公开(公告)号：US20060013211A1

公开(公告)日：2006-01-19

申请号：US10890888

申请日：2004-07-14

申请人： James Deerman ,  Milton Lie ,  Aswinkumar Rana ,  Robert Maher

发明人： James Deerman ,  Milton Lie ,  Aswinkumar Rana ,  Robert Maher

IPC分类号： H04L12/56

CPC分类号： H04L61/2514 ,  H04L29/12009 ,  H04L29/12367

摘要： A method and system are described for resolving problems created by implementing multiple networks using private IP addresses and layer two tunneling protocols is described. A network processing system is operable to map flows from private IP addresses and ports on layer two tunneling protocol networks to public IP addresses and ports using the private IP addresses and ports and identifiers for the layer two tunneling protocol network. The network processing system uses its own public IP addresses and ports to anchor the traffic from the private network and performs the required mapping to pass traffic between the public and private networks.

摘要翻译： 描述了解决通过使用专用IP地址实现多个网络而创建的问题的方法和系统，并且描述了第二层隧道协议。 网络处理系统可操作以使用专用IP地址和第二层隧道协议网络的标识符将来自第二层隧道协议网络上的私有IP地址和端口的流映射到公共IP地址和端口。 网络处理系统使用其自己的公共IP地址和端口来锚定来自专用网络的流量，并执行所需的映射以在公共和专用网络之间传递流量。

公开(公告)号：US20060085548A1

公开(公告)日：2006-04-20

申请号：US10967470

申请日：2004-10-18

申请人： Robert Maher ,  Aswinkumar Rana ,  Milton Lie ,  James Deerman

发明人： Robert Maher ,  Aswinkumar Rana ,  Milton Lie ,  James Deerman

IPC分类号： G06F15/16

CPC分类号： H04L63/029 ,  H04L29/06027 ,  H04L65/1006

摘要： An apparatus and method for traversing a network address translation/firewall device to maintain a registration between first and second devices separated by the firewall device are provided. In one example, the method includes intercepting a registration message from the first device to the second device. A determination is made based on a first timeout period defined by the second device as to whether it is time to renew the first device's registration. If it is time to renew the first device's registration, the registration message is forwarded to the second device. A response message that includes the first timeout period is intercepted, and the first timeout period is replaced with a second timeout period based on a binding lifetime of the firewall device before forwarding the response message to the first device.

摘要翻译： 提供了一种用于遍历网络地址转换/防火墙设备以维护由防火墙设备分离的第一和第二设备之间的注册的装置和方法。 在一个示例中，该方法包括从第一设备截取注册消息到第二设备。 基于由第二设备定义的关于是否需要续订第一设备的注册的第一超时时段进行确定。 如果是更新第一个设备的注册的时间，则注册消息被转发到第二个设备。 拦截包含第一超时期间的响应消息，并且在将响应消息转发给第一设备之前，基于防火墙设备的绑定寿命，第一超时时段被替换为第二超时时段。

公开(公告)号：US20060227758A1

公开(公告)日：2006-10-12

申请号：US11103099

申请日：2005-04-09

申请人： Ashwin Rana ,  Milton Lie ,  Robert Walls ,  Robert Maher

发明人： Ashwin Rana ,  Milton Lie ,  Robert Walls ,  Robert Maher

IPC分类号： H04L12/28 ,  H04L12/56

CPC分类号： H04L45/302 ,  H04L45/04 ,  H04L45/3065 ,  H04L45/38 ,  H04L47/10 ,  H04L47/20 ,  H04L47/2416 ,  H04L47/2425 ,  H04L47/6215 ,  H04L63/0272 ,  H04L63/1458

摘要： A method and apparatus is described that allow the creation of virtual routing domains in an IP network. These virtual routing domains allow individual networks to be configures so that it appears that its routing domain covers the entire IP address space. A network processing system is used to implement the virtual routing domains and to allow network traffic to cross the individual routing domains. The network processing system is able to use application layer information to allow the crossing of virtual routing domain boundaries. By examining application layer information the network processing system is able to look up customer/user information and use that information to determine destination virtual routing domains and route otherwise unroutable addresses between domains.

摘要翻译： 描述了允许在IP网络中创建虚拟路由域的方法和装置。 这些虚拟路由域允许单独的网络进行配置，以使它的路由域覆盖整个IP地址空间。 网络处理系统用于实现虚拟路由域，并允许网络流量跨越各个路由域。 网络处理系统能够使用应用层信息来允许跨越虚拟路由域边界。 通过检查应用层信息，网络处理系统能够查找客户/用户信息，并使用该信息来确定目的地虚拟路由域，并在域间路由否则不可路由的地址。

公开(公告)号：US20090198996A1

公开(公告)日：2009-08-06

申请号：US12025128

申请日：2008-02-04

申请人： Milton Lie ,  Brian Forbes ,  Robert Burke

发明人： Milton Lie ,  Brian Forbes ,  Robert Burke

IPC分类号： H04L9/32

CPC分类号： H04L63/08 ,  H04L9/3234 ,  H04L63/1433 ,  H04L2209/56 ,  H04L2209/60 ,  H04L2209/805

摘要： A system and method for providing a identity association between a subscriber in a private network and a provider over a public network is described. The system and method include a subscriber security gateway in the private network, the subscriber security gateway providing policy enforcement and signaling between the private network and the provider over the public network and at least one digital key associated with the provider and readable by the subscriber security gateway and operable to provide a identity association with the provider. A network device in the private network, the network device operable to establish a trusted media channel between the provider and the network device using the public network as a result of the signaling and policy enforcement at the subscriber security gateway using the digital keys, and a security gateway in the provider network, the security gateway including a registry for authenticating the user using the digital key and for maintaining a record of the subscriber's relationship with the provider.

摘要翻译： 描述了通过公共网络在专用网络中的用户和提供商之间提供身份关联的系统和方法。 该系统和方法包括私有网络中的订户安全网关，订户安全网关通过公共网络提供私有网络和提供商之间的策略执行和信令，以及与提供商相关联并且可由用户安全性读取的至少一个数字密钥 网关并且可操作以提供与提供商的身份关联。 专用网络中的网络设备，所述网络设备可操作以作为使用所述数字密钥的所述用户安全网关上的信令和策略实施的结果，使用所述公共网络在所述提供商和所述网络设备之间建立可信赖媒体信道，以及 提供商网络中的安全网关，安全网关包括用于使用数字密钥认证用户并用于维护用户与提供商的关系的记录的注册表。

公开(公告)号：US06381622B1

公开(公告)日：2002-04-30

申请号：US08748123

申请日：1996-11-13

申请人： Milton Lie

发明人： Milton Lie

IPC分类号： G06F738

CPC分类号： G06F7/74 ,  G06F9/30018

摘要： A system and method of expediting bit scan instructions in a microprocessor is disclosed which employs an execution unit having zero detectors organized along predetermined boundaries for detecting in parallel, the number of leading or trailing zeros in a source operand and for writing a destination index to indicate the first non-zero bit position.

摘要翻译： 公开了一种在微处理器中加速位扫描指令的系统和方法，其采用具有沿预定边界组织的零检测器的执行单元并行检测源操作数中的前导或后向零的数量，并用于写入目的地索引以指示 第一个非零位位置。

公开(公告)号：US20090296936A1

公开(公告)日：2009-12-03

申请号：US12129823

申请日：2008-05-30

申请人： Milton Lie ,  Brian Forbes ,  Robert Burke

发明人： Milton Lie ,  Brian Forbes ,  Robert Burke

IPC分类号： H04L9/14

CPC分类号： H04L9/3213 ,  H04L9/083 ,  H04L2209/60 ,  H04L2209/805

摘要： A system and method include a device connectable to a private network and designed to access to a public network, the device used to control identity associations for end user devices in the private network, wherein the device has an associated device key and is operable to receive additional keys associated with service providers, and a conditional access system associated with the device, the conditional access system operated by a key authority to manage the device key and to authenticate the service provider keys thereby allowing identity associations between the private network and the service providers.

摘要翻译： 一种系统和方法包括可连接到专用网络并被设计为访问公共网络的设备，所述设备用于控制专用网络中最终用户设备的身份关联，其中所述设备具有相关联的设备密钥并且可操作以接收 与服务提供商相关联的附加密钥以及与该设备相关联的条件访问系统，由密钥管理机构操作的条件访问系统，用于管理设备密钥，以及认证服务提供商密钥，从而允许专用网络和服务提供商之间的身份关联 。

公开(公告)号：US20090249067A1

公开(公告)日：2009-10-01

申请号：US12055135

申请日：2008-03-25

申请人： Milton Lie ,  Brian Forbes ,  Robert Burke ,  Ernest Oakes

发明人： Milton Lie ,  Brian Forbes ,  Robert Burke ,  Ernest Oakes

IPC分类号： G06F12/14 ,  H04L9/14 ,  G06F17/00

CPC分类号： H04L63/06 ,  G06F21/10 ,  H04L63/0428

摘要： A system and method for pre-placing content from a provider on an end user storage device is described. The system includes a device connected to an end user network and a public network and used to interface with one or more digital keys, where each digital key is able to control one or more identity associations. A storage device attached to the end user network and is able to receive content from the provider using the identity association with the provider. The content is encrypted on the storage device using a keys established by the provider, such that the end user can only decrypt and access the content by agreeing to terms established by the provider using the digital key and identity association with the provider.

摘要翻译： 描述了用于在终端用户存储设备上预先安排来自提供商的内容的系统和方法。 该系统包括连接到终端用户网络和公共网络并且用于与一个或多个数字密钥进行接口的设备，其中每个数字密钥能够控制一个或多个身份关联。 连接到最终用户网络并且能够使用与提供商的身份关联从提供者接收内容的存储设备。 使用由提供商建立的密钥在存储设备上加密内容，使得最终用户只能通过使用数字密钥和提供商的身份关联同意由提供商建立的术语来解密和访问内容。

公开(公告)号：US20070283412A1

公开(公告)日：2007-12-06

申请号：US11626767

申请日：2007-01-24

申请人： Milton Lie ,  Ben Campbell

发明人： Milton Lie ,  Ben Campbell

IPC分类号： G06F17/00 ,  G06F15/16

CPC分类号： H04L63/20 ,  H04L63/101 ,  H04W12/08 ,  H04W88/16

摘要： A system, method, and interface for segregating a network controller and a security gateway is provided. A security gateway-network controller interface is established between a security gateway and a network controller. One or more application interfaces are carried over the security gateway-network controller interface. An admission policy interface may be maintained on the security gateway-network controller interface that allows establishment of dynamic access control lists for admission policies applied on specific secure tunnels. Additionally, a security association-international mobile subscriber identity interface may be maintained on the security gateway-network controller interface that facilitates ensuring an IMSI used during a registration process matches an identity used to establish a tunnel. Thus, a subscriber validation mechanism is provided over the security gateway-network controller interface that couples the network controller and the security gateway.

摘要翻译： 提供了一种用于隔离网络控制器和安全网关的系统，方法和接口。 在安全网关和网络控制器之间建立安全网关 - 网络控制器接口。 一个或多个应用接口通过安全网关 - 网络控制器接口承载。 可以在安全网关 - 网络控制器接口上维护准入策略接口，允许为特定安全隧道上应用的准入策略建立动态访问控制列表。 此外，可以在安全网关 - 网络控制器接口上维护安全关联 - 国际移动用户身份接口，其有助于确保在注册过程期间使用的IMSI与用于建立隧道的身份匹配。 因此，通过耦合网络控制器和安全网关的安全网关 - 网络控制器接口提供用户验证机制。