-
1.发明授权公开(公告)号:US08880869B1
公开(公告)日:2014-11-04
申请号:US12951497
申请日:2010-11-22
Applicant: Sandip Shah , Jeffrey L Pochop, Jr.
Inventor: Sandip Shah , Jeffrey L Pochop, Jr.
CPC classification number: H04W12/08 , H04L9/0637 , H04L9/0838 , H04L9/3242 , H04L29/06 , H04L45/72 , H04L63/0464 , H04L63/0876 , H04L63/162 , H04L63/205 , H04W12/00 , H04W12/02 , H04W12/04 , H04W76/14 , H04W84/12
Abstract: A device receives capability information associated with a next hop device of a wireless local area network (WLAN). The device also determines, based on the capability information, whether the next hop device is capable of implementing security for traffic, where the security includes a media access control (MAC) security standard and a layer 2 link security standard. The device further creates, via the MAC security standard, a secure channel with the next hop device when the next hop device is capable of providing security for traffic.
Abstract translation: 设备接收与无线局域网(WLAN)的下一跳设备相关联的能力信息。 该设备还基于能力信息确定下一跳设备是否能够实现业务的安全性,其中安全性包括媒体接入控制(MAC)安全标准和第2层链路安全标准。 当下一跳设备能够为业务提供安全性时,设备还通过MAC安全标准创建具有下一跳设备的安全信道。
-
公开(公告)号:US08332927B1
公开(公告)日:2012-12-11
申请号:US13294031
申请日:2011-11-10
Applicant: Sandip Shah
Inventor: Sandip Shah
IPC: G06F15/16
CPC classification number: H04L63/0263 , H04L63/02 , H04L63/0209
Abstract: The invention is directed to techniques for managing filter rules applied to network traffic at a network device. A network device merges multiple filter rules associated with separate filter matching modules to reduce lookup cycles in a forwarding path of the network device. The network device may thus simultaneously apply multiple filter rules in a reduced number of clock cycles. A network device comprises an interface that receives packets from a network, a filter memory that stores a plurality of filters, and a plurality of filter matching modules that apply the filters to packets in a forwarding path of the network device. A filter control module merges two or more filters each associated with a different one of the filter matching modules into a single merged filter, and stores the merged filter to the filter memory. The network device applies the merged filter to packets in the forwarding path.
Abstract translation: 本发明涉及用于管理应用于网络设备上的网络业务的过滤规则的技术。 网络设备合并与单独的过滤器匹配模块相关联的多个过滤规则,以减少网络设备的转发路径中的查找周期。 因此,网络设备可以以减少数量的时钟周期同时应用多个过滤器规则。 网络设备包括从网络接收分组的接口,存储多个过滤器的过滤器存储器和将过滤器应用于网络设备的转发路径中的分组的多个过滤器匹配模块。 滤波器控制模块将与滤波器匹配模块中的不同滤波器匹配模块相关联的两个或更多个滤波器合并为单个合并的滤波器,并将合并的滤波器存储到滤波器存储器。 网络设备将合并的过滤器应用于转发路径中的报文。
-
公开(公告)号:US20110161580A1
公开(公告)日:2011-06-30
申请号:US12647802
申请日:2009-12-28
Applicant: Sandip SHAH , Jing AI
Inventor: Sandip SHAH , Jing AI
CPC classification number: H04L49/10
Abstract: A network device allocates a particular number of memory blocks in a ternary content-addressable memory (TCAM) of the network device to each database of multiple databases, and creates a list of additional memory blocks in an external TCAM of the network device. The network device also receives, by the external TCAM, a request for an additional memory block to provide one or more rules from one of the multiple databases, and allocates, by the external TCAM and to the requesting database, an additional memory block from the list of additional memory blocks.
Abstract translation: 网络设备将网络设备的三元内容可寻址存储器(TCAM)中的特定数量的存储器块分配给多个数据库的每个数据库,并且在网络设备的外部TCAM中创建附加存储器块的列表。 网络设备还通过外部TCAM接收对附加存储器块的请求,以从多个数据库之一提供一个或多个规则,并由外部TCAM和请求数据库分配来自所述多个数据库的附加存储器块 附加内存块列表。
-
公开(公告)号:US08874838B2
公开(公告)日:2014-10-28
申请号:US12647802
申请日:2009-12-28
Applicant: Sandip Shah , Jing Ai
Inventor: Sandip Shah , Jing Ai
IPC: G06F12/00
CPC classification number: H04L49/10
Abstract: A network device allocates a particular number of memory blocks in a ternary content-addressable memory (TCAM) of the network device to each database of multiple databases, and creates a list of additional memory blocks in an external TCAM of the network device. The network device also receives, by the external TCAM, a request for an additional memory block to provide one or more rules from one of the multiple databases, and allocates, by the external TCAM and to the requesting database, an additional memory block from the list of additional memory blocks.
Abstract translation: 网络设备将网络设备的三元内容可寻址存储器(TCAM)中的特定数量的存储器块分配给多个数据库的每个数据库,并且在网络设备的外部TCAM中创建附加存储器块的列表。 网络设备还通过外部TCAM接收对附加存储器块的请求,以从多个数据库之一提供一个或多个规则,并由外部TCAM和请求数据库分配来自所述多个数据库的附加存储器块 附加内存块列表。
-
公开(公告)号:US08205040B1
公开(公告)日:2012-06-19
申请号:US12021994
申请日:2008-01-29
Applicant: Atul Mahamuni , Sandip Shah , Rudramahesh Rugge
Inventor: Atul Mahamuni , Sandip Shah , Rudramahesh Rugge
Abstract: A device may select a longest run of contiguous unwritten pages from multiple runs of contiguous unwritten pages provided in a ternary content addressable memory, and may write a rule on a page that is located at a middle portion of the longest run to create two runs of contiguous unwritten pages. The device may also receive a packet, and may apply the rule to the packet.
Abstract translation: 设备可以从在三进制内容可寻址存储器中提供的多个连续的未写入页面中选择连续的未写入页面的最长行程,并且可以在位于最长行程的中间部分的页面上写入规则,以创建两次 连续不成文的页面。 设备还可以接收分组,并且可以将规则应用于分组。
-
Patent Agency Ranking
公开(公告)号:US08065721B1
公开(公告)日:2011-11-22
申请号:US11837081
申请日:2007-08-10
Applicant: Sandip Shah
Inventor: Sandip Shah
IPC: G06F15/16
CPC classification number: H04L63/0263 , H04L63/02 , H04L63/0209
Abstract: The invention is directed to techniques for managing filter rules applied to network traffic at a network device. A network device merges multiple filter rules associated with separate filter matching modules to reduce lookup cycles in a forwarding path of the network device. The network device may thus simultaneously apply multiple filter rules in a reduced number of clock cycles. A network device comprises an interface that receives packets from a network, a filter memory that stores a plurality of filters, and a plurality of filter matching modules that apply the filters to packets in a forwarding path of the network device. A filter control module merges two or more filters each associated with a different one of the filter matching modules into a single merged filter, and stores the merged filter to the filter memory. The network device applies the merged filter to packets in the forwarding path.
Abstract translation: 本发明涉及用于管理应用于网络设备上的网络业务的过滤规则的技术。 网络设备合并与单独的过滤器匹配模块相关联的多个过滤规则,以减少网络设备的转发路径中的查找周期。 因此,网络设备可以以减少数量的时钟周期同时应用多个过滤器规则。 网络设备包括从网络接收分组的接口,存储多个过滤器的过滤器存储器和将过滤器应用于网络设备的转发路径中的分组的多个过滤器匹配模块。 滤波器控制模块将与滤波器匹配模块中的不同滤波器匹配模块相关联的两个或更多个滤波器合并为单个合并的滤波器,并将合并的滤波器存储到滤波器存储器。 网络设备将合并的过滤器应用于转发路径中的报文。
-
公开(公告)号:US20090125470A1
公开(公告)日:2009-05-14
申请号:US11938060
申请日:2007-11-09
Applicant: Sandip Shah , Sandeep Bajaj
Inventor: Sandip Shah , Sandeep Bajaj
CPC classification number: H04L63/0263 , G06N5/025
Abstract: Systems and methods consistent with the present invention provide better scheme for updating access control list (ACL) rule entries in a ternary content addressable memory (TCAM). In a firewall, ACL rules are scanned for each packet arriving in a router or switch to determine if a match exists between the packet and any of the patterns. Depending on the pattern matched, the corresponding action may be either to accept or to deny the packet. These rules are stored in a TCAM, and new or updated rules may be added to the TCAM. Systems and methods consistent with the present invention determine whether the new or updated rule has a dependency conflict with existing rules in the TCAM. If not, the rule can be inserted anywhere in the TCAM. Accordingly, the TCAM associated with a firewall's ACL can be updated more quickly and efficiently.
Abstract translation: 与本发明一致的系统和方法为更新三元内容可寻址存储器(TCAM)中的访问控制列表(ACL)规则条目提供了更好的方案。 在防火墙中,对于到达路由器或交换机的每个数据包扫描ACL规则,以确定数据包与任何模式之间是否存在匹配。 根据匹配的模式,相应的动作可能是接受或拒绝数据包。 这些规则存储在TCAM中,新的或更新的规则可以添加到TCAM。 与本发明一致的系统和方法确定新的或更新的规则是否具有与TCAM中现有规则的依赖冲突。 如果没有,该规则可以插入TCAM的任何地方。 因此,可以更快更有效地更新与防火墙ACL相关联的TCAM。
-
公开(公告)号:US20080209438A1
公开(公告)日:2008-08-28
申请号:US12039100
申请日:2008-02-28
Applicant: Callum Peter Jackson , Lee Keith Longmore , Sandip Shah , Yuk-Lun Wong
Inventor: Callum Peter Jackson , Lee Keith Longmore , Sandip Shah , Yuk-Lun Wong
IPC: G06F13/14
CPC classification number: H04L67/2823 , G06Q10/107 , H04L65/1016 , H04L65/40 , H04L67/28 , H04L67/327
Abstract: This invention relates to a method, system and computer program product for managing a service message in a service oriented architecture system including a service provider, a service consumer and a set of control services, the method, system and computer program product comprising the following steps: receiving a service message; selecting a group of rules from a set of rule groups depending on the type of service message; selecting a control service from a set of control services and instructing the selected control service according to one or more of the rules from the selected rules group applied to the service message.
Abstract translation: 本发明涉及一种用于在面向服务的架构系统中管理服务消息的方法,系统和计算机程序产品,该系统包括服务提供商,服务使用者和一组控制服务,所述方法,系统和计算机程序产品包括以下步骤 :接收服务消息; 根据服务消息的类型从一组规则组中选择一组规则; 从一组控制服务中选择一个控制服务,并根据应用于服务消息的所选择的规则组中的一个或多个规则来指示所选择的控制服务。
-
9.发明授权公开(公告)号:US08767526B1
公开(公告)日:2014-07-01
申请号:US12978987
申请日:2010-12-27
Applicant: Manjunath Jagannatharao , Nipa Kumar , Sandip Shah , Nagendra Krishna Sundaranathan
Inventor: Manjunath Jagannatharao , Nipa Kumar , Sandip Shah , Nagendra Krishna Sundaranathan
IPC: H04L29/06
CPC classification number: H04L63/205 , H04L63/162 , H04W12/06
Abstract: A network device may include a supplicant framework to generate a first 802.1x packet using a MAC address, associated with a first device as a first username and password in the first 802.1x packet; and generate a second 802.1x packet using a second username and password received from a second device via a captive-portal web page. The network device may further include an authenticator state machine to authenticate the first device with a Remote Authentication Dial In User Service (RADIUS) server using a first Extensible Authentication Protocol (EAP) packet that includes the first 802.1x packet; authenticate the second device with the RADIUS server using a second EAP packet that includes the second 802.1x packet; receive a third EAP packet from a third device; and authenticate the third device with the RADIUS server using the third EAP packet.
Abstract translation: 网络设备可以包括请求方框架,以使用与第一设备相关联的MAC地址生成第一802.1x分组作为第一802.1x分组中的第一用户名和密码; 以及使用从第二设备经由捕获门户网页接收的第二用户名和密码生成第二802.1x分组。 网络设备还可以包括认证器状态机,以使用包括第一802.1x分组的第一可扩展认证协议(EAP)分组来使用远程认证拨入用户服务(RADIUS)服务器来认证第一设备; 使用包括第二802.1x分组的第二EAP分组来向RADIUS服务器认证第二设备; 从第三设备接收第三EAP分组; 并使用第三个EAP数据包使用RADIUS服务器认证第三个设备。
-
10.发明申请公开(公告)号:US20130262651A1
公开(公告)日:2013-10-03
申请号:US13431128
申请日:2012-03-27
Applicant: Sandip Shah , Surinder Singh
Inventor: Sandip Shah , Surinder Singh
IPC: G06F15/173
CPC classification number: G06F8/63 , G06F8/65 , G06F8/658 , G06F17/30268 , H04L41/0853 , H04L41/0866 , H04L41/0873 , H04L63/123
Abstract: In some embodiments, an apparatus includes a network device configured to receive an anomaly database of a first image that stores a set of differences between the first image and a base image. The network device is configured to compare the anomaly database of the first image with an anomaly database of a second image storing a set of differences between the second image and the base image to determine if the first and second images include at least one incompatible critical feature or incompatible non-critical feature. The network device is configured to send a signal associated with a first action if the first and second images include the at least one incompatible critical feature. The network device is configured to send a signal associated with a second action different from the first action if the first and second images include the at least one incompatible non-critical feature.
Abstract translation: 在一些实施例中,一种装置包括被配置为接收存储第一图像和基本图像之间的一组差异的第一图像的异常数据库的网络装置。 网络设备被配置为将第一图像的异常数据库与存储第二图像和基本图像之间的一组差异的第二图像的异常数据库进行比较,以确定第一和第二图像是否包括至少一个不兼容的关键特征 或不兼容的非关键功能。 如果第一和第二图像包括至少一个不兼容的关键特征,则网络设备被配置为发送与第一动作相关联的信号。 网络设备被配置为如果第一和第二图像包括至少一个不兼容的非关键特征,则发送与不同于第一动作的第二动作相关联的信号。
-
-
-
-
-
-
-
-
-
Search Results
17
records
(took 0.012 seconds)
