公开(公告)号：US08032653B1

公开(公告)日：2011-10-04

申请号：US09658424

申请日：2000-09-08

Applicant: Changming Liu ,  Yan Ke

Inventor： Changming Liu ,  Yan Ke

IPC: G06F15/16 ,  G06F11/00 ,  G01R31/08 ,  G08C15/00 ,  H04J1/16 ,  H04J3/14 ,  H04L1/00 ,  H04L12/26

CPC classification number: H04L47/10 ,  H04L47/215 ,  H04L47/22

Abstract: In one aspect the invention provides a method for allocating bandwidth in a network appliance where the network appliance includes a plurality of guaranteed bandwidth buckets used to evaluate when to pass traffic through the network appliance. The method includes providing a shared bandwidth bucket associated with a plurality of the guaranteed bandwidth buckets, allocating bandwidth to the shared bandwidth bucket based on the underutilization of bandwidth in the plurality of guaranteed bandwidth buckets and sharing excess bandwidth developed from the underutilization of the guaranteed bandwidth allocated to the individual guaranteed bandwidth buckets. The step of sharing includes borrowing bandwidth from the shared bandwidth bucket by a respective guaranteed bandwidth bucket to allow traffic to pass immediately through the network appliance.

Abstract translation: 在一个方面，本发明提供了一种在网络设备中分配带宽的方法，其中网络设备包括用于评估何时通过网络设备传送流量的多个保证带宽桶。 该方法包括提供与多个保证带宽桶相关联的共享带宽桶，基于多个保证带宽桶中的带宽利用不足而分配带宽到共享带宽桶，并且分担从保证带宽的利用不足而产生的超额带宽 分配给个人保证带宽桶。 共享的步骤包括通过相应的保证带宽桶从共享带宽桶借用带宽，以允许流量立即通过网络设备。

公开(公告)号：US07197660B1

公开(公告)日：2007-03-27

申请号：US10186239

申请日：2002-06-26

Applicant: Changming Liu ,  Yan Ke ,  Lin Chen ,  Xiaosong Yang ,  Gregory M. Lebovitz

Inventor： Changming Liu ,  Yan Ke ,  Lin Chen ,  Xiaosong Yang ,  Gregory M. Lebovitz

IPC: G06F11/00

CPC classification number: G06F11/2035 ,  G06F11/2097 ,  H04L45/586 ,  H04L63/0272

Abstract: A system and method for a network security system are provided. The method includes providing a master device and a backup device within a cluster of network security devices, providing the backup device with state information for the master device, detecting failure in the cluster and using the state information to recover from the failure.

Abstract translation: 提供了一种用于网络安全系统的系统和方法。 该方法包括在网络安全设备集群内提供主设备和备份设备，为备份设备提供主设备的状态信息，检测集群中的故障，并使用状态信息从故障中恢复。

公开(公告)号：US08614951B2

公开(公告)日：2013-12-24

申请号：US13222568

申请日：2011-08-31

Applicant: Changming Liu ,  Yan Ke

Inventor： Changming Liu ,  Yan Ke

IPC: G08C15/00

CPC classification number: H04L47/10 ,  H04L47/215 ,  H04L47/22

Abstract: In one aspect the invention provides a method for allocating bandwidth in a network appliance where the network appliance includes a plurality of guaranteed bandwidth buckets used to evaluate when to pass traffic through the network appliance. The method includes providing a shared bandwidth bucket associated with a plurality of the guaranteed bandwidth buckets, allocating bandwidth to the shared bandwidth bucket based on the underutilization of bandwidth in the plurality of guaranteed bandwidth buckets and sharing excess bandwidth developed from the underutilization of the guaranteed bandwidth allocated to the individual guaranteed bandwidth buckets. The step of sharing includes borrowing bandwidth from the shared bandwidth bucket by a respective guaranteed bandwidth bucket to allow traffic to pass immediately through the network appliance.

Abstract translation: 在一个方面，本发明提供了一种在网络设备中分配带宽的方法，其中网络设备包括用于评估何时通过网络设备传送流量的多个保证带宽桶。 该方法包括提供与多个保证带宽桶相关联的共享带宽桶，基于多个保证带宽桶中的带宽利用不足而分配带宽到共享带宽桶，并且分担从保证带宽的利用不足而产生的超额带宽 分配给个人保证带宽桶。 共享的步骤包括通过相应的保证带宽桶从共享带宽桶借用带宽，以允许流量立即通过网络设备。

公开(公告)号：US09002277B2

公开(公告)日：2015-04-07

申请号：US12877048

申请日：2010-09-07

Applicant: Huizhao Wang ,  Chris Scheers ,  Changming Liu

Inventor： Huizhao Wang ,  Chris Scheers ,  Changming Liu

IPC: H04B15/00 ,  H04W16/10 ,  H04W48/16 ,  H04W24/02

CPC classification number: H04W72/085 ,  H04W16/10 ,  H04W24/02 ,  H04W48/16 ,  H04W72/0493

Abstract: Wireless networking devices scan for available channels and gather data about the channels and the RF environment. Using this information, each wireless networking device determines a cost value for each available channel and a quality value for its overall RF neighborhood. Each wireless networking device select the channel with the best cost value as a candidate channel for use. The wireless networking devices may submit channel requests to the arbiter for approval. If two or more wireless networking devices are requesting the same channel, the arbiter assigns the channel to the wireless networking device with the worst RF neighborhood quality. The arbiter informs the wireless networking devices if their channel requests are approved. If a wireless networking device's channel request is not approved, the wireless networking device will rescan the remaining available channels to select a different candidate channel to be approved.

Abstract translation: 无线网络设备扫描可用频道并收集关于频道和RF环境的数据。 使用该信息，每个无线网络设备确定每个可用信道的成本值和其整个RF邻域的质量值。 每个无线网络设备选择具有最佳成本值的信道作为候选信道用于使用。 无线网络设备可以向仲裁者提交信道请求以供批准。 如果两个或多个无线网络设备正在请求相同的信道，则仲裁器将信道分配给具有最差RF邻域质量的无线网络设备。 仲裁器通知无线网络设备，如果他们的频道请求被批准。 如果无线网络设备的信道请求未被批准，则无线网络设备将重新扫描剩余的可用信道以选择要批准的不同候选信道。

公开(公告)号：US08614989B2

公开(公告)日：2013-12-24

申请号：US13452437

申请日：2012-04-20

Applicant: Changming Liu ,  Yong Kang ,  Jianlin Zeng ,  Sreekanth Reddy

Inventor： Changming Liu ,  Yong Kang ,  Jianlin Zeng ,  Sreekanth Reddy

IPC: H04W4/00

CPC classification number: H04W36/0011 ,  H04L12/4633 ,  H04L63/0876 ,  H04W8/005 ,  H04W8/02 ,  H04W8/087 ,  H04W8/18 ,  H04W8/26 ,  H04W12/04 ,  H04W28/08 ,  H04W36/0016 ,  H04W36/0061 ,  H04W36/0066 ,  H04W36/08 ,  H04W36/245 ,  H04W48/16 ,  H04W76/12 ,  H04W76/22 ,  H04W84/12 ,  H04W88/08

Abstract: A network device of a subnet determines predictive roaming information for a wireless client. Predictive roaming information can identify the wireless client and a home network subnet of the wireless client. The network device provides predictive roaming information associated with a wireless client to neighboring subnets. Neighboring subnets store received predictive roaming information, and use the predictive roaming information if the wireless client roams to them.

公开(公告)号：US08261337B1

公开(公告)日：2012-09-04

申请号：US10990349

申请日：2004-11-17

Applicant: Changming Liu ,  Lee Chik Cheung

Inventor： Changming Liu ,  Lee Chik Cheung

IPC: H04L29/06 ,  G06F9/00 ,  G06F15/173

CPC classification number: H04L63/02 ,  G06F21/60 ,  H04L63/0227 ,  H04L63/10 ,  H04L67/146

Abstract: A security device may be interconnected, via multiple links, between multiple network devices in a network. The firewall device may include multiple input interfaces that receive data units from a first network device destined for a second network device of the multiple network devices, identify a session associated with each of the data units, and process the data units in accordance with the identified sessions and a security policy.

Abstract translation: 安全设备可以经由多个链路在网络中的多个网络设备之间互连。 防火墙设备可以包括多个输入接口，从输入到多个网络设备的第二网络设备的第一网络设备接收数据单元，识别与每个数据单元相关联的会话，并根据所识别的处理数据单元 会话和安全策略。

公开(公告)号：US08132000B2

公开(公告)日：2012-03-06

申请号：US12512098

申请日：2009-07-30

Applicant: Gregory M Lebovitz ,  Changming Liu ,  Choung-Yaw Shieh

Inventor： Gregory M Lebovitz ,  Changming Liu ,  Choung-Yaw Shieh

IPC: H04L29/06

CPC classification number: H04L63/065 ,  H04L12/185 ,  H04L12/4633 ,  H04L63/08

Abstract: Secure tunneled multicast transmission and reception through a network is provided. A join request may be received from a second tunnel endpoint, the join request indicating a multicast group to be joined. Group keys may be transmitted to the second tunnel endpoint, where the group keys are based at least on the multicast group. A packet received at the first tunnel endpoint may be cryptographically processed to generate an encapsulated payload. A header may be appended to the encapsulated payload to form an encapsulated packet, wherein the header includes information associated with the second tunnel endpoint. A tunnel may be established between the first tunnel endpoint and the second tunnel endpoint based on the appended header. The encapsulated packet may be transmitted through the tunnel to the second tunnel endpoint. The second tunnel endpoint may receive the encapsulated packet. Cryptographic processing of the encapsulated packet may reveal the packet having a second header. The packet may then be forwarded on an interface toward at least one multicast recipient identified in the second header.

Abstract translation: 提供通过网络进行安全隧道传输和接收。 可以从第二隧道端点接收加入请求，该连接请求指示要加入的多播组。 组密钥可以被发送到第二隧道端点，其中组密钥至少基于多播组。 可以对在第一隧道端点处接收的分组进行密码处理以产生封装的有效载荷。 报头可以附加到封装的有效载荷以形成封装的分组，其中报头包括与第二隧道端点相关联的信息。 可以基于附加的报头在第一隧道端点和第二隧道端点之间建立隧道。 封装的分组可以通过隧道传输到第二隧道端点。 第二隧道端点可以接收封装的分组。 封装分组的加密处理可以揭示具有第二报头的分组。 然后，分组可以在接口上朝向在第二报头中标识的至少一个多播接收机转发。

公开(公告)号：US07941826B2

公开(公告)日：2011-05-10

申请号：US12754981

申请日：2010-04-06

Applicant: Changming Liu ,  Gregory M. Lebovitz ,  Purvi Desai

Inventor： Changming Liu ,  Gregory M. Lebovitz ,  Purvi Desai

IPC: H04L9/00 ,  H04L9/32 ,  G06F7/04

CPC classification number: H04L12/185 ,  H04L45/04 ,  H04L45/16

Abstract: Systems, apparatus, methods, and computer program products for multicast access control are provided to analyze incoming data based on a source zone and a destination zone of the incoming data. Appropriate access control rules are applied to incoming data based on the results of the analysis. Additional implementations of a multicast access control include using a proxy rendezvous point operable to function as a rendezvous point in place of a physical rendezvous point.

Abstract translation: 提供用于组播访问控制的系统，装置，方法和计算机程序产品，用于基于输入数据的源区和目的地区来分析输入数据。 基于分析结果，对输入数据应用适当的访问控制规则。 多播访问控制的附加实现包括使用可操作以用作会合点的代理会合点来代替物理会合点。

公开(公告)号：US07779461B1

公开(公告)日：2010-08-17

申请号：US10988835

申请日：2004-11-16

Applicant: Changming Liu ,  Choung-Yaw Shieh ,  Yonghui Cheng

Inventor： Changming Liu ,  Choung-Yaw Shieh ,  Yonghui Cheng

IPC: G06F9/00 ,  G06F15/16 ,  G06F17/00

CPC classification number: H04L45/00 ,  H04L12/4633 ,  H04L29/06 ,  H04L63/0272 ,  H04L63/20

Abstract: A system establishes a virtual private network (VPN) tunnel to a destination and determines a next hop for the VPN tunnel. The system inserts the next hop, and an address associated with the destination, into an entry of a first table. The system inserts the next hop, and a tunnel identifier corresponding to the established VPN tunnel, into an entry of a second table. The system associates one or more security parameters, used to encrypt traffic sent via the VPN tunnel, with the tunnel identifier.

Abstract translation: 系统建立到目的地的虚拟专用网（VPN）隧道，并确定VPN隧道的下一跳。 系统将下一跳和与目的地相关联的地址插入到第一个表的条目中。 系统将下一跳和对应于已建立的VPN隧道的隧道标识符插入第二个表的条目。 该系统将用于加密经由VPN隧道发送的流量的一个或多个安全参数与隧道标识符相关联。

公开(公告)号：US07616561B1

公开(公告)日：2009-11-10

申请号：US11037180

申请日：2005-01-19

Applicant: Changming Liu ,  Xiaosong Yang ,  Lin Chen

Inventor： Changming Liu ,  Xiaosong Yang ,  Lin Chen

IPC: G06F11/00

CPC classification number: G06T3/0093 ,  G06F17/30289 ,  G06F17/30994 ,  G06T11/60 ,  H04L43/0817 ,  H04L45/00 ,  H04L45/02 ,  H04L45/22 ,  H04L45/28

Abstract: A network device includes a group of interfaces. Each interface is associated with at least one other interface of the group of interfaces and a group of network addresses. Each interface is configured to monitor at least one of the group of network addresses with which the each interface is associated or the at least one other interface with which the each interface is associated, and determine whether to logically shut down based on the monitoring.

Abstract translation: 网络设备包括一组接口。 每个接口与该组接口和一组网络地址的至少一个其他接口相关联。 每个接口被配置为监视与所述每个接口相关联的所述一组网络地址中的至少一个或与所述每个接口相关联的所述至少一个其他接口，并且基于所述监视来确定是否逻辑关闭。