公开(公告)号：US08364774B2

公开(公告)日：2013-01-29

申请号：US13159146

申请日：2011-06-13

申请人： James Undery ,  Mark Markaryan

发明人： James Undery ,  Mark Markaryan

IPC分类号： G06F15/16 ,  G06F15/177 ,  H04W4/00

CPC分类号： H04L65/1083 ,  H04L29/06 ,  H04L51/04 ,  H04L51/30 ,  H04L67/14 ,  H04L67/145 ,  H04L69/329

摘要： In an embodiment, techniques for sustaining session connections are provided. The techniques send heartbeat messages when not sending a message may cause the session connection to close because of a timeout condition. Heartbeat messages are valid transport layer messages that will be ignored by protocols at higher levels of a data communications stack. As an example, the techniques may send a TCP message containing only a carriage return and line feed (“CRLF”) in its payload. Because the TCP layer considers a message containing only a CRLF to be a valid TCP message, intermediary computing devices such as proxy servers may not interpret heartbeat messages as “keep alive” messages, and may sustain session connections.

摘要翻译： 在一个实施例中，提供了用于维持会话连接的技术。 当不发送消息时，技术发送心跳消息可能会导致会话连接由于超时条件而关闭。 心跳消息是有效的传输层消息，将被数据通信堆栈的较高级别的协议忽略。 作为示例，技术可以在其有效载荷中发送仅包含回车符和换行符（CRLF）的TCP消息。 因为TCP层将仅包含CRLF的消息认为是有效的TCP消息，所以中介计算设备（例如代理服务器）可能不会将心跳消息解释为保持活动消息，并且可以维持会话连接。

公开(公告)号：US20060020707A1

公开(公告)日：2006-01-26

申请号：US10881251

申请日：2004-06-30

申请人： James Undery ,  Mark Markaryan

发明人： James Undery ,  Mark Markaryan

IPC分类号： G06F15/16

CPC分类号： H04L65/1083 ,  H04L29/06 ,  H04L51/04 ,  H04L51/30 ,  H04L67/14 ,  H04L67/145 ,  H04L69/329

摘要： In an embodiment, techniques for sustaining session connections are provided. The techniques send heartbeat messages when not sending a message may cause the session connection to close because of a timeout condition. Heartbeat messages are valid transport layer messages that will be ignored by protocols at higher levels of a data communications stack. As an example, the techniques may send a TCP message containing only a carriage return and line feed (“CRLF”) in its payload. Because the TCP layer considers a message containing only a CRLF to be a valid TCP message, intermediary computing devices such as proxy servers may not interpret heartbeat messages as “keep alive” messages, and may sustain session connections.

摘要翻译： 在一个实施例中，提供了用于维持会话连接的技术。 当不发送消息时，技术发送心跳消息可能会导致会话连接由于超时条件而关闭。 心跳消息是有效的传输层消息，将被数据通信堆栈的较高级别的协议忽略。 作为示例，技术可以在其有效载荷中发送仅包含回车符和换行符（“CRLF”）的TCP消息。 因为TCP层将仅包含CRLF的消息认为是有效的TCP消息，所以中介计算设备（例如代理服务器）可能不将心跳消息解释为“保持活动”消息，并且可以维持会话连接。

公开(公告)号：US08490160B2

公开(公告)日：2013-07-16

申请号：US11906850

申请日：2007-10-04

申请人： Jeremy T. Buch ,  Michael Trommsdorff ,  James Undery

发明人： Jeremy T. Buch ,  Michael Trommsdorff ,  James Undery

IPC分类号： G06F7/04

CPC分类号： H04L63/1416 ,  H04L51/12

摘要： Open federation security techniques with rate limits are described. An apparatus may include a network interface operative to communicate messages, and a secure open federation (SOF) module operative to manage a message rate between multiple federated networks. The SOF module may comprise a peer authentication module operative to determine whether a peer making the message is an untrusted peer. The SOF module may comprise a peer rate tracking module operative to retrieve a message rate value and a message rate limit value associated with the untrusted peer, and compare the message rate value with the message rate limit value to form a threat status indicator value. The SOF module may comprise a peer authorization module operative to authorize communication of the message based on the threat status indicator value. Other embodiments are described and claimed.

公开(公告)号：US20090092050A1

公开(公告)日：2009-04-09

申请号：US11906850

申请日：2007-10-04

申请人： Jeremy T. Buch ,  Michael Trommsdorff ,  James Undery

发明人： Jeremy T. Buch ,  Michael Trommsdorff ,  James Undery

IPC分类号： H04L12/26

CPC分类号： H04L63/1416 ,  H04L51/12

摘要： Open federation security techniques with rate limits are described. An apparatus may include a network interface operative to communicate messages, and a secure open federation (SOF) module operative to manage a message rate between multiple federated networks. The SOF module may comprise a peer authentication module operative to determine whether a peer making the message is an untrusted peer. The SOF module may comprise a peer rate tracking module operative to retrieve a message rate value and a message rate limit value associated with the untrusted peer, and compare the message rate value with the message rate limit value to form a threat status indicator value. The SOF module may comprise a peer authorization module operative to authorize communication of the message based on the threat status indicator value. Other embodiments are described and claimed.

摘要翻译： 描述了具有速率限制的开放式联合安全技术。 装置可以包括可操作以传送消息的网络接口，以及可操作以管理多个联合网络之间的消息速率的安全开放式联合（SOF）模块。 SOF模块可以包括对等认证模块，用于确定发出消息的对等体是否是不可信对等体。 SOF模块可以包括对等速率跟踪模块，用于检索消息速率值和与不信任对等体相关联的消息速率限制值，并将消息速率值与消息速率限制值进行比较以形成威胁状态指示符值。 SOF模块可以包括对等授权模块，其操作以基于威胁状态指示符值来授权消息的通信。 描述和要求保护其他实施例。

公开(公告)号：US08347358B2

公开(公告)日：2013-01-01

申请号：US11821605

申请日：2007-06-25

申请人： Jeremy T. Buch ,  Michael Trommsdorff ,  James Undery

发明人： Jeremy T. Buch ,  Michael Trommsdorff ,  James Undery

IPC分类号： G06F7/04

CPC分类号： H04L51/04 ,  H04L51/12 ,  H04L63/08 ,  H04L63/10 ,  H04L63/126

摘要： Techniques to protect from open enhanced federation user enumeration are described. An apparatus may include a network interface operative to establish connections. The access edge server may further include an open enhanced federation (OEF) module communicatively coupled to the network interface. The OEF module may be operative to manage connections between multiple federated networks. In one embodiment, for example, the OEF module may comprise a peer authentication module operative to determine whether a peer making the request is an untrusted peer domain. The OEF module may further comprise a peer tracking module operative to retrieve a total request number and a total limit number associated with the untrusted peer, and compare the total request number with the total limit number to form a threat status indicator value. The OEF module may also comprise a peer authorization module operative to authorize the request based on the threat status indicator value. Other embodiments are described and claimed.

摘要翻译： 描述了保护开放式增强联盟用户枚举的技术。 装置可以包括可操作以建立连接的网络接口。 接入边缘服务器还可以包括通信地耦合到网络接口的开放式增强联合（OEF）模块。 OEF模块可以用于管理多个联合网络之间的连接。 在一个实施例中，例如，OEF模块可以包括对等体认证模块，其可操作以确定发出请求的对等体是否是不可信对等域。 OEF模块还可以包括对等跟踪模块，其可操作以检索与不可信对等体相关联的总请求号码和总限制号码，并将总请求号码与总限制号码进行比较以形成威胁状态指示符值。 OEF模块还可以包括对等授权模块，其操作以基于威胁状态指示符值来授权请求​​。 描述和要求保护其他实施例。

公开(公告)号：US20070005773A1

公开(公告)日：2007-01-04

申请号：US11142895

申请日：2005-05-31

申请人： Elena Apreutesei ,  James Undery ,  Nagendra Kolluru ,  Radu Ionescu

发明人： Elena Apreutesei ,  James Undery ,  Nagendra Kolluru ,  Radu Ionescu

IPC分类号： G06F15/16

CPC分类号： H04L67/1008 ,  H04L67/1002 ,  H04L67/101 ,  H04L67/14 ,  H04L69/40

摘要： A method and system for establishing a connection with a server after a connection has been broken is provided. A connection system in a service layer of a client detects that a connection between the client and the server has been broken. Upon detecting the broken connection, the connection system of the service layer automatically attempts to re-establish an application-level connection to the server. If the connection system can re-establish an application-level connection to the server, then it need not notify the application layer of the broken connection.

摘要翻译： 提供了在断开连接之后与服务器建立连接的方法和系统。 客户端服务层的连接系统检测到客户端与服务器之间的连接已经中断。 在检测到断开的连接时，服务层的连接系统自动尝试重新建立到服务器的应用级连接。 如果连接系统可以重新建立到服务器的应用级连接，则不需要通知应用层破坏的连接。

公开(公告)号：US20080320565A1

公开(公告)日：2008-12-25

申请号：US11821605

申请日：2007-06-25

申请人： Jeremy T. Buch ,  Michael Trommsdorff ,  James Undery

发明人： Jeremy T. Buch ,  Michael Trommsdorff ,  James Undery

IPC分类号： H04L9/32

CPC分类号： H04L51/04 ,  H04L51/12 ,  H04L63/08 ,  H04L63/10 ,  H04L63/126

摘要： Techniques to protect from open enhanced federation user enumeration are described. An apparatus may include a network interface operative to establish connections. The access edge server may further include an open enhanced federation (OEF) module communicatively coupled to the network interface. The OEF module may be operative to manage connections between multiple federated networks. In one embodiment, for example, the OEF module may comprise a peer authentication module operative to determine whether a peer making the request is an untrusted peer domain. The OEF module may further comprise a peer tracking module operative to retrieve a total request number and a total limit number associated with the untrusted peer, and compare the total request number with the total limit number to form a threat status indicator value. The OEF module may also comprise a peer authorization module operative to authorize the request based on the threat status indicator value. Other embodiments are described and claimed.

摘要翻译： 描述了保护开放式增强联盟用户枚举的技术。 装置可以包括可操作以建立连接的网络接口。 接入边缘服务器还可以包括通信地耦合到网络接口的开放式增强联合（OEF）模块。 OEF模块可以用于管理多个联合网络之间的连接。 在一个实施例中，例如，OEF模块可以包括对等体认证模块，其可操作以确定发出请求的对等体是否是不可信对等域。 OEF模块还可以包括对等跟踪模块，其可操作以检索与不可信对等体相关联的总请求号码和总限制号码，并将总请求号码与总限制号码进行比较以形成威胁状态指示符值。 OEF模块还可以包括对等授权模块，其操作以基于威胁状态指示符值来授权请求​​。 描述和要求保护其他实施例。