公开(公告)号：US20050132030A1

公开(公告)日：2005-06-16

申请号：US10733808

申请日：2003-12-10

申请人： Chris Hopen ,  Gary Tomlinson ,  John Brooke ,  Derek Brown ,  Jonathan Burdge ,  Rodger Erickson

发明人： Chris Hopen ,  Gary Tomlinson ,  John Brooke ,  Derek Brown ,  Jonathan Burdge ,  Rodger Erickson

IPC分类号： H04L29/06 ,  H04L29/08 ,  G06F15/173

CPC分类号： H04L67/101 ,  G06F11/2007 ,  H04L41/0806 ,  H04L41/12 ,  H04L45/121 ,  H04L47/125 ,  H04L67/1002 ,  H04L67/1008 ,  H04L67/1017 ,  H04L67/1029 ,  H04L67/1034 ,  H04L67/1038

摘要： A network appliance is described that can provide a variety of software services, including both platform services, such as access method services, and a load balancing service. A network may include a network appliance that both provides one or more platform services and acts as a load balancer. When two or more such appliances are used together, they can replace a substantial portion of a conventional network. For example, when a network appliance receives a client communication, its load balancer service can determine whether one of its own platform services will process the communication or forward the communication to another network appliance for processing. Moreover, if the load balancing service of a network appliance fails, another network appliance can provide load balancing. Similarly, if another service of a network appliance fails, then the network appliance may continue to provide load balancing but forward communications requiring the failed service to another network appliance for processing.

摘要翻译： 描述了可以提供各种软件服务的网络设备，包括诸如访问方法服务的平台服务和负载平衡服务。 网络可以包括提供一个或多个平台服务并充当负载均衡器的网络设备。 当两个或多个这样的设备一起使用时，它们可以代替常规网络的大部分。 例如，当网络设备接收客户端通信时，其负载平衡器服务可以确定其自己的平台服务之一是否将处理通信或将通信转发到另一个网络设备进行处理。 此外，如果网络设备的负载均衡服务发生故障，另一个网络设备可以提供负载均衡。 类似地，如果网络设备的另一服务发生故障，则网络设备可以继续提供负载平衡，但是需要向另一网络设备进行故障服务的转发通信进行处理。

公开(公告)号：US20080104390A1

公开(公告)日：2008-05-01

申请号：US11927362

申请日：2007-10-29

申请人： Marc VanHeyningen ,  Rodger Erickson

发明人： Marc VanHeyningen ,  Rodger Erickson

IPC分类号： H04L9/06

CPC分类号： H04L9/12 ,  H04L9/0838 ,  H04L9/32 ,  H04L63/0428 ,  H04L63/0457 ,  H04L63/12 ,  H04L63/166 ,  H04L2209/76

摘要： The invention provides a method and apparatus for transmitting data securely using an unreliable communication protocol, such as User Datagram Protocol. In one variation, the invention retains compatibility with conventional Secure Sockets Layer (SSL) and SOCKS protocols, such that secure UDP datagrams can be transmitted between a proxy server and a client computer in a manner analogous to conventional SOCKS processing. In contrast to conventional SSL processing, which relies on a guaranteed delivery service such as TCP and encrypts successive data records with reference to a previously-transmitted data record, encryption is performed using a nonce that is embedded in each transmitted data record. This nonce acts both as an initialization vector for encryption/decryption of the record, and as a unique identifier to authenticate the record. Because decryption of any particular record does not rely on receipt of a previously received data record, the scheme will operate over an unreliable communication protocol. The system and method allows secure packet transmission to be provided with a minimum amount of overhead. Further, the invention provides a network arrangement that employs a cache having copies distributed among a plurality of different locations. SSL/TLS session information for a session with each of the proxy servers is stored in the cache so that it is accessible to at least one other proxy server. Using this arrangement, when a client computer switches from a connection with a first proxy server to a connection with a second proxy server, the second proxy server can retrieve SSL/TLS session information from the cache corresponding to the SSL/TLS communication session between the client device and the first proxy server. The second proxy server can then use the retrieved SSL/TLS session information to accept a session with the client device.

摘要翻译： 本发明提供一种用于使用诸如用户数据报协议之类的不可靠通信协议来安全地发送数据的方法和装置。 在一个实施例中，本发明保持与常规安全套接字层（SSL）和SOCKS协议的兼容性，使得可以以类似于常规SOCKS处理的方式在代理服务器和客户端计算机之间传输安全UDP数据报。 与传统的SSL处理相比，传统的SSL处理依赖于诸如TCP之类的保证传送服务，并参照先前传输的数据记录对连续的数据记录进行加密，使用嵌入在每个发送的数据记录中的随机数进行加密。 该随机数作为记录的加密/解密的初始化向量，并且作为用于认证记录的唯一标识符。 因为任何特定记录的解密不依赖于接收先前接收到的数据记录，所以该方案将在不可靠的通信协议上操作。 该系统和方法允许以最小量的开销提供安全分组传输。 此外，本发明提供一种使用具有分布在多个不同位置之间的副本的高速缓存的网络布置。 与每个代理服务器的会话的SSL / TLS会话信息存储在缓存中，以便至少一个其他代理服务器可访问。 使用这种安排，当客户端计算机从与第一代理服务器的连接切换到与第二代理服务器的连接时，第二代理服务器可以从对应于SSL / TLS通信会话的高速缓存中检索SSL / TLS会话信息 客户端设备和第一代理服务器。 然后，第二个代理服务器可以使用检索到的SSL / TLS会话信息来接受与客户端设备的会话。

公开(公告)号：US20080104686A1

公开(公告)日：2008-05-01

申请号：US11927350

申请日：2007-10-29

申请人： Rodger Erickson

发明人： Rodger Erickson

IPC分类号： G06F21/00

CPC分类号： H04L67/2842 ,  H04L29/06 ,  H04L67/10 ,  H04L67/1002 ,  H04L67/1034 ,  H04L67/1097 ,  H04L67/148 ,  H04L67/288 ,  H04L67/42 ,  H04L69/329 ,  H04L2029/06054

摘要： A network arrangement that employs a cache having copies distributed among a plurality of different locations. The cache stores state information for a session with any of the server devices so that it is accessible to at least one other server device. Using this arrangement, when a client device switches from a connection with a first server device to a connection with a second server device, the second server device can retrieve state information from the cache corresponding to the session between the client device and the first server device. The second server device can then use the retrieved state information to accept a session with the client device.

摘要翻译： 一种使用具有分布在多个不同位置之间的副本的高速缓存的网络布置。 高速缓存存储与任何服务器设备的会话的状态信息，使得对于至少一个其他服务器设备是可访问的。 使用这种布置，当客户端设备从与第一服务器设备的连接切换到与第二服务器设备的连接时，第二服务器设备可以从对应于客户端设备和第一服务器设备之间的会话的高速缓存中检索状态信息 。 然后，第二服务器设备可以使用所检索的状态信息来接受与客户端设备的会话。

公开(公告)号：US20070061887A1

公开(公告)日：2007-03-15

申请号：US11371348

申请日：2006-03-07

申请人： Paul Hoover ,  Rodger Erickson ,  Bryan Sauve

发明人： Paul Hoover ,  Rodger Erickson ,  Bryan Sauve

IPC分类号： H04N7/16 ,  G06F15/173 ,  H04L9/32 ,  G06F17/30 ,  G06F7/04 ,  G06K9/00 ,  H03M1/68 ,  H04K1/00 ,  H04L9/00

CPC分类号： H04L63/10 ,  G06F21/6218 ,  H04L12/4633 ,  H04L12/4675 ,  H04L29/12264 ,  H04L45/021 ,  H04L45/745 ,  H04L61/2046 ,  H04L63/0227 ,  H04L63/0272 ,  H04L67/327 ,  H04L67/42

摘要： A client computer hosts a virtual private network tool to establish a virtual private network connection with a remote network. Upon startup, the virtual private network tool collects critical network information for the client computer, and sends this critical network information to an address assignment server in the remote network. The address assignment server compares the critical network information with a pool of available addresses in the remote network, and assigns addresses for use by the client computer that do not conflict with the addresses for local resources. The address assignment server also provides routing information for resources in the remote network to the virtual private network tool. The virtual private network tool will postpone loading this routing information into the routing tables of the client computer until the client computer requests access to a specific resource in the remote network. When the client computer requests access to a specific resource in the remote network, the virtual private network tool will only provide the routing table with the routing information for that specific remote resource.

摘要翻译： 客户端计算机托管虚拟专用网络工具以建立与远程网络的虚拟专用网络连接。 启动时，虚拟专用网络工具收集客户端计算机的关键网络信息，并将该关键网络信息发送到远程网络中的地址分配服务器。 地址分配服务器将关键网络信息与远程网络中的可用地址池进行比较，并分配不与本地资源的地址冲突的客户端计算机使用的地址。 地址分配服务器还为远程网络中的资源提供虚拟专用网络工具的路由信息​​。 虚拟专用网络工具将推迟将此路由信息加载到客户端计算机的路由表中，直到客户端计算机请求访问远程网络中的特定资源。 当客户端计算机请求访问远程网络中的特定资源时，虚拟专用网络工具将仅向路由表提供该特定远程资源的路由信息​​。

公开(公告)号：US06188210B1

公开(公告)日：2001-02-13

申请号：US09483270

申请日：2000-01-13

申请人： Larry Tichauer ,  Rodger Erickson ,  Timothy Freitas ,  Xianjun Mao

发明人： Larry Tichauer ,  Rodger Erickson ,  Timothy Freitas ,  Xianjun Mao

IPC分类号： G05F144

CPC分类号： G05F1/468 ,  Y10S323/901

摘要： Methods and apparatus for the soft start of linear regulators for controlling inrush current. In linear regulators having a pass transistor controlled by a regulator control circuit, the regulator control circuit is disabled until the regulator output reaches a predetermined threshold level. On startup, an additional transistor is coupled with a resistor and capacitor to the control terminal of the pass transistor in such a way as to provide for the slow turn-on of the pass transistor. During this time, the control circuit for the pass transistor is held inoperative. After the regulator output reaches a predetermined threshold, the pass transistor control circuit becomes operative and the slow start circuitry becomes inoperative.

摘要翻译： 用于控制浪涌电流的线性稳压器的软启动的方法和装置。 在具有由调节器控制电路控制的通过晶体管的线性稳压器中，调节器控制电路被禁止，直到调节器输出达到预定阈值电平。 在启动时，额外的晶体管与电阻器和电容器耦合到传输晶体管的控制端子，以便提供传输晶体管的慢导通。 在此期间，传输晶体管的控制电路保持不起作用。 在调节器输出达到预定阈值之后，传输晶体管控制电路变得可操作，并且慢启动电路变得不起作用。