公开(公告)号：US07929429B2

公开(公告)日：2011-04-19

申请号：US11858261

申请日：2007-09-20

申请人： Claudson F. Bornstein ,  Timothy K. Canfield ,  Gary L. Miller ,  Satish B. Rao ,  Ravi Sundaram

发明人： Claudson F. Bornstein ,  Timothy K. Canfield ,  Gary L. Miller ,  Satish B. Rao ,  Ravi Sundaram

IPC分类号： H04J1/16

CPC分类号： H04L67/06 ,  H04L29/06 ,  H04L45/00 ,  H04L45/22 ,  H04L45/26 ,  H04L67/26 ,  H04L67/2814 ,  H04L67/2842 ,  H04L67/289 ,  H04L67/322 ,  H04L69/329 ,  H04L69/40

摘要： A routing mechanism, service or system operable in a distributed networking environment. One preferred environment is a content delivery network (CDN) wherein the present invention provides improved connectivity back to an origin server, especially for HTTP traffic. In a CDN, edge servers are typically organized into regions, with each region comprising a set of content servers that preferably operate in a peer-to-peer manner and share data across a common backbone such as a local area network (LAN). The inventive routing technique enables an edge server operating within a given CDN region to retrieve content (cacheable, non-cacheable and the like) from an origin server more efficiently by selectively routing through the CDN's own nodes, thereby avoiding network congestion and hot spots. The invention enables an edge server to fetch content from an origin server through an intermediate CDN server or, more generally, enables an edge server within a given first region to fetch content from the origin server through an intermediate CDN region.

摘要翻译： 在分布式网络环境中可操作的路由机制，业务或系统。 一个优选的环境是内容传送网络（CDN），其中本发明提供了到原始服务器的改进的连接，特别是对于HTTP流量。 在CDN中，边缘服务器通常被组织成区域，每个区域包括一组内容服务器，其优选地以点对点的方式操作，并且通过诸如局域网（LAN）的公共骨干网共享数据。 本发明的路由技术使得在给定CDN区域内的边缘服务器能够通过选择性地路由通过CDN自己的节点更有效地从原始服务器检索内容（可高速缓存，不可缓存等），从而避免网络拥塞和热点。 本发明使得边缘服务器能够通过中间CDN服务器从原始服务器获取内容，或者更一般地，允许给定第一区域内的边缘服务器通过中间CDN区域从原始服务器获取内容。

公开(公告)号：US07926104B1

公开(公告)日：2011-04-12

申请号：US10826897

申请日：2004-04-16

申请人： Ravi Sundaram ,  Walter C. Milliken

发明人： Ravi Sundaram ,  Walter C. Milliken

IPC分类号： G06F12/14 ,  G06F11/30 ,  G06F15/16 ,  H04L29/06

CPC分类号： H04L63/1466 ,  H04L29/12056 ,  H04L29/12226 ,  H04L61/15 ,  H04L61/1505 ,  H04L61/20 ,  H04L61/2015 ,  H04L63/0227 ,  H04L63/108 ,  H04L63/1416 ,  H04L63/1441 ,  H04L63/1491 ,  H04L63/16

摘要： Methods and systems for detection and/or prevention of network attacks can include the use of multiple and/or time-dependent addresses coupled with filtering by the directory or naming service. The directory service can respond to requests for the address of a resource by returning an address that can be relocated over time by coordinating the directory service entry with the host and network address configuration data and/or by returning an address specific to the requestor. Thus, the directory service can track and build profiles of matches between requestors and accesses. The methods and systems can use the time dependent addresses and profiles to distinguish legitimate accesses from unauthorized or malicious ones. Requests for non-valid addresses can be misdirected to “empty” addresses or to detection devices.

摘要翻译： 用于检测和/或防止网络攻击的方法和系统可以包括使用多个和/或与时间相关的地址，以及通过目录或命名服务的过滤。 目录服务可以通过使用主机和网络地址配置数据协调目录服务条目和/或返回特定于请求者的地址来返回可以随时间重新定位的地址来响应对资源的地址的请求。 因此，目录服务可以跟踪和构建请求者和访问之间的匹配的配置文件。 方法和系统可以使用与时间相关的地址和配置文件来区分合法访问与未经授权的或恶意的访问。 对非有效地址的请求可能被误导到“空”地址或检测设备。

公开(公告)号：US20050058288A1

公开(公告)日：2005-03-17

申请号：US10649855

申请日：2003-08-26

申请人： Ravi Sundaram ,  William Yerazunis

发明人： Ravi Sundaram ,  William Yerazunis

IPC分类号： G06K19/10 ,  H04L9/10 ,  H04L9/32 ,  H04K1/00

CPC分类号： H04L9/3218 ,  H04L9/002 ,  H04L9/3013

摘要： A method authenticates di identities in parallel using two prime numbers p and q such that q|p−1. Each identity includes a private key si and a public key vi, and a publicly known generator is α such that αq≡1 (mod p). A verifier is provided with an ordered list of the public keys vi. A prover selects uniformly at random a non-negative number r less than q. A number x=αr (mod p) is sent from the prover to a verifier. The verifier selects uniformly at random a non-negative number e less than 2(t+logd), where log is base 2, and a number t is a predetermined security parameter. The prover receives from the verifier the number e. A number y=r+Σi si*ei (mod q) is generated by the prover, and the number Y is sent to the verifier, who then determines if an equality x=αy*Πi(vi)ei (mod p) is true. The prover is accepted as having the di identities if and only if the equality is true. In a preferred embodiment the communications between the prover and the verifier is via a low-bandwidth optical channel.

摘要翻译： 一种方法使用两个质数p和q并行地验证二个身份，使得q | p-1。 每个身份包括私钥si和公开密钥vi，并且公知的生成器是α，使得alpha = 1（mod p）。 验证者具有公钥的有序列表vi。 证明者随机选择小于q的非负数r。 数字x = alpha（mod p）从证明者发送到验证者。 验证者随机选择小于2 <（t + logd）>的非负数e，其中log为基数2，数t为预定的安全参数。 证明者从验证者那里收到数字e。 编号y = r + Sigmai si * e（mod q）由证明者生成，并且将数字Y发送给验证者，验证者然后确定是否相等x =α * Pii（vi） << i >>（mod p）为真。 当且仅当平等是真实的，证明者被接受为具有二重身份。 在优选实施例中，证明者和验证者之间的通信是经由低带宽光信道。

公开(公告)号：US08719937B2

公开(公告)日：2014-05-06

申请号：US13040030

申请日：2011-03-03

申请人： Ravi Sundaram ,  Walter Clark Milliken

发明人： Ravi Sundaram ,  Walter Clark Milliken

IPC分类号： H04L29/06 ,  H04L29/12

CPC分类号： H04L63/1466 ,  H04L29/12056 ,  H04L29/12226 ,  H04L61/15 ,  H04L61/1505 ,  H04L61/20 ,  H04L61/2015 ,  H04L63/0227 ,  H04L63/108 ,  H04L63/1416 ,  H04L63/1441 ,  H04L63/1491 ,  H04L63/16

摘要： Methods and systems for detection and/or prevention of network attacks can include the use of multiple and/or time-dependent addresses coupled with filtering by the directory or naming service. The directory service can respond to requests for the address of a resource by returning an address that can be relocated over time by coordinating the directory service entry with the host and network address configuration data and/or by returning an address specific to the requestor. Thus, the directory service can track and build profiles of matches between requestors and accesses. The methods and systems can use the time dependent addresses and profiles to distinguish legitimate accesses from unauthorized or malicious ones. Requests for non-valid addresses can be misdirected to “empty” addresses or to detection devices.

摘要翻译： 用于检测和/或防止网络攻击的方法和系统可以包括使用多个和/或与时间相关的地址，以及通过目录或命名服务的过滤。 目录服务可以通过使用主机和网络地址配置数据协调目录服务条目和/或返回特定于请求者的地址来返回可以随时间重新定位的地址来响应对资源的地址的请求。 因此，目录服务可以跟踪和构建请求者和访问之间的匹配的配置文件。 方法和系统可以使用与时间相关的地址和配置文件来区分合法访问与未经授权的或恶意的访问。 对非有效地址的请求可能被误导到“空”地址或检测设备。

公开(公告)号：US20130132549A1

公开(公告)日：2013-05-23

申请号：US13699117

申请日：2011-05-19

申请人： Pablo Rodriguez ,  Parminder Chhabra ,  Vijay Erramilli ,  Nikolaos Laoutaris ,  Ravi Sundaram

发明人： Pablo Rodriguez ,  Parminder Chhabra ,  Vijay Erramilli ,  Nikolaos Laoutaris ,  Ravi Sundaram

IPC分类号： H04L12/24

CPC分类号： H04L41/14 ,  H04L45/00 ,  H04L45/125

摘要： The method comprises modelling a delay-tolerant dynamic network comprising time-varying links transforming it into a static time-expanded network graph, and managing bulk data transfer on the basis of said static time-expanded network graph.The device comprises a scheduler unit with processing capabilities implementing an algorithm which processes arc costs (cijt) and storage costs (pit) as per the method of the first aspect of the invention.

摘要翻译： 该方法包括对包含时变链路的延迟容忍动态网络进行建模，将其变换为静态时间扩展网络图，以及基于所述静态时间扩展网络图来管理批量数据传输。 该装置包括具有处理能力的调度器单元，该处理能力实现根据本发明第一方面的方法处理电弧成本（cijt）和存储成本（凹坑）的算法。

公开(公告)号：US20120303804A1

公开(公告)日：2012-11-29

申请号：US13567351

申请日：2012-08-06

申请人： Ravi Sundaram ,  Hariharan S. Rahul

发明人： Ravi Sundaram ,  Hariharan S. Rahul

IPC分类号： G06F15/16

CPC分类号： H04L29/12132 ,  H04L29/12066 ,  H04L41/046 ,  H04L41/06 ,  H04L41/0896 ,  H04L61/1511 ,  H04L61/1552 ,  H04L67/1002 ,  H04L67/1008 ,  H04L67/1034 ,  H04L69/329 ,  H04L69/40

摘要： An infrastructure “insurance” mechanism enables a Web site to fail over to a content delivery network (CDN) upon a given occurrence at the site. Upon such occurrence, at least some portion of the site's content is served preferentially from the CDN so that end users that desire the content can still get it, even if the content is not then available from the origin site. In operation, content requests are serviced from the site in the usual manner, e.g., by resolving DNS queries to the site's IP address, until detection of the given occurrence. Thereafter, DNS queries are managed by a CDN dynamic DNS-based request routing mechanism so that such queries are resolved to optimal CDN edge servers. After the event that caused the occurrence has passed, control of the site's DNS may be returned from the CDN back to the origin server's DNS mechanism.

摘要翻译： 基础设施保险机制使网站能够在网站发生特定事件时将内容转发网络（CDN）故障转移。 在这种情况下，站点的内容的至少一部分优先地从CDN提供，使得期望内容的最终用户仍然可以得到它，即使内容不是从原始站点可用。 在操作中，例如通过将DNS查询解析为站点的IP地址，直到检测到给定的事件为止，以通常的方式从站点服务内容请求。 此后，DNS查询由基于CDN动态DNS的请求路由机制进行管理，以便将这些查询解析为最佳的CDN边缘服务器。 在导致事件发生的事件已经过去之后，站点的DNS的控制可以从CDN返回到原始服务器的DNS机制。

公开(公告)号：US20120096116A1

公开(公告)日：2012-04-19

申请号：US13274705

申请日：2011-10-17

申请人： Alan Mislove ,  Ravi Sundaram

发明人： Alan Mislove ,  Ravi Sundaram

IPC分类号： G06F15/16

CPC分类号： H04L67/2814 ,  G06F17/3089 ,  H04L67/02 ,  H04L67/2842 ,  H04L67/289

摘要： In one embodiment, program code is added to a social network's web pages or site such that the content a first user accesses is locally stored at the first user's system. When another user, who is a friend of the first user, as defined by the social networking site, browses to that same content, the program code fetches it from the first user, instead of directly from the social networking site. The content is thus directly exchanged between the users without a transaction at the website. The present invention leverages the storage and bandwidth resources of social networking users to help serve content.

摘要翻译： 在一个实施例中，将程序代码添加到社交网络的网页或站点，使得第一用户访问的内容被本地存储在第一用户的系统。 当由社交网站定义的第一用户的朋友的另一个用户浏览相同的内容时，程序代码从第一个用户而不是直接从社交网站获取。 因此，内容直接在用户之间交换，而无需在网站上进行交易。 本发明利用社交网络用户的存储和带宽资源来帮助服务内容。

公开(公告)号：US20080215730A1

公开(公告)日：2008-09-04

申请号：US12122796

申请日：2008-05-19

申请人： Ravi Sundaram ,  Hariharan S. Rahul

发明人： Ravi Sundaram ,  Hariharan S. Rahul

IPC分类号： G06F15/173

CPC分类号： H04L29/12132 ,  H04L29/12066 ,  H04L41/046 ,  H04L41/06 ,  H04L41/0896 ,  H04L61/1511 ,  H04L61/1552 ,  H04L67/1002 ,  H04L67/1008 ,  H04L67/1034 ,  H04L69/329 ,  H04L69/40

摘要： An infrastructure “insurance” mechanism enables a Web site to fail over to a content delivery network (CDN) upon a given occurrence at the site. Upon such occurrence, at least some portion of the site's content is served preferentially from the CDN so that end users that desire the content can still get it, even if the content is not then available from the origin site. In operation, content requests are serviced from the site in the usual manner, e.g., by resolving DNS queries to the site's IP address, until detection of the given occurrence. Thereafter, DNS queries are managed by a CDN dynamic DNS-based request routing mechanism so that such queries are resolved to optimal CDN edge servers. After the event that caused the occurrence has passed, control of the site's DNS may be returned from the CDN back to the origin server's DNS mechanism.

摘要翻译： 基础设施“保险”机制使得网站能够在站点发生特定事件时故障切换到内容传送网络（CDN）。 在这种情况下，站点的内容的至少一部分优先地从CDN提供，使得期望内容的最终用户仍然可以得到它，即使内容不是从原始站点可用。 在操作中，例如通过将DNS查询解析为站点的IP地址，直到检测到给定的事件为止，以通常的方式从站点服务内容请求。 此后，DNS查询由基于CDN动态DNS的请求路由机制进行管理，以便将这些查询解析为最佳的CDN边缘服务器。 在导致事件发生的事件已经过去之后，站点的DNS的控制可以从CDN返回到原始服务器的DNS机制。

公开(公告)号：US07376736B2

公开(公告)日：2008-05-20

申请号：US11598400

申请日：2006-11-13

申请人： Ravi Sundaram ,  Hariharan S. Rahul

发明人： Ravi Sundaram ,  Hariharan S. Rahul

IPC分类号： G06F15/173

CPC分类号： H04L29/12132 ,  H04L29/12066 ,  H04L41/046 ,  H04L41/06 ,  H04L41/0896 ,  H04L61/1511 ,  H04L61/1552 ,  H04L67/1002 ,  H04L67/1008 ,  H04L67/1034 ,  H04L69/329 ,  H04L69/40

摘要： An infrastructure “insurance” mechanism enables a Web site to fail over to a content delivery network (CDN) upon a given occurrence at the site. Upon such occurrence, at least some portion of the site's content is served preferentially from the CDN so that end users that desire the content can still get it, even if the content is not then available from the origin site. In operation, content requests are serviced from the site in the usual manner, e.g., by resolving DNS queries to the site's IP address, until detection of the given occurrence. Thereafter, DNS queries are managed by a CDN dynamic DNS-based request routing mechanism so that such queries are resolved to optimal CDN edge servers. After the event that caused the occurrence has passed, control of the site's DNS may be returned from the CDN back to the origin server's DNS mechanism.

公开(公告)号：US07245718B2

公开(公告)日：2007-07-17

申请号：US10649855

申请日：2003-08-26

申请人： Ravi Sundaram ,  William S. Yerazunis

发明人： Ravi Sundaram ,  William S. Yerazunis

IPC分类号： H04K1/00 ,  H04L9/00 ,  H04L9/28

CPC分类号： H04L9/3218 ,  H04L9/002 ,  H04L9/3013

摘要： A method authenticates di identities in parallel using two prime numbers p and q such that q|p−1. Each identity includes a private key si and a public key vi, and a publicly known generator is α such that αq≡1 (mod p). A verifier is provided with an ordered list of the public keys vi. A prover selects uniformly at random a non-negative number r less than q. A number x=αr (mod p) is sent from the prover to a verifier. The verifier selects uniformly at random a non-negative number e less than 2(t+logd), where log is base 2, and a number t is a predetermined security parameter. The prover receives from the verifier the number e. A number y=r+Σi si*ei (mod q) is generated by the prover, and the number Y is sent to the verifier, who then determines if an equality x=αy*Πi(vi)ei (mod p) is true. The prover is accepted as having the di identities if and only if the equality is true. In a preferred embodiment the communications between the prover and the verifier is via a low-bandwidth optical channel.

摘要翻译： 一种方法使用两个素数p和q并行地验证d i个体的身份，使得q | p-1。 每个身份包括一个私人密钥和一个公共密钥v i i，，，，，（（（≡≡≡≡≡≡≡≡≡≡≡≡≡≡≡≡≡≡≡≡≡≡≡ mod p）。 验证者被提供有公钥的有序列表v 。 证明者随机选择小于q的非负数r。 数字x =α（mod p）从证明者发送到验证者。 验证者随机选择小于2（t + logd）的非负数e，其中log为基数2，数t为预定的安全参数。 证明者从验证者那里收到数字e。 由证明者产生数字y = r +Σi（i mod i）（mod q），并且发送号码Y 到验证者，然后他们确定是否相等x =α （mod p）为真。 当且仅当相等是真的时，证明者被接受为具有d i 身份。 在优选实施例中，证明者和验证者之间的通信是经由低带宽光信道。