公开(公告)号：US08261337B1

公开(公告)日：2012-09-04

申请号：US10990349

申请日：2004-11-17

Applicant: Changming Liu ,  Lee Chik Cheung

Inventor： Changming Liu ,  Lee Chik Cheung

IPC: H04L29/06 ,  G06F9/00 ,  G06F15/173

CPC classification number: H04L63/02 ,  G06F21/60 ,  H04L63/0227 ,  H04L63/10 ,  H04L67/146

Abstract: A security device may be interconnected, via multiple links, between multiple network devices in a network. The firewall device may include multiple input interfaces that receive data units from a first network device destined for a second network device of the multiple network devices, identify a session associated with each of the data units, and process the data units in accordance with the identified sessions and a security policy.

Abstract translation: 安全设备可以经由多个链路在网络中的多个网络设备之间互连。 防火墙设备可以包括多个输入接口，从输入到多个网络设备的第二网络设备的第一网络设备接收数据单元，识别与每个数据单元相关联的会话，并根据所识别的处理数据单元 会话和安全策略。

公开(公告)号：US08132000B2

公开(公告)日：2012-03-06

申请号：US12512098

申请日：2009-07-30

Applicant: Gregory M Lebovitz ,  Changming Liu ,  Choung-Yaw Shieh

Inventor： Gregory M Lebovitz ,  Changming Liu ,  Choung-Yaw Shieh

IPC: H04L29/06

CPC classification number: H04L63/065 ,  H04L12/185 ,  H04L12/4633 ,  H04L63/08

Abstract: Secure tunneled multicast transmission and reception through a network is provided. A join request may be received from a second tunnel endpoint, the join request indicating a multicast group to be joined. Group keys may be transmitted to the second tunnel endpoint, where the group keys are based at least on the multicast group. A packet received at the first tunnel endpoint may be cryptographically processed to generate an encapsulated payload. A header may be appended to the encapsulated payload to form an encapsulated packet, wherein the header includes information associated with the second tunnel endpoint. A tunnel may be established between the first tunnel endpoint and the second tunnel endpoint based on the appended header. The encapsulated packet may be transmitted through the tunnel to the second tunnel endpoint. The second tunnel endpoint may receive the encapsulated packet. Cryptographic processing of the encapsulated packet may reveal the packet having a second header. The packet may then be forwarded on an interface toward at least one multicast recipient identified in the second header.

Abstract translation: 提供通过网络进行安全隧道传输和接收。 可以从第二隧道端点接收加入请求，该连接请求指示要加入的多播组。 组密钥可以被发送到第二隧道端点，其中组密钥至少基于多播组。 可以对在第一隧道端点处接收的分组进行密码处理以产生封装的有效载荷。 报头可以附加到封装的有效载荷以形成封装的分组，其中报头包括与第二隧道端点相关联的信息。 可以基于附加的报头在第一隧道端点和第二隧道端点之间建立隧道。 封装的分组可以通过隧道传输到第二隧道端点。 第二隧道端点可以接收封装的分组。 封装分组的加密处理可以揭示具有第二报头的分组。 然后，分组可以在接口上朝向在第二报头中标识的至少一个多播接收机转发。

公开(公告)号：US07941826B2

公开(公告)日：2011-05-10

申请号：US12754981

申请日：2010-04-06

Applicant: Changming Liu ,  Gregory M. Lebovitz ,  Purvi Desai

Inventor： Changming Liu ,  Gregory M. Lebovitz ,  Purvi Desai

IPC: H04L9/00 ,  H04L9/32 ,  G06F7/04

CPC classification number: H04L12/185 ,  H04L45/04 ,  H04L45/16

Abstract: Systems, apparatus, methods, and computer program products for multicast access control are provided to analyze incoming data based on a source zone and a destination zone of the incoming data. Appropriate access control rules are applied to incoming data based on the results of the analysis. Additional implementations of a multicast access control include using a proxy rendezvous point operable to function as a rendezvous point in place of a physical rendezvous point.

Abstract translation: 提供用于组播访问控制的系统，装置，方法和计算机程序产品，用于基于输入数据的源区和目的地区来分析输入数据。 基于分析结果，对输入数据应用适当的访问控制规则。 多播访问控制的附加实现包括使用可操作以用作会合点的代理会合点来代替物理会合点。

公开(公告)号：US20110047154A1

公开(公告)日：2011-02-24

申请号：US12939555

申请日：2010-11-04

Applicant: Xiaosong YANG ,  Lin CHEN ,  Changming LIU

Inventor： Xiaosong YANG ,  Lin CHEN ,  Changming LIU

IPC: G06F17/30

CPC classification number: G06F17/30289 ,  Y10S707/953

Abstract: A system protects database operations performed on a shared resource. The system may chunk memory to form a set of memory chunks which have memory blocks, at least some of the memory blocks including database objects. The system may configure at least one binary search tree using the memory chunks as nodes and buffer a set of pointers corresponding to the memory blocks. The system may further validate the buffered pointers and dereference validated buffered pointers.

Abstract translation: 系统保护对共享资源执行的数据库操作。 系统可以块存储器以形成具有存储器块的一组存储器块，至少一些存储器块包括数据库对象。 系统可以使用存储器块作为节点来配置至少一个二叉搜索树，并且缓冲与存储器块相对应的一组指针。 该系统可以进一步验证缓冲的指针并取消引用经过验证的缓冲指针。

公开(公告)号：US20100278181A1

公开(公告)日：2010-11-04

申请号：US12834726

申请日：2010-07-12

Applicant: Changming LIU ,  Choung-Yaw Shieh ,  Yonghui Cheng

Inventor： Changming LIU ,  Choung-Yaw Shieh ,  Yonghui Cheng

IPC: H04L12/56

CPC classification number: H04L45/00 ,  H04L12/4633 ,  H04L29/06 ,  H04L63/0272 ,  H04L63/20

Abstract: A system establishes a virtual private network (VPN) tunnel to a destination and determines a next hop for the VPN tunnel. The system inserts the next hop, and an address associated with the destination, into an entry of a first table. The system inserts the next hop, and a tunnel identifier corresponding to the established VPN tunnel, into an entry of a second table. The system associates one or more security parameters, used to encrypt traffic sent via the VPN tunnel, with the tunnel identifier.

Abstract translation: 系统建立到目的地的虚拟专用网（VPN）隧道，并确定VPN隧道的下一跳。 系统将下一跳和与目的地相关联的地址插入到第一个表的条目中。 系统将下一跳和对应于已建立的VPN隧道的隧道标识符插入第二个表的条目。 该系统将用于加密经由VPN隧道发送的流量的一个或多个安全参数与隧道标识符相关联。

公开(公告)号：US07779461B1

公开(公告)日：2010-08-17

申请号：US10988835

申请日：2004-11-16

Applicant: Changming Liu ,  Choung-Yaw Shieh ,  Yonghui Cheng

Inventor： Changming Liu ,  Choung-Yaw Shieh ,  Yonghui Cheng

IPC: G06F9/00 ,  G06F15/16 ,  G06F17/00

CPC classification number: H04L45/00 ,  H04L12/4633 ,  H04L29/06 ,  H04L63/0272 ,  H04L63/20

Abstract: A system establishes a virtual private network (VPN) tunnel to a destination and determines a next hop for the VPN tunnel. The system inserts the next hop, and an address associated with the destination, into an entry of a first table. The system inserts the next hop, and a tunnel identifier corresponding to the established VPN tunnel, into an entry of a second table. The system associates one or more security parameters, used to encrypt traffic sent via the VPN tunnel, with the tunnel identifier.

Abstract translation: 系统建立到目的地的虚拟专用网（VPN）隧道，并确定VPN隧道的下一跳。 系统将下一跳和与目的地相关联的地址插入到第一个表的条目中。 系统将下一跳和对应于已建立的VPN隧道的隧道标识符插入第二个表的条目。 该系统将用于加密经由VPN隧道发送的流量的一个或多个安全参数与隧道标识符相关联。

公开(公告)号：US20100195529A1

公开(公告)日：2010-08-05

申请号：US12754981

申请日：2010-04-06

Applicant: Changming LIU ,  Gregory M. LEBOVITZ ,  Purvi DESAI

Inventor： Changming LIU ,  Gregory M. LEBOVITZ ,  Purvi DESAI

IPC: H04L12/26

CPC classification number: H04L12/185 ,  H04L45/04 ,  H04L45/16

Abstract: Systems, apparatus, methods, and computer program products for multicast access control are provided to analyze incoming data based on a source zone and a destination zone of the incoming data. Appropriate access control rules are applied to incoming data based on the results of the analysis. Additional implementations of a multicast access control include using a proxy rendezvous point operable to function as a rendezvous point in place of a physical rendezvous point.

Abstract translation: 提供用于组播访问控制的系统，装置，方法和计算机程序产品，用于基于输入数据的源区和目的地区来分析输入数据。 基于分析结果，对输入数据应用适当的访问控制规则。 多播访问控制的附加实现包括使用可操作以用作会合点的代理会合点来代替物理会合点。

公开(公告)号：US07616561B1

公开(公告)日：2009-11-10

申请号：US11037180

申请日：2005-01-19

Applicant: Changming Liu ,  Xiaosong Yang ,  Lin Chen

Inventor： Changming Liu ,  Xiaosong Yang ,  Lin Chen

IPC: G06F11/00

CPC classification number: G06T3/0093 ,  G06F17/30289 ,  G06F17/30994 ,  G06T11/60 ,  H04L43/0817 ,  H04L45/00 ,  H04L45/02 ,  H04L45/22 ,  H04L45/28

Abstract: A network device includes a group of interfaces. Each interface is associated with at least one other interface of the group of interfaces and a group of network addresses. Each interface is configured to monitor at least one of the group of network addresses with which the each interface is associated or the at least one other interface with which the each interface is associated, and determine whether to logically shut down based on the monitoring.

Abstract translation: 网络设备包括一组接口。 每个接口与该组接口和一组网络地址的至少一个其他接口相关联。 每个接口被配置为监视与所述每个接口相关联的所述一组网络地址中的至少一个或与所述每个接口相关联的所述至少一个其他接口，并且基于所述监视来确定是否逻辑关闭。

公开(公告)号：US08839352B2

公开(公告)日：2014-09-16

申请号：US13571544

申请日：2012-08-10

Applicant: Changming Liu ,  Lee Chik Cheung

Inventor： Changming Liu ,  Lee Chik Cheung

IPC: H04L29/08 ,  G06F15/16 ,  H04L29/06 ,  G06F21/60

CPC classification number: H04L63/02 ,  G06F21/60 ,  H04L63/0227 ,  H04L63/10 ,  H04L67/146

Abstract: A security device may be interconnected, via multiple links, between multiple network devices in a network. The firewall device may include multiple input interfaces that receive data units from a first network device destined for a second network device of the multiple network devices, identify a session associated with each of the data units, and process the data units in accordance with the identified sessions and a security policy.

Abstract translation: 安全设备可以经由多个链路在网络中的多个网络设备之间互连。 防火墙设备可以包括多个输入接口，从输入到多个网络设备的第二网络设备的第一网络设备接收数据单元，识别与每个数据单元相关联的会话，并根据所识别的处理数据单元 会话和安全策略。

公开(公告)号：US08614951B2

公开(公告)日：2013-12-24

申请号：US13222568

申请日：2011-08-31

Applicant: Changming Liu ,  Yan Ke

Inventor： Changming Liu ,  Yan Ke

IPC: G08C15/00

CPC classification number: H04L47/10 ,  H04L47/215 ,  H04L47/22

Abstract: In one aspect the invention provides a method for allocating bandwidth in a network appliance where the network appliance includes a plurality of guaranteed bandwidth buckets used to evaluate when to pass traffic through the network appliance. The method includes providing a shared bandwidth bucket associated with a plurality of the guaranteed bandwidth buckets, allocating bandwidth to the shared bandwidth bucket based on the underutilization of bandwidth in the plurality of guaranteed bandwidth buckets and sharing excess bandwidth developed from the underutilization of the guaranteed bandwidth allocated to the individual guaranteed bandwidth buckets. The step of sharing includes borrowing bandwidth from the shared bandwidth bucket by a respective guaranteed bandwidth bucket to allow traffic to pass immediately through the network appliance.

Abstract translation: 在一个方面，本发明提供了一种在网络设备中分配带宽的方法，其中网络设备包括用于评估何时通过网络设备传送流量的多个保证带宽桶。 该方法包括提供与多个保证带宽桶相关联的共享带宽桶，基于多个保证带宽桶中的带宽利用不足而分配带宽到共享带宽桶，并且分担从保证带宽的利用不足而产生的超额带宽 分配给个人保证带宽桶。 共享的步骤包括通过相应的保证带宽桶从共享带宽桶借用带宽，以允许流量立即通过网络设备。