-
1.发明申请Method and system for combined security protocol and packet filter offload and onload 有权组合安全协议和包过滤器卸载和负载的方法和系统公开(公告)号:US20080271134A1
公开(公告)日:2008-10-30
申请号:US11789612
申请日:2007-04-25
申请人: Darrin P. Johnson , Kais Belgaied , Darren J. Reed
发明人: Darrin P. Johnson , Kais Belgaied , Darren J. Reed
IPC分类号: G06F9/00
CPC分类号: H04L63/02 , H04L63/0485 , H04L63/0823 , H04L69/12
摘要: A network interface card (NIC) includes a security association database (SADB) comprising a plurality of security associations (SAs), a cryptographic offload engine configured to decrypt a packet using one of the plurality of SAs, a security policy database (SPD) comprising a plurality of security policies (SPs) and a plurality of filter policies, and a policy engine configured to determine an admittance of the packet using one of the plurality of SPs from the SPD and apply one of the plurality of filter policies to the packet.
摘要翻译: 网络接口卡(NIC)包括包括多个安全关联(SA)的安全关联数据库(SADB),被配置为使用多个SA中的一个对数据包进行解密的密码卸载引擎,安全策略数据库(SPD) 多个安全策略(SP)和多个过滤器策略;以及策略引擎,被配置为使用来自SPD的多个SP中的一个来确定分组的导纳,并且将多个过滤器策略中的一个应用于分组。
-
2.发明授权Method and system for combined security protocol and packet filter offload and onload 有权组合安全协议和包过滤器卸载和负载的方法和系统公开(公告)号:US08006297B2
公开(公告)日:2011-08-23
申请号:US11789612
申请日:2007-04-25
申请人: Darrin P. Johnson , Kais Belgaied , Darren J. Reed
发明人: Darrin P. Johnson , Kais Belgaied , Darren J. Reed
CPC分类号: H04L63/02 , H04L63/0485 , H04L63/0823 , H04L69/12
摘要: A network interface card (NIC) includes a security association database (SADB) comprising a plurality of security associations (SAs), a cryptographic offload engine configured to decrypt a packet using one of the plurality of SAs, a security policy database (SPD) comprising a plurality of security policies (SPs) and a plurality of filter policies, and a policy engine configured to determine an admittance of the packet using one of the plurality of SPs from the SPD and apply one of the plurality of filter policies to the packet.
摘要翻译: 网络接口卡(NIC)包括包括多个安全关联(SA)的安全关联数据库(SADB),被配置为使用多个SA中的一个对数据包进行解密的密码卸载引擎,安全策略数据库(SPD) 多个安全策略(SP)和多个过滤器策略;以及策略引擎,被配置为使用来自SPD的多个SP中的一个来确定分组的导纳,并且将多个过滤器策略中的一个应用于分组。
-
公开(公告)号:US08458366B2
公开(公告)日:2013-06-04
申请号:US11863039
申请日:2007-09-27
申请人: Kais Belgaied , Darrin P. Johnson
发明人: Kais Belgaied , Darrin P. Johnson
IPC分类号: G06F15/16 , G06F15/173
CPC分类号: H04L49/9063 , H04L49/90
摘要: In general, the invention relates to a method for processing packets. The method includes receiving a first packet by a network interface card (NIC) connected to a host, classifying the first packet using a classifier, sending the first packet to a receive ring based on a classification of the first packet by the classifier, and sending the first packet from the receive ring to a first virtual network interface card (VNIC) located on the host. The method further includes determining, using a first policy associated with the first VNIC, whether to process the first packet using offload hardware. When the first packet is to be processed using the offload hardware, the method includes sending the first packet to the offload hardware, receiving a first processed packet from the offload hardware by the first VNIC and sending the first processed packet from the first VNIC to a first packet destination.
摘要翻译: 通常,本发明涉及一种处理分组的方法。 该方法包括:通过连接到主机的网络接口卡(NIC)接收第一分组,使用分类器对第一分组进行分类,基于分类器对第一分组的分类,将第一分组发送到接收环,并发送 从接收环到位于主机上的第一虚拟网络接口卡(VNIC)的第一个分组。 该方法还包括使用与第一VNIC相关联的第一策略来确定是否使用卸载硬件处理第一分组。 当使用卸载硬件来处理第一分组时,该方法包括将第一分组发送到卸载硬件,由第一VNIC从卸载硬件接收第一处理分组,并将第一处理分组从第一VNIC发送到 第一包目的地。
-
4.发明授权Method and system for securing a commercial grid network over non-trusted routes 有权用于通过不可信路由保护商业网格网络的方法和系统公开(公告)号:US07702799B2
公开(公告)日:2010-04-20
申请号:US11823710
申请日:2007-06-28
申请人: Kais Belgaied , Darrin P. Johnson
发明人: Kais Belgaied , Darrin P. Johnson
IPC分类号: G06F13/00
CPC分类号: H04L63/0272 , H04L63/06
摘要: A method for securing a commercial grid network over non-trusted routes involves receiving, by an administrative node in the commercial grid network, a lease request from a client to lease one of multiple resource nodes in the commercial grid network, wherein the client is separated from the resource node by a non-trusted route. The method further involves transmitting, by the administrative node, a network security key associated with the client to the resource node, storing, by the resource node, the network security key in a network security key repository specific to the resource node, establishing, by the resource node, a secure network tunnel over the non-trusted route using the network security key, transmitting a network packet securely between the client and the resource node over the secure network tunnel, and destroying, by the resource node, the secure network tunnel when a lease term associated with the client and the resource node expires.
摘要翻译: 一种用于通过非信任路由保护商业网格网络的方法包括由商业网格网络中的管理节点接收来自客户端的租赁请求,以租赁商业网格网络中的多个资源节点之一,其中客户端被分离 从资源节点通过不可信路由。 该方法还包括由管理节点将与客户端相关联的网络安全密钥发送到资源节点,由资源节点将网络安全密钥存储在资源节点专用的网络安全密钥存储库中,通过 资源节点,使用网络安全密钥的非信任路由上的安全网络隧道,通过安全网络隧道在客户端和资源节点之间安全地传输网络分组,并由资源节点破坏安全网络隧道 当与客户端和资源节点关联的租赁期限到期时。
-
公开(公告)号:US20090089351A1
公开(公告)日:2009-04-02
申请号:US11863039
申请日:2007-09-27
申请人: Kais Belgaied , Darrin P. Johnson
发明人: Kais Belgaied , Darrin P. Johnson
IPC分类号: G06F15/16
CPC分类号: H04L49/9063 , H04L49/90
摘要: In general, the invention relates to a method for processing packets. The method includes receiving a first packet by a network interface card (NIC) connected to a host, classifying the first packet using a classifier, sending the first packet to a receive ring based on a classification of the first packet by the classifier, and sending the first packet from the receive ring to a first virtual network interface card (VNIC) located on the host. The method further includes determining, using a first policy associated with the first VNIC, whether to process the first packet using offload hardware. When the first packet is to be processed using the offload hardware, the method includes sending the first packet to the offload hardware, receiving a first processed packet from the offload hardware by the first VNIC and sending the first processed packet from the first VNIC to a first packet destination.
摘要翻译: 通常,本发明涉及一种处理分组的方法。 该方法包括:通过连接到主机的网络接口卡(NIC)接收第一分组,使用分类器对第一分组进行分类,基于分类器对第一分组的分类,将第一分组发送到接收环,并发送 从接收环到位于主机上的第一虚拟网络接口卡(VNIC)的第一个分组。 该方法还包括使用与第一VNIC相关联的第一策略来确定是否使用卸载硬件处理第一分组。 当使用卸载硬件来处理第一分组时,该方法包括将第一分组发送到卸载硬件,由第一VNIC从卸载硬件接收第一处理分组,并将第一处理分组从第一VNIC发送到 第一包目的地。
-
6.发明申请METHOD AND APPARATUS FOR PROVIDING HETEROGENEOUS RESOURCES FOR CLIENT SYSTEMS 有权用于为客户系统提供异质性资源的方法和装置公开(公告)号:US20090012963A1
公开(公告)日:2009-01-08
申请号:US11773170
申请日:2007-07-03
申请人: Darrin P. Johnson , Kais Belgaied
发明人: Darrin P. Johnson , Kais Belgaied
IPC分类号: G06F17/30
CPC分类号: G06F9/5044 , G06F9/5055
摘要: One embodiment of the present invention provides a system that provides heterogeneous resources for client systems. During operation, the system maintains a stateful resource database that tracks heterogeneous resources in a given environment. The system receives requests from client systems, and in response to the requests searches for a heterogeneous resource in the stateful resource database that matches the request. If the system finds an available heterogeneous resource that matches the request, it proceeds to submit the request to the resource. Maintaining and using the stateful resource database facilitates efficiently sharing scarce heterogeneous resources across a number of client systems.
摘要翻译: 本发明的一个实施例提供了一种为客户端系统提供异构资源的系统。 在运行期间,系统维护一个状态资源数据库,以跟踪给定环境中的异构资源。 系统从客户机系统接收请求,并响应于请求搜索与请求匹配的状态资源数据库中的异构资源。 如果系统找到与请求匹配的可用异构资源,则它继续向资源提交请求。 维护和使用状态资源数据库有助于跨多个客户端系统有效地共享稀缺的异构资源。
-
公开(公告)号:US20080021985A1
公开(公告)日:2008-01-24
申请号:US11490479
申请日:2006-07-20
IPC分类号: G06F15/177 , G06F15/173
CPC分类号: H04L41/28 , H04L41/082
摘要: A method for changing network configuration parameters that includes generating a request to change a network configuration parameter by a user, determining whether the user is allowed to change the network configuration parameter using a network configuration database, if the user is allowed to change the network configuration parameter, updating the network configuration database to reflect the change in the network configuration parameter, updating a container associated with the network configuration parameter to reflect the change in the configuration parameter, and if the user is not allowed to change the network configuration parameter, dropping the request.
摘要翻译: 一种用于改变网络配置参数的方法,包括生成用户改变网络配置参数的请求,如果允许用户改变网络配置,则确定用户是否允许使用网络配置数据库改变网络配置参数 参数,更新网络配置数据库,以反映网络配置参数的变化,更新与网络配置参数相关联的容器,以反映配置参数的变化,如果用户不允许更改网络配置参数,则丢弃 请求。
-
公开(公告)号:US07764678B2
公开(公告)日:2010-07-27
申请号:US11545399
申请日:2006-10-10
申请人: Darrin P. Johnson , Kais Belgaied
发明人: Darrin P. Johnson , Kais Belgaied
IPC分类号: H04L12/28
CPC分类号: H04L45/00 , H04L45/66 , H04L47/10 , H04L47/2408 , H04L47/2425 , H04L47/2441
摘要: A computer system that forwards data packets is described. During operation, the system receives a data packet on a first interface and classifies the data packet to determine a corresponding destination. This classification is based on dynamically configured classification rules that include multiple attributes corresponding to multiple layers in an Open System Interconnect (OSI) Reference model. Then, the system provides the data packet on a second interface corresponding to the destination.
摘要翻译: 描述转发数据包的计算机系统。 在操作期间,系统在第一接口上接收数据包,并对数据包进行分类以确定相应的目的地。 该分类基于动态配置的分类规则,其包括在开放系统互连(OSI)参考模型中对应于多个层的多个属性。 然后,系统在对应于目的地的第二接口上提供数据包。
-
9.发明授权公开(公告)号:US07756888B2
公开(公告)日:2010-07-13
申请号:US11773170
申请日:2007-07-03
申请人: Darrin P. Johnson , Kais Belgaied
发明人: Darrin P. Johnson , Kais Belgaied
IPC分类号: G06F17/30
CPC分类号: G06F9/5044 , G06F9/5055
摘要: One embodiment of the present invention provides a system that provides heterogeneous resources for client systems. During operation, the system maintains a stateful resource database that tracks heterogeneous resources in a given environment. The system receives requests from client systems, and in response to the requests searches for a heterogeneous resource in the stateful resource database that matches the request. If the system finds an available heterogeneous resource that matches the request, it proceeds to submit the request to the resource. Maintaining and using the stateful resource database facilitates efficiently sharing scarce heterogeneous resources across a number of client systems.
摘要翻译: 本发明的一个实施例提供了一种为客户端系统提供异构资源的系统。 在运行期间,系统维护一个状态资源数据库,以跟踪给定环境中的异构资源。 系统从客户机系统接收请求,并响应于请求搜索与请求匹配的状态资源数据库中的异构资源。 如果系统找到与请求匹配的可用异构资源,则它继续向资源提交请求。 维护和使用状态资源数据库有助于跨多个客户端系统有效地共享稀缺的异构资源。
-
公开(公告)号:US20080256603A1
公开(公告)日:2008-10-16
申请号:US11786541
申请日:2007-04-12
申请人: Kais Belgaied , Darrin P. Johnson
发明人: Kais Belgaied , Darrin P. Johnson
IPC分类号: G06F7/04
摘要: A method for securing a commercial grid network involves receiving a lease request from a client to lease a computing resource selected from multiple computing resources in the commercial grid network, mapping a unique identifier of the client to a security label selected from multiple unmapped security labels to obtain a client-label mapping based on the lease request, mapping a unique identifier of the computing resource to the security label to obtain a resource-label mapping based on the lease request, storing the client-label mapping and the resource-label mapping in a security label repository to obtain stored security label mappings, and authenticating, by the commercial grid network, an access request from the client to the computing resource using the stored security label mappings.
摘要翻译: 一种用于保护商业网格网络的方法包括从客户端接收租赁请求以租用从商业网格网络中的多个计算资源中选择的计算资源,将客户端的唯一标识符映射到从多个未映射的安全标签中选择的安全标签, 根据租约请求获取客户端标签映射,将计算资源的唯一标识符映射到安全标签,根据租约请求获取资源标签映射,存储客户端标签映射和资源标签映射 用于获得存储的安全标签映射的安全标签存储库,以及由商业网格网络使用所存储的安全标签映射从客户端到计算资源的访问请求。
-
-
-
-
-
-
-
-
-
搜索结果
75 条记录 (耗时 0.021 秒)
