利索-全球专利检索

  1. 登录
  2. 注册

搜索结果

9 条记录 (耗时 0.031 秒)

    Method and apparatus for configuring a virtual private network
    1.
    发明授权
    Method and apparatus for configuring a virtual private network 失效
    用于配置虚拟专用网络的方法和装置

    公开(公告)号:US06226751B1

    公开(公告)日:2001-05-01

    申请号:US09062507

    申请日:1998-04-17

    申请人: Leslie J. Arrow Henk J. Bots Mark R. Hoke William E. Hunt Russell C. Jones Quentin C. Liu

    发明人: Leslie J. Arrow Henk J. Bots Mark R. Hoke William E. Hunt Russell C. Jones Quentin C. Liu

    IPC分类号: G06F1516

    CPC分类号: H04L63/0272 H04L12/4641 H04L29/12367 H04L29/12481 H04L61/2514 H04L61/2557

    摘要: The present invention provides a method and an apparatus for establishing a virtual private network that operates over a public data network. One embodiment of the present invention includes a system that selects a plurality of entities coupled to the public data network to include in the virtual private network. The system next assembles a plurality of identifiers for the plurality of entities. These identifiers are used to identify communications between the plurality of entities, so that these communications can be transferred securely over the public data network. A variation on this embodiment includes defining encryption, authentication and compression parameters for the virtual private network. In another variation, selecting the plurality of entities includes, assembling entities coupled to the public data network into groups, and selecting groups of entities to include in the virtual private network. Another variation includes defining access control rules specifying types of communications that are allowed to pass through virtual private network units. These virtual private network units are typically used to couple local area networks to the public network so that secure communications on the public network pass through the virtual private network units. Yet another variation on this embodiment includes defining address translation rules for virtual private network units coupled to the public data network. These address translation rules are used to translate local network addresses to public network addresses.

    摘要翻译: 本发明提供一种用于建立在公共数据网络上操作的虚拟专用网络的方法和装置。 本发明的一个实施例包括选择耦合到公共数据网络以包括在虚拟专用网络中的多个实体的系统。 系统接下来汇集多个实体的多个标识符。 这些标识符用于识别多个实体之间的通信,使得可以通过公共数据网络安全地传送这些通信。 该实施例的变型包括定义用于虚拟专用网络的加密,认证和压缩参数。 在另一个实施例中,选择多个实体包括:将耦合到公共数据网络的实体组合成组,以及选择要包括在虚拟专用网络中的实体组。 另一变型包括定义指定允许通过虚拟专用网单元的通信类型的访问控制规则。 这些虚拟专用网络单元通常用于将局域网耦合到公共网络,使得公共网络上的安全通信通过虚拟专用网络单元。 该实施例的另一变型包括为耦合到公共数据网络的虚拟专用网单元定义地址转换规则。 这些地址转换规则用于将本地网络地址转换为公网地址。

    Method and apparatus for swapping a computer operating system
    2.
    发明授权
    Method and apparatus for swapping a computer operating system 失效
    用于交换计算机操作系统的方法和装置

    公开(公告)号:US06175917B1

    公开(公告)日:2001-01-16

    申请号:US09065899

    申请日:1998-04-23

    申请人: Leslie J. Arrow Henk J. Bots Mark R. Hoke William E. Hunt Russell C. Jones

    发明人: Leslie J. Arrow Henk J. Bots Mark R. Hoke William E. Hunt Russell C. Jones

    IPC分类号: G06F900

    CPC分类号: G06F9/441 G06F11/1417

    摘要: One embodiment of the present invention provides a computer system with a plurality of storage memories, each storage memory storing an operating system program, and an identifier for identifying a storage memory containing an operating system program to be loaded when the unit is booted. The identifier is selectively switchable between storage memories so that the computer system may be selectively booted with an alternate operating system program. This facilitates loading a new version of an operating system, and then rapidly switching back to an old version of the operating system if the new version fails to function properly.

    摘要翻译: 本发明的一个实施例提供了具有多个存储存储器的计算机系统,每个存储存储器存储操作系统程序,以及用于识别包含当该单元启动时要加载的操作系统程序的存储存储器的标识符。 标识符可以在存储存储器之间选择性地切换,使得计算机系统可以用备选的操作系统程序有选择地启动。 这有助于加载新版本的操作系统,然后如果新版本无法正常运行,则可以快速切换回旧版本的操作系统。

    Translating packet addresses based upon a user identifier
    3.
    发明授权
    Translating packet addresses based upon a user identifier 失效
    根据用户标识符翻译包地址

    公开(公告)号:US6154839A

    公开(公告)日:2000-11-28

    申请号:US65898

    申请日:1998-04-23

    申请人: Leslie J. Arrow Henk J. Bots Mark R. Hoke William E. Hunt Bruce T. Huntley

    发明人: Leslie J. Arrow Henk J. Bots Mark R. Hoke William E. Hunt Bruce T. Huntley

    IPC分类号: H04L12/46 H04L29/06 H04L29/12 H04L9/32

    CPC分类号: H04L12/4641 H04L29/12367 H04L29/12462 H04L29/12481 H04L61/2514 H04L61/255 H04L61/2557 H04L63/0272

    摘要: One embodiment of the present invention includes a system that translates addresses in a data packet based upon a user identifier in the data packet. The system receives the data packet sent from a source node to a destination node by a user. This data packet includes a source address of the source node, a destination address of the destination node and the user identifier that identifies the user. The system uses the user identifier to look up communication privileges associated with the user. If the communication privileges allow the user to communicate with the destination node, the system replaces the source address in the data packet with a privileged address, and forwards the data packet to the destination node. In a variation on this embodiment, the privileged address is recognized by a system firewall so that it facilitates passage of the packet through firewall. In another variation, the privileged address specifies a return address of a given address translation unit and thereby facilitates load balancing across multiple address translation units. In a further variation, the system receives a reply packet from the destination node directed to the privileged address, and replaces the privileged address in the reply packet with the source address so that the reply packet is directed to the source node, before forwarding the reply packet to the source node. In another variation, receiving the reply packet includes acting as a proxy for the privileged address under the address resolution protocol. Another variation further includes authenticating, encrypting and optionally compressing the data packet.

    摘要翻译: 本发明的一个实施例包括基于数据分组中的用户标识符来转换数据分组中的地址的系统。 系统从用户接收从源节点发送到目的节点的数据包。 该数据包包括源节点的源地址,目的地节点的目的地地址和标识用户的用户标识符。 系统使用用户标识符查找与用户相关联的通信权限。 如果通信权限允许用户与目的地节点进行通信,则系统用特权地址替换数据分组中的源地址,并将数据分组转发到目的地节点。 在该实施例的变型中,特权地址由系统防火墙识别,以便其有利于分组通过防火墙。 在另一变型中,特权地址指定给定地址转换单元的返回地址,从而有助于多个地址转换单元之间的负载平衡。 在进一步的变化中,系统从目的地节点接收指向特权地址的应答分组,并用源地址替换应答分组中的特权地址,以便在转发答复之前应答分组被定向到源节点 分组到源节点。 在另一变型中,接收回复分组包括在地址解析协议下作为特权地址的代理。 另一变型还包括认证,加密和可选地压缩数据分组。

    System to limit access when calculating network data checksums
    7.
    发明授权
    System to limit access when calculating network data checksums 有权
    计算网络数据校验和时限制访问的系统

    公开(公告)号:US07096415B1

    公开(公告)日:2006-08-22

    申请号:US10688205

    申请日:2003-10-17

    申请人: Henk J. Bots

    发明人: Henk J. Bots

    IPC分类号: H03M13/15

    CPC分类号: H03M13/096

    摘要: The invention provides a method and process for transmitting data without using additional CPU cycles and memory accesses to calculate checksums. The transmitting device obtains data from internal or external data source and stores data in memory. Data is then divided into zones and checksums are calculated for each zone. Checksums are recorded on a checksum array. A data pointer containing an address for data stored in memory, a description of the data and address for the checksum array is transferred through data transfer protocol to network and transmission layers. Network and transmission layers are then able to access and send data without having to either copy data through data transfer protocol to network and transfer layers or read all of the data to calculate the checksums. This method and process uses fewer CPU cycles and memory accesses to transmit data and is, therefore, more efficient than the prior art.

    摘要翻译: 本发明提供一种用于传输数据而不使用附加CPU周期和存储器访问来计算校验和的方法和过程。 发送设备从内部或外部数据源获取数据,并将数据存储在存储器中。 然后将数据分成区域,并为每个区域计算校验和。 校验和记录在校验和阵列上。 包含存储在存储器中的数据的地址的数据指针,用于校验和阵列的数据和地址的描述通过数据传输协议传送到网络和传输层。 网络和传输层然后能够访问和发送数据,而无需通过数据传输协议将数据复制到网络和传输层或读取所有数据以计算校验和。 该方法和过程使用更少的CPU周期和存储器访问来传输数据,因此比现有技术更有效。

    System to limit memory access when calculating network data checksums
    8.
    发明授权
    System to limit memory access when calculating network data checksums 失效
    系统在计算网络数据校验和时限制内存访问

    公开(公告)号:US06637007B1

    公开(公告)日:2003-10-21

    申请号:US09561435

    申请日:2000-04-28

    申请人: Henk J. Bots

    发明人: Henk J. Bots

    IPC分类号: H03M1309

    CPC分类号: H03M13/096

    摘要: The invention provides a method and process for transmitting data without using additional CPU cycles and memory accesses to calculate checksums. The transmitting device obtains data from an internal or external data source and stores that data in memory. The data is then divided into zones and checksums are calculated for each zone. The checksums are recorded on a checksum array. A data pointer containing an address for the data stored in memory, a description of the data and an address for the checksum array is transferred through data transfer protocol to network and transmission layers. The network and transmission layers are then able to access and send the data without having to either copy the data through data transfer protocol to network and transfer layers or read all of the data to calculate the checksums. This method and process uses fewer CPU cycles and memory accesses to transmit data and is, therefore, more efficient than the prior art.

    摘要翻译: 本发明提供一种用于传输数据而不使用附加CPU周期和存储器访问来计算校验和的方法和过程。 发送设备从内部或外部数据源获取数据,并将该数据存储在存储器中。 然后将数据分成区域,并为每个区域计算校验和。 校验和被记录在校验和阵列上。 包含存储在存储器中的数据的地址的数据指针,数据的描述和校验和阵列的地址通过数据传输协议传送到网络和传输层。 网络和传输层然后能够访问和发送数据,而不必通过数据传输协议将数据复制到网络和传输层或读取所有数据以计算校验和。 该方法和过程使用更少的CPU周期和存储器访问来传输数据,因此比现有技术更有效。

    Prevention and detection of IP identification wraparound errors
    9.
    发明授权
    Prevention and detection of IP identification wraparound errors 有权
    预防和检测IP识别环绕错误

    公开(公告)号:US06894976B1

    公开(公告)日:2005-05-17

    申请号:US09595599

    申请日:2000-06-15

    申请人: Gaurav Banga Henk J. Bots Mark Smith

    发明人: Gaurav Banga Henk J. Bots Mark Smith

    IPC分类号: H04L12/26 H04L29/06

    CPC分类号: H04L69/16 H04L69/166

    摘要: A method of generating IP identification numbers for IP datagrams. A plurality of IP identification number generators are maintained. A plurality of receiving stations are associated with the plurality of IP identification number generators such that each receiving station has an IP identification number generator associated therewith. An IP identification number is generated for a datagram sent to a receiving station based on an output of the associated IP identification number generator. Also, a method of reducing a likelihood of misassembly of received data fragments from fragmented IP datagrams. The data fragments have an IP identification number. All received data fragments of the datagram are discarded upon detection of receipt of an overlapping data fragment having the IP identification number. Timeouts for reassembling datagrams are reduced. First, timeouts for reassembling the datagrams are reduced to less than a standard timeout. Second, timeouts are reduced upon detection of a gap in the received data fragments. Third, timeouts are reduced upon detection of a datagram having the same protocol identification number and source address, but having a different IP identification number. Furthermore, a method of detecting a likelihood of misassembly of data fragments from fragmented IP datagrams. Communication errors between a sending station and a receiving station are detected. A rate is determined at which an IP identification number generator associated with the receiving station wraps around. NFS re-transmissions are determined. Based on one or more of these, a likelihood of misassembly at the receiving station is determined to be high.

    摘要翻译: 一种生成IP数据报IP标识号的方法。 维护多个IP识别码发生器。 多个接收站与多个IP识别码发生器相关联,使得每个接收站具有与之相关联的IP识别码发生器。 基于相关联的IP标识号生成器的输出,为发送到接收站的数据报生成IP标识号。 而且,一种减少从分段的IP数据报中收到的数据片段的错误组合的可能性的方法。 数据片段具有IP标识号。 在检测到具有IP识别号码的重叠数据片段的接收时,数据报的所有接收到的数据片段被丢弃。 重新组装数据报的超时减少了。 首先,重新组装数据报的超时被减少到小于标准超时。 第二,在检测到接收到的数据片段中的间隙时,超时被减少。 第三,在检测到具有相同协议标识号和源地址但具有不同IP标识号的数据报时,超时减少。 此外,还提供了检测来自分段IP数据报的数据片段的错误组合的可能性的方法。 检测发送站和接收站之间的通信错误。 确定与接收站相关联的IP识别码发生器的速率卷绕在一起的速率。 确定NFS重传。 基于这些中的一个或多个,在接收站处的错误组装的可能性被确定为高。