公开(公告)号：US20050063398A1

公开(公告)日：2005-03-24

申请号：US10883978

申请日：2004-07-02

Applicant: Abhijit Choudhury ,  Mathew Kayalackakom ,  Shekhar Ambe ,  Ken Chin

Inventor： Abhijit Choudhury ,  Mathew Kayalackakom ,  Shekhar Ambe ,  Ken Chin

IPC: H04L12/28 ,  H04L12/56 ,  H04L29/06

CPC classification number: H04L63/0428 ,  H04L49/351 ,  H04L49/602 ,  H04L63/08 ,  H04L63/10 ,  H04W88/08 ,  H04W88/12

Abstract: An apparatus provides a hardware-based solution to enable support for L3 switching, network address port translation and application level gateways. The architecture involved in this hardware approach is such that it is scalable for implementation in a variety networking products that fulfill enterprise security and all possible combinations of wired and wireless networking needs, such as access points, access point concentrators, wireless-ready wiring closet or edge switches, and wireless co-processors.

Abstract translation: 一种设备提供基于硬件的解决方案，以支持L3交换，网络地址端口转换和应用级网关。 涉及这种硬件方法的架构使得它可以在实现企业安全的各种网络产品以及有线和无线网络需求的所有可能组合（例如接入点，接入点集中器，无线就绪配线柜或者 边缘交换机和无线协处理器。

公开(公告)号：US20050063381A1

公开(公告)日：2005-03-24

申请号：US10884392

申请日：2004-07-02

Applicant: Mathew Kayalackakom ,  Abhijit Choudhury ,  Ken Chin ,  Shekhar Ambe ,  Joseph Tardo

Inventor： Mathew Kayalackakom ,  Abhijit Choudhury ,  Ken Chin ,  Shekhar Ambe ,  Joseph Tardo

IPC: H04L12/28 ,  H04L12/56 ,  H04L29/06

CPC classification number: H04L63/0485 ,  H04L63/08 ,  H04L63/164 ,  H04L63/166 ,  H04L69/12 ,  H04W12/0013 ,  H04W12/06 ,  H04W80/00 ,  H04W84/12

Abstract: An apparatus provides an integrated single chip solution to solve a multitude of WLAN problems, and especially Switching/Bridging, and Security. In accordance with an aspect of the invention, the apparatus is able to terminate secured tunneled IPSec and L2TP with IPSec traffic. In accordance with a further aspect of the invention, the architecture can handle both tunneled and non-tunneled traffic at line rate, and manage both types of traffic in a unified fashion. The architecture is such that it not only resolves the problems pertinent to WLAN, it is also scalable and useful for building a number of useful networking products that fulfill enterprise security and all possible combinations of wired and wireless networking needs.

Abstract translation: 一种设备提供集成的单芯片解决方案来解决大量的WLAN问题，特别是开关/桥接和安全。 根据本发明的一个方面，该装置能够以IPSec流量终止安全的隧道式IPSec和L2TP。 根据本发明的另一方面，该架构可以以线路速率处理隧道和非隧道业务，并且以统一的方式管理两种类型的业务。 架构不仅可以解决与WLAN有关的问题，而且还可以构建一些实现企业安全性和有线和无线网络需求的所有可能组合的有用的网络产品。

公开(公告)号：US20070255947A1

公开(公告)日：2007-11-01

申请号：US11351331

申请日：2006-02-08

Applicant: Abhijit Choudhury ,  Himanshu Shukla ,  Adrian Lewis ,  Shekhar Ambe ,  Sodhanshu Jain ,  Mohanakumari T. ,  Mathew Kayalackakom

Inventor： Abhijit Choudhury ,  Himanshu Shukla ,  Adrian Lewis ,  Shekhar Ambe ,  Sodhanshu Jain ,  Mohanakumari T. ,  Mathew Kayalackakom

IPC: H04L9/00

CPC classification number: H04L9/0643 ,  H04L9/0637 ,  H04L9/3242 ,  H04L63/12

Abstract: Methods and systems for providing confidentiality and/or integrity to fragmented packet transmissions, without reassembly of the fragments, across wired and wireless communications networks are disclosed. Encryption of a first fragmented packet can be performed by using an initial encryption state variable and keying material resulting in a first ciphertext fragment and a first encryption state variable. Then encryption of a second fragments packet can be performed by using the first encryption state variable and the keying material resulting in a second ciphertext fragment. Decryption of fragments can be performed in a similar manner as encryption. Computation of a message authentication code can be performed by computing a first hash state value for a first block size of bytes of a first packet fragment using an initial hash state value, and storing the first hash value and a first set of remainder bytes of the first packet fragment. The computation of the MAC continues by combining the first set of remainder bytes to a second packet fragment of the plurality of packet fragments resulting in a combined packet fragment. The MAC can then be identified using the second hash state value.

Abstract translation: 公开了用于对分段分组传输提供机密性和/或完整性的方法和系统，而不需要在有线和无线通信网络上重新组合分段。 可以通过使用初始加密状态变量和密钥材料来执行加密第一分段分组，从而产生第一密文片段和第一加密状态变量。 然后可以通过使用第一加密状态变量和产生第二密文片段的密钥材料来执行第二分段分组的加密。 碎片的解密可以以与加密类似的方式执行。 可以通过使用初始散列状态值计算第一分组片段的第一块大小的字节的第一散列状态值并存储第一散列值和第一散列值的第一组剩余字节来执行消息认证码的计算 第一个包片段。 通过将第一组剩余字节组合到多个分组片段中的第二分组片段，导致MAC的计算，导致组合的分组片段。 然后可以使用第二散列状态值来识别MAC。

公开(公告)号：US20050063380A1

公开(公告)日：2005-03-24

申请号：US10883997

申请日：2004-07-02

Applicant: Mathew Kayalackakom ,  Abhijit Choudhury ,  Ken Chin ,  Shekhar Ambe

Inventor： Mathew Kayalackakom ,  Abhijit Choudhury ,  Ken Chin ,  Shekhar Ambe

IPC: H04L12/28 ,  H04L12/56 ,  H04L29/06

CPC classification number: H04W12/12 ,  H04L49/30 ,  H04L63/0428 ,  H04L63/162 ,  H04L69/12 ,  H04W84/12

Abstract: An apparatus provides an integrated single chip solution to solve a multitude of WLAN problems, and especially Switching/Bridging, and Security. In accordance with another aspect of the invention, the apparatus is able to terminate secured tunneled 802.11i, IPSec and L2TP with IPSec traffic. In accordance with a further aspect of the invention, the apparatus is also able to handle computation-intensive security-based algorithms including per packet Initialization Vector generation without significant reduction in traffic throughput. The architecture is such that it not only resolves the problems pertinent to WLAN it is also scalable and useful for building a number of useful networking products that fulfill enterprise security and all possible combinations of wired and wireless networking needs.

Abstract translation: 一种设备提供集成的单芯片解决方案来解决大量的WLAN问题，特别是开关/桥接和安全。 根据本发明的另一方面，该装置能够以IPSec流量终止安全的隧道化802.11i，IPSec和L2TP。 根据本发明的另一方面，该装置还能够处理包括每个分组初始化向量生成的基于计算密集型的基于安全的算法，而不显着降低业务吞吐量。 架构是这样的，它不仅解决了与WLAN有关的问题，它还可以扩展并且有助于构建一些实现企业安全性和有线和无线网络需求的所有可能组合的有用的网络产品。

公开(公告)号：US20050063369A1

公开(公告)日：2005-03-24

申请号：US10883979

申请日：2004-07-02

Applicant: Abhijit Choudhury ,  Mathew Kayalackakom ,  Shekhar Ambe ,  Ken Chin

Inventor： Abhijit Choudhury ,  Mathew Kayalackakom ,  Shekhar Ambe ,  Ken Chin

IPC: H04L12/28 ,  H04L12/56 ,  H04L12/66 ,  H04L29/06

CPC classification number: H04L63/0428 ,  H04L47/24 ,  H04L47/2441 ,  H04L49/109 ,  H04L49/205 ,  H04L49/351 ,  H04L49/45 ,  H04L63/101 ,  H04W84/12

Abstract: An apparatus provides an integrated single chip solution to solve Switching/Bridging, Security, Access Control, Bandwidth Management—Quality of Service issues, Roaming—Clean Hand off, Anticipatory Load Management, Location Tracking, Support for Revenue Generating Services—Fine grain QoS, Bandwidth Control, Billing and management. The architecture is such that it not only resolves the problems pertinent to WLAN it is also scalable and useful for building a number of useful networking products that fulfill enterprise security and wired and wireless networking needs. In accordance with a further aspect of the invention, the architecture supports stacking so as to enable the combining of two or more devices to create the equivalent of a single device with a larger port count, depending on system needs and preferences, while also providing support for services such as trunking, mirroring and QoS across all the ports.

Abstract translation: 一种设备提供集成的单芯片解决方案，以解决交换/桥接，安全性，访问控制，带宽管理 - 服务质量问题，漫游清除功能，预期负载管理，位置跟踪，支持收入生成服务 - 细粒度QoS， 带宽控制，计费和管理。 架构是这样的，它不仅解决了与WLAN有关的问题，它还可以扩展并且有助于构建一些实现企业安全和有线和无线网络需求的有用的网络产品。 根据本发明的另一方面，该架构支持堆叠，以便根据系统需要和偏好，使两个或更多个设备的组合能够创建具有较大端口数的单个设备的等价物，同时还提供支持 用于所有端口上的中继，镜像和QoS等服务。

公开(公告)号：US20050063350A1

公开(公告)日：2005-03-24

申请号：US10884365

申请日：2004-07-02

Applicant: Abhijit Choudhury ,  Mathew Kayalackakom ,  Shekhar Ambe ,  Ken Chin

Inventor： Abhijit Choudhury ,  Mathew Kayalackakom ,  Shekhar Ambe ,  Ken Chin

IPC: H04L12/28 ,  H04L12/56 ,  H04L29/06 ,  H04L29/12 ,  H04W8/04 ,  H04W48/16 ,  H04W60/04 ,  H04W80/04 ,  H04Q7/24

CPC classification number: H04W88/18 ,  H04L29/12009 ,  H04L29/12415 ,  H04L29/12481 ,  H04L61/2532 ,  H04L61/2557 ,  H04W8/04 ,  H04W48/16 ,  H04W60/04 ,  H04W80/04

Abstract: An apparatus provides a hardware-based solution to enable roaming with session persistence within or between subnets. In accordance with a further aspect of the invention, one approach described herein is based on NAT/NAPT, while another uses aspects of Mobile IP. The architecture involved in both hardware approaches is such that it is scalable for implementation in a variety networking products that fulfill enterprise security and all possible combinations of wired and wireless networking needs, such as access points, access point concentrators, wireless-ready wiring closet or edge switches, and wireless co-processors.

Abstract translation: 一种设备提供基于硬件的解决方案，以便在子网内或子网之间进行会话持久性的漫游。 根据本发明的另一方面，本文描述的一种方法基于NAT / NAPT，而另一种方法使用移动IP的方面。 涉及两种硬件方法的架构是这样的，它可以在满足企业安全性和有线和无线网络需求的所有可能组合的各种网络产品中实现，例如接入点，接入点集中器，无线就绪配线柜或 边缘交换机和无线协处理器。

公开(公告)号：US20060187949A1

公开(公告)日：2006-08-24

申请号：US11351330

申请日：2006-02-08

Applicant: Ganesh Seshan ,  Abhijit Choudhury ,  Shekhar Ambe ,  Sudhanshu Jain ,  Mathew Kayalackakom

Inventor： Ganesh Seshan ,  Abhijit Choudhury ,  Shekhar Ambe ,  Sudhanshu Jain ,  Mathew Kayalackakom

IPC: H04L12/26

CPC classification number: H04L49/90 ,  H04L47/50 ,  H04L47/527 ,  H04L47/58 ,  H04L47/60 ,  H04L47/6225 ,  H04L49/103 ,  H04L49/201 ,  H04L49/205 ,  H04L49/254 ,  H04L49/3018 ,  H04L49/901 ,  H04L49/9021 ,  H04L49/9047 ,  H04W28/12

Abstract: Systems and methods applicable to a unified wired/wireless network device are proposed to address quality of service issues and roaming support for wired and wireless clients in a unified wired/wireless network. The proposed solution can include a hierarchical scheduler and shaper mechanism that is able to flexibly support different quality of service disciplines, i.e., strict-priority, guaranteed bandwidth, deficit-round-robin, etc., to allow different levels of maximum and minimum bandwidth allocation to each user or group of users. The solution can also include a dynamic queue assignment mechanism that allows queues to be moved from one queue-group and/or port to another queue-group and/or port, without losing packets, when a wireless client roams between access points within the unified network.

Abstract translation: 提出了适用于统一有线/无线网络设备的系统和方法，以解决统一有线/无线网络中有线和无线客户端的服务质量问题和漫游支持。 所提出的解决方案可以包括能够灵活地支持不同质量服务规范的分级调度器和整形机构，即严格优先级，保证带宽，缺陷循环等，以允许不同级别的最大和最小带宽 分配给每个用户或一组用户。 解决方案还可以包括动态队列分配机制，当无线客户端在统一的接入点之间漫游时，允许队列从一个队列组和/或端口移动到另一个队列组和/或端口，而不会丢失数据包 网络。

公开(公告)号：US20050195813A1

公开(公告)日：2005-09-08

申请号：US11064899

申请日：2005-02-23

Applicant: Shekhar Ambe ,  Abhijit Choudhury ,  Sudhanshu Jain ,  Mathew Kayalackakom

Inventor： Shekhar Ambe ,  Abhijit Choudhury ,  Sudhanshu Jain ,  Mathew Kayalackakom

IPC: H04L12/28 ,  H04L12/56 ,  H04L29/06

CPC classification number: H04L63/101 ,  H04L63/164 ,  H04W12/08

Abstract: A method and apparatus that makes it possible to have a single unified network where the devices at the edge are able to handle both wired and wireless traffic. Separate devices are not required to handle wired and wireless traffic. Instead the whole enterprise network comprises devices that are agnostic to the nature of the traffic and have all the features required by both wired and wireless traffic.

Abstract translation: 一种使得可能具有单个统一网络的方法和装置，其中边缘处的设备能够处理有线和无线业务。 不需要单独的设备来处理有线和无线流量。 相反，整个企业网络包括与流量性质无关的设备，并具有有线和无线流量所需的所有功能。

公开(公告)号：US20050066166A1

公开(公告)日：2005-03-24

申请号：US10884364

申请日：2004-07-02

Applicant: Ken Chin ,  Abhijit Choudhury ,  Mathew Kayalackakom ,  Shekhar Ambe

Inventor： Ken Chin ,  Abhijit Choudhury ,  Mathew Kayalackakom ,  Shekhar Ambe

IPC: H04L12/56 ,  H04L12/66

CPC classification number: H04L49/351 ,  H04L12/66 ,  H04L49/201 ,  H04L49/254 ,  H04L49/354

Abstract: An apparatus provides an integrated single chip solution to solve Switching/Bridging, Security, Access Control, Bandwidth Management—Quality of Service issues, Roaming—Clean Hand off, Anticipatory Load Management, Location Tracking, Support for Revenue Generating Services—Fine grain QoS, Bandwidth Control, Billing and management. The architecture is such that it not only resolves the problems pertinent to WLAN it is also scalable and useful for building a number of useful networking products that fulfill enterprise security in all possible combinations of wired and wireless networking needs.

Abstract translation: 一种设备提供集成的单芯片解决方案，以解决交换/桥接，安全性，访问控制，带宽管理 - 服务质量问题，漫游清除功能，预期负载管理，位置跟踪，支持收入生成服务 - 细粒度QoS， 带宽控制，计费和管理。 该体系结构不仅可以解决与WLAN有关的问题，而且还可以扩展并且有助于构建一些有用的网络产品，以满足有线和无线网络需求的所有可能组合中的企业安全性。

公开(公告)号：US20050063543A1

公开(公告)日：2005-03-24

申请号：US10884810

申请日：2004-07-02

Applicant: Mathew Kayalackakom ,  Abhijit Choudhury ,  Ken Chin ,  Shekhar Ambe

Inventor： Mathew Kayalackakom ,  Abhijit Choudhury ,  Ken Chin ,  Shekhar Ambe

IPC: H04K1/00 ,  H04L9/08 ,  H04L12/28 ,  H04L29/06

CPC classification number: H04W12/08 ,  H04L9/0841 ,  H04L63/0272 ,  H04L63/0428 ,  H04L63/08 ,  H04L63/164 ,  H04L63/166 ,  H04L69/12 ,  H04L2209/80 ,  H04W84/12

Abstract: An apparatus provides an integrated single chip solution to solve a multitude of WLAN problems, and especially Switching/Bridging, and Security. In accordance with an aspect of the invention, the apparatus is able to terminate secured tunneled IPSec, L2TP with IPSec, PPTP, SSL traffic. In accordance with a further aspect of the invention, the apparatus is also able to handle computation-intensive security-based algorithms such as Diffie Hellman without significant reduction in traffic throughput. The architecture is such that it not only resolves the problems pertinent to WLAN it is also scalable and useful for building a number of useful networking products that fulfill enterprise security and all possible combinations of wired and wireless networking needs.

Abstract translation: 一种设备提供集成的单芯片解决方案来解决大量的WLAN问题，特别是开关/桥接和安全。 根据本发明的一个方面，该装置能够终止安全隧道IPSec，具有IPSec，PPTP，SSL业务的L2TP。 根据本发明的另一方面，该装置还能够处理诸如Diffie Hellman之类的基于计算密集型安全的算法，而不显着降低业务吞吐量。 架构是这样的，它不仅解决了与WLAN有关的问题，它还可以扩展并且有助于构建一些实现企业安全性和有线和无线网络需求的所有可能组合的有用的网络产品。