-
公开(公告)号:US20080080523A1
公开(公告)日:2008-04-03
申请号:US11861079
申请日:2007-09-25
IPC分类号: H04L12/56
CPC分类号: H04L45/00 , H04L45/22 , H04L45/28 , H04L45/306
摘要: A technique that seeks to direct and re-direct streams of packets through a packet network without adversely affecting the quality of service of existing streams is disclosed. In accordance with the illustrative embodiment of the present invention, streams of packets that are directed and re-directed through a packet network are initially put on probation. During the probation period, a quality-of-service measure for the stream is compared with a threshold whose value is initially high and decreases with time. This has the advantageous affect of noticing problems quickly so that they can be remediated quickly.
摘要翻译: 公开了一种技术,其旨在通过分组网络直接和重新引导分组流,而不会不利地影响现有流的服务质量。 根据本发明的说明性实施例,通过分组网络被引导和重定向的分组流最初被试用。 在试用期间,将流量的服务质量度量与其初始值为高的阈值进行比较,并随时间减少。 这具有快速注意问题的有利影响,可以快速修复。
-
22.发明申请公开(公告)号:US20070073880A1
公开(公告)日:2007-03-29
申请号:US11239494
申请日:2005-09-29
IPC分类号: G06F15/173
CPC分类号: H04L63/0807 , H04L63/102
摘要: A method and an apparatus are disclosed that provide a privilege-granting technique for enabling a service-providing domain to grant a privilege to a requesting user in a service-requesting domain. A request handler in the service-providing domain, which comprises one or more service-associated resources, receives a user request to use a service and requests a token from a privilege-granting server, in accordance with the illustrative embodiment of the present invention. Upon receiving the token that specifies a granted privilege from the privilege-granting server, the request handler extends the privilege to the requesting user. Alternatively, the request handler can request a plurality of tokens in advance from the privilege-granting server; after receiving the tokens, the request handler extends a privilege to each requesting user as the handler receives requests to use one or more services.
摘要翻译: 公开了一种方法和装置,其提供授权授权技术,用于使服务提供域能够向服务请求域中的请求用户授予特权。 根据本发明的说明性实施例,服务提供域中的包括一个或多个服务相关资源的请求处理程序接收使用服务的用户请求并从特权授予服务器请求令牌。 在从授权授权服务器接收到指定授权特权的令牌之后,请求处理程序将权限扩展到请求用户。 或者,请求处理程序可以从特权授予服务器预先请求多个令牌; 在接收到令牌之后,请求处理程序在处理程序接收到使用一个或多个服务的请求时,将权限扩展到每个请求用户。
-
公开(公告)号:US20050281204A1
公开(公告)日:2005-12-22
申请号:US10953024
申请日:2004-09-29
申请人: Mark Karol , P. Krishnan , Juan Li
发明人: Mark Karol , P. Krishnan , Juan Li
摘要: Techniques for performing rapid fault detection and recovery in communication networks are disclosed. For example, in one aspect of the invention, a technique for detecting one or more conditions in a communication network comprises the following steps/operations. One or more keep-alive packets are transmitted from a source node in the communication network to a destination node in the communication network over two or more paths between the source node and the destination node, wherein the two or more paths are at least partially disjoint. Upon receipt of the one or more keep-alive packets at the destination node via the two or more paths, at least one quality measure is computed at the destination node for each of the two or more paths, the at least one quality measure being indicative of one or more conditions in the communication network. While not limited thereto, the invention is particularly well-suited to Internet Protocol (IP) telephony networks, particularly those that provide Voice over IP (VoIP) applications.
摘要翻译: 公开了在通信网络中执行快速故障检测和恢复的技术。 例如,在本发明的一个方面,用于检测通信网络中的一个或多个条件的技术包括以下步骤/操作。 一个或多个保持活动分组从通信网络中的源节点通过源节点和目的地节点之间的两个或多个路径发送到通信网络中的目的地节点,其中两个或更多个路径至少部分地不相交 。 经由两个或多个路径在目的地节点处接收到一个或多个保持活动分组时,在目的地节点处针对两个或更多个路径中的每一个计算至少一个质量度量,所述至少一个质量度量指示 通信网络中的一个或多个条件。 虽然不限于此,本发明特别适用于因特网协议(IP)电话网络,特别是那些提供IP语音(VoIP)应用的电话网络。
-
24.发明申请公开(公告)号:US20050111466A1
公开(公告)日:2005-05-26
申请号:US10721721
申请日:2003-11-25
申请人: Martin Kappes , P. Krishnan
发明人: Martin Kappes , P. Krishnan
IPC分类号: H04L29/06 , H04L12/28 , G06F15/173 , H04M3/16
CPC分类号: H04L63/08 , H04L63/0876 , H04W12/06
摘要: A method and apparatus are provided for authenticating the contents of a device requesting access to a first network, such as an enterprise network. If a device has connected to at least one other network then the content of the device is evaluated prior to obtaining access. The scope of the content evaluation may be based, for example, on properties of the other network or on one or more defined content authentication rules. If a device attempts to access a network, the content of the device is evaluated and the device may be restricted to accessing only one or more restoration services if the content fails to satisfy one or more predefined criteria, such as a content item that is out of date or a determination that the device connected to one or more external networks. The restoration service(s) can update a content item that is out of date, reinstall one or more programs or return configuration settings to default values.
摘要翻译: 提供了一种用于认证请求接入诸如企业网络的第一网络的设备的内容的方法和装置。 如果设备已经连接到至少一个其他网络,则在获得访问之前对设备的内容进行评估。 内容评估的范围可以例如基于另一网络的属性或基于一个或多个定义的内容认证规则。 如果设备尝试访问网络,则评估设备的内容,并且如果内容不能满足一个或多个预定义的标准(例如,出口的内容项目),则设备可能被限制为仅访问一个或多个恢复服务 或确定设备连接到一个或多个外部网络。 恢复服务可以更新过期的内容项目,重新安装一个或多个程序或将配置设置返回到默认值。
-
公开(公告)号:US06606710B2
公开(公告)日:2003-08-12
申请号:US10179460
申请日:2002-06-24
申请人: P. Krishnan , Danny Raz , Binay Sugla
发明人: P. Krishnan , Danny Raz , Binay Sugla
IPC分类号: G06F1130
CPC分类号: H04L63/0227 , H04L63/0263
摘要: A packet data filter which stores ordered rules and sequentially applies the rules to received data packets to determine the disposition of the data packet. The packet filter maintains a match count in memory which indicates the number of times each rule matched an incoming data packet. Periodically, at the initiation of a user, or based on operating parameters of the filter, the rules are automatically re-ordered based on the match count. As a result of the re-ordering, rules with higher match counts are moved earlier in the sequential evaluation order and rules with lower match counts are moved later in the sequential evaluation order. As such, rules which are more likely to match incoming data packets are evaluated earlier, thus avoiding the evaluation of later rules. In order to prevent a re-ordering which would change the overall security policy of the packet filter, pairs of rules are compared to determine if they conflict (i.e., the swapping of the two rules would result in a change in the overall security policy). During re-ordering, the swapping of conflicting rules is prevented.
摘要翻译: 分组数据过滤器,其存储有序规则,并且将规则顺序地应用于接收的数据分组,以确定数据分组的配置。 分组过滤器在内存中保持匹配计数,其指示每个规则与输入数据分组匹配的次数。 定期地,在用户开始时,或者基于过滤器的操作参数,基于匹配计数自动重新排序规则。 作为重新排序的结果,具有较高匹配计数的规则在顺序评估顺序中被更早地移动,并且具有较低匹配计数的规则将在顺序评估顺序中稍后移动。 因此,较早地评估更有可能匹配传入数据分组的规则,从而避免对稍后规则的评估。 为了防止重新排序,这将改变分组过滤器的整体安全策略,将比较对规则来确定它们是否冲突(即,两个规则的交换将导致总体安全策略的改变) 。 在重新订购期间,阻止了冲突规则的交换。
-
公开(公告)号:US5485609A
公开(公告)日:1996-01-16
申请号:US246600
申请日:1994-05-20
CPC分类号: G06F12/0862 , G06F12/0866 , G06F2212/6024 , G06F2212/6026 , Y10S707/99942
摘要: Online prediction techniques based on data compression principles are employed to make predictions in restricted memory environments. Predictors have data structures in the form of trees that are paged and maintained in a cache on a least recently used replacement basis. A fast sequence of events strategy increments the counts for events at the current node of the predictor.
摘要翻译: 采用基于数据压缩原理的在线预测技术在受限内存环境中进行预测。 预测器具有树形式的数据结构,该数据结构在最近最少使用的替换基础上在缓存中分页和维护。 快速的事件序列策略会增加预测器当前节点上事件的计数。
-
27.发明授权公开(公告)号:US07752320B2
公开(公告)日:2010-07-06
申请号:US10721721
申请日:2003-11-25
申请人: Martin Kappes , P. Krishnan
发明人: Martin Kappes , P. Krishnan
IPC分类号: G06F15/16
CPC分类号: H04L63/08 , H04L63/0876 , H04W12/06
摘要: A method and apparatus are provided for authenticating the contents of a device requesting access to a first network, such as an enterprise network. If a device has connected to at least one other network then the content of the device is evaluated prior to obtaining access. The scope of the content evaluation may be based, for example, on properties of the other network or on one or more defined content authentication rules. If a device attempts to access a network, the content of the device is evaluated and the device may be restricted to accessing only one or more restoration services if the content fails to satisfy one or more predefined criteria, such as a content item that is out of date or a determination that the device connected to one or more external networks. The restoration service(s) can update a content item that is out of date, reinstall one or more programs or return configuration settings to default values.
摘要翻译: 提供了一种用于认证请求接入诸如企业网络的第一网络的设备的内容的方法和装置。 如果设备已经连接到至少一个其他网络,则在获得访问之前对设备的内容进行评估。 内容评估的范围可以例如基于另一网络的属性或基于一个或多个定义的内容认证规则。 如果设备尝试访问网络,则评估设备的内容,并且如果内容不能满足一个或多个预定义的标准(例如,出口的内容项目),则设备可能被限制为仅访问一个或多个恢复服务 或确定设备连接到一个或多个外部网络。 恢复服务可以更新过期的内容项目,重新安装一个或多个程序或将配置设置返回到默认值。
-
28.发明申请Detection and Handling of Lost Messages During Load-Balancing Routing Protocols 有权负载均衡路由协议中丢失的消息的检测和处理公开(公告)号:US20080117823A1
公开(公告)日:2008-05-22
申请号:US11937909
申请日:2007-11-09
IPC分类号: H04L12/24
CPC分类号: H04L43/0829 , H04L45/36
摘要: Methods that enable the detection and handling of lost messages during load-balancing routing protocols are disclosed. In accordance with the illustrative embodiment, when a candidate intermediate node N receives a routing-protocol message, node N performs: (1) a first procedure that is capable of detecting some lost routing-protocol messages that were previously transmitted by node N, and (2) a second procedure that is capable of detecting some lost routing-protocol messages that were previously transmitted by a neighbor of node N.
摘要翻译: 公开了在负载平衡路由协议期间能够检测和处理丢失的消息的方法。 根据说明性实施例,当候选中间节点N接收到路由协议消息时,节点N执行以下步骤:(1)能够检测先前由节点N发送的一些丢失的路由协议消息的第一过程,以及 (2)能够检测先前由节点N的邻居发送的丢失的路由协议消息的第二过程。
-
29.发明申请公开(公告)号:US20070081460A1
公开(公告)日:2007-04-12
申请号:US11329933
申请日:2006-01-11
IPC分类号: H04L12/26
摘要: A technique is disclosed that evaluates a network path between (i) a first node in a first subnetwork of endpoint nodes, such as IP phones, and (ii) a second node in a second subnetwork. A “ricochet” node in the network path evaluates the path by probing one or both subnetworks, where the ricochet node acts as relay for traffic packets being transmitted between the two subnetworks. A given relay has only to probe a single, representative node within a subnetwork at any given time in order to obtain performance data that is representative of the subnetwork overall. By probing the representative node, the relay is able to acquire an assessment of network conditions that is valid for the path between the relay and any endpoint in the subnetwork. As a result, the disclosed technique reduces the probing overhead when many endpoint nodes on a given subnetwork are simultaneously active and experiencing adverse network conditions.
摘要翻译: 公开了一种技术,其评估(i)端点节点的第一子网络中的第一节点(例如IP电话)和(ii)第二子网络中的第二节点之间的网络路径。 网络路径中的“弹射”节点通过探测一个或两个子网络来评估路径,其中弹性节点用作在两个子网络之间传输的业务分组的中继。 给定的中继只能在任何给定的时间探测子网内的单个代表性节点,以获得代表子网的性能数据。 通过探测代表节点,中继器能够获取对于继电器和子网中的任何端点之间的路径有效的网络条件的评估。 因此,所公开的技术减少了给定子网上的许多端点节点同时处于活动状态并且经历不利的网络条件时的探测开销。
-
30.发明授权System and method to improve the resiliency and performance of enterprise networks by utilizing in-built network redundancy 有权通过利用内置网络冗余来提高企业网络的弹性和性能的系统和方法公开(公告)号:US07188189B2
公开(公告)日:2007-03-06
申请号:US10406096
申请日:2003-04-02
申请人: Mark J. Karol , P. Krishnan , Juan Jenny Li
发明人: Mark J. Karol , P. Krishnan , Juan Jenny Li
IPC分类号: G06F15/16
CPC分类号: H04L63/0227 , H04L1/08 , H04L1/22 , H04L63/18
摘要: The present invention is a system and method to improve the reliability and performance of existing enterprise IP networks which have dual-homed (or multi-homed) network architectures. In one aspect of the invention packets related to a selected category of transmission (e.g., VoIP) are duplicated at an edge router and sent over both (multiple) service providers. After traversing the service provider networks, only the first-to-arrive packets are kept and the later-arriving copies are discarded. In so doing, the result is better protection against node failures, link failures, and packet errors, and also better QoS performance under normal (fault-free) operation.
摘要翻译: 本发明是提高具有双归(或多归属)网络架构的现有企业IP网络的可靠性和性能的系统和方法。 在本发明的一个方面,与所选择的传输类别(例如,VoIP)相关的分组在边缘路由器上复制并通过两个(多个)服务提供商发送。 在遍历服务提供商网络之后,仅保留首先到达的分组,并且丢弃稍晚的副本。 通过这样做,可以更好地保护节点故障,链路故障和数据包错误,以及在正常(无故障)操作下更好的QoS性能。
-
-
-
-
-
-
-
-
-
搜索结果
34 条记录 (耗时 0.028 秒)
