SYSTEM AND METHOD OF TRAFFIC INSPECTION AND CLASSIFICATION FOR PURPOSES OF IMPLEMENTING SESSION ND CONTENT CONTROL
    1.
    发明申请
    SYSTEM AND METHOD OF TRAFFIC INSPECTION AND CLASSIFICATION FOR PURPOSES OF IMPLEMENTING SESSION ND CONTENT CONTROL 有权
    交通运输检查和分类系统及方法实施会议的内容控制

    公开(公告)号:US20080077705A1

    公开(公告)日:2008-03-27

    申请号:US11829740

    申请日:2007-07-27

    IPC分类号: G06F15/16 G06N5/02

    摘要: Packets received at a network appliance are classified according to packet classification rules based on flow state information maintained by the network appliance and evaluated for each packet as it is received at the appliance on the basis of OSI Level 2-Level 4 (L2-L4) information retrieved from the packet. The received packets are acted upon according to outcomes of the classification; and the flow state information is updated according to actions taken on the received packets. The updated flow state information is then made available to modules performing additional processing of one or more of the packets at OSI Layer 7 (L7).

    摘要翻译: 根据网络设备维护的流状态信息,根据分组分类规则对网络设备收到的数据包进行分类,并根据OSI Level 2-Level 4(L2-L4)在设备上接收的每个数据包进行评估, 从数据包检索的信息。 接收到的报文根据分类结果进行操作; 并且根据对接收的分组采取的动作来更新流状态信息。 然后,更新的流状态信息可用于在OSI层7(L7)处执行一个或多个分组的附加处理的模块。

    System and method of traffic inspection and classification for purposes of implementing session ND content control
    2.
    发明授权
    System and method of traffic inspection and classification for purposes of implementing session ND content control 有权
    交通检查和分类的系统和方法,用于实施会话ND内容控制

    公开(公告)号:US08639837B2

    公开(公告)日:2014-01-28

    申请号:US11829740

    申请日:2007-07-27

    IPC分类号: G06F15/16

    摘要: Packets received at a network appliance are classified according to a packet classification rules based on flow state information maintained by the network appliance and evaluated for each packet as it is received at the appliance on the basis of OSI Level 2-Level 4 (L2-L4) information retrieved from the packet. The received packets are acted upon according to outcomes of the classification; and the flow state information is updated according to actions taken on the received packets. The updated flow state information is then made available to modules performing additional processing of one or more of the packets at OSI Layer 7 (L7).

    摘要翻译: 根据基于网络设备维护的流状态信息的分组分类规则对网络设备接收到的分组进行分类,并根据OSI Level 2-Level 4(L2-L4 )信息。 接收到的报文根据分类结果进行操作; 并且根据对接收的分组采取的动作来更新流状态信息。 然后,更新的流状态信息可用于在OSI层7(L7)处执行一个或多个分组的附加处理的模块。

    System and method of delaying connection acceptance to support connection request processing at layer-7
    3.
    发明授权
    System and method of delaying connection acceptance to support connection request processing at layer-7 有权
    延迟连接验收的系统和方法,以支持第7层的连接请求处理

    公开(公告)号:US07743160B2

    公开(公告)日:2010-06-22

    申请号:US11780432

    申请日:2007-07-19

    IPC分类号: G06F15/16

    摘要: Techniques for suspending a TCP three-way handshake, offering the partial connection to an L-7 application or module at a proxy to perform further processing, and then allowing the L-7 application or module to instruct the proxy's network kernel to perform various actions are described. In various embodiments these actions may include: silently dropping the connection, verbosely rejecting the connection, accepting and processing the connection locally, or forwarding the connection to another proxy or the original destination. This additional functionality is provided, in one particular embodiment, via extensions to the POSIX socket API.

    摘要翻译: 用于暂停TCP三次握手的技术,向代理处的L-7应用或模块提供部分连接以执行进一步处理,然后允许L-7应用或模块指示代理的网络内核执行各种动作 被描述。 在各种实施例中,这些动作可以包括:静默地丢弃连接,详细地拒绝连接,本地接受和处理连接,或将连接转发到另一代理或原始目的地。 在一个特定实施例中,通过对POSIX套接字API的扩展来提供该附加功能。

    Assymmetric Traffic Flow Detection
    4.
    发明申请
    Assymmetric Traffic Flow Detection 有权
    不对称流量检测

    公开(公告)号:US20100281168A1

    公开(公告)日:2010-11-04

    申请号:US12433443

    申请日:2009-04-30

    IPC分类号: G06F15/16

    摘要: Methods, apparatuses and systems directed to detecting, and in some implementations, responding to, asymmetric routing in network deployments. In a particular embodiment, a first process detects asymmetric routing at connection initiation, while the second process can detect asymmetric routing that may after connection initiation.

    摘要翻译: 用于在网络部署中检测并且在一些实现中响应非对称路由的方法,装置和系统。 在特定实施例中,第一进程在连接启动时检测不对称路由,而第二进程可以检测可能在连接启动之后的不对称路由。

    Assymmetric traffic flow detection
    5.
    发明授权
    Assymmetric traffic flow detection 有权
    不对称交通流量检测

    公开(公告)号:US08032641B2

    公开(公告)日:2011-10-04

    申请号:US12433443

    申请日:2009-04-30

    IPC分类号: G06F15/16

    摘要: Methods, apparatuses and systems directed to detecting, and in some implementations, responding to, asymmetric routing in network deployments. In a particular embodiment, a first process detects asymmetric routing at connection initiation, while the second process can detect asymmetric routing that may after connection initiation.

    摘要翻译: 用于在网络部署中检测并且在一些实现中响应非对称路由的方法,装置和系统。 在特定实施例中,第一进程在连接启动时检测不对称路由,而第二进程可以检测可能在连接启动之后的不对称路由。

    System and Method of Delaying Connection Acceptance to Support Connection Request Processing at Layer-7
    6.
    发明申请
    System and Method of Delaying Connection Acceptance to Support Connection Request Processing at Layer-7 有权
    延迟连接验收的系统和方法,以支持第7层的连接请求处理

    公开(公告)号:US20080244085A1

    公开(公告)日:2008-10-02

    申请号:US11780432

    申请日:2007-07-19

    IPC分类号: G06F15/16

    摘要: Techniques for suspending a TCP three-way handshake, offering the partial connection to an L-7 application or module at a proxy to perform further processing, and then allowing the L-7 application or module to instruct the proxy's network kernel to perform various actions are described. In various embodiments these actions may include: silently dropping the connection, verbosely rejecting the connection, accepting and processing the connection locally, or forwarding the connection to another proxy or the original destination. This additional functionality is provided, in one particular embodiment, via extensions to the POSIX socket API.

    摘要翻译: 用于暂停TCP三次握手的技术,向代理处的L-7应用或模块提供部分连接以执行进一步处理,然后允许L-7应用或模块指示代理的网络内核执行各种动作 被描述。 在各种实施例中,这些动作可以包括:静默地丢弃连接,详细地拒绝连接,本地接受和处理连接,或将连接转发到另一代理或原始目的地。 在一个特定实施例中,通过对POSIX套接字API的扩展来提供该附加功能。

    SYSTEMS AND METHODS FOR PROTECTING CUSTOMER SECRETS DURING VENDOR TROUBLESHOOTING
    7.
    发明申请
    SYSTEMS AND METHODS FOR PROTECTING CUSTOMER SECRETS DURING VENDOR TROUBLESHOOTING 审中-公开
    在供应商故障排除期间保护客户秘密的系统和方法

    公开(公告)号:US20090132777A1

    公开(公告)日:2009-05-21

    申请号:US12360064

    申请日:2009-01-26

    IPC分类号: G06F12/00

    CPC分类号: G06F21/6245

    摘要: Systems, methods, and computer products for protecting information during troubleshooting are provided. A dumping mechanism includes marking at least one of a plurality of memory regions in the computer-readable medium as non-dumpable, initiating a core dump, determining which memory regions of the plurality regions are non-dumpable, and dumping the contents only of memory regions not marked as non-dumpable.

    摘要翻译: 提供了在故障排除期间保护信息的系统,方法和计算机产品。 倾倒机构包括将计算机可读介质中的多个存储器区域中的至少一个标记为不可转储的,启动核心转储,确定多个区域中的哪些存储器区域是不可转储的,并且仅倾倒存储器的内容 区域未标记为不可转储。

    Method and System for Authentication Among Peer Appliances Within a Computer Network
    8.
    发明申请
    Method and System for Authentication Among Peer Appliances Within a Computer Network 有权
    计算机网络中对等设备认证的方法和系统

    公开(公告)号:US20080184030A1

    公开(公告)日:2008-07-31

    申请号:US12019331

    申请日:2008-01-24

    IPC分类号: H04L9/00

    摘要: A digital certificate associating a unique identifier for a computer-based appliance with an authentication key pair for that appliance is obtained from a certificate authority using a different, manufacturing key pair for the appliance. The manufacturing key pair may be generated by the appliance at or about its time of manufacture. The public key portion of the manufacturing key pair along with the unique identifier for the appliance may be provided via secure means to the certificate authority prior to the request for the digital certificate concerning the authentication key pair. Eventually, the digital certificate associated with the authentication key pair may be used by the appliance when joining a network, as part of a one-way or two-way authentication process.

    摘要翻译: 将用于基于计算机的设备的唯一标识符与该设备的认证密钥对相关联的数字证书从认证机构获得,该认证机构使用该设备的不同的制造密钥对。 制造密钥对可以由设备在其制造时或其周围产生。 制造密钥对的公钥部分以及用于设备的唯一标识符可以在请求关于认证密钥对的数字证书之前经由安全装置提供给认证机构。 最终,作为单向或双向认证过程的一部分,加入网络时,设备可以使用与认证密钥对相关联的数字证书。

    Method and system for authentication among peer appliances within a computer network
    10.
    发明授权
    Method and system for authentication among peer appliances within a computer network 有权
    计算机网络内对等设备认证的方法和系统

    公开(公告)号:US08312264B2

    公开(公告)日:2012-11-13

    申请号:US12019331

    申请日:2008-01-24

    IPC分类号: H04L29/06

    摘要: A digital certificate associating a unique identifier for a computer-based appliance with an authentication key pair for that appliance is obtained from a certificate authority using a different, manufacturing key pair for the appliance. The manufacturing key pair may be generated by the appliance at or about its time of manufacture. The public key portion of the manufacturing key pair along with the unique identifier for the appliance may be provided via secure means to the certificate authority prior to the request for the digital certificate concerning the authentication key pair. Eventually, the digital certificate associated with the authentication key pair may be used by the appliance when joining a network, as part of a one-way or two-way authentication process.

    摘要翻译: 将用于基于计算机的设备的唯一标识符与该设备的认证密钥对相关联的数字证书从认证机构获得,该认证机构使用该设备的不同的制造密钥对。 制造密钥对可以由设备在其制造时或其周围产生。 制造密钥对的公钥部分以及用于设备的唯一标识符可以在请求关于认证密钥对的数字证书之前经由安全装置提供给认证机构。 最终,作为单向或双向认证过程的一部分,加入网络时,设备可以使用与认证密钥对相关联的数字证书。