公开(公告)号：US6119161A

公开(公告)日：2000-09-12

申请号：US808264

申请日：1997-02-28

申请人： Christian Lita ,  Joseph Raymond Thompson

发明人： Christian Lita ,  Joseph Raymond Thompson

IPC分类号： H04L29/06 ,  H04L29/12 ,  G06F13/00

CPC分类号： H04L61/2046 ,  G06Q20/027 ,  H04L29/06 ,  H04L29/12216 ,  H04L29/12264 ,  H04L29/1232 ,  H04L29/12924 ,  H04L61/2007 ,  H04L61/2092 ,  H04L61/6063

摘要： A method of managing connection requests from an application supported on a client. The client has a modem connectable to at least one server via a dialup computer network. According to the method, a list is maintained of the local Internet Protocol (IP) addresses assigned as modem connections are established to the dialup computer network during a session. The list is preferably in Last In, First Out (LIFO) order and includes a latest IP address as the last entry and one or more stale IP addresses. In response to a connection request associated with a stale IP address, the stale IP address is mapped to the latest IP address. The connection request is then redirected using the latest IP address. Preferably, client supports a proxy server which services the connection request locally if possible to avoid network traffic.

摘要翻译： 一种从客户端支持的应用程序管理连接请求的方法。 客户端具有通过拨号计算机网络可连接至少一个服务器的调制解调器。 根据该方法，在会话期间，为拨号计算机网络建立调制解调器连接所分配的本地因特网协议（IP）地址的列表。 该列表最好在“最后输入”（First In，First Out（LIFO））顺序中，并包括最新的IP地址作为最后一个条目和一个或多个不正确的IP地址。 响应与过期IP地址相关联的连接请求，过期的IP地址映射到最新的IP地址。 然后使用最新的IP地址重定向连接请求。 优选地，客户机支持代理服务器，如果可能，本地服务于连接请求以避免网络流量。

公开(公告)号：US07249377B1

公开(公告)日：2007-07-24

申请号：US09282633

申请日：1999-03-31

申请人： Christian Lita ,  Linas Vepstas

发明人： Christian Lita ,  Linas Vepstas

IPC分类号： H04L9/00 ,  H04L29/00 ,  H04L29/02 ,  G06F21/22

CPC分类号： H04L63/0464 ,  G06F21/6236 ,  G06F21/83 ,  H04L63/061

摘要： A method of enabling a proxy to participate in a secure communication between a client and a server. The method begins by establishing a first secure session between the client and the proxy. Upon verifying the first secure session, the method continues by establishing a second secure session between the client and the proxy. In the second secure session, the client requests the proxy to act as a conduit to the server. Thereafter, the client and the server negotiate a session master secret. Using the first secure session, this session master secret is then provided by the client to the proxy to enable the proxy to participate in secure communications between the client and the server. After receiving the session master secret, the proxy generates cryptographic information that enables it to provide a given service (e.g., transcoding, monitoring, encryption/decryption, caching, or the like) on the client's behalf and without the server's knowledge or participation. The first secure session is maintained between the client and the proxy during such communications.

摘要翻译： 一种使代理能够参与客户机和服务器之间的安全通信的方法。 该方法开始于在客户端和代理之间建立第一个安全会话。 在验证第一安全会话后，该方法通过在客户端和代理之间建立第二安全会话来继续。 在第二个安全会话中，客户端请求代理充当服务器的管道。 此后，客户端和服务器协商会话主机秘密。 然后使用第一个安全会话，客户端将该会话主密钥提供给代理，以使代理能够参与客户端与服务器之间的安全通信。 该代理在接收到会话主密钥之后，生成加密信息，使其能够代表客户端提供给定服务（例如，转码，监控，加密/解密，缓存等），而不需要服务器的知识或参与。 在此类通信期间，第一个安全会话保持在客户端和代理之间。

公开(公告)号：US07020700B1

公开(公告)日：2006-03-28

申请号：US08808286

申请日：1997-02-28

申请人： Craig Alan Bennett ,  Christian Lita ,  James Lyle Peterson ,  Joseph Raymond Thompson

发明人： Craig Alan Bennett ,  Christian Lita ,  James Lyle Peterson ,  Joseph Raymond Thompson

IPC分类号： G06F15/173

CPC分类号： H04L67/22 ,  H04L63/0281 ,  H04L67/28 ,  H04L67/289 ,  H04L69/16 ,  H04L69/162 ,  H04L69/168 ,  H04L69/32

摘要： An Internet client is provided with a SOCKS server. The client comprises a processor having an operating system, and a suite of one or more Internet tools. The SOCKS proxy server includes means for intercepting and servicing connection requests from the Internet tools. Preferably, the proxy server has a predetermined Internet Protocol address, preferably the loopback address. If the loopback address is not available on the protocol stack, a redirecting mechanism is used to redirect connection requests associated with stale IP addresses to a current IP address. The SOCKS server includes a filtering mechanism for filtering connection requests to particular servers, and a monitoring mechanism for monitoring network IP activity.

摘要翻译： 一个互联网客户端提供了一个SOCKS服务器。 客户机包括具有操作系统的处理器和一个或多个互联网工具的套件。 SOCKS代理服务器包括用于拦截和维护来自Internet工具的连接请求的装置。 优选地，代理服务器具有预定的因特网协议地址，优选地是环回地址。 如果协议栈中的环回地址不可用，则使用重定向机制将与过期IP地址相关联的连接请求重定向到当前IP地址。 SOCKS服务器包括用于过滤对特定服务器的连接请求的过滤机制，以及用于监控网络IP活动的监视机制。

公开(公告)号：US06993476B1

公开(公告)日：2006-01-31

申请号：US09383742

申请日：1999-08-26

申请人： Rabindranath Dutta ,  Christian Lita ,  Jeffrey Edward Rodriguez

发明人： Rabindranath Dutta ,  Christian Lita ,  Jeffrey Edward Rodriguez

IPC分类号： G06F15/16 ,  G06F17/30 ,  G06F17/27

CPC分类号： G06F17/30569

摘要： Initially, a client requests a specific document and provides the preferences, including readability level preferences of the document, locale preferences, content filtering instructions preferences, governmental regulations preferences, natural language preferences, and document syntactic format preferences. The transcoding proxy requests and receives the document from the origin server, with the document having origin semantic characteristics. The document from the origin server has an origin readability level and origin locale, is conformant with origin content filtering instructions and origin governmental regulations, and is in origin natural language and in origin document syntactic format. Using the client semantics preferences, the transcoding proxy revises the document in a sequential or parallel fashion. The origin semantics characteristics of the document are, thus, revised to the semantic preferences specified by the client.

摘要翻译： 最初，客户端请求特定文档并提供偏好，包括文档的可读性级别偏好，区域设置偏好，内容过滤指令偏好，政府规章偏好，自然语言偏好和文档句法格式偏好。 代码转换代理从原始服务器请求并接收文档，其中文档具有起源语义特征。 来自原始服务器的文档具有原始可读性级别和原始语言环境，符合原始内容过滤指令和原始政府法规，原产自然语言和原始文件句法格式。 使用客户端语义偏好，代码转换代理以顺序或并行方式修改文档。 因此，文档的起源语义特征被修改为由客户端指定的语义偏好。

公开(公告)号：US06584567B1

公开(公告)日：2003-06-24

申请号：US09343454

申请日：1999-06-30

申请人： Thomas Alexander Bellwood ,  Christian Lita ,  Matthew Francis Rutkowski

发明人： Thomas Alexander Bellwood ,  Christian Lita ,  Matthew Francis Rutkowski

IPC分类号： G06F1130

CPC分类号： H04L63/0464 ,  H04L63/166 ,  H04L2463/102

摘要： A method of enabling a proxy to participate in a secure communication between a client and a set of servers. The method begins by establishing a first secure session between the client and the proxy. Upon verifying the first secure session, the method continues by establishing a second secure session between the client and the proxy. In the second secure session, the client requests the proxy to act as a conduit to a first server. Thereafter, the client and the first server negotiate a first session master secret. Using the first secure session, this first session master secret is then provided by the client to the proxy to enable the proxy to participate in secure communications between the client and the first server. After receiving the first session master secret, the proxy generates cryptographic information that enables it to provide a given service (e.g., transcoding) on the client's behalf and without the first server's knowledge or participation. If data from a second server is required during the processing of a given client request to the first server, the proxy issues a request to the client to tunnel back through the proxy to the second server using the same protocol.

摘要翻译： 一种使代理能够参与客户机和一组服务器之间的安全通信的方法。 该方法开始于在客户端和代理之间建立第一个安全会话。 在验证第一安全会话后，该方法通过在客户端和代理之间建立第二安全会话来继续。 在第二个安全会话中，客户端请求代理充当第一个服务器的管道。 此后，客户端和第一服务器协商第一会话主机秘密。 然后使用第一安全会话，客户端将该第一会话主密钥提供给代理，以使代理能够参与客户端与第一服务器之间的安全通信。 在接收到第一会话主机秘密之后，代理产生加密信息，使其能够代表客户端提供给定服务（例如，转码），而不需要第一服务器的知识或参与。 如果在处理向第一服务器的给定客户端请求期间需要来自第二服务器的数据，则代理向客户端发出请求，以使用相同协议向客户端通过代理隧道传回给第二服务器。

公开(公告)号：US06226642B1

公开(公告)日：2001-05-01

申请号：US08927596

申请日：1997-09-11

申请人： Michael J. Beranek ,  Christian Lita

发明人： Michael J. Beranek ,  Christian Lita

IPC分类号： G06F1730

CPC分类号： G06F17/30905 ,  Y10S707/917

摘要： A method of controlling how a Web document is presented for display on a browser of a Web appliance. The Web appliance typically includes a television class monitor associated therewith. The Web document typically is formatted according to a markup language such as HTML. The method uses a client side HTTP caching proxy to intercept the Web document and then dynamically rewrite the document before it is displayed on the browser of the Web appliance. In particular, as the Web document is received from the server, the HTML is parsed to identify the format of the document and the information therein. A filter mechanism is then used to reformat the Web document according to some given protocol, and the re-formatted Web document is then passed to the browser for display on the monitor. Dynamic alteration of the HTML in this manner enables control of the “look and feel” of the browser display irrespective of the monitor resolution and/or quality.

摘要翻译： 控制如何呈现Web文档以在Web设备的浏览器上显示的方法。 Web设备通常包括与其相关联的电视类监视器。 Web文档通常根据HTML等标记语言进行格式化。 该方法使用客户端HTTP缓存代理拦截Web文档，然后在Web Appliance的浏览器上显示文档之前动态重写该文档。 具体来说，当从服务器接收到Web文档时，解析HTML以识别文档的格式及其中的信息。 然后使用过滤器机制根据某些给定的协议重新格式化Web文档，然后将重新格式化的Web文档传递给浏览器以在监视器上显示。 以这种方式动态地改变HTML能够控制浏览器显示器的“外观和感觉”，而与监视器分辨率和/或质量无关。

公开(公告)号：US06202145B1

公开(公告)日：2001-03-13

申请号：US09211370

申请日：1998-12-14

申请人： Stacey Alan Barnes ,  Craig Bennett ,  Christian Lita ,  Martin Daniel Ridgeway

发明人： Stacey Alan Barnes ,  Craig Bennett ,  Christian Lita ,  Martin Daniel Ridgeway

IPC分类号： G06F9455

CPC分类号： G06F9/328 ,  G06F9/268 ,  G06F9/32 ,  G06F9/45533

摘要： A system, method, and computer readable medium for eliminating unnecessary ring transitions is described. Often, a requested system service or I/O operation can be performed entirely at a higher ring level, such as Ring 3, with no need to transition to a lower ring. In these cases, the software interrupt or I/O instruction which generates the ring transition is replaced by a call to a program executing at the higher ring level. Thus, the software interrupt instruction or I/O instruction is redirected to code that resides at the same protection level and emulates the effects of the instruction, resulting in improved execution speed. In the Intel 80×86 family of microprocessors, both the software interrupt instruction and the I/O instruction take two bytes to encode. It is thus possible to replace the instruction with the op-code for a segment:offset far call, letting the instruction stream dictate the offset for the call. By manipulating the base address of the segment, the target entry point can be controlled, and no ring transitions are needed to process the resulting call. After an instruction has been patched once, it remains patched for each subsequent execution. Thus, each software interrupt instruction and/or I/O instruction need only be patched once.

摘要翻译： 描述了用于消除不必要的环转换的系统，方法和计算机可读介质。 通常，所需的系统服务或I / O操作可以在较高的环等级（例如环3）完全执行，无需转换到下环。 在这些情况下，产生环形转换的软件中断或I / O指令被对较高级别执行的程序的调用所取代。 因此，软件中断指令或I / O指令被重定向到位于相同保护级别的代码，并且模拟指令的影响，从而提高执行速度。 在Intel 80x86系列微处理器中，软件中断指令和I / O指令均需要两个字节进行编码。 因此，可以用段的操作代码替换指令：偏移远程调用，让指令流指示调用的偏移量。 通过操纵段的基地址，可以控制目标入口点，并且不需要环转移来处理结果呼叫。 在指令修补一次之后，它将为每个后续执行保留补丁。 因此，每个软件中断指令和/或I / O指令只需要修补一次。