公开(公告)号：US20130219495A1

公开(公告)日：2013-08-22

申请号：US13850390

申请日：2013-03-26

Applicant: ANDREY KULAGA ,  ANTON TIKHOMIROV

Inventor： ANDREY KULAGA ,  ANTON TIKHOMIROV

IPC: H04L29/06

CPC classification number: H04L63/20 ,  H04L41/0816 ,  H04L63/0218 ,  H04L63/1441 ,  H04L67/1036

Abstract: A system and method for dynamic configuration of the security modules for optimization of execution of security tasks are provided. The system includes: a mechanism for identifying the clients connected to the network; a client data collection unit that determines hardware/software configurations of each detected client; a security module selection and installation unit that selects required modules for each client; a statistics collection unit that collects the security tasks execution statistics from user modules and from client modules; and a configuration unit that configures the client and server modules based on the collected statistics in order to optimize execution of the security tasks.

Abstract translation: 提供了一种用于动态配置安全模块以优化安全任务执行的系统和方法。 该系统包括：用于识别连接到网络的客户端的机制; 确定每个检测到的客户端的硬件/软件配置的客户端数据收集单元; 安全模块选择和安装单元，为每个客户端选择所需的模块; 统计收集单元，从用户模块和客户端模块收集安全任务执行统计信息; 以及配置单元，其基于收集的统计信息来配置客户端和服务器模块，以优化安全任务的执行。

公开(公告)号：US08473613B2

公开(公告)日：2013-06-25

申请号：US13108063

申请日：2011-05-16

Applicant: David A. Farber ,  Richard E. Greer ,  Andrew D. Swart ,  James A. Balter

Inventor： David A. Farber ,  Richard E. Greer ,  Andrew D. Swart ,  James A. Balter

IPC: G06F15/16

CPC classification number: G06F9/505 ,  G06F17/30899 ,  G06F2209/509 ,  H04L29/06 ,  H04L29/12066 ,  H04L29/12594 ,  H04L43/065 ,  H04L43/0817 ,  H04L43/16 ,  H04L61/1511 ,  H04L61/301 ,  H04L67/02 ,  H04L67/1002 ,  H04L67/1006 ,  H04L67/1008 ,  H04L67/101 ,  H04L67/1012 ,  H04L67/1014 ,  H04L67/1019 ,  H04L67/1021 ,  H04L67/1023 ,  H04L67/1025 ,  H04L67/1036 ,  H04L67/1095 ,  H04L67/125 ,  H04L67/28 ,  H04L67/2804 ,  H04L67/2814 ,  H04L67/2819 ,  H04L67/2842 ,  H04L67/2852 ,  H04L67/2895 ,  H04L67/322 ,  H04L2029/06054

Abstract: A plurality of repeater servers form a shared content delivery network (CDN) to serve resources to clients on behalf of a plurality of content providers. First and second resources are associated with a first content provider, the first resource referencing the second resource. The second resource is associated with a domain of the shared CDN. Responsive to a request that causes the first resource to be served to a client from a server in a domain associated with the first content provider, a CDN server is identified in the domain associated with the shared CDN to serve the second resource to the client. The CDN server is selected based, at least in part, on load conditions on at least some of the CDN servers, and on the client's location. Responsive to the CDN server being requested to serve the second resource: if a copy of the second resource is available on the CDN server, the copy is served to the client from the CDN server; otherwise, the second resource is replicated on the CDN server and then served to the client from the CDN server.

Abstract translation: 多个中继器服务器形成共享内容传送网络（CDN），以代表多个内容提供商向客户端提供资源。 第一和第二资源与第一内容提供商相关联，第一资源引用第二资源。 第二个资源与共享CDN的域相关联。 响应于使第一资源从与第一内容提供商相关联的域中的服务器提供给客户端的请求，在与共享CDN相关联的域中识别CDN服务器，以向客户端提供第二资源。 CDN服务器至少部分地基于至少一些CDN服务器上的负载条件和客户端的位置来选择。 响应CDN服务器被请求服务于第二资源：如果第二资源的副本在CDN服务器上可用，则该副本从CDN服务器提供给客户端; 否则，第二个资源在CDN服务器上复制，然后从CDN服务器提供给客户端。

公开(公告)号：US08433792B2

公开(公告)日：2013-04-30

申请号：US13031200

申请日：2011-02-19

Applicant: Andrey Kulaga ,  Anton Tikhomirov

Inventor： Andrey Kulaga ,  Anton Tikhomirov

IPC: G06F15/173

CPC classification number: H04L63/20 ,  H04L41/0816 ,  H04L63/0218 ,  H04L63/1441 ,  H04L67/1036

Abstract: A system and method for dynamic configuration of the security modules for optimization of execution of security tasks are provided. The system includes: a client detection unit that finds the clients on the network; a client data collection unit that determines hardware/software configurations of each detected client; a security module selection and installation unit that selects required modules for each client from a modules database; a statistics collection unit that collects the security tasks execution statistics from user modules and from client modules; and a re-configuration unit that reconfigures the client and server modules based on the collected statistics in order to optimize execution of the security tasks.

Abstract translation: 提供了一种用于动态配置安全模块以优化安全任务执行的系统和方法。 该系统包括：在网络上查找客户端的客户端检测单元; 确定每个检测到的客户端的硬件/软件配置的客户端数据收集单元; 安全模块选择和安装单元，用于从模块数据库中为每个客户端选择所需的模块; 统计收集单元，用于从用户模块和客户端模块收集安全任务执行统计信息; 以及重新配置单元，其基于收集的统计信息重新配置客户端和服务器模块，以优化安全任务的执行。

公开(公告)号：US08402530B2

公开(公告)日：2013-03-19

申请号：US12847363

申请日：2010-07-30

Applicant: Odin J. Anderson ,  Stephen M. Patrick ,  Nasko Oskov ,  Konstantin E. Ryvkin ,  Guruprakash Bangalore Rao ,  Balasubramanian Swaminathan

Inventor： Odin J. Anderson ,  Stephen M. Patrick ,  Nasko Oskov ,  Konstantin E. Ryvkin ,  Guruprakash Bangalore Rao ,  Balasubramanian Swaminathan

IPC: G06F9/00 ,  G06F15/16 ,  G06F17/00 ,  G06F15/173 ,  G06F9/46 ,  H04L29/06

CPC classification number: H04L63/08 ,  H04L67/1008 ,  H04L67/1029 ,  H04L67/1031 ,  H04L67/1036

Abstract: Authentication requests are redistributed among a plurality of authentication servers and to centrally managing authentication affinities among distributed servers using a secure channels affinity service. A computer system instantiates a secure channel management service configured to manage secure channel connections. The secure channel management service receives state inputs from currently deployed authentication servers. The authentication servers may be configured to queue authentication requests for transmission to authentication servers. The computer system determines that, based on the received state input, at least one of the secure channels is to be remapped to a different authentication server. The computer system also remaps the determined secure channels to distribute future authentication requests among the authentication servers. In some cases, the current state of an authentication proxy server is embedded in communications transmitted by the authentication server, such that the secure channel connections are managed using the embedded state information.

Abstract translation: 认证请求在多个认证服务器之间重新分布，并且使用安全信道亲和性服务集中管理分布式服务器之间的认证亲和度。 计算机系统实例化配置为管理安全通道连接的安全通道管理服务。 安全信道管理服务从当前部署的认证服务器接收状态输入。 认证服务器可以被配置为对认证服务器进行传输的认证请求进行排队。 计算机系统确定，基于接收到的状态输入，将至少一个安全通道重新映射到不同的认证服务器。 计算机系统还重新定位所确定的安全信道，以便在认证服务器之间分配未来的认证请求。 在某些情况下，认证代理服务器的当前状态被嵌入到由认证服务器发送的通信中，使得使用嵌入状态信息来管理安全信道连接。

公开(公告)号：US20130067557A1

公开(公告)日：2013-03-14

申请号：US13227848

申请日：2011-09-08

Applicant: Tylor Allison ,  Anish Thomas ,  Andrew Nissen ,  Michael James Silbersack

Inventor： Tylor Allison ,  Anish Thomas ,  Andrew Nissen ,  Michael James Silbersack

IPC: G06F21/20

CPC classification number: H04L41/12 ,  H04L63/0209 ,  H04L63/0218 ,  H04L63/0227 ,  H04L63/0236 ,  H04L63/0254 ,  H04L63/102 ,  H04L67/10 ,  H04L67/1008 ,  H04L67/1027 ,  H04L67/1036

Abstract: A firewall cluster system comprises a first node operable to receive a connection in a firewall cluster having three or more nodes, determine user data associated with the connection, and share the user data with at least another node in the firewall cluster.

Abstract translation: 防火墙集群系统包括可操作以在具有三个或更多个节点的防火墙集群中接收连接的第一节点，确定与连接相关联的用户数据，以及与防火墙集群中的至少另一个节点共享用户数据。

公开(公告)号：US08380831B2

公开(公告)日：2013-02-19

申请号：US13401852

申请日：2012-02-22

Applicant: Timothy P. Barber

Inventor： Timothy P. Barber

IPC: G06F15/16

CPC classification number: H04L61/1511 ,  G06F2221/2129 ,  H04L29/12066 ,  H04L29/12801 ,  H04L61/2007 ,  H04L61/6004 ,  H04L63/102 ,  H04L67/1002 ,  H04L67/1027 ,  H04L67/1036 ,  H04L67/14 ,  H04L67/146

Abstract: A system establishes virtual DNS servers that are supported by a DNS server. Target IP addresses are assigned for the virtual DNS servers. Network capable devices are uniquely assigned to the virtual DNS servers for domain name resolution. Each network capable device accesses the communication network through a corresponding network device associated with a corresponding source IP address. A client's service plan is assigned to a first network capable device used by the client. The service plan is implemented through a DNS request under a session established between the first network capable device and its assigned first virtual DNS server. The session is uniquely identified by a first source IP address of a first network device used by the first network capable device to access the communication network and a first target IP address of the first virtual DNS server.

Abstract translation: 系统建立DNS服务器支持的虚拟DNS服务器。 为虚拟DNS服务器分配目标IP地址。 具有网络功能的设备被唯一地分配给虚拟DNS服务器以进行域名解析。 每个具有网络能力的设备通过与相应源IP地址相关联的相应网络设备访问通信网络。 客户端的服务计划被分配给客户使用的第一个具有网络功能的设备。 该服务计划通过在第一网络能力设备与其分配的第一虚拟DNS服务器之间建立的会话下的DNS请求来实现。 会话由第一网络设备用于访问通信网络的第一网络设备的第一源IP地址和第一虚拟DNS服务器的第一目标IP地址唯一标识。

公开(公告)号：US08291046B2

公开(公告)日：2012-10-16

申请号：US11806154

申请日：2007-05-30

Applicant: David A. Farber ,  Richard E. Greer ,  Andrew D. Swart ,  James A. Balter

Inventor： David A. Farber ,  Richard E. Greer ,  Andrew D. Swart ,  James A. Balter

IPC: G06F15/16 ,  G06F15/173

CPC classification number: G06F9/505 ,  G06F17/30899 ,  G06F2209/509 ,  H04L29/06 ,  H04L29/12066 ,  H04L29/12594 ,  H04L43/065 ,  H04L43/0817 ,  H04L43/16 ,  H04L61/1511 ,  H04L61/301 ,  H04L67/02 ,  H04L67/1002 ,  H04L67/1006 ,  H04L67/1008 ,  H04L67/101 ,  H04L67/1012 ,  H04L67/1014 ,  H04L67/1019 ,  H04L67/1021 ,  H04L67/1023 ,  H04L67/1025 ,  H04L67/1036 ,  H04L67/1095 ,  H04L67/125 ,  H04L67/28 ,  H04L67/2804 ,  H04L67/2814 ,  H04L67/2819 ,  H04L67/2842 ,  H04L67/2852 ,  H04L67/2895 ,  H04L67/322 ,  H04L2029/06054

Abstract: A method of processing requests for resources in a system in which a plurality of content providers provide multiple resources. Content providers offload the serving of some of their resources to a shared content delivery network (CDN) formed by a plurality of servers. The CDN is shared among the content providers. Some of a content provider's content may be served from an origin server associated with that content provider, while requests for other content from that content provider are served from the shared CDN. Requests for content are directed to servers in the CDN based on load conditions on the CDN servers and network conditions.

Abstract translation: 一种在多个内容提供商提供多个资源的系统中处理资源请求的方法。 内容提供商将其部分资源的服务卸载到由多个服务器形成的共享内容传送网络（CDN）。 CDN在内容提供商之间共享。 一些内容提供商的内容可以从与该内容提供商相关联的原始服务器提供，而来自该内容提供商的其他内容的请求从共享CDN提供。 基于CDN服务器上的负载条件和网络条件，内容请求针对CDN中的服务器。

公开(公告)号：US08281035B2

公开(公告)日：2012-10-02

申请号：US11441253

申请日：2006-05-26

Applicant: David A. Farber ,  Richard E. Greer ,  Andrew D. Swart ,  James A. Balter

Inventor： David A. Farber ,  Richard E. Greer ,  Andrew D. Swart ,  James A. Balter

IPC: G06F15/16 ,  G06F15/173

CPC classification number: G06F9/505 ,  G06F17/30899 ,  G06F2209/509 ,  H04L29/06 ,  H04L29/12066 ,  H04L29/12594 ,  H04L43/065 ,  H04L43/0817 ,  H04L43/16 ,  H04L61/1511 ,  H04L61/301 ,  H04L67/02 ,  H04L67/1002 ,  H04L67/1006 ,  H04L67/1008 ,  H04L67/101 ,  H04L67/1012 ,  H04L67/1014 ,  H04L67/1019 ,  H04L67/1021 ,  H04L67/1023 ,  H04L67/1025 ,  H04L67/1036 ,  H04L67/1095 ,  H04L67/125 ,  H04L67/28 ,  H04L67/2804 ,  H04L67/2814 ,  H04L67/2819 ,  H04L67/2842 ,  H04L67/2852 ,  H04L67/2895 ,  H04L67/322 ,  H04L2029/06054

Abstract: A method for delivering resources in a distributed computing environment, wherein at least a first resource and a second resource are associated with a content provider, and wherein the first resource references the second resource via a first uniform resource locator (URL), the first URL having a first domain name that resolves to a server associated with a domain of the content provider. The second resource is associated with a domain name that resolves to a content delivery network (CDN) formed by a plurality of repeater servers. The domain of the CDN may be distinct from the domain of the content provider. Responsive to a request that causes the first resource to be served to a client from an origin server associated with the content provider's domain, the second domain name in the second URL is resolved to identify a repeater server in the CDN's domain from which to serve the second resource to the client. If a copy of the second resource is already replicated on the identified repeater server, then the copy of the second resource is served to the client from the identified repeater server; otherwise, the second resource is replicated on the identified repeater server and the copy of the second resource is served to the client from the identified repeater server.

Abstract translation: 一种用于在分布式计算环境中传送资源的方法，其中至少第一资源和第二资源与内容提供商相关联，并且其中所述第一资源经由第一统一资源定位符（URL）引用所述第二资源，所述第一URL 具有解析为与内容提供商的域相关联的服务器的第一域名。 第二资源与解析为由多个中继器服务器形成的内容传送网络（CDN）的域名相关联。 CDN的域可能与内容提供商的域不同。 响应于使第一资源从与内容提供商的域相关联的原始服务器向客户端提供的请求，第二URL中的第二域名被解析为识别CDN域中的中继器服务器，从该服务器 第二个资源给客户端。 如果在所识别的中继器服务器上已经复制了第二个资源的副本，则从所识别的中继器服务器向客户端提供第二资源的副本; 否则，第二资源被复制在所识别的中继器服务器上，并且从识别的中继器服务器向客户端提供第二资源的副本。

公开(公告)号：US20120225679A1

公开(公告)日：2012-09-06

申请号：US13409914

申请日：2012-03-01

Applicant: Thomas Matthew McCann ,  Mark Edward Kanode ,  Peter J. Marsico

Inventor： Thomas Matthew McCann ,  Mark Edward Kanode ,  Peter J. Marsico

IPC: H04W40/00

CPC classification number: H04L45/64 ,  H04L12/1407 ,  H04L61/1588 ,  H04L65/1016 ,  H04L67/1029 ,  H04L67/1036 ,  H04L67/16 ,  H04L67/2814

Abstract: Methods, systems, and computer readable media for dynamically learning Diameter binding information are disclosed. According to one method, the method comprises receiving one or more response messages associated with the one or more Diameter signaling messages, determining, based on information contained in the one or more response messages, whether at least one of the one or more network service nodes was able to successfully process the one or more Diameter signaling messages, and generating, in response to determining that at least one of the one or more network service nodes was able to successfully process at least one of the one or more Diameter request messages, a Diameter binding record that associates the identification information and the at least one of the one or more network service nodes.

Abstract translation: 公开了用于动态学习Diameter绑定信息的方法，系统和计算机可读介质。 根据一种方法，所述方法包括接收与所述一个或多个Diameter信令消息相关联的一个或多个响应消息，基于所述一个或多个响应消息中包含的信息确定所述一个或多个网络服务节点中的至少一个 响应于确定一个或多个网络服务节点中的至少一个能够成功处理一个或多个Diameter请求消息中的至少一个，生成一个或多个Diameter信令消息，并且生成 将所述标识信息与所述一个或多个网络服务节点中的至少一个相关联的直径绑定记录。

公开(公告)号：US20120173677A1

公开(公告)日：2012-07-05

申请号：US13419233

申请日：2012-03-13

Applicant: David R. Richardson ,  John Cormie ,  Bradley E. Marshall ,  Elmore Eugene Pope ,  Swaminathan Sivasubramanian

Inventor： David R. Richardson ,  John Cormie ,  Bradley E. Marshall ,  Elmore Eugene Pope ,  Swaminathan Sivasubramanian

IPC: G06F15/16

CPC classification number: H04L61/301 ,  H04L29/12066 ,  H04L61/1511 ,  H04L67/1002 ,  H04L67/1036 ,  H04L67/327

Abstract: A system, method and computer-readable medium for request routing. A client request processing a resource identifier for requested content transmits a first DNS query to a content delivery network service provider. The content delivery network service provider transmits an alternative resource identifier in response to the client computing device DNS query. The client computing device then issues a second DNS query to the same content delivery network service provider. The content delivery network service provider can then either resolve the second DNS query with an IP address of a cache component or transmit another alternative resource identifier that will resolve to the content delivery network service provider. The process can repeat with the content delivery network service provider's network until a DNS server resolves a DNS query from the client computing device.

Abstract translation: 用于请求路由的系统，方法和计算机可读介质。 处理所请求内容的资源标识符的客户端请求向内容传送网络服务提供商发送第一DNS查询。 内容传送网络服务提供商响应于客户端计算设备DNS查询传输替代资源标识符。 客户端计算设备然后向相同的内容传送网络服务提供商发出第二DNS查询。 然后，内容传送网络服务提供商可以用缓存组件的IP地址来解析第二DNS查询，或者传送将解析到内容传送网络服务提供商的另一备用资源标识符。 该过程可以与内容传递网络服务提供商的网络重复，直到DNS服务器从客户端计算设备解析DNS查询。