公开(公告)号：US5878231A

公开(公告)日：1999-03-02

申请号：US795374

申请日：1997-02-04

申请人： Geoffrey G. Baehr ,  William Danielson ,  Thomas L. Lyon ,  Geoffrey Mulligan ,  Martin Patterson ,  Glenn C. Scott ,  Carolyn Turbyfill

发明人： Geoffrey G. Baehr ,  William Danielson ,  Thomas L. Lyon ,  Geoffrey Mulligan ,  Martin Patterson ,  Glenn C. Scott ,  Carolyn Turbyfill

IPC分类号： G06F13/00 ,  H04L29/06 ,  G06F13/38 ,  G06F15/17

CPC分类号： H04L63/0236

摘要： A system for screening data packets transmitted between a network to be protected, such as a private network, and another network, such as a public network. The system includes a dedicated computer with multiple (specifically, three) types of network ports: one connected to each of the private and public networks, and one connected to a proxy network that contains a predetermined number of the hosts and services, some of which may mirror a subset of those found on the private network. The proxy network is isolated from the private network, so it cannot be used as a jumping off point for intruders. Packets received at the screen (either into or out of a host in the private network) are filtered based upon their contents, state information and other criteria, including their source and destination, and actions are taken by the screen depending upon the determination of the filtering phase. The packets may be allowed through, with or without alteration of their data, IP (internet protocol) address, etc., or they may be dropped, with or without an error message generated to the sender of the packet. Packets may be sent with or without alteration to a host on the proxy network that performs some or all of the functions of the intended destination host as specified by a given packet. The passing through of packets without the addition of any network address pertaining to the screening system allows the screening system to function without being identifiable by such an address, and therefore it is more difficult to target as an IP entity, e.g. by intruders.

摘要翻译： 一种用于筛选在诸如专用网络的被保护网络之间传送的数据分组和诸如公共网络的另一网络之间的数据分组的系统。 该系统包括具有多个（具体为三个）类型的网络端口的专用计算机：一个连接到每个私有和公共网络，以及一个连接到代理网络，其包含预定数量的主机和服务，其中一些 可能会反映在专用网络中发现的一个子集。 代理网络与专用网络隔离，因此不能作为入侵者的跳点使用。 根据其内容，状态信息和其他标准（包括其源和目的地），屏幕上接收到的数据包（进入或离开专用网络中的主机）被过滤，并且屏幕采取行动，这取决于 过滤阶段。 可以允许数据包通过或不改变其数据，IP（因特网协议）地址等，或者可以丢弃具有或不发送到分组的发送者的错误消息。 可以向代理网络上的主机发送或不进行分组，该主机执行由给定分组指定的预期目的地主机的一些或全部功能。 通过分组而不添加与筛选系统相关的任何网络地址，允许筛选系统在不被该地址识别的情况下起作用，因此更难以将其定位为IP实体。 由入侵者

公开(公告)号：US5727219A

公开(公告)日：1998-03-10

申请号：US854113

申请日：1997-05-09

申请人： Thomas L. Lyon ,  Sun-Den Chen ,  William Joy ,  Leslie D. Kohn ,  Charles E. Narad ,  Robert Yung

发明人： Thomas L. Lyon ,  Sun-Den Chen ,  William Joy ,  Leslie D. Kohn ,  Charles E. Narad ,  Robert Yung

IPC分类号： G06F13/10 ,  G06F13/28 ,  G06F13/38 ,  G06F9/46 ,  G06F13/24

CPC分类号： G06F13/28 ,  G06F13/10 ,  G06F13/385

摘要： A virtual I/O processor (VIOP) is implemented using a programmed I/O (PIO) unit. The PIO unit is complemented by a VIOP interrupt, a VIOP interrupt handler, and a number of VIOP data structures. Preferably, the PIO unit is further complemented with a set of dedicated I/O global registers, a number of VIOP library read/write routines for various I/O device types, and non-blocking read and write operations. During execution, these elements cooperate with each other to perform multiple sequences of programmed I/Os as if they were being performed by a dedicated I/O processor.

摘要翻译： 使用编程的I / O（PIO）单元实现虚拟I / O处理器（VIOP）。 PIO单元由VIOP中断，VIOP中断处理程序和多个VIOP数据结构补充。 优选地，PIO单元进一步补充有一组专用I / O全局寄存器，用于各种I / O设备类型的多个VIOP库读/写例程以及非阻塞读写操作。 在执行期间，这些元件彼此协作以执行多个编程I / O序列，就像它们由专用I / O处理器执行一样。

公开(公告)号：US5802320A

公开(公告)日：1998-09-01

申请号：US444351

申请日：1995-05-18

申请人： Geoffrey G. Baehr ,  William Danielson ,  Thomas L. Lyon ,  Geoffrey Mulligan ,  Martin Patterson ,  Glenn C. Scott ,  Carolyn Turbyfill

发明人： Geoffrey G. Baehr ,  William Danielson ,  Thomas L. Lyon ,  Geoffrey Mulligan ,  Martin Patterson ,  Glenn C. Scott ,  Carolyn Turbyfill

IPC分类号： G06F13/00 ,  H04L29/06 ,  G06F15/163

CPC分类号： H04L63/0236

摘要： A system for screening data packets transmitted between a network to be protected, such as a private network, and another network, such as a public network. The system includes a dedicated computer with multiple (specifically, three) types of network ports: one connected to each of the private and public networks, and one connected to a proxy network that contains a predetermined number of the hosts and services, some of which may mirror a subset of those found on the private network. The proxy network is isolated from the private network, so it cannot be used as a jumping off point for intruders. Packets received at the screen (either into or out of a host in the private network) are filtered based upon their contents, state information and other criteria, including their source and destination, and actions are taken by the screen depending upon the determination of the filtering phase. The packets may be allowed through, with or without alteration of their data, IP (internet protocol) address, etc., or they may be dropped, with or without an error message generated to the sender of the packet. Packets may be sent with or without alteration to a host on the proxy network that performs some or all of the functions of the intended destination host as specified by a given packet. The passing through of packets without the addition of any network address pertaining to the screening system allows the screening system to function without being identifiable by such an address, and therefore it is more difficult to target as an IP entity, e.g. by intruders.

公开(公告)号：US07886103B2

公开(公告)日：2011-02-08

申请号：US12206501

申请日：2008-09-08

申请人： Satyanarayana Nishtala ,  Thomas L. Lyon ,  Daniel E. Lenoski

发明人： Satyanarayana Nishtala ,  Thomas L. Lyon ,  Daniel E. Lenoski

IPC分类号： H05K7/10 ,  G06F13/00

CPC分类号： G06F13/385 ,  G11C5/04

摘要： Embodiments of an I/O module, processing platform, and method for extending a memory interface are generally described herein. In some embodiments, the I/O module may be configured to operate in a memory module socket, such as a DIMM socket, to provide increased I/O functionality in a host system. Some system management bus address lines and some unused system clock signal lines may be reconfigured as serial data lines for serial data communications between the I/O module and a PCIe switch of the host system.

摘要翻译： 这里一般地描述用于扩展存储器接口的I / O模块，处理平台和方法的实施例。 在一些实施例中，I / O模块可以被配置为在诸如DIMM插槽的存储器模块插座中操作，以在主机系统中提供增加的I / O功能。 一些系统管理总线地址线和一些未使用的系统时钟信号线可以被重新配置为用于I / O模块和主机系统的PCIe交换机之间的串行数据通信的串行数据线。

公开(公告)号：US5884025A

公开(公告)日：1999-03-16

申请号：US795373

申请日：1997-02-04

申请人： Geoffrey G. Baehr ,  William Danielson ,  Thomas L. Lyon ,  Geoffrey Mulligan ,  Martin Patterson ,  Glenn C. Scott ,  Carolyn Turbyfill

发明人： Geoffrey G. Baehr ,  William Danielson ,  Thomas L. Lyon ,  Geoffrey Mulligan ,  Martin Patterson ,  Glenn C. Scott ,  Carolyn Turbyfill

IPC分类号： G06F13/00 ,  H04L29/06 ,  H04L9/00 ,  G06F15/163

CPC分类号： H04L63/0236

摘要： A system for screening data packets transmitted between a network to be protected, such as a private network, and another network, such as a public network. The system includes a dedicated computer with multiple (specifically, three) types of network ports: one connected to each of the private and public networks, and one connected to a proxy network that contains a predetermined number of the hosts and services, some of which may mirror a subset of those found on the private network. The proxy network is isolated from the private network, so it cannot be used as a jumping off point for intruders. Packets received at the screen (either into or out of a host in the private network) are filtered based upon their contents, state information and other criteria, including their source and destination, and actions are taken by the screen depending upon the determination of the filtering phase. The packets may be allowed through, with or without alteration of their data, IP (internet protocol) address, etc., or they may be dropped, with or without an error message generated to the sender of the packet. Packets may be sent with or without alteration to a host on the proxy network that performs some or all of the functions of the intended destination host as specified by a given packet. The passing through of packets without the addition of any network address pertaining to the screening system allows the screening system to function without being identifiable by such an address, and therefore it is more difficult to target as an IP entity, e.g. by intruders.

摘要翻译： 一种用于筛选在诸如专用网络的被保护网络之间传送的数据分组和诸如公共网络的另一网络之间的数据分组的系统。 该系统包括具有多个（具体为三个）类型的网络端口的专用计算机：一个连接到每个私有和公共网络，以及一个连接到代理网络，其包含预定数量的主机和服务，其中一些 可能会反映在专用网络中发现的一个子集。 代理网络与专用网络隔离，因此不能作为入侵者的跳点使用。 根据其内容，状态信息和其他标准（包括其源和目的地），屏幕上接收到的数据包（进入或离开专用网络中的主机）被过滤，并且屏幕采取行动，这取决于 过滤阶段。 可以允许数据包通过或不改变其数据，IP（因特网协议）地址等，或者可以丢弃具有或不发送到分组的发送者的错误消息。 可以向代理网络上的主机发送或不进行分组，该主机执行由给定分组指定的预期目的地主机的一些或全部功能。 通过分组而不添加与筛选系统相关的任何网络地址，允许筛选系统在不被该地址识别的情况下起作用，因此更难以将其定位为IP实体。 由入侵者