公开(公告)号：US09276876B2

公开(公告)日：2016-03-01

申请号：US14096439

申请日：2013-12-04

Applicant: ALAXALA Networks Corporation

Inventor： Yasuhiro Kodama ,  Shinichi Akahane ,  Kazuo Sugai ,  Takao Nara

IPC: G06F15/167 ,  H04L12/933 ,  H04L12/741

CPC classification number: H04L49/10 ,  H04L45/745

Abstract: A data transfer apparatus includes a first memory, a second memory, a search unit, and a data transmitting/receiving unit. The first memory holds information that associates a search key with an address. The second memory holds information that associates the address with verification information which is generated by a predetermined generation method based on at least a portion of the search key. The search unit generates the search key based on the received data, obtains, from the first memory, the address that is associated with the generated search key, obtains, from the second memory, the verification information that is associated with the obtained address, and verifies the verification information that is generated by the predetermined generation method based on at least a portion of the generated search key with the verification information obtained from the second memory. The data transmitting/receiving unit executes processing based on a result of the verification.

Abstract translation: 数据传送装置包括第一存储器，第二存储器，搜索单元和数据发送/接收单元。 第一个存储器保存将搜索关键字与地址相关联的信息。 第二存储器保存将地址与基于搜索关键字的至少一部分的预定生成方法生成的验证信息相关联的信息。 搜索单元基于接收到的数据生成搜索关键字，从第一存储器获取与生成的搜索关键字相关联的地址，从第二存储器获得与获得的地址相关联的验证信息，以及 基于从第二存储器获得的验证信息，基于生成的搜索关键字的至少一部分来验证由预定生成方法生成的验证信息。 数据发送/接收单元基于验证结果执行处理。

公开(公告)号：US09258305B2

公开(公告)日：2016-02-09

申请号：US14038052

申请日：2013-09-26

Applicant: ALAXALA Networks Corporation

Inventor： Hidemitsu Higuchi ,  Hirotaka Sunami ,  Motohide Nomi

IPC: H04L29/06 ,  H04L29/08

CPC classification number: H04L63/0884 ,  H04L63/0272 ,  H04L63/0807 ,  H04L63/168 ,  H04L67/02

Abstract: It is provided an authentication method for realizing a network authentication function for an authentication system, the authentication system including an authentication server for authenticating a terminal used by a user, and a switch for mediating an authentication sequence between the terminal and the authentication server. The authentication method includes steps of: providing, by the switch, identification information for identifying the switch to the authentication server in the authentication sequence; authenticating, by the authentication server, an authentication request transmitted from the terminal; transmitting, by the authentication server, an authentication result of the authentication to the switch based on the provided identification information on the switch; and authenticating, by the switch, access from the terminal based on the authentication result received from the authentication server.

Abstract translation: 提供了一种用于实现认证系统的网络认证功能的认证方法，所述认证系统包括用于认证用户使用的终端的认证服务器和用于中介终端与认证服务器之间的认证序列的交换机。 所述认证方法包括以下步骤：由所述交换机提供用于在所述认证序列中识别所述认证服务器的交换机的识别信息; 由认证服务器认证从终端发送的认证请求; 由所述认证服务器根据所述交换机上提供的识别信息向所述交换机发送认证的认证结果; 并且基于从认证服务器接收到的认证结果，通过交换机认证从终端的接入。

公开(公告)号：US20140223511A1

公开(公告)日：2014-08-07

申请号：US14045560

申请日：2013-10-03

Applicant: ALAXALA Networks Corporation

Inventor： Yasunori YAMAMOTO ,  Hidemitsu HIGUCHI ,  Motohide NOMI

IPC: H04L29/06

CPC classification number: H04L63/08 ,  H04L63/168 ,  H04L67/2814

Abstract: An authentication switch monitors a failure of an external server, and redirect information to a Web server that holds authentication information registration screen data is provided to a terminal using a monitoring result. A life-and-death monitoring control unit for monitoring life and death of an external Web server is disposed within an authentication switch to monitor the life and death of the external Web server. An authentication processing unit within the authentication switch switches the redirect information on the basis of a life-and-death monitoring table of the external Web server provided in the life-and-death monitoring control unit in response to an authentication request from the terminal, and enables web authentication even when the external Web server is in failure.

Abstract translation: 认证交换机监视外部服务器的故障，并且使用监视结果向终端提供将信息重定向到保存认证信息登记画面数据的Web服务器。 用于监视外部Web服务器的生命和死亡的死亡和死亡监视控制单元被布置在认证交换机内以监视外部Web服务器的生命和死亡。 认证交换机内的认证处理单元响应于来自终端的认证请求，根据死亡监视控制单元中提供的外部Web服务器的生死攸关监控表，切换重定向信息， 并且即使在外部Web服务器出现故障时也可以进行Web认证。

公开(公告)号：US20140207897A1

公开(公告)日：2014-07-24

申请号：US14096439

申请日：2013-12-04

Applicant: ALAXALA Networks Corporation

Inventor： Yasuhiro KODAMA ,  Shinichi AKAHANE ,  Kazuo SUGAI ,  Takao NARA

IPC: H04L29/08

CPC classification number: H04L49/10 ,  H04L45/745

Abstract: A data transfer apparatus includes a first memory, a second memory, a search unit, and a data transmitting/receiving unit. The first memory holds information that associates a search key with an address. The second memory holds information that associates the address with verification information which is generated by a predetermined generation method based on at least a portion of the search key. The search unit generates the search key based on the received data, obtains, from the first memory, the address that is associated with the generated search key, obtains, from the second memory, the verification information that is associated with the obtained address, and verifies the verification information that is generated by the predetermined generation method based on at least a portion of the generated search key with the verification information obtained from the second memory. The data transmitting/receiving unit executes processing based on a result of the verification.

Abstract translation: 数据传送装置包括第一存储器，第二存储器，搜索单元和数据发送/接收单元。 第一个存储器保存将搜索关键字与地址相关联的信息。 第二存储器保存将地址与基于搜索关键字的至少一部分的预定生成方法生成的验证信息相关联的信息。 搜索单元基于接收到的数据生成搜索关键字，从第一存储器获取与生成的搜索关键字相关联的地址，从第二存储器获得与获得的地址相关联的验证信息，以及 基于从第二存储器获得的验证信息，基于生成的搜索关键字的至少一部分来验证由预定生成方法生成的验证信息。 数据发送/接收单元基于验证结果执行处理。

公开(公告)号：US20140003280A1

公开(公告)日：2014-01-02

申请号：US13924963

申请日：2013-06-24

Applicant: ALAXALA Networks Corporation

Inventor： Masayuki SHINOHARA ,  Nobuhito MATSUYAMA ,  Takayuki MURANAKA ,  Isao KIMURA ,  Shinichi AKAHANE

IPC: H04L12/947

CPC classification number: H04L49/25 ,  H04L49/40 ,  H04L49/552

Abstract: Network switching arrangements including: setting an operation mode of a target switching block to a operation mode that is different from an operation mode of a first switching block while the first switching block is handling a switching process, the target switching block being one switching block selected from second switching blocks; performing a switchover process including starting the switching process using the target switching block instead of the first switching block, after completion of setting the operation mode of the target switching block; and copying the switching information held by the first switching block to the target switching block, prior to starting the switching process using the target switching block, after completion of setting the operation mode of the target switching block.

Abstract translation: 网络交换装置包括：在第一切换块正在处理切换处理的同时，将目标切换块的操作模式设置为与第一切换块的操作模式不同的操作模式，所述目标切换块是被选择的一个切换块 从第二切换块; 在完成所述目标切换块的操作模式之后，执行包括使用所述目标切换块而不是所述第一切换块开始切换处理的切换处理; 以及在完成对目标切换块的操作模式的设置之后，在开始使用目标切换块的切换处理之前，将由第一切换块保持的切换信息复制到目标切换块。

公开(公告)号：US20130294227A1

公开(公告)日：2013-11-07

申请号：US13662007

申请日：2012-10-26

Applicant: ALAXALA Networks Corporation

Inventor： Shohei FUKUZAKI ,  Ken WATANABE

IPC: H04L1/22

CPC classification number: H04L1/22 ,  G06F11/2007 ,  G06F2201/845

Abstract: Network repeaters which each implement a redundant switching function previously grasp connection states of ports of a network system by using an inquiry frame and an exchange frame. At the time when a line is broken, when actively confirming a state of a port connected to a port in which a line is broken via a downstream device, the network repeaters each grasp that which portion of the line is broken and determine whether a switchover is required. Through the process, the network repeaters each prevent a useless switchover such as switching-back immediately after the switchover, and at the same time since a mechanism of waiting for a given length of times is not required, they each perform a fast switchover.

Abstract translation: 每个实现冗余切换功能的网络中继器先前通过使用查询帧和交换帧来掌握网络系统的端口的连接状态。 当线路断开时，当通过下游设备主动确认连接到其中线路断开的端口的端口的状态时，网络中继器各自掌握线路的哪个部分被破坏并且确定是否切换 是必须的。 通过该过程，网络中继器在切换后立即避免无切换的切换，如切换回切，同时由于不需要等待一段时间的机制，因此它们各自进行快速切换。

公开(公告)号：US11190607B2

公开(公告)日：2021-11-30

申请号：US17155129

申请日：2021-01-22

Applicant: ALAXALA Networks Corporation

Inventor： Shouhei Fukuzaki ,  Masaya Arai

IPC: H04L29/08 ,  H04L29/12 ,  H04L29/06

Abstract: A monitoring apparatus holds extracted information including: extracted data from first communication between a proxy and a first network and from second communication between the proxy and a second network; and reception times of a target data, wherein the extracted data includes kinds of communication, sources and destinations of the target data in the first communication, and the sources in the second network and the destinations in the first network after the target data is relayed by the proxy in the second communication, the monitoring apparatus: for first extracted data of first kind of communication in the first communication, acquires second extracted data in the second communication whose reception time is coincidental time zone of the reception time of the first extracted data; and determines whether communication using the target data from which the acquired second extracted data is extracted is included in a series of end-to-end communication.

公开(公告)号：US10693890B2

公开(公告)日：2020-06-23

申请号：US15591189

申请日：2017-05-10

Applicant: ALAXALA Networks Corporation

Inventor： Yuichi Ishikawa ,  Nobuhito Matsuyama

IPC: H04L29/06 ,  H04L12/46 ,  H04L12/931

Abstract: A packet relay apparatus, which is configured to transmit from a mirror port a mirror packet copied from one of a packet to be received and a packet to be transmitted, the packet relay apparatus comprising: a packet receiving module configured to receive a packet from an input port; a security judgment module configured to judge whether or not the packet is possibly one of an attack and an attack sign; a mirror processing module configured to generate, when it is judged that the packet is possibly one of an attack and an attack sign, a replica of the packet as the mirror packet; and a transmitting module configured to transmit the mirror packet from the mirror port.

公开(公告)号：US20200186557A1

公开(公告)日：2020-06-11

申请号：US16680757

申请日：2019-11-12

Applicant: ALAXALA Networks Corporation

Inventor： Yuichi ISHIKAWA ,  Nobuhito MATSUYAMA

IPC: H04L29/06 ,  G06F17/18

Abstract: A network anomaly detection apparatus configured to detect an anomaly of a network to be monitored based on received flow statistical information, the network anomaly detection apparatus including a processor, a memory, a statistical information collection unit, an anomaly detection unit and scenario information. The statistical information collection unit configured to receive flow statistical information aggregated from header information of packets in the network and collect the flow statistical information in a flow statistical information storage unit. Scenario information including a scenario in which a time-series sequential relation of events concerning a plurality of flows is defined. The anomaly detection unit configured to acquire flow statistical information in a predetermined period from the flow statistical information storage unit and determine whether any anomaly exists in the network based on whether any flow statistical information matching the events in the scenario of the scenario information exists.

公开(公告)号：US10237177B2

公开(公告)日：2019-03-19

申请号：US15219333

申请日：2016-07-26

Applicant: ALAXALA Networks Corporation

Inventor： Dai Akashi

IPC: H04L12/28 ,  H04L12/721 ,  H04L29/12

Abstract: A transfer device includes: first and second ports connected to L3 and L2 networks, respectively; a storage unit that stores data processing information which brings a MAC address of a communication device in the L2 network into correspondence with information regarding processing of data, and address information which brings an IP address of the communication device in the L2 network into correspondence with the MAC address thereof; and a transfer unit that, upon receiving data addressed to the communication device in the L2 network through the first port, searches the address information with an IP address in the data to acquire a MAC address corresponding to the IP address, searches the data processing information with the acquired MAC address, and depending on a search result, controls whether to transfer the data through the first port based on information regarding processing of data corresponding to the acquired MAC address.