-
公开(公告)号:US20110271005A1
公开(公告)日:2011-11-03
申请号:US12771618
申请日:2010-04-30
IPC分类号: G06F15/16
CPC分类号: H04L67/1027 , H04L61/1511 , H04L65/1063
摘要: Described are computer-based methods and apparatuses, including computer program products, for load balancing among VOIP servers. An identity table includes an identity entry for a plurality of servers, each identity entry comprising a FQDN and load balancing information. A persistence table stores persistence entries indicative of a persistent connection between a client and a server. Updated load balancing information determined by the first server is received. The identity table is updated based on the updated load balancing information. A service request is received from a client. If the client is not associated with a persistence entry, a second server is selected from the plurality of servers based on load balancing information for each identity entry in the identity table. A persistence entry is stored indicative of a persistent connection between the client and the selected second server, the persistence entry comprising a FQDN and an identifier for the client.
摘要翻译: 描述了基于计算机的方法和装置,包括用于VOIP服务器之间的负载平衡的计算机程序产品。 身份表包括多个服务器的身份条目,每个身份条目包括FQDN和负载平衡信息。 持久性表存储指示客户端和服务器之间持久连接的持久性条目。 收到由第一台服务器确定的更新的负载平衡信息。 基于更新的负载均衡信息更新身份表。 从客户端接收到服务请求。 如果客户端不与持久性条目相关联,则基于身份表中的每个身份条目的负载平衡信息从多个服务器中选择第二服务器。 存储指示客户端和所选择的第二服务器之间的持久连接的持久性条目,持久性条目包括FQDN和客户端的标识符。
-
公开(公告)号:US20110271097A1
公开(公告)日:2011-11-03
申请号:US12770476
申请日:2010-04-29
CPC分类号: H04L63/0485 , H04L69/162
摘要: Described are computer-based methods and apparatuses, including computer program products, for loosely-coupled encryption functionality for operating systems. A data packet is processed through one or more internet protocol stack layers to generate a processed data packet. Modified encryption information is determined that does not comprise a desired security policy for the data packet and comprises null parameter(s) and is based on encryption information that comprises the desired security policy. A message comprising data indicative of the encryption information is transmitted. An operating system is unaware of a security nature of the transmission. A null-encryption routine is executed to generate an unencrypted data packet, wherein the null-encryption routine does not encrypt the processed data packet. The unencrypted data packet is transmitted to the second computing device. The unencrypted data packet is encrypted based on the message transmitted from the first computing device to generate an encrypted data packet.
摘要翻译: 描述了基于计算机的方法和装置,包括用于操作系统的松散耦合加密功能的计算机程序产品。 数据包通过一个或多个互联网协议栈层进行处理,以产生经处理的数据包。 确定不包括用于数据分组的期望的安全策略的修改的加密信息,并且包括空参数并且基于包括期望的安全策略的加密信息。 发送包括指示加密信息的数据的消息。 操作系统不知道传输的安全性质。 执行空加密例程以生成未加密的数据分组,其中空加密例程不加密经处理的数据分组。 未加密的数据分组被发送到第二计算设备。 基于从第一计算设备发送的消息来加密未加密的数据分组,以生成加密的数据分组。
-
3.发明申请Filtering and Policing for Defending Against Denial of Service Attacks on a Network 有权过滤和管理以防止网络上的拒绝服务攻击公开(公告)号:US20080134327A1
公开(公告)日:2008-06-05
申请号:US11565940
申请日:2006-12-01
申请人: Shaun Jaikarran Bharrat , Mark Duffy , Ronald V. Grippo , Shiping Li , John A. Perreault , Jian Yang
发明人: Shaun Jaikarran Bharrat , Mark Duffy , Ronald V. Grippo , Shiping Li , John A. Perreault , Jian Yang
IPC分类号: G06F21/00
CPC分类号: H04L63/1458 , H04L2463/141
摘要: Described are computer-based methods and apparatuses, including computer program products, for filtering and policing for defending against denial of service attacks on a network. A data packet is filtered by a multi-tiered filtering and transmission system. Data packets matching the first tier filter are discarded. Data packets matching the second tier filter are transmitted to an output module based on a criterion. Data packets in the third tier filter are hashed into bins and data packets matching an entry in the bin are transmitted to the output module based on a criterion for the bin. Data packets in the fourth tier transmission system are transmitted to the output module based on a criterion. Data packets that do not meet the criterion for transmission to the output module are transmitted to an attack identification module which analyzes the data packets to identify attacks.
摘要翻译: 描述了基于计算机的方法和装置,包括计算机程序产品,用于过滤和监管以防止网络上的拒绝服务攻击。 数据包被多层过滤和传输系统过滤。 与第一层过滤器匹配的数据包将被丢弃。 基于标准将与第二层过滤器匹配的数据包发送到输出模块。 第三层过滤器中的数据包被散列到箱中,并且与箱中的条目匹配的数据包根据箱的标准传输到输出模块。 基于标准将第四层传输系统中的数据包发送到输出模块。 不符合传输到输出模块标准的数据包被传送到攻击识别模块,该模块分析数据包以识别攻击。
-
4.发明申请公开(公告)号:US20110083175A1
公开(公告)日:2011-04-07
申请号:US12574286
申请日:2009-10-06
CPC分类号: H04L47/20 , H04L47/215 , H04L47/2408 , H04L47/2425
摘要: Methods and apparatuses, including computer program products, are described for policing and prioritizing of data services. Each packet in a data stream is directed to a substream policer of a plurality of substream policers. Each packet is allowed through the substream policer based on rate parameters associated with the substream policer. The packets allowed by the substream policer are directed to an aggregate policer. Each packet allowed through the substream policer is allowed through the aggregate policer based on rate parameters associated with the aggregate policer. The substream policer and the aggregate policer are charged for each packet allowed by both the substream policer and the aggregate policer. The substream policer and the aggregate policer are not charged for each packet not allowed by either the substream policer or the aggregate policer.
摘要翻译: 描述了包括计算机程序产品在内的方法和设备,用于对数据服务进行管理和优先级排序。 数据流中的每个分组被引导到多个子流策略器的子流策略器。 基于与子流策略器相关联的速率参数,允许每个分组通过子流策略器。 子流策略器允许的数据包被引导到聚合策略器。 通过子流策略器允许的每个数据包都可以通过聚合策略器,基于与聚合策略器相关联的速率参数。 子流策略器和聚合策略器对于子流策略器和聚合策略器允许的每个数据包进行计费。 子流策略器和聚合策略器不对子流策略器或聚合策略器不允许的每个数据包进行计费。
-
5.发明申请公开(公告)号:US20110038259A1
公开(公告)日:2011-02-17
申请号:US12702993
申请日:2010-02-09
申请人: Shaun Jaikarran Bharrat , Kevin John Pilotte , Tolga Asveren , Vijay Subramanian , Vince Hung-Kwan Choy
发明人: Shaun Jaikarran Bharrat , Kevin John Pilotte , Tolga Asveren , Vijay Subramanian , Vince Hung-Kwan Choy
IPC分类号: H04L12/56
CPC分类号: H04L47/2441 , H04L47/20 , H04L47/215
摘要: Methods and apparatuses, including computer program products, are described for priority policing of requests with deferred determination of priority level. The method includes directing each packet in a data stream to a policer. The method also includes determining whether to allow, reject, or conditionally pass each packet through the policer based on parameters associated with the policer. The method also includes directing each packet conditionally passed by the policer to a classifier associated with the policer. The method also includes determining, by the classifier, a priority value of each packet received from the policer. The method also includes directing, by the classifier, each prioritized packet to the policer. The method also includes determining whether to allow or reject each prioritized packet through the policer based on the priority value.
摘要翻译: 描述了包括计算机程序产品在内的方法和设备,用于优先处理优先级优先级确定的请求。 该方法包括将数据流中的每个分组引导到策略器。 该方法还包括基于与策略器相关联的参数来确定是否允许,拒绝或有条件地通过策略器传递每个分组。 该方法还包括将由策略器有条件地传递的每个分组引导到与策略器相关联的分类器。 该方法还包括由分类器确定从策略器接收的每个分组的优先级值。 该方法还包括由分类器将每个优先化分组指向策略器。 该方法还包括基于优先级值确定是否允许或拒绝通过策略器的每个优先化分组。
-
公开(公告)号:US08699343B2
公开(公告)日:2014-04-15
申请号:US12430708
申请日:2009-04-27
IPC分类号: H04L12/26
CPC分类号: H04L65/4092 , H04L47/263 , H04L47/28 , H04L67/1002 , Y02D50/10
摘要: Described are methods and apparatuses, including computer program products, for limiting server overload via client control. A first set of a plurality of requests are transmitted to a server at a first transmission rate during a first period of time. The first transmission rate is limited to be less than or equal to a first transmission limit rate. An overload value is determined based on whether at least two or more requests of the first set of requests for service satisfy an overload criterion. A second transmission limit rate is determined based on the overload value and the first transmission limit rate. A second set of a plurality of requests is transmitted to the server at a second transmission rate during a second period of time. The second transmission rate is limited to be less than or equal to the second transmission limit rate.
摘要翻译: 描述了通过客户端控制来限制服务器过载的方法和装置,包括计算机程序产品。 第一组多个请求在第一时间段期间以第一传输速率被发送到服务器。 第一传输速率被限制为小于或等于第一传输限制速率。 基于第一组服务请求的至少两个以上的请求是否满足过载标准来确定过载值。 基于过载值和第一传输限制速率确定第二传输限制速率。 第二组多个请求在第二时间段期间以第二传输速率被发送到服务器。 第二传输速率被限制为小于或等于第二传输限制速率。
-
7.发明授权Transparent recovery of transport connections using packet translation techniques 有权使用分组转换技术透明地恢复传输连接公开(公告)号:US08335853B2
公开(公告)日:2012-12-18
申请号:US12641105
申请日:2009-12-17
IPC分类号: G06F15/16
CPC分类号: H04L43/0811 , G06F11/1443 , G06F11/1482 , G06F11/1497 , G06F11/2005 , G06F11/2097 , H04L61/2503 , H04L61/6063 , H04L69/16 , H04L69/161 , H04L69/162 , H04L69/163 , H04L69/22 , H04L69/40
摘要: Methods and apparatuses, including computer program products, are described for transparent recovery of transport connections. The method includes collecting a state associated with a first connection between a first server and a remote server via a first network socket and transmitting the state from a first networking module to a second networking module. The method includes storing the state, opening a second network socket based on failure of the first networking module, intercepting outbound packets associated with a request to initiate a second connection between the first server and the remote server via the second socket, modifying the intercepted packets based on the state, and transmitting the modified packets to the remote server to elicit an acknowledgement to maintain the first connection. The method includes receiving packets associated with the acknowledgment from the remote server, and modifying the received packets to acknowledge the request to initiate the second connection.
摘要翻译: 描述了包括计算机程序产品在内的方法和装置,用于传输连接的透明恢复。 该方法包括经由第一网络套接字收集与第一服务器和远程服务器之间的第一连接相关联的状态,并将该状态从第一联网模块传输到第二联网模块。 该方法包括存储状态,基于第一联网模块的故障来打开第二网络套接字,拦截与通过第二套接字发起第一服务器和远程服务器之间的第二连接的请求相关联的出站分组,修改截获的分组 并且将修改的分组发送到远程服务器以引出确认来维护第一连接。 所述方法包括从所述远程服务器接收与所述确认相关联的分组,以及修改所接收的分组以确认所述请求以启动所述第二连接。
-
公开(公告)号:US20110271096A1
公开(公告)日:2011-11-03
申请号:US12770473
申请日:2010-04-29
IPC分类号: H04L29/06
CPC分类号: H04L63/0485 , H04L63/164 , H04L69/32
摘要: Described are computer-based methods and apparatuses, including computer program products, for loosely-coupled encryption functionality for operating systems. A data packet is processed through one or more internet protocol stack layers to generate a processed data packet. Encryption information is determined that includes parameters for encrypting and decrypting data packets transmitted between the first computing device and the remote computer. A message comprising data indicative of the encryption information is transmitted to a second computing device, wherein an operating system being executed is unaware of a security nature of the transmission. A bypass encryption routine is executed to generate a unencrypted data packet, wherein the bypass encryption routine does not encrypt the processed data packet. The unencrypted data packet is transmitted to the second computing device. The unencrypted data packet is encrypted based on the message transmitted from the first computing device to generate an encrypted data packet.
摘要翻译: 描述了基于计算机的方法和装置,包括用于操作系统的松散耦合加密功能的计算机程序产品。 数据包通过一个或多个互联网协议栈层进行处理,以产生经处理的数据包。 确定加密信息,其包括用于加密和解密在第一计算设备和远程计算机之间传输的数据分组的参数。 包括指示加密信息的数据的消息被发送到第二计算设备,其中正在执行的操作系统不知道传输的安全性质。 执行旁路加密例程以生成未加密的数据分组,其中旁路加密例程不对经处理的数据分组进行加密。 未加密的数据分组被发送到第二计算设备。 基于从第一计算设备发送的消息来加密未加密的数据分组,以生成加密的数据分组。
-
公开(公告)号:US07940657B2
公开(公告)日:2011-05-10
申请号:US11565944
申请日:2006-12-01
申请人: John A. Perreault , Shaun Jaikarran Bharrat , Mark Duffy , Gary Robert McCarthy , Jian Yang , Shiping Li
发明人: John A. Perreault , Shaun Jaikarran Bharrat , Mark Duffy , Gary Robert McCarthy , Jian Yang , Shiping Li
IPC分类号: G06F15/16
CPC分类号: H04L63/0227 , H04L63/101 , H04L63/12 , H04L2463/141
摘要: Described are computer-based methods and apparatuses, including computer program products, for identifying attackers on a network. A data packet is filtered by a multi-tiered filtering and transmission system. Data packets matching the first tier filter are discarded. Data packets matching the second tier filter are transmitted to an output module based on a criterion. Data packets in the third tier filter are hashed into bins and data packets matching an entry in the bin are transmitted to the output module based on a criterion for the bin. Data packets in the fourth tier transmission system are transmitted to the output module based on a criterion. Data packets that do not meet the criterion for transmission to the output module are transmitted to an attack identification module which analyzes the data packets to identify attacks.
摘要翻译: 描述了基于计算机的方法和设备,包括用于识别网络上的攻击者的计算机程序产品。 数据包被多层过滤和传输系统过滤。 与第一层过滤器匹配的数据包将被丢弃。 基于标准将与第二层过滤器匹配的数据包发送到输出模块。 第三层过滤器中的数据包被散列到箱中,并且与箱中的条目匹配的数据包根据箱的标准传输到输出模块。 基于标准将第四层传输系统中的数据包发送到输出模块。 不符合传输到输出模块的标准的数据包被传送到攻击识别模块,该模块分析数据包以识别攻击。
-
10.发明申请Transparent Recovery of Transport Connections Using Packet Translation Techniques 有权使用分组转换技术透明地恢复传输连接公开(公告)号:US20110153834A1
公开(公告)日:2011-06-23
申请号:US12641105
申请日:2009-12-17
CPC分类号: H04L43/0811 , G06F11/1443 , G06F11/1482 , G06F11/1497 , G06F11/2005 , G06F11/2097 , H04L61/2503 , H04L61/6063 , H04L69/16 , H04L69/161 , H04L69/162 , H04L69/163 , H04L69/22 , H04L69/40
摘要: Methods and apparatuses, including computer program products, are described for transparent recovery of transport connections. The method includes collecting a state associated with a first connection between a first server and a remote server via a first network socket and transmitting the state from a first networking module to a second networking module. The method includes storing the state, opening a second network socket based on failure of the first networking module, intercepting outbound packets associated with a request to initiate a second connection between the first server and the remote server via the second socket, modifying the intercepted packets based on the state, and transmitting the modified packets to the remote server to elicit an acknowledgement to maintain the first connection. The method includes receiving packets associated with the acknowledgment from the remote server, and modifying the received packets to acknowledge the request to initiate the second connection.
摘要翻译: 描述了包括计算机程序产品在内的方法和装置,用于传输连接的透明恢复。 该方法包括经由第一网络套接字收集与第一服务器和远程服务器之间的第一连接相关联的状态,并将该状态从第一联网模块传输到第二联网模块。 该方法包括存储状态,基于第一联网模块的故障来打开第二网络套接字,拦截与通过第二套接字发起第一服务器和远程服务器之间的第二连接的请求相关联的出站分组,修改截获的分组 并且将修改的分组发送到远程服务器以引出确认来维护第一连接。 所述方法包括从所述远程服务器接收与所述确认相关联的分组,以及修改所接收的分组以确认所述请求以启动所述第二连接。
-
-
-
-
-
-
-
-
-
搜索结果
14 条记录 (耗时 0.017 秒)
