公开(公告)号：US20100223382A1

公开(公告)日：2010-09-02

申请号：US12395221

申请日：2009-02-27

申请人： Ammar Rayes ,  Michael Cheung ,  James McDonnell

发明人： Ammar Rayes ,  Michael Cheung ,  James McDonnell

IPC分类号： G06F15/173

CPC分类号： H04L41/0856 ,  H04L41/0853

摘要： A system, method and application for facilitating network support for an install-base network is provided. The method includes performing, at an access node of the install-base network, network discovery to discover one or more nodes of the install-base network. The method also includes collecting, at the nodes, their respective inventories (“network-node inventories”). The method further includes collecting the network-node inventories at the access node, and sending the network-node inventories from the access node to a back-office system external to the install-base network. The method may, optionally, include the access node aggregating the network-node inventories to form aggregate information, and sending the aggregate information to the back-office system in addition to or in lieu of the of network-node inventories.

摘要翻译： 提供了一种用于促进对安装基础网络的网络支持的系统，方法和应用。 该方法包括在安装基础网络的接入节点处执行网络发现以发现安装基础网络的一个或多个节点。 该方法还包括在节点处收集它们各自的库存（“网络节点库存”）。 该方法还包括在接入节点处收集网络节点库存，以及将网络节点库存从接入节点发送到安装基础网络外部的后台系统。 该方法可以可选地包括聚合网络节点库存以形成聚合信息的接入节点，以及除了网络节点库存之外或代替网络节点库存，将聚合信息发送到后台系统。

公开(公告)号：US07492711B1

公开(公告)日：2009-02-17

申请号：US10646661

申请日：2003-08-21

申请人： Michael Cheung ,  Mark Ammar Rayes

发明人： Michael Cheung ,  Mark Ammar Rayes

IPC分类号： G01R31/08

CPC分类号： H04L41/5019 ,  H04L41/0896 ,  H04L41/5067

摘要： A method of determining an amount of bandwidth needed on a communication link is disclosed. According to one aspect of the method, instead of considering only user behavior or only traffic characteristics, the amount of bandwidth needed on the link is determined based on both user behavior and traffic characteristics. The determined amount is stored in memory. By accounting for both user behavior and traffic characteristics, the method determines the amount of bandwidth needed on a communication link more accurately.

摘要翻译： 公开了一种确定通信链路所需带宽量的方法。 根据该方法的一个方面，代替仅考虑用户行为或仅考虑业务特性，基于用户行为和业务特性来确定链路所需的带宽量。 确定的量存储在存储器中。 通过考虑用户行为和流量特性，该方法更准确地确定通信链路所需的带宽量。

公开(公告)号：US20080060026A1

公开(公告)日：2008-03-06

申请号：US11512551

申请日：2006-08-29

申请人： Michael Cheung ,  Mark Ammar Rayes

发明人： Michael Cheung ,  Mark Ammar Rayes

IPC分类号： H04N7/18 ,  H04N7/173

CPC分类号： H04N7/17336 ,  H04L41/0213 ,  H04L41/28 ,  H04L63/104 ,  H04L63/14 ,  H04N21/44222 ,  H04N21/44236 ,  H04N21/4627 ,  H04N21/472 ,  H04N21/6125 ,  H04N21/6405 ,  H04N21/64723

摘要： A method and apparatus is disclosed for security-management of IP TV subscribers across a network comprising: receiving and storing at an access network element, a plurality of requests to connect to one or more multicast groups from a plurality of ports; retrieving, the plurality of requests from the access network element; generating, from the plurality of requests a first profile associated with a first port, wherein the profile includes multicast group request information associated with the first port; and detecting one or more anomalies based on the first profile and subscriber information and generating a notification if one or more anomalies are detected.

摘要翻译： 公开了一种用于跨越网络的IP电视用户的安全管理的方法和装置，包括：在接入网络单元处接收并存储多个请求以从多个端口连接到一个或多个多播组; 从所述接入网元检索所述多个请求; 从所述多个请求中产生与第一端口相关联的第一简档，其中所述简档包括与所述第一端口相关联的多播组请求信息; 以及基于所述第一简档和订户信息检测一个或多个异常，并且如果检测到一个或多个异常则产生通知。

公开(公告)号：US07607021B2

公开(公告)日：2009-10-20

申请号：US10797773

申请日：2004-03-09

申请人： Mark Ammar Rayes ,  Michael Cheung ,  Ralph Droms ,  Petre Dini

发明人： Mark Ammar Rayes ,  Michael Cheung ,  Ralph Droms ,  Petre Dini

IPC分类号： G06F12/14 ,  G06F11/30

CPC分类号： H04L63/1433 ,  H04L61/103 ,  H04L61/2015 ,  H04L61/2061 ,  H04L63/101 ,  H04L63/1408

摘要： An isolation approach for network users associated with elevated risk is disclosed for protecting networks. In one approach a method comprises the computer-implemented steps of determining a user identifier associated with a network device that has caused a security event in a network; causing the network device to receive a network address that is selected from a subset of addresses within a specified pool associated with suspected malicious network users; and configuring one or more security restrictions with respect to the selected network address.

摘要翻译： 为了保护网络，披露了与提高风险相关联的网络用户的隔离方法。 在一种方法中，一种方法包括计算机实现的步骤：确定与已经在网络中引起安全事件的网络设备相关联的用户标识符; 使得网络设备接收从与可疑恶意网络用户相关联的指定池内的地址子集中选择的网络地址; 以及针对所选择的网络地址配置一个或多个安全限制。

公开(公告)号：US07234163B1

公开(公告)日：2007-06-19

申请号：US10244996

申请日：2002-09-16

申请人： Ammar Rayes ,  Michael Cheung

发明人： Ammar Rayes ,  Michael Cheung

IPC分类号： G08B23/00

CPC分类号： H04L63/1466 ,  H04L29/12009 ,  H04L29/12018 ,  H04L61/10 ,  H04L2463/145

摘要： A method is disclosed for preventing spoofing of network addresses. A binding is established between an Internet Protocol (IP) address, a Media Access Control (MAC) address, and a port. An Address Resolution Protocol (ARP) table is updated based on the binding.

摘要翻译： 公开了一种防止网络地址欺骗的方法。 在因特网协议（IP）地址，媒体访问控制（MAC）地址和端口之间建立绑定。 基于绑定更新地址解析协议（ARP）表。

公开(公告)号：US07151884B1

公开(公告)日：2006-12-19

申请号：US11254591

申请日：2005-10-20

申请人： Mark Ammar Rayes ,  Michael Cheung

发明人： Mark Ammar Rayes ,  Michael Cheung

IPC分类号： H04L12/26

CPC分类号： H04L41/0803 ,  H04L43/0811 ,  H04L45/22 ,  H04L45/28 ,  H04W40/22 ,  H04W40/34 ,  H04W76/19

摘要： A method and a system for re-establishing the connection of a network device with a network, using viral communication, are provided. According to the various embodiments, a disconnected network device acts as a simple wireless device and contacts a neighboring network device to obtain configuration information. The request can be forwarded to a network management station (NMS) through one or more neighbors of the disconnected network device. Connectivity is obtained by executing the configuration instructions obtained from the NMS.

摘要翻译： 提供了使用病毒通信重新建立网络设备与网络的连接的方法和系统。 根据各种实施例，断开的网络设备充当简单的无线设备，并且与相邻网络设备联系以获得配置信息。 该请求可以通过断开的网络设备的一个或多个邻居转发到网络管理站（NMS）。 通过执行从NMS获得的配置指令获得连通性。

公开(公告)号：US07237267B2

公开(公告)日：2007-06-26

申请号：US10688051

申请日：2003-10-16

申请人： Ammar Rayes ,  Michael Cheung

发明人： Ammar Rayes ,  Michael Cheung

IPC分类号： G06F11/00

CPC分类号： H04L63/20 ,  H04L63/1458 ,  H04L63/1466

摘要： A policy-based network security management system is disclosed. In one embodiment, the system comprises a security management controller comprising one or more processors; a computer-readable medium carrying one or more sequences of instructions for policy-based network security management, wherein execution of the one or more sequences of instructions by the one or more processors causes the one or more processors to perform the steps of receiving a set of data regarding a user of a computer network; automatically deciding on a course of action based on the set of data, wherein the course of action may be adverse to the user although the set of data is insufficient to establish whether the user is performing a malicious action; and sending signals to one or more network elements in the computer network to implement the decision.

摘要翻译： 公开了一种基于策略的网络安全管理系统。 在一个实施例中，系统包括包括一个或多个处理器的安全管理控制器; 携带用于基于策略的网络安全管理的一个或多个指令序列的计算机可读介质，其中由所述一个或多个处理器执行所述一个或多个指令序列使所述一个或多个处理器执行以下步骤：接收集合 关于计算机网络的用户的数据; 基于所述数据集自动确定行动过程，其中尽管该组数据不足以确定用户是否正在执行恶意动作，其中行为过程可能不利于用户; 并向计算机网络中的一个或多个网络元件发送信号以实现该决定。

公开(公告)号：US20050086502A1

公开(公告)日：2005-04-21

申请号：US10688051

申请日：2003-10-16

申请人： Ammar Rayes ,  Michael Cheung

发明人： Ammar Rayes ,  Michael Cheung

IPC分类号： G06F20060101 ,  H04L9/32 ,  H04L29/06

CPC分类号： H04L63/20 ,  H04L63/1458 ,  H04L63/1466

摘要： A policy-based network security management system is disclosed. In one embodiment, the system comprises a security management controller comprising one or more processors; a computer-readable medium carrying one or more sequences of instructions for policy-based network security management, wherein execution of the one or more sequences of instructions by the one or more processors causes the one or more processors to perform the steps of receiving a set of data regarding a user of a computer network; automatically deciding on a course of action based on the set of data, wherein the course of action may be adverse to the user although the set of data is insufficient to establish whether the user is performing a malicious action; and sending signals to one or more network elements in the computer network to implement the decision.

摘要翻译： 公开了一种基于策略的网络安全管理系统。 在一个实施例中，系统包括包括一个或多个处理器的安全管理控制器; 携带用于基于策略的网络安全管理的一个或多个指令序列的计算机可读介质，其中由所述一个或多个处理器执行所述一个或多个指令序列使所述一个或多个处理器执行以下步骤：接收集合 关于计算机网络的用户的数据; 基于所述数据集自动确定行动过程，其中尽管该组数据不足以确定用户是否正在执行恶意动作，其中行为过程可能不利于用户; 并向计算机网络中的一个或多个网络元件发送信号以实现该决定。

公开(公告)号：USD269328S

公开(公告)日：1983-06-14

申请号：US87822

申请日：1979-10-24

申请人： Michael Cheung

设计人： Michael Cheung

公开(公告)号：US20050204162A1

公开(公告)日：2005-09-15

申请号：US10797773

申请日：2004-03-09

申请人： Mark Rayes ,  Michael Cheung ,  Ralph Droms ,  Petre Dini

发明人： Mark Rayes ,  Michael Cheung ,  Ralph Droms ,  Petre Dini

IPC分类号： H04L9/00

CPC分类号： H04L63/1433 ,  H04L61/103 ,  H04L61/2015 ,  H04L61/2061 ,  H04L63/101 ,  H04L63/1408

摘要： An isolation approach for network users associated with elevated risk is disclosed for protecting networks. In one approach a method comprises the computer-implemented steps of determining a user identifier associated with a network device that has caused a security event in a network; causing the network device to receive a network address that is selected from a subset of addresses within a specified pool associated with suspected malicious network users; and configuring one or more security restrictions with respect to the selected network address.

摘要翻译： 为了保护网络，披露了与提高风险相关联的网络用户的隔离方法。 在一种方法中，一种方法包括计算机实现的步骤：确定与已经在网络中引起安全事件的网络设备相关联的用户标识符; 使得网络设备接收从与可疑恶意网络用户相关联的指定池内的地址子集中选择的网络地址; 以及针对所选择的网络地址配置一个或多个安全限制。