protocol-specific connection identifying information, to the standby protocol process; and sending, to the standby transport protocol process, one or more messages comprising one or more properties or statistics associated with the transport layer connection, wherein the messages identify the transport layer connection using the unique connection identifier.
摘要翻译：支持冗余处理器电信网络元件中复制传输层连接同步的系统和方法。一种方法包括在包括与备用传输协议过程相关联的活动传输协议进程的网络元件处接收标识在活动传输协议过程中维护的新创建的传输层连接的信息; 向传输层连接分配唯一的连接标识符; 将与所述协议特定连接识别信息相关联的唯一连接标识符发送到所述备用协议进程; 以及向所述备用传输协议进程发送包括与所述传输层连接相关联的一个或多个属性或统计信息的一个或多个消息，其中所述消息使用所述唯一连接标识符标识所述传输层连接。

8. 发明授权

US07801135B2 Transport protocol connection synchronization 有权
标题翻译：传输协议连接同步
公开(公告)号：US07801135B2
公开(公告)日：2010-09-21
申请号：US11134686
申请日：2005-05-19
申请人： Chandrashekhar Appanna , Anantha Ramaiah
发明人： Chandrashekhar Appanna , Anantha Ramaiah
IPC分类号： H04L12/56
CPC分类号： H04L69/16 , H04L45/121 , H04L69/14 , H04L69/161 , H04L69/163 , H04L69/326
摘要： A system and method supporting synchronization of replicated transport layer connections in a redundant processor telecommunications network element. One method involves receiving, at a network element comprising an active transport protocol process coupled to a standby transport protocol process, information identifying a newly created transport layer connection maintained at the active transport protocol process; assigning a unique connection identifier to the transport layer connection; sending the unique connection identifier, in association with other, protocol-specific connection identifying information, to the standby protocol process; and sending, to the standby transport protocol process, one or more messages comprising one or more properties or statistics associated with the transport layer connection, wherein the messages identify the transport layer connection using the unique connection identifier.
摘要翻译：支持冗余处理器电信网络元件中复制传输层连接同步的系统和方法。一种方法包括在包括与备用传输协议过程相关联的活动传输协议进程的网络元件处接收标识在活动传输协议过程中维护的新创建的传输层连接的信息; 向传输层连接分配唯一的连接标识符; 将与所述协议特定连接识别信息相关联的唯一连接标识符发送到所述备用协议进程; 以及向所述备用传输协议进程发送包括与所述传输层连接相关联的一个或多个属性或统计信息的一个或多个消息，其中所述消息使用所述唯一连接标识符标识所述传输层连接。

9. 发明授权

US07623464B2 Rapid protocol failure detection 有权
标题翻译：快速协议故障检测
公开(公告)号：US07623464B2
公开(公告)日：2009-11-24
申请号：US10888122
申请日：2004-07-09
申请人： Chandrashekhar Appanna , Anantha Ramaiah , Ruchi Kapoor
发明人： Chandrashekhar Appanna , Anantha Ramaiah , Ruchi Kapoor
IPC分类号： G01R31/08
CPC分类号： H04L41/06 , H04L43/0811 , H04L45/00 , H04L45/04 , H04L45/22 , H04L45/28 , H04L67/14 , H04L69/16 , H04L69/163 , H04L69/40
摘要： A method is disclosed for rapidly detecting a protocol failure. In one embodiment, the method includes receiving an indication that a first process has failed. The first process having been engaged in communications over one or more network connections with a second process. A packet is formed, such that the packet appears to have been formed by the first process. The packet includes one or more data values, which, when received and processed by the second process, will cause the second process to close the network connection. The packet is sent to the second process. When the second process receives the packet, the second process to closes the network connection.
摘要翻译：公开了一种用于快速检测协议故障的方法。在一个实施例中，该方法包括接收第一进程失败的指示。第一进程已经通过一个或多个网络连接进行了第二进程的通信。形成分组，使得分组似乎是由第一进程形成的。该分组包括一个或多个数据值，当由第二进程接收和处理时将使第二进程关闭网络连接。数据包被发送到第二个进程。当第二个进程收到数据包时，第二个进程关闭网络连接。

10. 发明申请

US20060268710A1 Detecting change in a transport protocol window size without data transmission 有权
公开(公告)号：US20060268710A1
公开(公告)日：2006-11-30
申请号：US11133622
申请日：2005-05-19
申请人： Chandrashekhar Appanna , Anantha Ramaiah , Amol Khare
发明人： Chandrashekhar Appanna , Anantha Ramaiah , Amol Khare
IPC分类号： H04J1/16
CPC分类号： H04L69/16 , H04L69/163 , Y10S707/99953 , Y10S707/99955
摘要： A method detects a change in TCP receive window size while preventing fragmentation of data. A TCP stack receives a segment that advertises a receive window size of zero. If data needs to be sent, and only if so, a timer is started. When the timer expires, a TCP segment that contains a first sequence number value equal to second sequence number representing sent but unacknowledged data minus one, and a segment length value of zero, is sent. Without sending a fragment of data, this triggers a peer TCP process to send an updated window size. A TCP ACK segment is received and contains an updated receive window size. If the updated receive window size is greater than a specified value, then the data is sent. Otherwise, a counter is incremented, and the steps are re-performed if the counter is less than a specified value.

你已经成功收藏专利！

检索式保存成功!

IPRDB

热门服务

关于我们

友情链接

联系方式