-
公开(公告)号:US06792423B1
公开(公告)日:2004-09-14
申请号:US09723717
申请日:2000-11-28
IPC分类号: G06T1730
CPC分类号: G06F17/30985 , H04L29/12801 , H04L61/6004 , Y10S707/99936
摘要: A method and system for finding a longest matching prefix for an input keyword from among multiple prefixes. The prefixes are data strings of varying lengths wherein prefixes of length n or greater are probabilistically a longest prefix match. The method of the present invention begins by mapping the prefixes of length greater than or equal to n1, that is, in the interval [n1, L], into a first lookup system. Remaining prefixes of length less than n1 but greater than or equal to n2, that is, in the interval [n2, n1−1], are mapped into a second index utilizing a second hash function, wherein n2 is less than n1. Further lookup systems on prefixes having lengths in the intervals [n3, n2−1], [n4, n3−1], and so on, may also be utilized, as determined by optimization studies and the statistics of routing tables.
摘要翻译: 一种用于从多个前缀中为输入关键字找到最长匹配前缀的方法和系统。 前缀是具有不同长度的数据串,其长度为n或更大的前缀概率地是最长前缀匹配。 本发明的方法首先将长度大于或等于n1的前缀,即间隔[n1,L]映射到第一查找系统中。 长度小于n1但大于或等于n2的剩余前缀,即在间隔[n2,n1-1]中,使用第二散列函数映射到第二索引,其中n2小于n1。 还可以利用在间隔[n3,n2-1],[n4,n3-1]等中具有长度的前缀上的进一步查找系统,如通过优化研究和路由表的统计确定的。
-
公开(公告)号:US06484171B1
公开(公告)日:2002-11-19
申请号:US09540333
申请日:2000-03-31
IPC分类号: G06F1730
CPC分类号: H04L47/10 , H04L45/00 , H04L47/20 , Y10S707/99937 , Y10S707/99943 , Y10S707/99945
摘要: This process accepts rule domination declarations and subjects rules to a computer program which either finds a type of administrative error (cyclic domination) or assigns a priority number to each rule so that any two rules which intersect (some key fits both rules) have necessarily different priority numbers. In the case that priority numbers are assigned, the process goes on to check for a second type of administrative error, namely inclusion of a first rule in a second (every key which fits the first rule also fits the second), and with the second having higher priority (so that the first is never referenced). If neither error occurs, then the number of different priority numbers is minimized. Every key when tested by such a rule set with neither error must fit either no rules at all or must fit exactly one rule with highest priority. In the latter case, the action of the unambiguously determined rule can then be applied to the packet represented by the key.
摘要翻译: 该过程接受规则控制声明和主体规则到计算机程序,该计算机程序找到一种管理错误(循环统治)或为每个规则分配一个优先级号,以便相交的任何两个规则(一些关键符合两条规则)必然不同 优先级数字。 在分配优先级编号的情况下,进程继续检查第二种类型的管理错误,即在第二种类型中包括第一规则(适合第一规则的每个密钥也适合第二规则),并且与第二类 具有较高的优先级(使得第一个从未被引用)。 如果没有发生错误,则不同优先级号码的数量被最小化。 每个密钥通过既不具有错误的规则进行测试时,也不能完全符合任何规则,也不能完全符合一个具有最高优先级的规则。 在后一种情况下,明确确定的规则的动作可以应用于由密钥表示的分组。
-
3.发明授权公开(公告)号:US06298340B1
公开(公告)日:2001-10-02
申请号:US09312148
申请日:1999-05-14
申请人: Jean Louis Calvignac , Everett Arthur Corl, Jr. , Anthony Matteo Gallo , Marco C. Heddes , Clark Debs Jeffries , Piyush Chunilal Patel , Mark Anthony Rinaldi , Colin Beaton Verrilli
发明人: Jean Louis Calvignac , Everett Arthur Corl, Jr. , Anthony Matteo Gallo , Marco C. Heddes , Clark Debs Jeffries , Piyush Chunilal Patel , Mark Anthony Rinaldi , Colin Beaton Verrilli
IPC分类号: G06F1730
CPC分类号: G06F17/30961 , Y10S707/99931 , Y10S707/99933 , Y10S707/99943 , Y10S707/99944
摘要: A classification system includes a software managed tree testing bits from a key which labels an item. The bits are chosen by application of the Choice Bit Algorithm to the Rules in a Database of Rules. A controller including logic parses an unknown Key for bits to be tested in the decision nodes of a binary tree. Tests dictated by the tree are conducted in a predetermined way until all but one Rule from the database or all but a few Rules from the database are eliminated from consideration, whereupon the Key is fully tested by the one remaining Rule or in a lattice constructed of the remaining plurality of Rules, to determine an action to enforce on the item. Certain compare tests are used in the binary tree for the case that otherwise identical or similar rules are applied to integer ranges of key values which do not fall upon power of 2 boundaries. Furthermore, some very frequently occurring rules in such final tests might be designated as secondary rules, the remaining rules designated as primary rules, the entire decision tree recalculated using only primary rules, and the primary rules then connected to secondary rules only when logically necessary by means of a system of pointers making use of relative priorities of rules.
摘要翻译: 分类系统包括从标签项目的键的软件管理树测试位。 通过将选择位算法应用于规则数据库中的规则来选择位。 包含逻辑的控制器在二叉树的决策节点中解析要测试的位的未知密钥。 由树进行的测试以预定的方式进行,直到从数据库中除了一个规则之外的所有除了数据库中的所有规则或从数据库中除了少数几个规则之外的所有测试都被消除,由此Key被完整的一个规则或由 剩余的多个规则,以确定对该项目执行的操作。 在二叉树中使用某些比较测试,否则相同或相似的规则应用于不落在2边界的幂的关键值的整数范围。 此外,这些最终测试中的一些非常频繁出现的规则可能被指定为次要规则,剩余的规则被指定为主要规则,仅使用主要规则重新计算的整个决策树,然后仅在逻辑上必要时连接到次级规则的主要规则 使用指针的相对优先级的指针系统的手段。
-
4.发明授权公开(公告)号:US06473763B1
公开(公告)日:2002-10-29
申请号:US09540921
申请日:2000-03-31
IPC分类号: G06F1730
CPC分类号: H04L63/0263 , G06F17/30985 , H04L43/50 , H04L63/0236 , H04L63/1433 , Y10S707/99942 , Y10S707/99943
摘要: A method and system for testing a plurality of filter rules in a computer system is disclosed. The plurality of filter rules is used with a key. Each of the plurality of filter rules is capable of being described using a plurality of bits corresponding to a portion of the key. The plurality of bits can include at least one binary value, at least one wildcard, and at least one boundary symbol. The at least one binary value can be a zero or a one. The method and system include selecting a portion of the plurality of filter rules that the key can match by testing part of the key against a portion of the plurality of bits and explicitly testing the key against the portion of the plurality of filter rules. A first bit of the portion of the plurality of bits has a first maximum number of the at least one binary symbol for the plurality of filter rules. Each subsequent bit of the portion plurality of bits has a second maximum number of the at least one binary symbol for a plurality of remaining bits and is selected based on testing of a prior bit. Preferably, the portion of the plurality of bits is tested using a decision tree which includes nodes corresponding to a second portion of the plurality of bits.
摘要翻译: 公开了一种用于测试计算机系统中的多个过滤规则的方法和系统。 多个过滤器规则与密钥一起使用。 多个滤波器规则中的每一个能够使用与密钥的一部分相对应的多个比特来描述。 多个比特可以包括至少一个二进制值,至少一个通配符和至少一个边界符号。 至少一个二进制值可以是零或一个。 所述方法和系统包括通过根据多个比特的一部分测试部分密钥来选择密钥可以匹配的多个过滤规则的一部分,并针对多个过滤规则的部分显式测试密钥。 多个位的部分的第一位具有用于多个滤波器规则的至少一个二进制符号的第一最大数目。 部分多个比特的每个后续比特具有多个剩余比特的至少一个二进制符号的第二最大数目,并且基于先前比特的测试来选择。 优选地,使用包括对应于多个比特的第二部分的节点的决策树来测试多个比特的部分。
-
5.发明授权Method and system for controlling transmission of packets in computer networks 有权控制计算机网络中数据包传输的方法和系统公开(公告)号:US06771652B1
公开(公告)日:2004-08-03
申请号:US09448380
申请日:1999-11-23
申请人: Metin Aydemir , Brian Mitchell Bass , Clark Debs Jeffries , Sonia Kiang Rovner , Michael Steven Siegel , Anthony Matteo Gallo
发明人: Metin Aydemir , Brian Mitchell Bass , Clark Debs Jeffries , Sonia Kiang Rovner , Michael Steven Siegel , Anthony Matteo Gallo
IPC分类号: H04L1256
摘要: A method and system for controlling a flow of a plurality of packets in a computer network is disclosed. The computer network includes a queue. The method and system include determining a queue level for the queue and determining an offered rate of the plurality of packets to the queue. The method and system also include controlling a transmission fraction of the plurality of packets to the queue, based on the queue level, the offered rate and a previous value of the transmission fraction so that the transmission fraction and the queue level are critically damped if the queue level is between at least a first queue level and a second queue level.
摘要翻译: 公开了一种用于控制计算机网络中的多个分组的流的方法和系统。 计算机网络包括队列。 该方法和系统包括确定队列的队列级别并确定多个分组到队列的提供速率。 该方法和系统还包括基于队列级别,所提供的速率和传输级数的先前值来控制多个分组到队列的传输分数,使得如果传输分数和队列级别被严格衰减,则 队列级别在至少第一队列级别和第二队列级别之间。
-
公开(公告)号:US08468208B2
公开(公告)日:2013-06-18
申请号:US13532061
申请日:2012-06-25
IPC分类号: G06F15/16
CPC分类号: H04L63/0236 , H04L51/12 , H04L63/0263
摘要: A system, method and program product for blocking unwanted e-mails. An e-mail is identified as unwanted. A source IP address of the unwanted e-mail is determined. Other source IP addresses owned or registered by an owner or registrant of the source IP address of the unwanted e-mail are determined. Subsequent e-mails from the source IP address and the other IP addresses are blocked. This will thwart a spammer who shifts to a new source IP address when its spam is blocked from one source IP address.
摘要翻译: 用于阻止不必要的电子邮件的系统,方法和程序产品。 电子邮件被标识为不需要的。 确定不需要的电子邮件的源IP地址。 确定不想要的电子邮件的源IP地址的所有者或注册人拥有或注册的其他源IP地址。 源IP地址和其他IP地址的后续电子邮件被阻止。 这将阻止垃圾邮件发送者转移到新的源IP地址,当其垃圾邮件被一个源IP地址阻止时。
-
公开(公告)号:US07911960B1
公开(公告)日:2011-03-22
申请号:US09373837
申请日:1999-08-13
CPC分类号: H04L49/506 , H04L47/266 , H04L47/30
摘要: A data flow control method and system within a data switch. The data switch includes a plurality of input sections each having an associated input buffer and each transmitting data to an output section. In response to a detection of congestion within the output section, data transmissions from the plurality of input sections to the output section are paused. Input buffer occupancies of each of the input sections are then determined. Thereafter, and in response to a backpressure relief signal, the restart of said data transmission from each of the input sections to the output section is delayed in inverse proportion to each of the determined input buffer occupancies.
摘要翻译: 数据交换机内的数据流控制方法和系统。 数据开关包括多个输入部分,每个输入部分具有相关联的输入缓冲器,并且每个输入部分将数据发送到输出部分。 响应于输出部分内的拥塞的检测,暂停从多个输入部分到输出部分的数据传输。 然后确定每个输入部分的输入缓冲器占用。 此后,并且响应于背压释放信号,从每个输入部分到输出部分的所述数据传输的重新开始被延迟与所确定的输入缓冲器占用中的每一个成反比。
-
8.发明授权System, method and program to filter out login attempts by unauthorized entities 失效系统,方法和程序过滤掉未经授权的实体的登录尝试公开(公告)号:US07475252B2
公开(公告)日:2009-01-06
申请号:US10918523
申请日:2004-08-12
IPC分类号: H04L9/32
CPC分类号: H04L63/083 , G06F21/31 , G06F2221/2103 , G06F2221/2151 , H04L63/1441
摘要: System, method and computer program for authenticating a user of a client computer to a remote server computer. A client computer initially sends a userID but not a password of the user to the remote server computer. In response to the userID, the server computer determines a subsequent time window during which the server computer will consider for authentication submission of a combination of the userID and a password. The server computer notifies the client computer of the time window. After receipt of the notification from the server computer, during the time window, the client computer sends the userID and a corresponding password to the server computer. In response to receipt of the userID and the corresponding password from the client computer, the server computer determines if the combination of the userID and the corresponding password is valid. If the combination of the userID and the corresponding password is valid, the server computer notifies the client computer that the combination of the userID and the corresponding password is valid. In response, the client computer establishes a session with the server computer and accesses a resource requiring a valid combination of userID and password to access. The server computer ignores combinations of userIDs and passwords submitted before or after the time window.
摘要翻译: 用于向远程服务器计算机认证客户端计算机的用户的系统,方法和计算机程序。 客户端计算机最初向远程服务器计算机发送用户ID而不是用户的密码。 响应于用户ID,服务器计算机确定服务器计算机将考虑为用户ID和密码的组合的认证提交的后续时间窗口。 服务器计算机通知客户端计算机的时间窗口。 在从服务器计算机接收到通知之后,在时间窗口期间,客户端计算机向服务器计算机发送用户ID和相应的密码。 响应于从客户端计算机接收到用户ID和相应的密码,服务器计算机确定用户ID和对应密码的组合是否有效。 如果userID和相应密码的组合有效,则服务器计算机通知客户端计算机userID和相应密码的组合有效。 作为响应,客户端计算机与服务器计算机建立会话,并访问需要用户ID和密码的有效组合以访问的资源。 服务器计算机忽略在时间窗口之前或之后提交的用户ID和密码的组合。
-
公开(公告)号:US07434050B2
公开(公告)日:2008-10-07
申请号:US10733713
申请日:2003-12-11
IPC分类号: H04L9/30
CPC分类号: H04L9/3228 , H04L9/3242 , H04L9/3271
摘要: A remote user, two-way authentication and password change protocol that also allows parties to optionally establish a session key which can be used to protect subsequent communication. In a preferred embodiment, a challenge token is generated and exchanged which is a one-time value that includes a random value that changes from session to session. The construction and use of the challenge token avoids transmission of the password or even the transmission of a digest of the password itself. Thus the challenge token does not reveal any information about a secret password or a digest of the password.
摘要翻译: 远程用户双向认证和密码更改协议,还允许各方可选地建立可用于保护后续通信的会话密钥。 在优选实施例中,生成和交换挑战令牌,其是包括从会话到会话改变的随机值的一次值。 挑战令牌的构建和使用避免了密码的传输,甚至传输密码本身的摘要。 因此,挑战令牌不会显示关于密码的秘密密码或摘要的任何信息。
-
公开(公告)号:US07142552B2
公开(公告)日:2006-11-28
申请号:US10117814
申请日:2002-04-08
申请人: Clark Debs Jeffries , Andreas Kind
发明人: Clark Debs Jeffries , Andreas Kind
CPC分类号: H04L47/32 , H04L47/10 , H04L47/11 , H04L47/2441 , H04L47/263 , H04L47/30 , H04L47/762 , H04L47/805 , Y02D50/10
摘要: A method and system for controlling a plurality of pipes in a computer network, including at least one processor for a switch, the at least one processor having a queue, the plurality of pipes utilizing the queue for transmitting traffic through the switch, wherein each pipe is assigned a priority ranking class, each class has a unique priority rank with respect to each of the other classes, the ranks ranging from a highest priority rank to a lowest priority rank. A transmission probability is calculated for each pipe responsive to its priority rank. If excess bandwidth exists for the queue, the transmission probability of each pipe is linearly increased. Alternatively, if excess bandwidth does not exist, the transmission probability for each pipe is exponentially decreased. Packets are transferred from a pipe to the queue responsive to the pipe transmission probability and priority rank.
-
-
-
-
-
-
-
-
-
搜索结果
89 条记录 (耗时 0.028 秒)
