利索-全球专利检索

  1. 登录
  2. 注册

搜索结果

23 条记录 (耗时 0.152 秒)

    Securing uniform resource identifier namespaces
    11.
    发明授权
    Securing uniform resource identifier namespaces 有权
    保护统一资源标识符命名空间

    公开(公告)号:US07200862B2

    公开(公告)日:2007-04-03

    申请号:US10260479

    申请日:2002-09-30

    申请人: Arvind M. Murching Henry L. Sanders Eric B. Stenson Shivakumar Seetharaman Rajesh Sundaram Anish V. Desai George V. Reilly

    发明人: Arvind M. Murching Henry L. Sanders Eric B. Stenson Shivakumar Seetharaman Rajesh Sundaram Anish V. Desai George V. Reilly

    IPC分类号: H04L9/32

    CPC分类号: H04L63/101

    摘要: A namespace management module utilizes a persistent reservation store that associates URI namespaces with one or more permissions. The reservation store can contain a number of reservation entries that each include a URI identifying a URI namespace and a corresponding Access Control List (“ACLs”) that includes permissions for the identified URI namespace. When a request to register a URI namespace is received, the permissions of an appropriate ACL can be checked to determine if the registration is approved. When a resource request is received, permissions of the ACLs can also be checked to determine if the resource request should be routed to a registered process. Preemptive wildcards can be included in aggregated URIs to identify aggregated URI namespaces. Aggregated URIs can be included in registration requests to override the registration of unauthorized processes.

    摘要翻译: 命名空间管理模块利用将URI命名空间与一个或多个权限相关联的永久性预留存储。 预留商店可以包含多个预留条目,每个预留条目包括标识URI命名空间的URI和包含所标识的URI命名空间的权限的对应的访问控制列表(“ACL”)。 当接收到注册URI命名空间的请求时,可以检查适当的ACL的权限,以确定注册是否被批准。 当收到资源请求时,还可以检查ACL的权限,以确定资源请求是否应该路由到已注册的进程。 可以在聚合URI中包含抢占式通配符,以标识汇总的URI命名空间。 聚合URI可以包含在注册请求中,以覆盖未经授权的进程的注册。

    Enabling network devices to run multiple congestion control algorithms
    12.
    发明授权
    Enabling network devices to run multiple congestion control algorithms 有权
    使网络设备运行多个拥塞控制算法

    公开(公告)号:US07782759B2

    公开(公告)日:2010-08-24

    申请号:US11507403

    申请日:2006-08-21

    申请人: Murari Sridharan Sanjay N. Kaniyar Henry L. Sanders Abolade Gbadegesin

    发明人: Murari Sridharan Sanjay N. Kaniyar Henry L. Sanders Abolade Gbadegesin

    IPC分类号: H04L1/00 H04L12/24 G06F15/177

    CPC分类号: H04L47/10 H04L43/022 H04L43/0864 H04L47/11 H04L47/193 H04L47/2475 H04L69/16 H04L69/161 H04L69/163

    摘要: Creating different congestion control modules (CCMs) that can be plugged into a network communications stack (e.g., a TCP/IP stack). Software abstractions defining transport control events, congestion control algorithms and other information may be exposed by an application programming interface, e.g., of an operating system, and these abstractions may be used to define a CCM. The network communications stack may be configured to select one of multiple available CCMs to control congestion for a given connection. This selection may be based on any of a variety of factors including, but not limited to: network environment; connection path characteristics; connection link characteristics; a value of a socket parameter of an application; other factors; and any suitable combination of the foregoing. Thus, CCMs may be selected and implemented on a per-connection basis.

    摘要翻译: 创建可插入网络通信堆栈(例如TCP / IP堆栈)的不同拥塞控制模块(CCM)。 定义传输控制事件,拥塞控制算法和其他信息的软件抽象可以由例如操作系统的应用编程接口公开,并且这些抽象可以用于定义CCM。 网络通信栈可以被配置为选择多个可用CCM之一来控制给定连接的拥塞。 该选择可以基于各种因素中的任何因素,包括但不限于:网络环境; 连接路径特征; 连接链路特性; 应用程序的套接字参数的值; 其他因素; 和上述的任何合适的组合。 因此,可以基于每个连接来选择和实现CCM。

    System and method for directing requests to specific processing
    14.
    发明授权
    System and method for directing requests to specific processing 有权
    将请求引导到特定处理的系统和方法

    公开(公告)号:US06615231B1

    公开(公告)日:2003-09-02

    申请号:US09464340

    申请日:1999-12-15

    申请人: Brian J. Deen Van C. Van Henry L. Sanders

    发明人: Brian J. Deen Van C. Van Henry L. Sanders

    IPC分类号: G06R1515

    CPC分类号: G06F9/5055 G06F2209/5015 G06F2209/5018

    摘要: The present invention provides for directing requests to specific processing using an inclusion list. The inclusion list contains a list of methods that an associated process, program, or module is capable of executing. A request contains at least a method and a resource. A server, upon receiving the request, identifies the process module or handler that is associated with the resource by the file extension of the resource. After the process is identified, an inclusion list is examined to determine if the process is capable of performing the identified method. If the method is listed in the inclusion list, then processing is directed to the identified process, which performs the indicated method with regard to the identified resource. If the method is not listed in the inclusion list, then control of the request is not provided to the process. In the case where the inclusion list is empty, processing is directed to the process associated with the extension of the resource regardless of the method specified in the request.

    摘要翻译: 本发明提供使用包含列表将请求引导到特定处理。 包含列表包含关联的进程,程序或模块能够执行的方法的列表。 一个请求至少包含一个方法和一个资源。 服务器在接收到请求后,通过资源的文件扩展名来标识与资源关联的进程模块或处理程序。 在识别过程之后,检查包含列表以确定该过程是否能够执行所识别的方法。 如果方法在列表中列出,则处理针对所识别的进程,该进程针对所识别的资源执行所指示的方法。 如果方法未列入包含列表中,则不会向进程提供对请求的控制。 在包含列表为空的情况下,无论在请求中指定的方法如何,处理都针对与资源的扩展相关联的进程。

    Outgoing connection attempt limiting to slow down spreading of viruses
    16.
    发明授权
    Outgoing connection attempt limiting to slow down spreading of viruses 有权
    传出连接尝试限制了病毒传播速度的减慢

    公开(公告)号:US07784096B2

    公开(公告)日:2010-08-24

    申请号:US10989912

    申请日:2004-11-15

    申请人: Sanjay N. Kaniyar Christian Huitema Henry L. Sanders

    发明人: Sanjay N. Kaniyar Christian Huitema Henry L. Sanders

    IPC分类号: G06F11/00 G06F12/16

    CPC分类号: G06F21/56

    摘要: Disclosed is a method for slowing down the spread of viruses by limiting the number of Transmission Control Protocol (“TCP”) connection attempts to arbitrary Internet Protocol (“IP”) addresses that can be in progress at any given time—a common method employed by viruses to spread to other hosts from an infected host. This is achieved by setting a small limit on the number of connection attempt requests that can be in progress at any given time and can be implemented regardless of whether anti-virus software is installed on the system.

    摘要翻译: 公开了一种通过将传输控制协议(“TCP”)连接尝试数量限制在可以在任何给定时间进行的任意互联网协议(“IP”)地址的数量来减慢病毒传播的方法 - 采用一种常用方法 通过病毒从受感染的主机传播到其他主机。 这可以通过在任何给定时间对可能正在进行的连接尝试请求的数量设置一个小限制来实现,无论是否在系统上安装了防病毒软件。

    System and method for defeating SYN attacks
    17.
    发明授权
    System and method for defeating SYN attacks 有权
    破坏SYN攻击的系统和方法

    公开(公告)号:US07391725B2

    公开(公告)日:2008-06-24

    申请号:US10847341

    申请日:2004-05-18

    申请人: Christian Huitema Henry L. Sanders Sanjay N. Kaniyar

    发明人: Christian Huitema Henry L. Sanders Sanjay N. Kaniyar

    IPC分类号: H04L12/26 G06F15/16 G06F21/00

    CPC分类号: H04L69/16 H04L63/1458 H04L69/14 H04L69/161

    摘要: A system and method for defeating SYN attacks are provided. When the number of packets received by a server is above the capacity of the server, the server assumes that a SYN attack is in progress. The server randomly drops SYN packets without processing them. The percentage of SYN packets dropped is increased while the load on the server exceeds capacity, and decreased while the load on the server does not exceed capacity. Under attack conditions, a percentage of TCP connections are still maintained.

    摘要翻译: 提供了一种用于击败SYN攻击的系统和方法。 当服务器接收的数据包数量高于服务器的容量时,服务器假定正在进行SYN攻击。 服务器随机丢弃SYN数据包而不进行处理。 当服务器上的负载超过容量时,丢弃的SYN数据包的百分比就会增加,服务器上的负载不会超过容量。 在攻击条件下,仍然维持一定百分比的TCP连接。