公开(公告)号：US08244876B2

公开(公告)日：2012-08-14

申请号：US11601394

申请日：2006-11-17

申请人： Patrick N. Sollee

发明人： Patrick N. Sollee

IPC分类号： G06F15/16

CPC分类号： H04L63/0227 ,  H04L29/06 ,  H04L29/06027 ,  H04L29/12009 ,  H04L29/12377 ,  H04L29/12433 ,  H04L29/12462 ,  H04L29/12471 ,  H04L29/125 ,  H04L29/12537 ,  H04L61/2517 ,  H04L61/2539 ,  H04L61/255 ,  H04L61/2553 ,  H04L61/2564 ,  H04L61/2578 ,  H04L63/0236 ,  H04L63/0254 ,  H04L63/029 ,  H04L63/1458 ,  H04L65/1006 ,  H04L65/1043 ,  H04L65/1069 ,  H04L65/608 ,  H04M7/006 ,  H04M7/0078

摘要： A method and apparatus is provided to allow telephony or other types of media communications and services to be provided for a device (24) having a private network address that resides behind a firewall and network address and port translation (NAPT) module (which is not aware of the underlying protocol for the communications and services). Examples of the underlying protocol includes the Session Initiation Protocol (SIP) and Real-Time Protocol (RTP). A path through the firewall and NAPT module is defined by use of keep-alive messages communicated through the firewall and NAPT module. Addresses that are allocated by the firewall and NAPT module are associated with the device (24) for both signaling and media communications. A feature of the firewall that enables the provision of telephony and media communications through the firewall that is protocol-unaware is that the firewall allows responses to messages initiated by the device back through the firewall.

摘要翻译： 提供了一种方法和装置，用于为具有位于防火墙后面的专用网络地址的设备（24）提供电话或其他类型的媒体通信和服务，并且网络地址和端口转换（NAPT）模块（不是 意识到通信和服务的基础协议）。 基础协议的示例包括会话发起协议（SIP）和实时协议（RTP）。 通过防火墙和NAPT模块的路径通过使用通过防火墙和NAPT模块传递的保持活动消息来定义。 由防火墙和NAPT模块分配的地址与用于信令和媒体通信的设备（24）相关联。 防火墙的一个功能是通过协议不知道的防火墙提供电话和媒体通信，即防火墙允许通过防火墙回传设备发起的消息。

公开(公告)号：US20120117376A1

公开(公告)日：2012-05-10

申请号：US12814624

申请日：2010-06-14

申请人： Russell Andrew FINK ,  Edward A. BUBNIS, JR. ,  Thomas E. KELLER

发明人： Russell Andrew FINK ,  Edward A. BUBNIS, JR. ,  Thomas E. KELLER

IPC分类号： H04L29/06

CPC分类号： H04L29/12433 ,  H04L61/2539 ,  H04L63/0407 ,  H04L63/1466 ,  H04L69/22

摘要： Methods, apparatus, system and computer program are provided for concealing the identity of a network device transmitting a datagram having a network layer header. A unique local identifier and broadcast address are determined in accordance with a next-hop address. A partially encrypted network layer header is determined by encrypting a plurality of identifying portions of the network layer header, where one portion of the network layer header is the unique local identifier. The datagram is encapsulated with another network layer header whose address is set to the broadcast address. The encapsulated datagram can be received and detunneled, and an address of a recipient can be extracted from the network layer header. The datagram is then admitted into a network domain.

摘要翻译： 提供了用于隐藏发送具有网络层报头的数据报的网络设备的身份的方法，装置，系统和计算机程序。 根据下一跳地址确定唯一的本地标识符和广播地址。 通过加密网络层报头的多个识别部分来确定部分加密的网络层报头，其中网络层报头的一部分是唯一的本地标识符。 数据报封装了另一个网络层头，其地址设置为广播地址。 封装的数据报可以被接收和解除连接，并且可以从网络层报头提取接收者的地址。 数据报然后被允许进入网络域。

公开(公告)号：US08108553B2

公开(公告)日：2012-01-31

申请号：US11788581

申请日：2007-04-20

申请人： Patrick N. Sollee

发明人： Patrick N. Sollee

IPC分类号： G06F15/16

CPC分类号： H04L63/0227 ,  H04L29/06 ,  H04L29/06027 ,  H04L29/12009 ,  H04L29/12377 ,  H04L29/12433 ,  H04L29/12462 ,  H04L29/12471 ,  H04L29/125 ,  H04L29/12537 ,  H04L61/2517 ,  H04L61/2539 ,  H04L61/255 ,  H04L61/2553 ,  H04L61/2564 ,  H04L61/2578 ,  H04L63/0236 ,  H04L63/0254 ,  H04L63/029 ,  H04L63/1458 ,  H04L65/1006 ,  H04L65/1043 ,  H04L65/1069 ,  H04L65/608 ,  H04M7/006 ,  H04M7/0078

摘要： A method and apparatus is provided to allow telephony or other types of media communications and services to be provided for a device having a private network address that resides behind a firewall and network address and port translation (NAPT) module (which is not aware of the underlying protocol for the communications and services). Examples of the underlying protocol includes the Session Initiation Protocol (SIP) and Real-Time Protocol (RTP). A path through the firewall and NAPT module is defined by use of keep-alive messages communicated through the firewall and network address translator. Addresses that are allocated by the firewall and NATP module are associated with the device for both signaling and media communications. A feature of the firewall that enables the provision of telephony and media communications through the firewall that is protocol-unaware is that the firewall allows responses to messages initiated by the device back through the firewall.

摘要翻译： 提供了一种方法和装置，用于为具有位于防火墙后面的专用网络地址的设备提供电话或其他类型的媒体通信和服务，并且网络地址和端口转换（NAPT）模块（其不知道 通信和服务的基础协议）。 基础协议的示例包括会话发起协议（SIP）和实时协议（RTP）。 通过防火墙和NAPT模块的路径通过使用通过防火墙和网络地址转换器传送的保持活动消息来定义。 由防火墙和NATP模块分配的地址与用于信令和媒体通信的设备相关联。 防火墙的一个功能是通过协议不知道的防火墙提供电话和媒体通信，防火墙允许通过防火墙回传设备发起的消息。

公开(公告)号：US20110307693A1

公开(公告)日：2011-12-15

申请号：US13155039

申请日：2011-06-07

申请人： Edmund Colby Munger ,  Vincent J. Sabio ,  Robert Dunham Short, III ,  Virgil D. Gligor ,  Douglas Charles Schmidt

发明人： Edmund Colby Munger ,  Vincent J. Sabio ,  Robert Dunham Short, III ,  Virgil D. Gligor ,  Douglas Charles Schmidt

IPC分类号： H04L9/14

CPC分类号： H04L61/2539 ,  H04L9/065 ,  H04L29/12216 ,  H04L29/12301 ,  H04L29/1232 ,  H04L29/12801 ,  H04L45/20 ,  H04L45/24 ,  H04L61/2007 ,  H04L61/2076 ,  H04L61/2092 ,  H04L61/30 ,  H04L61/6004 ,  H04L63/0272 ,  H04L63/04 ,  H04L63/0407 ,  H04L63/0421 ,  H04L63/0428 ,  H04L63/0435 ,  H04L63/1441 ,  H04L63/1491 ,  H04L69/14 ,  H04M3/42008

摘要： A plurality of computer nodes communicates using seemingly random IP source and destination addresses and (optionally) a seemingly random discriminator field. Data packets matching criteria defined by a moving window of valid addresses are accepted for further processing, while those that do not meet the criteria are rejected. In addition to “hopping” of IP addresses and discriminator fields, hardware addresses such as Media Access Control addresses can be hopped. The hopped addresses are generated by random number generators having non-repeating sequence lengths that are easily determined a-priori, which can quickly jump ahead in sequence by an arbitrary number of random steps and which have the property that future random numbers are difficult to guess without knowing the random number generator's parameters. Synchronization techniques can be used to re-establish synchronization between sending and receiving nodes.

摘要翻译： 多个计算机节点使用看似随意的IP源和目的地址和（可选地）看似随机的鉴别符字段进行通信。 由有效地址的移动窗口定义的数据包匹配条件被接受进一步处理，而不符合标准的数据包将被拒绝。 除了IP地址和鉴别字段的“跳”之外，还可以跳过媒体访问控制地址等硬件地址。 跳跃地址由具有非重复序列长度的随机数生成器产生，其可以先前容易地确定，其可以通过任意数量的随机步骤快速地向前跳跃，并且具有将来随机数难以猜测的性质 不知道随机数生成器的参数。 同步技术可用于重新建立发送和接收节点之间的同步。

公开(公告)号：US20110282904A1

公开(公告)日：2011-11-17

申请号：US13192410

申请日：2011-07-27

申请人： Richard E. Schaedler ,  Robert L. Wallace ,  Aziz A. Tejani ,  Thomas L. Bonds, JR. ,  Peter J. Marsico

发明人： Richard E. Schaedler ,  Robert L. Wallace ,  Aziz A. Tejani ,  Thomas L. Bonds, JR. ,  Peter J. Marsico

IPC分类号： G06F17/30

CPC分类号： H04L51/043 ,  H04L29/06 ,  H04L29/12009 ,  H04L29/12169 ,  H04L29/12188 ,  H04L29/12433 ,  H04L41/00 ,  H04L61/1523 ,  H04L61/1576 ,  H04L61/1588 ,  H04L61/2539 ,  H04L65/1016 ,  H04L67/306 ,  H04L69/18 ,  H04W8/04 ,  H04W8/06 ,  H04W8/12 ,  H04W8/18 ,  H04W8/20 ,  H04W60/00 ,  H04W64/00 ,  H04W80/00 ,  H04W80/10

摘要： Methods, systems, and computer program products for clustering and communicating between Internet protocol multimedia subsystem (IMS) entities and for supporting database access in an IMS network environment. According to one aspect, an IMS cluster node includes a serving call state control function (S-CSCF) for controlling media sessions between IMS users. The cluster node further includes a home subscriber service (HSS) function for storing and providing IMS subscription information to the S-CSCF function. A shared memory is operatively associated with the S-CSCF function and the HSS function. The S-CSCF function obtains IMS subscription information from the HSS function via the shared memory.

摘要翻译： 用于在互联网协议多媒体子系统（IMS）实体之间聚类和通信的方法，系统和计算机程序产品，并用于在IMS网络环境中支持数据库访问。 根据一个方面，IMS群集节点包括用于控制IMS用户之间的媒体会话的服务呼叫状态控制功能（S-CSCF）。 集群节点还包括用于向S-CSCF功能存储和提供IMS订阅信息的归属用户服务（HSS）功能。 共享存储器与S-CSCF功能和HSS功能可操作地相关联。 S-CSCF功能经由共享存储器从HSS功能获取IMS订阅信息。

公开(公告)号：US20110255423A1

公开(公告)日：2011-10-20

申请号：US12760268

申请日：2010-04-14

申请人： Jay Gustin

发明人： Jay Gustin

IPC分类号： H04L12/26

CPC分类号： H04L41/12 ,  H04L29/12028 ,  H04L29/12433 ,  H04L29/1282 ,  H04L41/046 ,  H04L41/06 ,  H04L61/103 ,  H04L61/2539 ,  H04L61/6013

摘要： A method for detecting a proxy Address Resolution Protocol (ARP) agent in a network including at least a first machine with an IP address in a range of a first subnet, and at least one embedded controller with an IP address in a range of a second subnet. A router is also provided, wherein the second subnet is not contactable through the router provided its proxy ARP is disabled. The first machine and second machine each have static routes for inter-subnet communications. A test IP address is identified by the first machine. A test Media Access Control (MAC) address corresponding to the test IP address is then obtained. The test MAC address is compared to a range of MAC addresses for the embedded controller. An alarm is generated at the first machine if the test MAC address is outside the range of MAC addresses that can prompt actions to remove the proxy ARP condition.

摘要翻译： 一种用于检测网络中的代理地址解析协议（ARP）代理的方法，所述代理地址解析协议（ARP）代理包括至少第一机器，其具有在第一子网的范围内的IP地址，以及至少一个嵌入式控制器，其IP地址在一秒的范围内 子网 还提供路由器，其中如果其代理ARP被禁用，则第二子网不能通过路由器接触。 第一台机器和第二台机器都具有用于子网间通信的静态路由。 测试IP地址由第一台机器识别。 然后获得与测试IP地址对应的测试媒体访问控制（MAC）地址。 将测试MAC地址与嵌入式控制器的MAC地址范围进行比较。 如果测试MAC地址超出可以提示删除代理ARP条件的操作的MAC地址范围，则在第一台机器上生成警报。

公开(公告)号：US07984169B2

公开(公告)日：2011-07-19

申请号：US11427313

申请日：2006-06-28

申请人： Bradly A. Brunell ,  Susan T. Dumais ,  Joshua T. Goodman ,  Eric J. Horvitz ,  Gary Flake ,  Anoop Gupta ,  Christopher A. Meek ,  Ramez Naam ,  Kyle Peltonen

发明人： Bradly A. Brunell ,  Susan T. Dumais ,  Joshua T. Goodman ,  Eric J. Horvitz ,  Gary Flake ,  Anoop Gupta ,  Christopher A. Meek ,  Ramez Naam ,  Kyle Peltonen

IPC分类号： G06F15/16

CPC分类号： H04L63/0407 ,  G06F21/6254 ,  G06F21/6263 ,  H04L29/12433 ,  H04L61/2539 ,  H04L63/0414 ,  H04L63/164

摘要： The subject disclosure pertains to anonymous network interaction. More specifically, mechanisms are provided to ensure anonymity with respect network interaction such that third parties are unable to determine the source and/or intent of communications. Accordingly, entities can anonymize all outgoing and/or incoming data packets so as to mitigate outside entities from learning about information being sought and/or provided. For example, a user or corporation can employ an anonymizer with respect to web searching so that outside entities are not able to determine what information is attempted to be accessed and by whom.

摘要翻译： 主题公开涉及匿名网络交互。 更具体地，提供机制以确保与网络交互相关的匿名性，使得第三方不能确定通信的源和/或意图。 因此，实体可以对所有输出和/或输入数据分组进行匿名化，以便减轻外部实体不需要寻求和/或提供的信息。 例如，用户或公司可以使用关于网页搜索的匿名器，使得外部实体不能确定尝试访问哪些信息以及由谁访问。

公开(公告)号：US07941548B2

公开(公告)日：2011-05-10

申请号：US12397455

申请日：2009-03-04

申请人： Robert W. Tashjian ,  Sumit Vakil ,  Jing Wang

发明人： Robert W. Tashjian ,  Sumit Vakil ,  Jing Wang

IPC分类号： G06F15/173

CPC分类号： H04L63/0272 ,  H04L12/4641 ,  H04L29/12433 ,  H04L61/2015 ,  H04L61/2539 ,  H04W88/08

摘要： Methods, apparatuses and systems directed to preventing unauthorized access to internal network addresses transmitted across wireless networks. According to the invention, mobile stations are assigned virtual client network addresses that are used as the outer network addresses in a Virtual Private Network (VPN) infrastructure, as well as unique internal network addresses used as the inner network addresses. In one implementation, the virtual client network addresses have little to no relation to the internal network addressing scheme implemented on the network domain. In one implementation, all clients or mobile stations are assigned the same virtual client network address. A translation layer, in one implementation, intermediates the VPN session between the mobile stations and a VPN server to translate the virtual client network addresses to the internal network addresses based on the medium access control (MAC) address corresponding to the mobile stations. In this manner, the encryption inherent in the VPN infrastructure prevents access to the internal network addresses assigned to the mobile stations.

摘要翻译： 旨在防止未经授权访问通过无线网络传输的内部网络地址的方法，设备和系统。 根据本发明，移动站被分配用作虚拟专用网（VPN）基础设施中的外部网络地址的虚拟客户端网络地址以及用作内部网络地址的唯一内部网络地址。 在一个实现中，虚拟客户端网络地址与在网络域上实现的内部网络寻址方案几乎没有关系。 在一个实现中，所有客户端或移动站被分配相同的虚拟客户端网络地址。 翻译层，在一个实现中，中间移动站和VPN服务器之间的VPN会话，以基于与移动站对应的媒体访问控制（MAC）地址将虚拟客户端网络地址转换为内部网络地址。 以这种方式，VPN基础设施固有的加密防止访问分配给移动台的内部网络地址。

公开(公告)号：US07933280B2

公开(公告)日：2011-04-26

申请号：US12181812

申请日：2008-07-29

申请人： Nami Nagata

发明人： Nami Nagata

IPC分类号： H04L12/28 ,  H04W4/00

CPC分类号： H04L12/4641 ,  H04L29/12367 ,  H04L29/12433 ,  H04L61/2514 ,  H04L61/2539 ,  H04L63/0272 ,  H04W12/02

摘要： A wireless communication system downloads information from a file server using multiple wireless communication paths. When a destination requests data from a file server through a wireless terminal, the wireless terminal generates an address translation rule that includes source, translation and destination addresses used to route the data from the file server to the destination through a virtual network server. The address translation rule is sent to at least one other wireless terminal, so that retrieved data packets can be routed through both wireless terminals simultaneously. A packet retrieved from the file server is sent to the virtual network server, where the packet is encapsulated into multiple packets and assigned virtual addresses. The encapsulated packets are sent to the multiple wireless terminals, and are sent from those terminals to the destination using the address translation rule, where the packets are decapsulated to reproduce the originally sent packet.

摘要翻译： 无线通信系统使用多个无线通信路径从文件服务器下载信息。 当目的地通过无线终端从文件服务器请求数据时，无线终端生成包括用于通过虚拟网络服务器将数据从文件服务器路由到目的地的源，转换和目的地地址的地址转换规则。 地址转换规则被发送到至少一个其他无线终端，使得所检索的数据分组可以同时通过两个无线终端路由。 从文件服务器检索的数据包被发送到虚拟网络服务器，其中数据包被封装成多个数据包并分配虚拟地址。 封装的分组被发送到多个无线终端，并且使用地址转换规则从这些终端发送到目的地，其中分组被解封装以再现原始发送的分组。

公开(公告)号：US20100296435A1

公开(公告)日：2010-11-25

申请号：US12864055

申请日：2009-02-02

申请人： Takao Takenouchi ,  Naoko Ito

发明人： Takao Takenouchi ,  Naoko Ito

IPC分类号： H04J3/08

CPC分类号： H04W88/04 ,  H04L29/12433 ,  H04L61/2539 ,  H04L63/0407 ,  H04L63/105

摘要： In order to perform communication while configuring a disclosure level on an attribute of a user to be disclosed to a communication destination to a designated disclosure level, there is provided a communication relaying device selecting means (2) that selects, among a plurality of communication relaying devices (401-403) capable of relaying communication to a communication destination terminal (501), a communication relaying device corresponding to a disclosure level designated as the disclosure level on the attribute of the user from among disclosure levels in multiple steps. There is provided a communication means (4) that communicates to the communication destination terminal (501) through the communication relaying device selected by the communication relaying device selecting means (2).

摘要翻译： 为了在将要公开的用户的属性的公开级别配置到指定的公开级别的同时进行通信，提供了一种通信中继设备选择装置（2），其在多个通信中继 能够将通信中继到通信目的地终端（501）的设备（401-403），对应于在多个步骤中的公开级别中指定为用户的属性的公开级别的公开级别的通信中继设备。 提供了通过通信中继装置选择装置（2）选择的通信中继装置与通信目的地终端（501）通信的通信装置（4）。