公开(公告)号：US20090274144A1

公开(公告)日：2009-11-05

申请号：US12115199

申请日：2008-05-05

Applicant: Sachin Garg ,  Navjot Singh ,  Akshay Adhikari ,  Yu-Sung Wu

Inventor： Sachin Garg ,  Navjot Singh ,  Akshay Adhikari ,  Yu-Sung Wu

IPC: H04L12/66

CPC classification number: H04L65/1079 ,  G06F21/51 ,  G06F21/56 ,  H04L63/1408 ,  H04L63/1416 ,  H04L63/1425 ,  H04L65/1006 ,  H04M7/006 ,  H04M7/0078

Abstract: An apparatus and method for detecting potentially-improper call behavior (e.g., SPIT, etc.) are disclosed. The illustrative embodiment of the present invention is based on finite-state machines (FSMs) that represent the legal states and state transitions of communications protocols at nodes during Voice over Internet Protocol (VoIP) calls. In accordance with the illustrative embodiment, a library of FSM execution profiles associated with improper call behavior and a set of rules (or rule base) associated with improper FSM behavior over one or more calls are maintained. When the behavior of one or more finite-state machines during one or more calls matches either an execution profile in the library or a rule in the rule base, an alert is generated.

Abstract translation: 公开了一种用于检测潜在不适当的呼叫行为（例如，SPIT等）的装置和方法。 本发明的说明性实施例基于有限状态机（FSM），其表示在因特网协议语音（VoIP）呼叫期间节点处的通信协议的合法状态和状态转换。 根据说明性实施例，维护与不正当呼叫行为相关联的FSM执行简档库和与一个或多个调用上的不正确FSM行为相关联的一组规则（或规则库）。 当一个或多个调用期间一个或多个有限状态机的行为与库中的执行概要文件或规则库中的规则匹配时，将生成警报。

公开(公告)号：US07486696B2

公开(公告)日：2009-02-03

申请号：US10178762

申请日：2002-06-25

Applicant: Sachin Garg ,  Martin Kappes ,  Mahalingam Mani

Inventor： Sachin Garg ,  Martin Kappes ,  Mahalingam Mani

IPC: H04J3/16

CPC classification number: H04L47/14 ,  H04L12/4675 ,  H04L47/10 ,  H04L47/12 ,  H04L47/20 ,  H04L47/2408 ,  H04L47/2441 ,  H04L47/29 ,  H04L47/32

Abstract: A method and system for controlling the bandwidths of data traffic over virtual private networks are provided. The method includes classifying the data traffic for the virtual private network into different flows, monitoring a current bandwidth usage by at least one of the flows, comparing the current bandwidth usage with a predetermined threshold for the flow, and performing a bandwidth control operation for the flow if the current bandwidth usage exceeds the predetermined threshold for that flow.

Abstract translation: 提供了一种用于控制虚拟专用网络上的数据流量带宽的方法和系统。 该方法包括将虚拟专用网络的数据流量分类为不同的流，通过流中的至少一个来监视当前带宽使用情况，将当前带宽使用与流的预定阈值进行比较，以及为该流程执行带宽控制操作 如果当前带宽使用超过该流量的预定阈值，则流量。

公开(公告)号：US07403773B2

公开(公告)日：2008-07-22

申请号：US10180527

申请日：2002-06-27

Applicant: Martin Kappes ,  Sachin Garg ,  Mahalingam Mani

Inventor： Martin Kappes ,  Sachin Garg ,  Mahalingam Mani

IPC: H04Q7/20 ,  H04M11/04

CPC classification number: H04L63/105 ,  G01S5/0252 ,  H04L12/2856 ,  H04L63/107 ,  H04W4/021 ,  H04W12/08 ,  H04W48/04

Abstract: A wireless local area network (LAN), and a method of operating the same, prevents unauthorized users from accessing the wireless LAN. A signal strength of a station attempting to access the wireless LAN is measured. If the signal strength is less than a predetermined threshold value, the system concludes that the station is outside of an authorized geographical area. Such a station attempting to establish a connection is characterized as an unauthorized station, and access to the wireless LAN is denied. The system may also periodically verify that authorized stations remain within the authorized geographical area. A station that has moved outside of the authorized geographical area can be notified or denied further access to the wireless LAN.

Abstract translation: 无线局域网（LAN）及其操作方法防止未经授权的用户访问无线LAN。 测量尝试访问无线LAN的站的信号强度。 如果信号强度小于预定阈值，则系统断定该站在授权的地理区域之外。 尝试建立连接的这种站被表征为未授权站，并且拒绝对无线LAN的接入。 系统还可以周期性地验证授权站保留在授权的地理区域内。 移动到授权地理区域外的站可以被通知或拒绝进一步访问无线局域网。

公开(公告)号：US20080148384A1

公开(公告)日：2008-06-19

申请号：US11610485

申请日：2006-12-13

Applicant: Akshay Adhikari ,  Sachin Garg ,  Anjur Sundaresan Krishnakumar ,  Navjot Singh

Inventor： Akshay Adhikari ,  Sachin Garg ,  Anjur Sundaresan Krishnakumar ,  Navjot Singh

IPC: G06F17/00

CPC classification number: H04L63/0209 ,  H04L63/0263

Abstract: A method is disclosed that enables the implementation of an embedded firewall at a telecommunications endpoint. In particular, the illustrative embodiment of the present invention addresses the relationship between the application, firewall engine, and packet-classification rules database that are all resident at the endpoint. In the variations of the illustrative embodiment that are described herein, the application: (i) directly communicates with the co-resident firewall engine such as through local message passing, (ii) shares memory with the firewall engine, and (iii) makes socket calls to the operating system that are intercepted by a middleware layer that subsequently modifies the rules database, depending on the socket call. The common thread to these techniques is that the application, firewall engine, and rules database are co-resident at the endpoint, which is advantageous in the implementation of the embedded firewall.

Abstract translation: 公开了一种能够在电信端点实现嵌入式防火墙的方法。 特别地，本发明的说明性实施例解决了所有驻留在端点的应用，防火墙引擎和分组分类规则数据库之间的关系。 在本文描述的说明性实施例的变型中，应用：（i）直接与共驻防火墙引擎通信，例如通过本地消息传递，（ii）与防火墙引擎共享存储器，以及（iii）使套接字 调用由中间件层拦截的操作系统，随后根据套接字调用修改规则数据库。 这些技术的共同点是应用程序，防火墙引擎和规则数据库共同驻留在端点，这在嵌入式防火墙的实现方面是有利的。

公开(公告)号：US20070121087A1

公开(公告)日：2007-05-31

申请号：US11288539

申请日：2005-11-29

Applicant: Sachin Garg

Inventor： Sachin Garg

IPC: G03B21/14

CPC classification number: G03B21/10 ,  G03B21/145

Abstract: An image projection module within a housing accessory is operative for causing selected pixels in a raster pattern to be illuminated to produce an image at different image planes of VGA quality. A personal media player is connected to the housing accessory and the image projection module to supply image signals for the image to be projected.

Abstract translation: 壳体附件内的图像投影模块可操作用于使得光栅图案中的所选像素被照亮以在VGA质量的不同图像平面处产生图像。 个人媒体播放器连接到外壳附件和图像投影模块，以为要投影的图像提供图像信号。

公开(公告)号：US20060288411A1

公开(公告)日：2006-12-21

申请号：US11157880

申请日：2005-06-21

Applicant: Sachin Garg ,  Navjot Singh

Inventor： Sachin Garg ,  Navjot Singh

IPC: G06F12/14

CPC classification number: H04L63/0236 ,  H04L63/0254 ,  H04L63/0263 ,  H04L63/1458

Abstract: A method for preventing or limiting the effects of Denial-of-Service attacks in a communication appliance having a packet-classification rule base which allows all legitimate packets to be forwarded to the communication appliance includes monitoring incoming packets to the communication appliance to determine whether conditions indicating a Denial-of-Service attack are present. If a Denial-of-Service attack is present, a rule base subset of the packet-classification rule base is selected from a plurality of rule base subsets based on a current one of a plurality of operating states of the communication appliance.

Abstract translation: 一种防止或限制拒绝服务攻击在具有允许所有合法分组被转发到通信设备的分组分类规则库的通信设备中的效果的方法包括监视到通信设备的进入分组，以确定条件 表示存在拒绝服务攻击。 如果存在拒绝服务攻击，则基于通信设备的多个操作状态中的当前操作状态，从多个规则库子集中选择分组分类规则库的规则库子集。

公开(公告)号：US20050068907A1

公开(公告)日：2005-03-31

申请号：US10940464

申请日：2004-09-14

Applicant: Sachin Garg ,  Chandra Kintala ,  Edward Naybor ,  David Stott

Inventor： Sachin Garg ,  Chandra Kintala ,  Edward Naybor ,  David Stott

IPC: H04L29/06 ,  H04L29/08 ,  H04M3/12 ,  H04M3/523 ,  H04L12/66 ,  H04L12/56

CPC classification number: H04L67/1034 ,  H04L65/1073 ,  H04L67/1002 ,  H04L67/1019 ,  H04L69/40 ,  H04M3/12 ,  H04M3/5234 ,  H04M3/5237

Abstract: A call processing system, which may include multiple distributed call center sites, utilizes a local back-off approach to endpoint registration. The call processing system comprises a plurality of endpoints and at least a first server, wherein the endpoints register with the first server in order to send and receive calls in the call processing system. Responsive to an end-to-end connectivity failure or other designated event, a registration process is initiated in the call processing system for a given one of the endpoints. The issuance of at least one message of the sequence for the given endpoint is controlled so as to provide a local random back-off or other local back-off of the controlled message at that endpoint. For example, a second server implemented as an aggregation server may be operative to control the issuance of messages by the endpoints so as to provide a local random back-off for each of the plurality of endpoints by staggering the delivery of failure notifications to the endpoints.

Abstract translation: 呼叫处理系统可以包括多个分布式呼叫中心站点，利用本地退避方法进行端点注册。 呼叫处理系统包括多个端点和至少第一服务器，其中终端向第一服务器注册，以便在呼叫处理系统中发送和接收呼叫。 响应于端到端连接故障或其他指定事件，在给定的一个端点的呼叫处理系统中启动注册过程。 对给定端点的序列的至少一个消息的发布进行控制，以便在该端点处提供受控消息的本地随机退避或其他本地备用。 例如，实现为聚合服务器的第二服务器可以操作以控制端点的消息发布，以便通过将故障通知的传递交错到端点来为多个端点中的每一个提供本地随机退避 。

公开(公告)号：US06789114B1

公开(公告)日：2004-09-07

申请号：US09129338

申请日：1998-08-05

Applicant: Sachin Garg ,  Yennun Huang ,  Jürgen Schönwälder ,  Adrianus Petrus Antonius van Moorsel ,  Shalini Yajnik

Inventor： Sachin Garg ,  Yennun Huang ,  Jürgen Schönwälder ,  Adrianus Petrus Antonius van Moorsel ,  Shalini Yajnik

IPC: G06F1516

CPC classification number: H04L41/147 ,  H04L41/0233 ,  H04L41/06 ,  H04L41/5025 ,  H04L43/0817 ,  H04L69/40

Abstract: A distributed computing system includes a number of computers, workstations or other computing machines interconnected by a network. One or more service managers are introduced that provide a management interface to corresponding middleware services. The service manager monitors the corresponding middleware service, as well as the underlying distributed computer environment on which an application process that utilizes the middleware service is executing, and allows the middleware service to operate more efficiently, in response to run-time environmental conditions. A fault-tolerance service manager is provided as a management interface to a fault-tolerance service. The fault-tolerance service manager monitors the fault-tolerance service, as well as the underlying distributed computer environment, to make globally optimal decisions, based on run-time environmental data, and to provide the resulting information to the fault-tolerance service. The fault-tolerance service manager can notify the fault-tolerance service about hazardous network conditions (such as object hosts that may crash soon) and the fault-tolerance service may decide to migrate application objects or take other corrective action. The collected environmental data can be used to determine a health rating of components within the computing environment which can be utilized, for example, to select an optimal machine for migration, or to trigger migration or additional replication in the event the health rating indicates that a failure is expected.

Abstract translation: 分布式计算系统包括由网络互连的多个计算机，工作站或其他计算机。 引入了一个或多个服务管理器，为相应的中间件服务提供管理接口。 服务管理器监视相应的中间件服务以及利用中间件服务的应用进程正在执行的底层分布式计算机环境，并且允许中间件服务更有效地运行，以响应运行时环境条件。 提供容错服务管理器作为容错服务的管理接口。 容错服务管理器监视容错服务以及底层分布式计算机环境，根据运行时环境数据进行全局最佳决策，并将结果信息提供给容错服务。 容错服务管理器可以通知容错服务有关危险网络状况（例如可能很快崩溃的对象主机），容错服务可能会决定迁移应用程序对象或采取其他纠正措施。 所收集的环境数据可以用于确定计算环境内的组件的健康评级，其可以被利用，例如为了选择用于迁移的最佳机器，或者在健康评级指示a 预计会失败。

公开(公告)号：US09736172B2

公开(公告)日：2017-08-15

申请号：US11854437

申请日：2007-09-12

Applicant: Sachin Garg ,  Navjot Singh ,  Akshay Adhikari ,  Yu-Sung Wu

Inventor： Sachin Garg ,  Navjot Singh ,  Akshay Adhikari ,  Yu-Sung Wu

IPC: H04L29/06

CPC classification number: H04L63/1416 ,  H04L63/0254

Abstract: An apparatus and method are disclosed for detecting intrusions in Voice over Internet Protocol systems, without the use of an attack signature database. In particular, the illustrative embodiment is based on the observation that some VoIP-related protocols (e.g., the Session Initiation Protocol [SIP], etc.) are simple enough to be represented by a finite-state machine (FSM) of compact size. A finite-state machine is maintained for each session/node/protocol combination, and any illegal state or state transition—which might be the result of a malicious attack—is flagged as a potential intrusion.

公开(公告)号：US09031856B2

公开(公告)日：2015-05-12

申请号：US12138213

申请日：2008-06-12

Applicant: Prakash Trivedi ,  Sachin Garg

Inventor： Prakash Trivedi ,  Sachin Garg

IPC: G06Q10/06 ,  G06Q10/10 ,  G06Q30/02 ,  H04L29/06 ,  G06Q30/06

CPC classification number: G06Q30/06 ,  G06Q10/06 ,  G06Q10/103

Abstract: Communication between a first issue tracking system and a second issue tracking system is provided. An integration platform is configured to translate an issue tracking ticket from a form recognizable by the first issue tracking system, which can be a component of a customer network, into a form recognizable by the second issue tracking system, which can be a component of a service provider network. A gateway server is provided to control communications between the integration platform and the issue tracking system of the service provider network.

Abstract translation: 提供第一问题跟踪系统和第二问题跟踪系统之间的通信。 集成平台被配置为将问题跟踪票据从第一问题跟踪系统可识别的形式（其可以是客户网络的组件）转换成可由第二问题跟踪系统识别的形式，其可以是 服务提供商网络。 提供网关服务器以控制集成平台与服务提供商网络的问题跟踪系统之间的通信。