专利快速检索-快速检索全球专利，免费商用专利数据库-IPRDB

71. 发明申请

WO2006030277A1 COMPRESSING, FILTERING, AND TRANSMITTING OF PROTOCOL MESSAGES VIA A PROTOCOL-AWARE INTERMEDIARY NODE 审中-公开
标题翻译：压缩，过滤和通过协议中断节点发送协议消息
公开(公告)号：WO2006030277A1
公开(公告)日：2006-03-23
申请号：PCT/IB2005/002696
申请日：2005-09-12
申请人： NOKIA CORPORATION , LIU, Zhigang
发明人： LIU, Zhigang
IPC分类号： H04L29/06
CPC分类号： H04L69/04 , H04L29/06027 , H04L63/0254 , H04L65/1006
摘要： Methods, apparatuses, and a system for compressing, filtering, and transmitting of protocol messages to be transmitted from a transmitting side via a protocol-aware intermediary node to a receiving side, the compressing method comprising the steps of: detecting a type of a protocol message to be compressed; and selectively compressing, based on the detected message type, certain predefined parts of the protocol message and leaving other predefined parts of the protocol message uncompressed; and the filtering method, if it is retrieved that the protocol message is not fully compressed, comprising the steps of: detecting a type of the protocol message to be filtered; scanning the message; and selectively processing, based on the detected message type and the scanning, certain predefined parts of the protocol message and leaving other predefined parts of the protocol message unprocessed.
摘要翻译：方法，装置以及用于压缩，过滤和发送协议消息的系统，所述协议消息将从发送侧通过协议感知中间节点发送到接收方，所述压缩方法包括以下步骤：检测协议的类型消息被压缩; 以及基于检测到的消息类型来选择性地压缩协议消息的某些预定义部分并且使协议消息的其他预定义部分未被压缩; 以及所述过滤方法，如果检索到所述协议消息未被完全压缩，则包括以下步骤：检测要过滤的协议消息的类型; 扫描消息; 并且基于所检测到的消息类型和扫描来选择性地处理协议消息的某些预定义部分，并且保留未处理的协议消息的其他预定义部分。

72. 发明申请

WO2005120008A1 EXTENSIONS TO THE FIREWALL CONFIGURATION PROTOCOLS AND FEATURES 审中-公开
标题翻译：扩展到“防火墙配置协议”和“特性”
公开(公告)号：WO2005120008A1
公开(公告)日：2005-12-15
申请号：PCT/IB2005/001205
申请日：2005-05-03
申请人： NOKIA CORPORATION , NOKIA INC.
发明人： LE, Frank , FACCIN, Stefano
IPC分类号： H04L29/06
CPC分类号： H04L63/0263 , H04L63/0236 , H04L63/0254 , H04L63/029 , H04L63/20
摘要： A network implementing at least one firewall for providing protection for users on the network. The network includes at least one host system protected by the at least one firewall, the host system being configured to send and receive information from external host systems through the at least one firewall. The at least one firewall including installation means for installing policy rules that are transmitted from at least one network entity to the at least one firewall. The policy rules include an option field for allowing the at least one network entity to send additional information to the firewall on at least one state to be created. The additional information is optionally used by the at least one firewall to perform services on data travelling through the at least one firewall.
摘要翻译：实现至少一个防火墙的网络，用于为网络上的用户提供保护。该网络包括由至少一个防火墙保护的至少一个主机系统，主机系统被配置为通过至少一个防火墙从外部主机系统发送和接收信息。所述至少一个防火墙包括用于安装从至少一个网络实体发送到所述至少一个防火墙的策略规则的安装装置。策略规则包括用于允许至少一个网络实体在要创建的至少一个状态上向防火墙发送附加信息的选项字段。所述附加信息可选地由所述至少一个防火墙使用以对通过所述至少一个防火墙行进的数据执行服务。

73. 发明申请

WO2005076573A1 METHOD AND SYSTEM FOR SENDING BINDING UPDATES TO CORRESPONDENT NODES BEHIND FIREWALLS 审中-公开
标题翻译：发送绑定更新的相关方法和系统
公开(公告)号：WO2005076573A1
公开(公告)日：2005-08-18
申请号：PCT/IB2005/000304
申请日：2005-02-08
申请人： NOKIA CORPORATION , LE, Franck , FACCIN, Stefano
发明人： LE, Franck , FACCIN, Stefano
IPC分类号： H04L29/06
CPC分类号： H04W8/082 , H04L63/0254 , H04L63/029 , H04L69/16 , H04L69/167
摘要： The invention proposes a method for providing traversal of a packet filtering function (D) for information transferred between a first network node (A) and a second network node (B) wherein the second network node (B) is associated with a home network control element (C) and the first network node (A) is protected by the packet filtering function (D), the method comprising the steps of sending (S1) a message including temporary identification information from the second node to the home network control element, sending (S3) a message including at least a part of the temporary identification information from the home network control element to the first node, and preparing (S4-S7) a direct connection between the first node and the second node via the packet filtering function based on the identification information. The invention also proposes corresponding network nodes, a corresponding home network control element and a corresponding network system.
摘要翻译：本发明提出了一种用于提供对第一网络节点（A）和第二网络节点（B）之间传输的信息的分组过滤功能（D）的遍历的方法，其中第二网络节点（B）与家庭网络控制元素（C）和第一网络节点（A）由分组过滤功能（D）保护，所述方法包括以下步骤：将包括临时识别信息的消息从第二节点发送（S1）到家庭网络控制元件，将包括所述临时识别信息的至少一部分的消息从家庭网络控制元件发送（S3）到第一节点，以及通过分组过滤功能（S4-S7）准备第一节点和第二节点之间的直接连接基于识别信息。本发明还提出了相应的网络节点，相应的家庭网络控制元件和相应的网络系统。

74. 发明申请

WO2005034372A2 METHODS AND SYSTEMS FOR PER-SESSION NETWORK ADDRESS TRANSLATION (NAT) LEARNING AND FIREWALL FILTERING IN MEDIA GATEWAY 审中-公开
标题翻译：网络地址转换（NAT）在媒体网关中的学习和防火墙过滤的方法和系统
公开(公告)号：WO2005034372A2
公开(公告)日：2005-04-14
申请号：PCT/US2004032272
申请日：2004-09-30
申请人： SANTERA SYSTEMS INC , LI SAN-QI , LEE WEIJUN , LU DAVID Z
发明人： LI SAN-QI , LEE WEIJUN , LU DAVID Z
IPC分类号： G06F15/16 , G06F15/173 , H04B20060101 , H04L29/06 , H04L29/12 , H04B
CPC分类号： H04L29/12009 , H04L29/1233 , H04L29/12509 , H04L61/2567 , H04L63/0236 , H04L63/0254 , H04L63/029 , H04L65/1023
摘要： Methods and systems for per-session NAT learning and firewall filtering are disclosed. Media packets associated with a call/session are received and processed at a media gateway. For the first few received media packets associated with a session, the media gateway uses various unique methods to learn the actual source IP address and UDP port assigned to the remote communication terminal by its customer-premises Network Address Translators (NATs) to the media flows of the current session. After the remote IP and UDP are learned, the media gateway reconfigures its firewall filtering function to check both the dynamically learned remote IP and UDP and the locally assigned IP and UDP of the current session. The per-session NAT learning function removes reachability issues in VoIP deployment, and the per-session firewall filtering function enhances security protection in VoIP deployment.
摘要翻译：披露了每会话NAT学习和防火墙过滤的方法和系统。与呼叫/会话相关联的媒体分组在媒体网关处被接收和处理。对于与会话相关联的前几个接收到的媒体分组，媒体网关使用各种独特的方法来了解其客户端网络地址转换器（NAT）分配给远程通信终端的实际源IP地址和UDP端口到媒体流的当前会话。在学习到远程IP和UDP后，媒体网关重新配置其防火墙过滤功能，以检查动态学习的远程IP和UDP以及当前会话的本地分配的IP和UDP。每会话NAT学习功能消除了VoIP部署中的可达性问题，每会话防火墙过滤功能增强了VoIP部署中的安全保护。

75. 发明申请

WO2004015583A1 SYSTEM AND METHOD FOR CONTROLLING ACCESS TO AN ELECTRONIC MESSAGE RECIPIENT 审中-公开
标题翻译：用于控制访问电子消息接收的系统和方法
公开(公告)号：WO2004015583A1
公开(公告)日：2004-02-19
申请号：PCT/US2003/025067
申请日：2003-08-11
申请人： BURLINGTON COMMUNICATIONS, INC. , MCISAAC, Joseph, E. , DAHLLOF, Marcus , TATARSKY, L., Bruce , VALLETT, Richard, K.
发明人： MCISAAC, Joseph, E. , DAHLLOF, Marcus , TATARSKY, L., Bruce , VALLETT, Richard, K.
IPC分类号： G06F13/38
CPC分类号： H04L61/6013 , H04L29/12594 , H04L51/12 , H04L51/28 , H04L61/2069 , H04L61/301 , H04L61/307 , H04L63/0254 , H04L63/10 , H04L63/102 , H04L65/4076
摘要： A system for, and method of, generating a plurality of proxy identities to a given originator identity as a menas of providing controlled access to the originator identity in electronic communications media such as e-mail and instant messaging.
摘要翻译：用于向给定的发起者身份生成多个代理身份的系统和方法，作为在诸如电子邮件和即时消息之类的电子通信媒体中提供受控访问发起者身份的手段。

76. 发明申请

WO02091700A3 DYNAMIC PACKET FILTER UTILIZING SESSION TRACKING 审中-公开
标题翻译：动态包装过滤器利用会话追踪
公开(公告)号：WO02091700A3
公开(公告)日：2003-02-06
申请号：PCT/IB0201603
申请日：2002-05-10
申请人： PACKET TECHNOLOGIES LTS
发明人： GOLDBERG RONEN , DANIELY GADY , ZEZAK MOSHE , SHOHAT DRORY
IPC分类号： G06F21/20 , G06F13/00 , H04L12/66 , H04L29/06
CPC分类号： H04L63/0254
摘要： A novel and useful dynamic packet filter that can be incorporated in an hardware based firewall suitable for use in portable computing devices such as cellular telephones and wireless connected PDAs that are adapted to connect to the Internet. The invention performs dynamic packet filtering on packets received over an input packet stream. The dynamic filter cheeks dynamic protocol behaviour using information extracted from the received packet. Sessions are created and stored in a session database to track the state of communications between the source and destination. Recognition of a session is accelerated by use of a hash table to quickly determine the corresponding session record in the session database. Session related data is read from the session database and the received packet is checked against a set of rules for determination of whether to allow or deny the packet.
摘要翻译：一种新颖且有用的动态分组过滤器，其可以并入适用于适于连接到因特网的便携式计算设备（例如蜂窝电话和无线连接PDA）的基于硬件的防火墙。本发明对通过输入分组流接收的分组执行动态分组过滤。动态过滤器使用从接收到的数据包中提取的信息来表示动态协议行为。会话被创建并存储在会话数据库中以跟踪源和目的地之间的通信状态。通过使用哈希表来快速确定会话数据库中的对应会话记录来加速对会话的识别。从会话数据库中读取会话相关数据，并根据一组规则检查接收到的数据包，以确定是否允许或拒绝数据包。

77. 发明申请

WO01069883A3 TEXT-BASED COMMUNICATIONS OVER A DATA NETWORK 审中-公开
标题翻译：基于文本的通信数据网络
公开(公告)号：WO01069883A3
公开(公告)日：2002-06-20
申请号：PCT/US2001/040208
申请日：2001-03-01
IPC分类号： H04L12/18 , H04L12/58 , H04L29/06 , H04Q11/04 , H04M7/00
CPC分类号： H04L65/1009 , H04L29/06 , H04L29/06027 , H04L51/04 , H04L63/0254 , H04L63/029 , H04L65/1006 , H04L65/1043 , H04Q11/04 , H04Q2213/13034 , H04Q2213/13097 , H04Q2213/13175 , H04Q2213/13176 , H04Q2213/13196 , H04Q2213/13204 , H04Q2213/1329 , H04Q2213/13336 , H04Q2213/13339 , H04Q2213/13348 , H04Q2213/13389
摘要： A communications system (10) includes a packet-based data network (12) that is coupled to various network elements (14, 16, 18, 20, 22, and 34) that are capable of participating in audio-based call sessions over the data network (12). The audio-based call sessions may be defined according to a Session Initiation Protocol (SIP) or to another type of protocol (e.g., H.323). The network elements (14, 18, 22, and 34) are also capable of participating in text-based chat sessions. Text messages exchanged in such text-based chat sessions are carried in messages, such as SIP Info messages, that are defined according to the protocol for audio-based call sessions. The SIP Info messages carrying the text messages may be communicated either during an established audio-based call session or outside of an audio-based call session. Using SIP (or another signal protocol) messages to carry the text messages allows such messages to be conveniently transported through a firewall system.
摘要翻译：通信系统（10）包括耦合到能够参与基于音频的呼叫会话的各种网络元件（14,16,18,20,22和34）的基于分组的数据网络（12）数据网络（12）。基于音频的呼叫会话可以根据会话发起协议（SIP）或另一种类型的协议（例如，H.323）来定义。网络元件（14,18,22和34）还能够参与基于文本的聊天会话。在这种基于文本的聊天会话中交换的文本消息在根据用于基于音频的呼叫会话的协议定义的消息中被传送，诸如SIP信息消息。携带文本消息的SIP Info消息可以在建立的基于音频的呼叫会话期间或在基于音频的呼叫会话之外传送。使用SIP（或另一个信号协议）消息来携带文本消息允许这样的消息被方便地通过防火墙系统传输。

78. 发明申请

WO1998019250A1 NETWORK SESSION WALL 审中-公开
标题翻译：网络会议室
公开(公告)号：WO1998019250A1
公开(公告)日：1998-05-07
申请号：PCT/US1997019003
申请日：1997-10-21
申请人： ABIRNET LTD. , FRIEDMAN, Mark, M. , DASCALU, Ziv
发明人： ABIRNET LTD. , FRIEDMAN, Mark, M.
IPC分类号： G06F15/16
CPC分类号： H04L63/02 , H04L29/06 , H04L63/0218 , H04L63/0254 , H04L63/1408
摘要： A session wall for a local area network (1) is provided. This is a device connected to a local area network (1) which listens passively to communications sent over the network (1). The device also sends data over the network (1) which is interpreted by other devices connected to the local network (1) as if it were sent by another network device connected to the local network (1). The session wall has means for storing access rules for the network devices which generate data communication messages over the local network (1). It reads a portion of each communication message it listens to and compares that data with the stored access rules (10) to determine whether the message is permitted or not. If not, the session wall sends a message to both parties.
摘要翻译：提供局域网（1）的会话墙。这是连接到局域网（1）的设备，其被动地收听通过网络发送的通信（1）。该设备还通过网络（1）发送数据，该数据由连接到本地网络（1）的其他设备解释，就好像是由连接到本地网络（1）的另一个网络设备发送的一样。会话墙具有用于存储通过本地网络（1）生成数据通信消息的网络设备的访问规则的装置。它读取其收听的每个通信消息的一部分，并将该数据与存储的访问规则（10）进行比较，以确定消息是否被允许。如果没有，会话墙向双方发送消息。

79. 发明申请

WO1997049038A1 POLICY CACHING METHOD AND APPARATUS FOR USE IN A COMMUNICATION DEVICE 审中-公开
标题翻译：用于通信设备的策略缓存方法和设备
公开(公告)号：WO1997049038A1
公开(公告)日：1997-12-24
申请号：PCT/US1997010332
申请日：1997-06-18
申请人： STORAGE TECHNOLOGY CORPORATION
发明人： STORAGE TECHNOLOGY CORPORATION , HUGHES, James, P. , OLSON, Steve, A.
IPC分类号： G06F13/00
CPC分类号： H04Q11/0478 , H04L63/0254 , H04L63/20 , H04L69/18 , H04L69/22 , H04L2012/5619 , H04L2012/5626 , H04L2012/563
摘要： A policy caching method (400) for use in a communication device is provided. The communication device determines which instance of protocol data unit (PDU) network policy from a plurality of policies is to be applied to related-received PDUs based on contents of one of the related-received PDUs (406). Subsequently, policy identification information identifying the instance PDU policy is cached (408) for future application to other of the related-received PDUs (410). Also, a communication device which implements this policy caching method is provided.
摘要翻译：提供了一种用于通信设备的策略缓存方法（400）。通信设备基于相关接收PDU中的一个的内容，确定来自多个策略的协议数据单元（PDU）网络策略的哪个实例将应用于相关接收的PDU。随后，识别实例PDU策略的策略识别信息被缓存（408）以供将来应用于相关接收PDU中的其他的（410）。另外，提供实现该策略缓存方法的通信装置。

80. 发明申请

WO2017220139A1 SYSTEM AND METHOD FOR DETECTING AND PREVENTING NETWORK INTRUSION OF MALICIOUS DATA FLOWS 审中-公开
标题翻译：用于检测和防止恶意数据流的网络入侵的系统和方法
公开(公告)号：WO2017220139A1
公开(公告)日：2017-12-28
申请号：PCT/EP2016/064422
申请日：2016-06-22
申请人： HUAWEI TECHNOLOGIES CO., LTD. , SNAPIRI, Shachar , GAL-OR, Eshed , GAMPEL, Eran , BARON, Ayal
发明人： SNAPIRI, Shachar , GAL-OR, Eshed , GAMPEL, Eran , BARON, Ayal
IPC分类号： H04L29/06 , G06F21/10
CPC分类号： H04L63/1416 , G06F16/27 , G06F21/554 , H04L47/2441 , H04L63/0245 , H04L63/0254 , H04L63/1425
摘要： The present invention provides a system for detecting and preventing the intrusion of malicious data flows in a software defined network (SDN). The system comprises at least one data storage or memory, configured to store flow states of data flows, and to share and update the flow states across the system, at least one shared-state forwarding element (FE) configured to block, forward, or replicate a received data flow based on a flow state of the data flow and/or a comparison of the data flow with predetermined patterns, and at least one inspection element (IE), configured to receive a replicated data flow, and to classify, whether the data flow is malicious or allowed. The IE is configured to alter the flow state of the data flow according to a classification result. The present invention provides a corresponding method for detecting and preventing intrusion of malicious data flows in a SDN.
摘要翻译：本发明提供了一种用于检测和防止恶意数据流入侵软件定义网络（SDN）的系统。该系统包括至少一个数据存储器或存储器，被配置为存储数据流的流状态并且共享并更新系统上的流状态，至少一个共享状态转发元件（FE）被配置为阻止，转发或者基于所述数据流的流状态和/或所述数据流与预定模式的比较来复制所接收的数据流，以及至少一个检查元件（IE），其被配置为接收复制的数据流并且分类数据流是恶意的或被允许的。 IE被配置为根据分类结果来改变数据流的流状态。本发明提供了一种检测和防止恶意数据流入侵SDN的相应方法。

你已经成功收藏专利！

检索式保存成功!

IPRDB

热门服务

关于我们

友情链接

联系方式