公开(公告)号：US20080031265A1

公开(公告)日：2008-02-07

申请号：US11462253

申请日：2006-08-03

申请人： Amarnath Mullick ,  Charu Venkatraman ,  Shashi Nanjundaswami ,  Junxiao He ,  Roy Rajan ,  Ajay Soni

发明人： Amarnath Mullick ,  Charu Venkatraman ,  Shashi Nanjundaswami ,  Junxiao He ,  Roy Rajan ,  Ajay Soni

IPC分类号： H04L12/56

CPC分类号： H04L12/4641 ,  H04L41/046 ,  H04L41/0893 ,  H04L43/00 ,  H04L43/0811 ,  H04L43/0817 ,  H04L43/10 ,  H04L63/0272 ,  H04L63/166

摘要： Systems and methods are described for using a client agent executing on a client to send ICMP messages to an appliance connected via a virtual private network Methods include: establishing, via a client agent executing on a client, a transport layer virtual private network connection with an appliance; intercepting, by the client agent at the network layer, an ICMP request originating from the client; and transmitting, by the client agent via a transport layer connection, the ICMP request to the appliance. Addition methods describe determining, by the appliance, the address identified by the ICMP request corresponds to a second client, the second client also connected via a virtual private network to the remote machine; and transmitting, by the appliance to the second client via the virtual private network connection, the ICMP request. Corresponding systems are also described.

摘要翻译： 描述了使用在客户端上执行的客户端代理将ICMP消息发送到经由虚拟专用网连接的设备的系统和方法。方法包括：通过在客户端上执行的客户端代理来建立传输层虚拟专用网络连接 器具; 由网络层的客户代理拦截来自客户端的ICMP请求; 以及由所述客户端代理经由传输层连接向所述设备发送所述ICMP请求。 附加方法描述了由设备确定由ICMP请求标识的地址对应于第二客户端，第二客户端还经由虚拟专用网络连接到远程机器; 以及由所述设备经由所述虚拟专用网络连接向所述第二客户端发送所述ICMP请求。 还描述了相应的系统。

公开(公告)号：US07907621B2

公开(公告)日：2011-03-15

申请号：US11462253

申请日：2006-08-03

申请人： Amarnath Mullick ,  Charu Venkatraman ,  Shashi Nanjundaswamy ,  Junxiao He ,  Roy Rajan ,  Ajay Soni

发明人： Amarnath Mullick ,  Charu Venkatraman ,  Shashi Nanjundaswamy ,  Junxiao He ,  Roy Rajan ,  Ajay Soni

IPC分类号： H04L12/28

CPC分类号： H04L12/4641 ,  H04L41/046 ,  H04L41/0893 ,  H04L43/00 ,  H04L43/0811 ,  H04L43/0817 ,  H04L43/10 ,  H04L63/0272 ,  H04L63/166

摘要： Systems and methods are described for using a client agent executing on a client to send ICMP messages to an appliance connected via a virtual private network Methods include: establishing, via a client agent executing on a client, a transport layer virtual private network connection with an appliance; intercepting, by the client agent at the network layer, an ICMP request originating from the client; and transmitting, by the client agent via a transport layer connection, the ICMP request to the appliance. Addition methods describe determining, by the appliance, the address identified by the ICMP request corresponds to a second client, the second client also connected via a virtual private network to the remote machine; and transmitting, by the appliance to the second client via the virtual private network connection, the ICMP request. Corresponding systems are also described.

摘要翻译： 描述了使用在客户端上执行的客户端代理将ICMP消息发送到经由虚拟专用网连接的设备的系统和方法。方法包括：通过在客户端上执行的客户端代理来建立传输层虚拟专用网络连接 器具; 由网络层的客户代理拦截来自客户端的ICMP请求; 以及由所述客户端代理经由传输层连接向所述设备发送所述ICMP请求。 附加方法描述了由设备确定由ICMP请求标识的地址对应于第二客户端，第二客户端还经由虚拟专用网络连接到远程机器; 以及由所述设备经由所述虚拟专用网络连接向所述第二客户端发送所述ICMP请求。 还描述了相应的系统。

公开(公告)号：US20080034413A1

公开(公告)日：2008-02-07

申请号：US11462308

申请日：2006-08-03

申请人： Junxiao He ,  Charu Venkatraman ,  Roy Rajan ,  Ajay Soni

发明人： Junxiao He ,  Charu Venkatraman ,  Roy Rajan ,  Ajay Soni

IPC分类号： H04L9/32

CPC分类号： H04L12/4641 ,  H04L63/0272 ,  H04L63/08 ,  H04L63/166 ,  H04L67/02

摘要： Systems and methods are described for using a client agent to manage HTTP authentication cookies. One method includes intercepting, by a client agent executing on a client, a connection request from the client; establishing, by the client agent, a transport layer virtual private network connection with a network appliance; transmitting, by the client agent via the established connection, an HTTP request comprising an authentication cookie; and transmitting, by the client agent via the connection, the connection request. A second method includes intercepting, by a client agent executing on a client, an HTTP communication comprising a cookie from an appliance on a virtual private network to the client; removing, by the client agent, the cookie from the HTTP communication; storing, by the client agent, the received cookie; transmitting, by the client agent, the modified HTTP communication to an application executing on the client; intercepting, by the client agent, an HTTP request from the client; inserting, by the client agent in the HTTP request, the received cookie; and transmitting the modified HTTP request to the appliance. Corresponding systems are also described.

摘要翻译： 描述了使用客户端代理来管理HTTP身份验证cookie的系统和方法。 一种方法包括由在客户端上执行的客户端代理截取来自客户端的连接请求; 由客户端代理建立与网络设备的传输层虚拟专用网络连接; 由所述客户端代理经由建立的连接发送包括认证cookie的HTTP请求; 以及由所述客户端代理经由所述连接发送所述连接请求。 第二种方法包括由在客户端上执行的客户端代理拦截包括来自虚拟专用网络上的设备到客户端的cookie的HTTP通信; 由客户端代理从HTTP通信中删除该cookie; 由客户代理存储接收到的cookie; 由客户端代理将经修改的HTTP通信传送到在客户机上执行的应用程序; 由客户端代理拦截来自客户端的HTTP请求; 由客户端代理在HTTP请求中插入接收到的cookie; 以及将修改的HTTP请求发送到所述设备。 还描述了相应的系统。

公开(公告)号：US08392977B2

公开(公告)日：2013-03-05

申请号：US11462308

申请日：2006-08-03

申请人： Junxiao He ,  Charu Venkatraman ,  Roy Rajan ,  Ajay Soni

发明人： Junxiao He ,  Charu Venkatraman ,  Roy Rajan ,  Ajay Soni

IPC分类号： H04L29/06

CPC分类号： H04L12/4641 ,  H04L63/0272 ,  H04L63/08 ,  H04L63/166 ,  H04L67/02

摘要： Systems and methods are described for using a client agent to manage HTTP authentication cookies. One method includes intercepting, by a client agent executing on a client, a connection request from the client; establishing, by the client agent, a transport layer virtual private network connection with a network appliance; transmitting, by the client agent via the established connection, an HTTP request comprising an authentication cookie; and transmitting, by the client agent via the connection, the connection request. A second method includes intercepting, by a client agent executing on a client, an HTTP communication comprising a cookie from an appliance on a virtual private network to the client; removing, by the client agent, the cookie from the HTTP communication; storing, by the client agent, the received cookie; transmitting, by the client agent, the modified HTTP communication to an application executing on the client; intercepting, by the client agent, an HTTP request from the client; inserting, by the client agent in the HTTP request, the received cookie; and transmitting the modified HTTP request to the appliance. Corresponding systems are also described.

公开(公告)号：US08463887B2

公开(公告)日：2013-06-11

申请号：US12645803

申请日：2009-12-23

申请人： Roy Rajan ,  Saravanakumar Annamalaisami

发明人： Roy Rajan ,  Saravanakumar Annamalaisami

IPC分类号： G06F15/173

CPC分类号： H04L47/32 ,  H04L67/1002 ,  H04L67/1008 ,  H04L67/1029 ,  H04L69/16

摘要： The present application is directed towards systems and methods for providing connection surge protection to one or more servers by an intermediary multi-core system. A packet processing engine of a multi-core device deployed as an intermediary between a plurality of clients and one or more servers determines an estimated number of total pending requests received by all packet processing engines based on a value of a local counter of received requests, the total number of pending requests received by all other packet processing engines at a last predetermined interval, and a rate of change of the total number of pending requests received by all other packet processing engines multiplied by the time since the last predetermined interval. The packet processing engine applies a surge protection policy to received pending requests responsive to the determined estimated number of total pending requests.

公开(公告)号：US20110154488A1

公开(公告)日：2011-06-23

申请号：US12645938

申请日：2009-12-23

申请人： Roy Rajan ,  Saravanakumar Annamalaisami

发明人： Roy Rajan ,  Saravanakumar Annamalaisami

IPC分类号： G06F21/00

CPC分类号： G06F15/167 ,  H04L63/123 ,  H04L63/168

摘要： The present application is directed towards systems and methods for generating and maintaining cookie consistency for security protection across a plurality of cores in a multi-core system. A packet processing engine executing on one core designated as a primary packet processing engine generates and maintains a global random seed. The global random seed may be used as an initial seed for creation of cookie signatures by each of a plurality of packet processing engines executing on a plurality of cores of the multi-core system using a deterministic pseudo-random number generation function such that each core creates an identical set of cookie signatures.

摘要翻译： 本申请涉及用于生成和维护跨多核系统中的多个核心的安全保护的cookie一致性的系统和方法。 在指定为主分组处理引擎的一个核上执行的分组处理引擎生成并维护全局随机种子。 全局随机种子可以被用作通过使用确定性伪随机数生成函数在多核系统的多个核上执行的多个分组处理引擎中的每一个来创建cookie签名的初始种子，使得每个核心 创建一组相同的cookie签名。

公开(公告)号：US08843645B2

公开(公告)日：2014-09-23

申请号：US12822825

申请日：2010-06-24

申请人： Saravanakumar Annamalaisami ,  Ashok Kumar Jagadeeswaran ,  Mahesh Mylarappa ,  Roy Rajan

发明人： Saravanakumar Annamalaisami ,  Ashok Kumar Jagadeeswaran ,  Mahesh Mylarappa ,  Roy Rajan

IPC分类号： G06F15/16 ,  H04L29/06

CPC分类号： H04L63/1458 ,  H04L63/166 ,  H04L63/168

摘要： Described herein is a method and system for preventing Denial of Service (DoS) attacks. An intermediary device is deployed between clients and servers. The device receives a first packet of an application layer transaction via a transport layer connection between the device and client. The device records a last activity time for the transport layer connection based upon the timestamp of the first packet. The device receives subsequent data packets and determines whether the data in the packets completes a protocol data structure of the application layer protocol. If the device determines that the subsequent packet completes the protocol data structure, the last activity time is updated. If the device determines that the application layer protocol remains incomplete, the device retains the last activity time and determines that the duration of inactivity for the transport layer connection exceeds a predetermined threshold. The device may subsequently drop the connection.

摘要翻译： 这里描述了防止拒绝服务（DoS）攻击的方法和系统。 中间设备部署在客户端和服务器之间。 设备经由设备和客户端之间的传输层连接来接收应用层事务的第一分组。 设备根据第一个数据包的时间戳记记录传输层连接的最后活动时间。 该设备接收后续的数据包，并确定包中的数据是否完成了应用层协议的协议数据结构。 如果设备确定后续分组完成协议数据结构，则最后的活动时间被更新。 如果设备确定应用层协议保持不完整，则设备保留最后的活动时间，并确定传输层连接的不活动持续时间超过预定阈值。 该设备可以随后丢弃连接。

公开(公告)号：US08392562B2

公开(公告)日：2013-03-05

申请号：US12645828

申请日：2009-12-23

申请人： Roy Rajan ,  Ashwin Jagadish ,  Saravanakumar Annamalaisami

发明人： Roy Rajan ,  Ashwin Jagadish ,  Saravanakumar Annamalaisami

IPC分类号： G06F15/173

CPC分类号： H04L67/14 ,  G06F9/5055

摘要： The present application is directed towards systems and methods for providing a cookie by an intermediary device comprising a plurality of packet processing engines executing on a corresponding plurality of cores, the cookie identifying a session of a user that was redirected responsive to a service exceeding a response time limit. The cookie may be generated with identifiers based off a name of a virtual server managing a service of a server, and a name of a policy associated with the virtual server. Each packet processing engine of the plurality of packet processing engines may interpret cookies generated by other packet processing engines due to the name of the virtual server and name of the policy, and may provide preferred client connectivity based on cookies included in requests for access to a service.

公开(公告)号：US08214505B2

公开(公告)日：2012-07-03

申请号：US12820730

申请日：2010-06-22

申请人： Ashok Kumar Jagadeeswaran ,  Roy Rajan ,  Saravanakumar Annamalaisami

发明人： Ashok Kumar Jagadeeswaran ,  Roy Rajan ,  Saravanakumar Annamalaisami

IPC分类号： G06F15/16

CPC分类号： H04L67/22 ,  H04L67/02

摘要： The present application presents systems and methods for handling by an HTTP virtual server (HTTPVS), connections via which non-HTTP data is transmitted between clients and servers. HTTPVS intercepts a request from a client to establish first transport layer connection (TLC) with a server. HTTPVS establishes second TLC with the servers in response to receiving an acknowledgment from a client to establish the first TLC. HTTPVS determines if a first network packet transmitted via first TLC comprises an HTTP payload or non-HTTP payload. If HTTPVP the first network packet includes HTTP payload, HTTPVS may process all transmissions from the first TLC in accordance with connection tracking and forward the processed transmissions to the server via the second TLC. If HTTPVS determines that the first network packet does not include an HTTP payload, HTTPVS may link the first TLC and the second TLC so the client and server exchange non-HTTP communication without interruption.

摘要翻译： 本应用程序提供了由HTTP虚拟服务器（HTTPVS）处理的系统和方法，通过该连接在客户端和服务器之间传输非HTTP数据。 HTTPVS拦截来自客户端的请求，以建立与服务器的第一传输层连接（TLC）。 HTTPVS与服务器建立第二个TLC，响应于从客户端收到建立第一个TLC的确认。 HTTPVS确定通过第一TLC发送的第一网络分组是否包含HTTP有效载荷或非HTTP有效载荷。 如果第一网络分组的HTTPVP包括HTTP有效载荷，则HTTPVS可以根据连接跟踪处理来自第一TLC的所有传输，并且经由第二TLC将处理后的传输转发到服务器。 如果HTTPVS确定第一个网络数据包不包含HTTP有效载荷，则HTTPVS可以链接第一个TLC和第二个TLC，以便客户端和服务器不间断地交换非HTTP通信。

公开(公告)号：US20240202639A1

公开(公告)日：2024-06-20

申请号：US18536291

申请日：2023-12-12

申请人： Roy Rajan

发明人： Roy Rajan

IPC分类号： G06Q10/0639

CPC分类号： G06Q10/06393 ,  G06Q10/06398

摘要： The present disclosure relates to a method for prioritizing business opportunities. The method includes periodically analyzing activities performed by a group of buying committee members, determining a score for each of the group of buying committee members based on the analysis. The method comprises computing a persona score based on the determined scores of the buying committee members, determining a base opportunity score based on weighted average of the computed persona score. The method further comprises determining a surge score by analyzing intent signals from accounts, and determining an opportunity score based on the base opportunity score and the surge score.