Secure server utilizing separate protocol stacks
    1.
    发明授权
    Secure server utilizing separate protocol stacks 有权
    安全服务器使用单独的协议栈

    公开(公告)号:US06332195B1

    公开(公告)日:2001-12-18

    申请号:US09255111

    申请日:1999-02-22

    IPC分类号: G06F1130

    摘要: A secure commerce server system and method. A secure commerce server system includes a plurality of regions or burbs, including an internal burb and an external burb, a commerce server and an administration server. Processes and data objects associated with the administration server are bound to the internal burb. Processes and data objects associated with the commerce server are bound to the external burb. Processes bound to one burb cannot communicate directly to processes and data objects bound to other burbs. The administration server cannot be manipulated by a process bound to the external burb.

    摘要翻译: 一种安全的商务服务器系统和方法。 安全的商务服务器系统包括多个区域或布局,包括内部布局和外部布局,商务服务器和管理服务器。 与管理服务器关联的进程和数据对象绑定到内部burb。 与商务服务器相关联的进程和数据对象绑定到外部burb。 绑定到一个burb的进程不能直接与绑定到其他burbs的进程和数据对象进行通信。 管理服务器不能被绑定到外部burb的进程操纵。

    Secure server utilizing separate protocol stacks
    2.
    发明授权
    Secure server utilizing separate protocol stacks 失效
    安全服务器使用单独的协议栈

    公开(公告)号:US5913024A

    公开(公告)日:1999-06-15

    申请号:US605320

    申请日:1996-02-09

    摘要: A secure commerce server system and method. A secure commerce server system includes a plurality of regions or burbs, including an internal burb and an external burb, a commerce server and an administration server. Processes and data objects associated with the administration server are bound to the internal burb. Processes and data objects associated with the commerce server are bound to the external burb. Processes bound to one burb cannot communicate directly to processes and data objects bound to other burbs. The administration server cannot be manipulated by a process bound to the external burb.

    摘要翻译: 一种安全的商务服务器系统和方法。 安全的商务服务器系统包括多个区域或布局,包括内部布局和外部布局,商务服务器和管理服务器。 与管理服务器关联的进程和数据对象绑定到内部burb。 与商务服务器相关联的进程和数据对象绑定到外部burb。 绑定到一个burb的进程不能直接与绑定到其他burbs的进程和数据对象进行通信。 管理服务器不能被绑定到外部burb的进程操纵。

    System and method for redirected firewall discovery in a network environment
    3.
    发明授权
    System and method for redirected firewall discovery in a network environment 有权
    网络环境中重定向防火墙发现的系统和方法

    公开(公告)号:US08713668B2

    公开(公告)日:2014-04-29

    申请号:US13275249

    申请日:2011-10-17

    IPC分类号: H04L29/06

    摘要: A method is provided in one example embodiment that includes receiving metadata from a host over a metadata channel. The metadata may be correlated with a network flow and a network policy may be applied to the connection. In other embodiments, a network flow may be received from a host without metadata associated with the flow, and a discovery redirect may be sent to the host. Metadata may then be received and correlated with the flow to identify a network policy action to apply to the flow.

    摘要翻译: 在一个示例实施例中提供了一种方法,其包括通过元数据信道从主机接收元数据。 元数据可以与网络流相关联,并且网络策略可以应用于连接。 在其他实施例中,可以从主机接收没有与流相关联的元数据的网络流,并且可以向主机发送发现重定向。 然后可以接收元数据并与流相关联,以识别应用于流的网络策略动作。

    SYSTEM AND METHOD FOR REDIRECTED FIREWALL DISCOVERY IN A NETWORK ENVIRONMENT
    4.
    发明申请
    SYSTEM AND METHOD FOR REDIRECTED FIREWALL DISCOVERY IN A NETWORK ENVIRONMENT 有权
    网络环境中重定向防火发现的系统与方法

    公开(公告)号:US20130097658A1

    公开(公告)日:2013-04-18

    申请号:US13275249

    申请日:2011-10-17

    IPC分类号: G06F21/00

    摘要: A method is provided in one example embodiment that includes receiving metadata from a host over a metadata channel. The metadata may be correlated with a network flow and a network policy may be applied to the connection. In other embodiments, a network flow may be received from a host without metadata associated with the flow, and a discovery redirect may be sent to the host. Metadata may then be received and correlated with the flow to identify a network policy action to apply to the flow.

    摘要翻译: 在一个示例实施例中提供了一种方法,其包括通过元数据信道从主机接收元数据。 元数据可以与网络流相关联,并且网络策略可以应用于连接。 在其他实施例中,可以从主机接收没有与流相关联的元数据的网络流,并且可以向主机发送发现重定向。 然后可以接收元数据并与流相关联,以识别应用于流的网络策略动作。

    Named sockets in a firewall
    5.
    发明授权
    Named sockets in a firewall 有权
    在防火墙中命名套接字

    公开(公告)号:US08429736B2

    公开(公告)日:2013-04-23

    申请号:US12116347

    申请日:2008-05-07

    IPC分类号: G06F9/00

    摘要: A proxy device such as a firewall uses an internal socket namespace such as a text string such that connection requests must be explicitly redirected to a listening socket in the alternate namespace in order to connect to a service. Because external connections cannot directly address the listening socket or service, greater security is provided than with traditional firewall or proxy devices. To receive a redirected proxy connection, a service process creates a listening socket and binds a name in an alternate namespace to the socket before listening for connections.

    摘要翻译: 代理设备(如防火墙)使用内部套接字命名空间(例如文本字符串),以便连接请求必须显式重定向到备用命名空间中的侦听套接字以连接到服务。 由于外部连接不能直接处理侦听套接字或服务,因此与传统的防火墙或代理设备相比,提供了更高的安全性。 要接收重定向的代理连接,服务进程将创建一个侦听套接字,并在侦听连接之前将备用命名空间中的名称绑定到套接字。

    SYSTEM AND METHOD FOR HOST-INITIATED FIREWALL DISCOVERY IN A NETWORK ENVIRONMENT
    6.
    发明申请
    SYSTEM AND METHOD FOR HOST-INITIATED FIREWALL DISCOVERY IN A NETWORK ENVIRONMENT 有权
    网络环境中主动防火发现的系统和方法

    公开(公告)号:US20130097692A1

    公开(公告)日:2013-04-18

    申请号:US13275196

    申请日:2011-10-17

    IPC分类号: G06F21/00

    摘要: A method is provided in one example embodiment that includes intercepting a network flow to a destination node having a network address and sending a discovery query based on a discovery action associated with the network address in a firewall cache. A discovery result may be received and metadata associated with the flow may be sent to a firewall before releasing the network flow. In other embodiments, a discovery query may be received from a source node and a discovery result sent to the source node, wherein the discovery result identifies a firewall for managing a route to a destination node. Metadata may be received from the source node over a metadata channel. A network flow from the source node to the destination node may be intercepted, and the metadata may be correlated with the network flow to apply a network policy to the network flow.

    摘要翻译: 在一个示例实施例中提供了一种方法,其包括拦截具有网络地址的目的地节点的网络流,并且基于与防火墙高速缓存中的网络地址相关联的发现动作来发送发现查询。 可以接收到发现结果,并且在释放网络流之前可以将与流相关联的元数据发送到防火墙。 在其他实施例中,可以从源节点接收发现查询和发送到源节点的发现结果,其中发现结果标识用于管理到目的地节点的路由的防火墙。 可以通过元数据信道从源节点接收元数据。 可以拦截从源节点到目的地节点的网络流,并且元数据可以与网络流相关联,以将网络策略应用于网络流。

    NAMED SOCKETS IN A FIREWALL
    7.
    发明申请
    NAMED SOCKETS IN A FIREWALL 有权
    一个防火墙中的NAMED插座

    公开(公告)号:US20090282471A1

    公开(公告)日:2009-11-12

    申请号:US12116347

    申请日:2008-05-07

    IPC分类号: H04L9/32 G06F15/16

    摘要: A proxy device such as a firewall uses an internal socket namespace such as a text string such that connection requests must be explicitly redirected to a listening socket in the alternate namespace in order to connect to a service. Because external connections cannot directly address the listening socket or service, greater security is provided than with traditional firewall or proxy devices. To receive a redirected proxy connection, a service process creates a listening socket and binds a name in an alternate namespace to the socket before listening for connections.

    摘要翻译: 代理设备(如防火墙)使用内部套接字命名空间(例如文本字符串),以便连接请求必须显式重定向到备用命名空间中的侦听套接字以连接到服务。 由于外部连接不能直接处理侦听套接字或服务,因此与传统的防火墙或代理设备相比,提供了更高的安全性。 要接收重定向的代理连接,服务进程将创建一个侦听套接字,并在侦听连接之前将备用命名空间中的名称绑定到套接字。

    Robot hand
    8.
    发明授权
    Robot hand 失效
    机器人手

    公开(公告)号:US4767143A

    公开(公告)日:1988-08-30

    申请号:US17449

    申请日:1987-02-24

    CPC分类号: B65G47/914 B25J15/0616

    摘要: A robot hand for grasping objects having substantially planar faces includes a base and a plurality of arms extending from the base. A plurality of vacuum cups are supported on and radially movable along the arms. Pivotal drive means pivot the arms, radial drive means move the cups along the arms, and vacuum means apply a vacuum to the cups. The cups are readily positioned to permit lifting and transporting of objects such as plies and the like, including those objects having irregular planar shapes.

    摘要翻译: 用于抓握具有基本上平面的物体的机器人手包括基部和从基部延伸的多个臂。 多个真空杯被支撑在臂上并且可沿着臂可径向移动。 枢转驱动装置枢转臂,径向驱动装置沿着手臂移动杯子,真空装置对杯子施加真空。 这些杯容易定位,以允许物体(例如帘布层等)的提升和运输,包括那些具有不规则平面形状的物体。

    UNIFIED NETWORK THREAT MANAGEMENT WITH RULE CLASSIFICATION
    9.
    发明申请
    UNIFIED NETWORK THREAT MANAGEMENT WITH RULE CLASSIFICATION 有权
    统一网络威胁管理与规则分类

    公开(公告)号:US20090222877A1

    公开(公告)日:2009-09-03

    申请号:US12039490

    申请日:2008-02-28

    IPC分类号: G06F21/00

    CPC分类号: H04L63/0263 H04L63/1416

    摘要: A computer network device comprises an intrusion prevention rule set comprising a plurality of rules, each of the plurality of rules associated with two or more rule classification parameters, and an intrusion prevention module that is operable to use two or more of the classification parameters associated with the plurality of intrusion protection rules to selectively apply the rules to provide network intrusion protection of network traffic

    摘要翻译: 计算机网络设备包括入侵防御规则集,其包括多个规则,与两个或多个规则分类参数相关联的多个规则中的每个规则,以及入侵防御模块,其可操作以使用两个或更多个与 多个入侵保护规则选择性地应用规则来提供网络流量的网络入侵保护

    Secure network proxy for connecting entities
    10.
    发明授权
    Secure network proxy for connecting entities 失效
    用于连接实体的安全网络代理

    公开(公告)号:US6003084A

    公开(公告)日:1999-12-14

    申请号:US713424

    申请日:1996-09-13

    IPC分类号: H04L29/06 H04L29/08 G06F13/00

    摘要: A proxy which is part of a firewall program controls exchanges of information between two application entities. The proxy interrogates attempts to establish a communication session by requesting entities with a server entity in lower layers in accordance with defined authentication procedures. The proxy interfaces with networking software to direct a communication stack to monitor connection requests to any address on specific ports. The requestor's address, and the server's address are checked against an access control list. If either address is invalid, the proxy closes the connection. If both are valid, a new connection is setup such that both the requestor and server are transparently connected to the proxy with variable higher levels being connected in a relay mode. Protocol data units are interrogated for conformance to a protocol session, and optionally further decoded to add additional application specific filtering. In one embodiment, an OSI architecture comprises the levels.

    摘要翻译: 作为防火墙程序一部分的代理控制两个应用实体之间的信息交换。 代理询问通过根据定义的认证过程请求具有较低层中的服务器实体的实体来建立通信会话的尝试。 代理与网络软件接口,以指示通信栈来监视特定端口上任何地址的连接请求。 根据访问控制列表检查请求者的地址和服务器的地址。 如果任一地址无效,代理将关闭连接。 如果两者都有效,则建立新的连接,使得请求者和服务器透明地连接到代理,其中可变的较高级别以中继模式连接。 询问协议数据单元以符合协议会话,并且可选地进一步解码以添加附加的特定应用过滤。 在一个实施例中,OSI架构包括这些级别。