公开(公告)号：US07987507B2

公开(公告)日：2011-07-26

申请号：US12489500

申请日：2009-06-23

申请人： Joel Balissat ,  Claude Galand ,  Jean-Francois Le Pennec ,  Jean-Marie Sommerlatt

发明人： Joel Balissat ,  Claude Galand ,  Jean-Francois Le Pennec ,  Jean-Marie Sommerlatt

IPC分类号： G06F15/16

CPC分类号： H04L63/0272 ,  H04L63/065 ,  H04L63/08 ,  H04L63/164

摘要： A method and system for implementing secure communications between a plurality of devices are provided. The method and system generally include the provision of at least one common encryption parameter to each of the plurality of devices, as well as an identification of the plurality of devices to one another. This information can be maintained and shared by interaction of the plurality of devices with a designated server device. In this way, a secure, point-to-point connection between at least two of the plurality of devices can be established.

摘要翻译： 提供了用于实现多个设备之间的安全通信的方法和系统。 该方法和系统通常包括向多个设备中的每一个提供至少一个公共加密参数，以及将多个设备彼此的标识。 可以通过多个设备与指定的服务器设备的交互来维护和共享该信息。 以这种方式，可以建立多个设备中的至少两个之间的安全的点对点连接。

公开(公告)号：US07558269B2

公开(公告)日：2009-07-07

申请号：US10638898

申请日：2003-08-11

申请人： Jean-François Le Pennec ,  Claude Galand ,  Didier F. Giroir

发明人： Jean-François Le Pennec ,  Claude Galand ,  Didier F. Giroir

IPC分类号： H04L12/28

CPC分类号： H04L47/2416 ,  H04L47/10 ,  H04L47/2408 ,  H04L47/245

摘要： Method for transmitting high-priority packets in an IP transmission network based upon the Internet Protocol (IP) wherein low-priority packets or fragments of packets are transmitted between a sender and a receiver and at least a high-priority packet can be transmitted from the sender to the receiver by pre-emption of a low-priority packet or a fragment of packet. the method comprises in the sender, the steps of determining whether a low-priority packet or fragment of packet is being transmitted from the sender to the receiver when a high-priority packet has to be transmitted, setting to 1 a reserved bit within the IP header of the high-priority packet used as a pre-emption indicator if a low-priority packet or fragment of packet is currently transmitted, transmitting the high-priority packet with the pre-emption indicator set to 1 from the sender to the receiver, and resuming the transmission of the low-priority packet or fragment of packet at the end of transmission of the high-priority packet.

摘要翻译： 基于互联网协议（IP）在IP传输网络中发送高优先级分组的方法，其中低优先级分组或分组在发送方和接收方之间传送，并且至少高优先级分组可以从 发送方通过优先级低优先级的数据包或数据包的片段来发送给接收方。 所述方法包括在发送方中，当高优先级分组必须被发送时，确定低优先级分组或分组是否正在从发送方发送到接收方，将该IP优先级设置为1 如果当前正在发送低优先级分组或分组片段，则用作优先级指示符的高优先级分组的报头，将优先级分组以从发送方设置为1的优先级分组发送到接收方， 并且在高优先级分组的传输结束时恢复低优先级分组或分组分段的传输。

公开(公告)号：US20080192930A1

公开(公告)日：2008-08-14

申请号：US12105756

申请日：2008-04-18

申请人： Joel Balissat ,  Claude Galand ,  Jean-Francois Le Pennec ,  Jean-Marie Sommerlatt

发明人： Joel Balissat ,  Claude Galand ,  Jean-Francois Le Pennec ,  Jean-Marie Sommerlatt

IPC分类号： H04L9/14

CPC分类号： H04L63/0209 ,  H04L63/0272 ,  H04L63/0435 ,  H04L63/0464

摘要： A method and system for implementing secure network communications between a first device and a second device, at least one of the devices communicating with the other device via a firewall device, are provided. The method and system may include obtaining an encryption parameter that is shared by the first device, second device and firewall device. A data packet sent by the first device may then be copied within the firewall device, so that decryption of the copy of the data packet within a portion of the firewall device may take place. In particular, the portion of the firewall device in which decryption takes place is defined such that contents of the portion are inaccessible to an operator of the firewall device. Thus. scanning of the decrypted copy of the data packet for compliance with a predetermined criterion may take place within the firewall device, without an operator of the firewall device having access to the contents of the data packet to be transmitted. Thereafter, the original data packet can be forwarded to its originally intended recipient.

摘要翻译： 提供了一种用于在第一设备和第二设备之间实现安全网络通信的方法和系统，至少一个设备经由防火墙设备与另一设备通信。 该方法和系统可以包括获得由第一设备，第二设备和防火墙设备共享的加密参数。 然后可以在防火墙设备内复制由第一设备发送的数据分组，从而可以在防火墙设备的一部分内对数据分组的副本进行解密。 特别地，定义防火墙设备中发生解密的部分，使得该部分的内容对于防火墙设备的操作者是不可访问的。 从而。 扫描数据包的解密副本以符合预定标准可以在防火墙设备内进行，而防火墙设备的操作者可以访问要发送的数据包的内容。 此后，可以将原始数据分组转发到其原始的接收者。

公开(公告)号：US07400635B2

公开(公告)日：2008-07-15

申请号：US11030298

申请日：2005-01-07

申请人： Aline Fichou ,  Claude Galand ,  Jacques Fieschi ,  Jean-Francoise Le Pennec

发明人： Aline Fichou ,  Claude Galand ,  Jacques Fieschi ,  Jean-Francoise Le Pennec

IPC分类号： H04L12/28 ,  H04L12/56

CPC分类号： H04L29/06 ,  H04L12/4604 ,  H04L69/08 ,  H04L69/16 ,  H04L69/22 ,  H04L2212/00

摘要： A method and system of transmitting data frames from a sending unit (10) to a receiving unit (12) in a data transmission network comprising at least a backbone (14) wherein the data are transmitted over high speed links enabling long Maximum Transmission Units (MTU) between an ingress node (18) connected to the sending unit by a first access link (16) and an egress node (22) connected to the receiving node by a second access link (20), with at least one of the first and second access links being a low speed access link requiring the data frames to be segmented into short MTUs between the sending unit and the ingress node and between the egress node and the receiving unit. A plurality of consecutive segmented data frames (28) belonging to the same flow of data transmitted from the sending unit to the ingress node are assembled by the ingress node into an assembled data frame (30) corresponding to the long MTU, the assembled data frame is transmitted over the backbone from the ingress node to the egress node at a high speed authorized by the backbone links, and the assembled data frame is de-assembled into consecutive segmented data frames (32) corresponding to the short MTUs by the egress node before being transmitted to the receiving unit.

摘要翻译： 一种将数据帧从发送单元（10）发送到至少包括主干（14）的数据传输网络中的接收单元（12）的方法和系统，其中所述数据通过高速链路传输，从而能够实现长的最大传输单元 在由第一接入链路（16）连接到发送单元的入口节点（18）和通过第二接入链路（20）连接到接收节点的出口节点（22）之间的MTU中，至少一个第一接入链路 并且第二接入链路是低速接入链路，需要将数据帧分段成发送单元和入节点之间以及出口节点与接收单元之间的短MTU。 属于从发送单元向入口节点发送的相同数据流的多个连续分段数据帧（28）由入口节点组装成对应于长MTU的组合数据帧（30），组合数据帧 以骨干链路授权的高速通过骨干网从入口节点传送到出口节点，组装好的数据帧在出口节点之前被去组装成与出口节点对应的短MTU的连续分段数据帧（32） 被发送到接收单元。

公开(公告)号：US06961318B2

公开(公告)日：2005-11-01

申请号：US09850862

申请日：2001-05-08

申请人： Aline Fichou ,  Jacques Fieschi ,  Claude Galand ,  Jean-Francois Le Pennec

发明人： Aline Fichou ,  Jacques Fieschi ,  Claude Galand ,  Jean-Francois Le Pennec

IPC分类号： H04L12/46 ,  H04L12/54 ,  H04L12/851 ,  H04L12/911 ,  H04L12/913 ,  H04L12/927 ,  H04J3/16 ,  H04L12/28

CPC分类号： H04L47/822 ,  H04L12/4604 ,  H04L47/2408 ,  H04L47/70 ,  H04L47/724 ,  H04L47/745 ,  H04L47/748 ,  H04L47/781 ,  H04L47/783 ,  H04L47/805 ,  H04L47/808

摘要： Data transmission system for transmitting packets of data from a source workstation (10) to a destination workstation (40) wherein the packets of data are transmitted over at least a first IP network (14) and a second IP network (30) between an ingress node (20) connected to the source workstation in the first network and an egress node (38) connected to the destination workstation in the second network. The system comprises a local reservation server (26) in the first network accessible by the source workstation and a remote reservation server (42) in the second network accessible by the local reservation server. The local reservation server includes connection setup means for setting up a virtual connection meeting a predefined requirement of Quality of Service from the ingress node to the egress node in response to a request from the source workstation and bandwidth request means for requesting additional bandwidth in the second network to the remote reservation server.

摘要翻译： 用于从源工作站（10）向目的地工作站（40）发送数据分组的数据传输系统，其中通过至少第一IP网络（14）和第二IP网络（30）在入口之间传输数据分组 连接到第一网络中的源工作站的节点（20）和连接到第二网络中的目的地工作站的出口节点（38）。 该系统包括可由源工作站访问的第一网络中的本地预约服务器（26）和由本地预约服务器可访问的第二网络中的远程预订服务器（42）。 本地预约服务器包括连接建立装置，用于响应来自源工作站的请求和带宽请求装置在第二个请求中请求附加带宽，建立满足来自入口节点到出口节点的预定服务质量要求的虚拟连接 网络到远程预留服务器。

公开(公告)号：US06950424B2

公开(公告)日：2005-09-27

申请号：US09901441

申请日：2001-07-09

申请人： Claude Galand ,  Jean-Francois Le Pennec

发明人： Claude Galand ,  Jean-Francois Le Pennec

IPC分类号： H04L12/715 ,  H04L12/751 ,  H04L12/28

CPC分类号： H04L45/02 ,  H04L45/04 ,  H04L45/46

摘要： Data communication system of the type wherein a plurality of contiguous transmission networks constitute an Autonomous System (AS) using the Open Shortest Path First (OSPF) protocol for the exchange of information. The system is divided into several areas including an area 0 or backbone responsible for distributing routing information between the other areas. The backbone is divided into two sub-areas and comprises at least a pair of adjacent splitting routers. The first splitting router is included in one sub-area and the second splitting router is included in the other sub-area. The topological data base of each splitting router is configured to define a high metric for the link between the splitting routers in order to prevent any type of data traffic other than link-state messages (LSA) from being transmitted between the splitting routers.

摘要翻译： 数据通信系统，其中多个连续的传输网络使用开放最短路径优先（OSPF）协议构成自治系统（AS）来进行信息交换。 该系统分为几个区域，包括负责在其他区域之间分配路由信息的区域0或骨干网。 主干被分成两个子区域，并且包括至少一对相邻的分离路由器。 第一分裂路由器被包括在一个子区域中，并且第二分裂路由器被包括在另一个子区域中。 每个分裂路由器的拓扑数据库被配置为为分裂路由器之间的链路定义高度量，以便防止在分离路由器之间传输除链路状态消息（LSA）之外的任何类型的数据流量。

公开(公告)号：US06934249B1

公开(公告)日：2005-08-23

申请号：US10158624

申请日：2002-05-30

申请人： Olivier Bertin ,  Gerard Brun ,  Claude Galand ,  Olivier Maurel ,  Laurent Nicolas

发明人： Olivier Bertin ,  Gerard Brun ,  Claude Galand ,  Olivier Maurel ,  Laurent Nicolas

IPC分类号： H04L12/56

CPC分类号： H04L45/00 ,  H04L45/10 ,  H04L47/12 ,  H04L47/15 ,  H04L47/70 ,  H04L47/724 ,  H04L47/746 ,  H04L47/801 ,  H04L47/822 ,  H04L47/829

摘要： The present invention is directed to a high speed packet switching network and, in particular to a method and system for minimizing the time to establish a connection between an origin and a destination node. Due to high dynamicity of the traffic on transmission links, it is important to select a routing path according to a fully up-to-date information on all network resources. The simpler approach is to calculate a new path for each new connection request. This solution may be very time consuming because there are as many path selection operations as connection set up operations. On another hand, the calculation of paths based on an exhaustive exploration of the network topology, is a complex operation which may also take an inordinate amount of resources in large networks. Many of connections originated from a network node flow to the same destination network node. It is therefore possible to take a serious benefit in reusing the same already calculated paths for several connections towards the same node. The path calculated at the time the connection is requested is recorded in a Routing Database and updated each time a modification occurs in the network. Furthermore, alternate paths for supporting non-disruptive path switch on failure or preemption, and new paths towards potential destination nodes can be calculated and stored when the connection set up process is idle. These last operations are executed in background with a low processing priority and in absence of connection request.

摘要翻译： 本发明涉及一种高速分组交换网络，特别涉及用于最小化建立起始节点和目的地节点之间的连接的时间的方法和系统。 由于传输链路上的流量的高动态性，根据所有网络资源的完全最新信息选择​​路由路径很重要。 更简单的方法是为每个新的连接请求计算一个新路径。 该解决方案可能非常耗时，因为存在与连接建立操作相同的路径选择操作。 另一方面，基于网络拓扑的详尽探索的路径计算是一种复杂的操作，在大型网络中也可能占用过多的资源。 许多来自网络节点的连接流到同一目标网络节点。 因此，可以在对相同节点的多个连接重复使用相同的已经计算的路径方面有很大的益处。 在请求连接时计算的路径被记录在路由数据库中，并且每次在网络中发生修改时更新。 此外，当连接建立进程空闲时，可以计算并存储用于支持故障或抢占时的非破坏性路径切换的备用路径和朝向潜在目的地节点的新路径。 这些最后的操作在后台执行，处理优先级低，没有连接请求。

公开(公告)号：US20050025157A1

公开(公告)日：2005-02-03

申请号：US10852945

申请日：2004-05-25

申请人： Jean-Francois Pennec ,  Aurelien Bruno ,  Claude Galand ,  Didier Giroir

发明人： Jean-Francois Pennec ,  Aurelien Bruno ,  Claude Galand ,  Didier Giroir

IPC分类号： H04L12/66 ,  H04L12/28 ,  H04L12/46 ,  H04L12/723 ,  H04L29/06 ,  H04L29/12 ,  H04L12/56

CPC分类号： H04L63/0272 ,  H04L12/4641 ,  H04L29/12009 ,  H04L29/12358 ,  H04L29/12481 ,  H04L29/12801 ,  H04L45/50 ,  H04L61/251 ,  H04L61/2557 ,  H04L61/6004 ,  H04L63/101 ,  H04L69/16 ,  H04L69/167

摘要： Certain exemplary embodiments provide a method for converting data packets based upon IPv4 protocol into data packets based upon IPv6 protocol, said method comprising converting any data packet based upon the IPv4 protocol into a data packet based upon the IPv6 protocol before transmitting it to an IP switched network using information provided by an external server, and converting any data packet based upon the IPv6 protocol provided by said IP switched network into a data packet based upon the IPv4 protocol before transmitting it to a first or second workstation.

摘要翻译： 某些示例性实施例提供了一种用于基于IPv6协议将基于IPv4协议的数据分组转换成数据分组的方法，所述方法包括：在将其发送到IP交换机之前，将基于IPv4协议的任何数据分组转换为基于IPv6协议的数据分组 网络使用由外部服务器提供的信息，并且在将其发送到第一或第二工作站之前，将基于所述IP交换网络提供的IPv6协议的任何数据分组转换为基于IPv4协议的数据分组。

公开(公告)号：US06804238B1

公开(公告)日：2004-10-12

申请号：US09473802

申请日：1999-12-28

申请人： Guy Euget ,  Jacques Fieschi ,  Claude Galand ,  Jean-François Le Pennec

发明人： Guy Euget ,  Jacques Fieschi ,  Claude Galand ,  Jean-François Le Pennec

IPC分类号： H04L1228

CPC分类号： H04L69/04 ,  H04L29/06 ,  H04L69/18 ,  H04L69/22

摘要： A method for transmitting data frames with compressed headers in a multiprotocol data transmission network comprising at least one ingress node transmitting data to egress nodes. Each frame of data includes data bytes and a header which defines the transmission protocols. This method comprises the steps of comparing the address field of the frame to a list of address fields corresponding to the current flows of data, selecting candidate headers associated with flows having the same address, determining a compressed header based upon the position and the number of bytes that differ between the frame header and the candidate header, selecting as reference header the best candidate header based on compression ratio, and transmitting a compressed data frame wherein the data bytes are preceded by a reference label and a compressed header including a field defining the position and the number of consecutive bytes in the portion being compressed, a field including the different bytes, and a field including the portion of header which is not compressed.

摘要翻译： 一种用于在多协议数据传输网络中传送带有压缩报头的数据帧的方法，包括至少一个入口节点向出口节点发送数据。 每帧数据包括数据字节和定义传输协议的报头。 该方法包括以下步骤：将帧的地址字段与对应于当前数据流的地址字段的列表进行比较，选择与具有相同地址的流相关联的候选报头，基于位置和数量来确定压缩报头 在帧头和候选报头之间不同的字节，基于压缩比选择最佳候选报头作为参考报头，并且发送压缩数据帧，其中数据字节在参考标签之前，压缩报头包括定义 位置和被压缩部分中的连续字节的数量，包括不同字节的字段以及包括未被压缩的标题部分的字段。

公开(公告)号：US06771653B1

公开(公告)日：2004-08-03

申请号：US09664696

申请日：2000-09-19

申请人： Jean-Francois Le Pennec ,  Jacques Fieschi ,  Aline Fichou ,  Claude Galand

发明人： Jean-Francois Le Pennec ,  Jacques Fieschi ,  Aline Fichou ,  Claude Galand

IPC分类号： H04L1254

CPC分类号： H04L49/9036 ,  H04L41/32 ,  H04L47/50 ,  H04L47/6215

摘要： A system for providing prioritized queue management within a data transmission network node that supports different types of data frame traffic is disclosed herein. The system includes a frame buffer for storing an incoming frame that has an identifiable frame type. A queue is pre-associated with the frame type of the incoming frame such that upon arrival of the frame at the network node, the queue stores a location address at which the frame is stored within the frame buffer such that the frame is maintained within the queue. The queue that contains the frame is stored within a frame table. Processing means are provided for determining a time at which the queue forwards the frame from the frame buffer in accordance with a pre-determined sub-queue priority list. The system further includes time metering means associated with the frame for temporally assigning the frame to a virtual sub-queue among multiple virtual sub-queues that are associated with the queue. The sub-queues are sequentially ordered according to the predetermined sub-queue priority list such that the processing means selects a highest priority frame for forwarding from the frame buffer.

摘要翻译： 本文公开了一种用于在支持不同类型的数据帧业务的数据传输网络节点内提供优先级队列管理的系统。 该系统包括用于存储具有可识别帧类型的传入帧的帧缓冲器。 队列与进入帧的帧类型预先关联，使得在帧到达网络节点时，队列存储帧在帧缓冲器内被存储的位置地址，使得帧保持在 队列。 包含帧的队列存储在一个帧表中。 提供处理装置，用于根据预定的子队列优先级列表确定队列从帧缓冲器转发帧的时间。 该系统还包括与帧相关联的时间计量装置，用于在与队列相关联的多个虚拟子队列之间临时地将帧分配给虚拟子队列。 子队列根据预定的子队列优先级顺序顺序排列，使得处理装置从帧缓冲器中选择用于转发的最高优先级帧。