公开(公告)号：US07486696B2

公开(公告)日：2009-02-03

申请号：US10178762

申请日：2002-06-25

Applicant: Sachin Garg ,  Martin Kappes ,  Mahalingam Mani

Inventor： Sachin Garg ,  Martin Kappes ,  Mahalingam Mani

IPC: H04J3/16

CPC classification number: H04L47/14 ,  H04L12/4675 ,  H04L47/10 ,  H04L47/12 ,  H04L47/20 ,  H04L47/2408 ,  H04L47/2441 ,  H04L47/29 ,  H04L47/32

Abstract: A method and system for controlling the bandwidths of data traffic over virtual private networks are provided. The method includes classifying the data traffic for the virtual private network into different flows, monitoring a current bandwidth usage by at least one of the flows, comparing the current bandwidth usage with a predetermined threshold for the flow, and performing a bandwidth control operation for the flow if the current bandwidth usage exceeds the predetermined threshold for that flow.

Abstract translation: 提供了一种用于控制虚拟专用网络上的数据流量带宽的方法和系统。 该方法包括将虚拟专用网络的数据流量分类为不同的流，通过流中的至少一个来监视当前带宽使用情况，将当前带宽使用与流的预定阈值进行比较，以及为该流程执行带宽控制操作 如果当前带宽使用超过该流量的预定阈值，则流量。

公开(公告)号：US07403773B2

公开(公告)日：2008-07-22

申请号：US10180527

申请日：2002-06-27

Applicant: Martin Kappes ,  Sachin Garg ,  Mahalingam Mani

Inventor： Martin Kappes ,  Sachin Garg ,  Mahalingam Mani

IPC: H04Q7/20 ,  H04M11/04

CPC classification number: H04L63/105 ,  G01S5/0252 ,  H04L12/2856 ,  H04L63/107 ,  H04W4/021 ,  H04W12/08 ,  H04W48/04

Abstract: A wireless local area network (LAN), and a method of operating the same, prevents unauthorized users from accessing the wireless LAN. A signal strength of a station attempting to access the wireless LAN is measured. If the signal strength is less than a predetermined threshold value, the system concludes that the station is outside of an authorized geographical area. Such a station attempting to establish a connection is characterized as an unauthorized station, and access to the wireless LAN is denied. The system may also periodically verify that authorized stations remain within the authorized geographical area. A station that has moved outside of the authorized geographical area can be notified or denied further access to the wireless LAN.

Abstract translation: 无线局域网（LAN）及其操作方法防止未经授权的用户访问无线LAN。 测量尝试访问无线LAN的站的信号强度。 如果信号强度小于预定阈值，则系统断定该站在授权的地理区域之外。 尝试建立连接的这种站被表征为未授权站，并且拒绝对无线LAN的接入。 系统还可以周期性地验证授权站保留在授权的地理区域内。 移动到授权地理区域外的站可以被通知或拒绝进一步访问无线局域网。

公开(公告)号：US07286474B2

公开(公告)日：2007-10-23

申请号：US10261243

申请日：2002-09-30

Applicant: Sachin Garg ,  Martin Kappes

Inventor： Sachin Garg ,  Martin Kappes

IPC: H04L12/26

CPC classification number: H04L47/824 ,  H04L47/15 ,  H04L47/70 ,  H04L47/745 ,  H04L47/765 ,  H04L47/801 ,  H04L47/822

Abstract: A method and apparatus are disclosed for assessing the available resources in a network and using the assessment for admission control. A VoIP call can be established with a device only if the network has sufficient resources to accommodate the call or it is possible to make such resources available by curtailing ongoing data connections. A network utilization characteristic (NUC) provides a measure of network capacity. The network utilization characteristic of a flow is the fraction of time the network is busy transmitting data for that flow. The sum of the network utilization characteristics of all flows yields the fraction of time the network is busy transmitting data. The difference between one and the sum of all flows indicates the time that the network is idle in the measured time interval. A new flow can be accommodated if the NUC of the new flow is smaller than this difference value.

Abstract translation: 公开了一种用于评估网络中的可用资源并使用用于准入控制的评估的方法和装置。 只有当网络具有足够的资源来适应呼叫时，才可以使用设备建立VoIP呼叫，或者可以通过限制正在进行的数据连接来使这些资源可用。 网络利用特性（NUC）提供网络容量的度量。 流的网络利用特性是网络忙于传输该流的数据的时间的一小部分。 所有流的网络利用特性的总和产生了网络忙于传输数据的时间的一小部分。 一个和所有流量的和之间的差异表示网络在测量的时间间隔内空闲的时间。 如果新流量的NUC小于该差值，则可以适应新的流程。

公开(公告)号：US20050060424A1

公开(公告)日：2005-03-17

申请号：US10662728

申请日：2003-09-15

Applicant: Sachin Garg ,  Martin Kappes

Inventor： Sachin Garg ,  Martin Kappes

IPC: H04L12/28 ,  H04L12/56 ,  G06F15/16

CPC classification number: H04L47/10

Abstract: A technique for lessening the likelihood of congestion in a congestible node is disclosed. In the illustrative embodiment, the proxy node resides in the path of the protocol data units en route to a congestible node and the proxy node decides whether to drop protocol data units en route to the congestible node. In some embodiments of the present invention, the proxy node comprises a larger queue for the protocol data units than does the congestible node. The illustrative embodiment of the present invention is useful because it enables the manufacture of “lightweight” nodes without large queues and without the horsepower needed to run an algorithm, such as the Random Early Detection algorithm, for deciding which protocol data units to drop. Furthermore, the illustrative embodiment is useful because it can lessen the likelihood of congestion in legacy nodes.

Abstract translation: 公开了一种减少拥堵节点拥挤可能性的技术。 在说明性实施例中，代理节点驻留在路由到可拥塞节点的协议数据单元的路径中，并且代理节点决定是否将路由上的协议数据单元丢弃到可拥塞节点。 在本发明的一些实施例中，代理节点包括比可拥塞节点更大的协议数据单元队列。 本发明的说明性实施例是有用的，因为它能够制造没有大队列的“轻量级”节点，并且不需要运行诸如随机早期检测算法的算法所需的功率来决定哪些协议数据单元丢弃。 此外，说明性实施例是有用的，因为它可以减少传统节点中拥塞的可能性。

公开(公告)号：US20050060423A1

公开(公告)日：2005-03-17

申请号：US10662724

申请日：2003-09-15

Applicant: Sachin Garg ,  Martin Kappes

Inventor： Sachin Garg ,  Martin Kappes

IPC: H04L12/24 ,  H04L12/56 ,  G06F15/16

CPC classification number: H04L47/10

Abstract: A technique for lessening the likelihood of congestion in a congestible node is disclosed. In accordance with the illustrative embodiments of the present invention, one node—a proxy node—drops protocol data units to lessen the likelihood of congestion in the congestible node. In some embodiments of the present invention, the proxy node receives a metric of a queue at a congestible node and, based on the metric, decides whether to drop protocol data units en route to the congestible node. In some other embodiments of the present invention, the proxy node estimates a metric of a queue at a congestible node and, based on the metric, decides whether to drop protocol data units en route to the congestible node.

Abstract translation: 公开了一种减少拥堵节点拥挤可能性的技术。 根据本发明的说明性实施例，一个节点 - 代理节点丢弃协议数据单元，以减少拥塞节点中的拥塞的可能性。 在本发明的一些实施例中，代理节点在可拥塞节点处接收队列的度量，并且基于该度量决定是否将路由上的协议数据单元丢弃到可拥塞节点。 在本发明的一些其他实施例中，代理节点估计在可拥塞节点处的队列的度量，并且基于该度量决定是否将路由上的协议数据单元丢弃到可拥塞节点。

公开(公告)号：US08001262B2

公开(公告)日：2011-08-16

申请号：US10662724

申请日：2003-09-15

Applicant: Sachin Garg ,  Martin Kappes

Inventor： Sachin Garg ,  Martin Kappes

IPC: G06F15/16 ,  G01R31/08

Abstract: A technique for lessening the likelihood of congestion in a congestible node is disclosed. In accordance with the illustrative embodiments of the present invention, one node—a proxy node—drops protocol data units to lessen the likelihood of congestion in the congestible node. In some embodiments of the present invention, the proxy node receives a metric of a queue at a congestible node and, based on the metric, decides whether to drop protocol data units en route to the congestible node. In some other embodiments of the present invention, the proxy node estimates a metric of a queue at a congestible node and, based on the metric, decides whether to drop protocol data units en route to the congestible node.

公开(公告)号：US20130013421A1

公开(公告)日：2013-01-10

申请号：US13178266

申请日：2011-07-07

Applicant: Shrutivandana Sharma ,  Sachin Garg

Inventor： Shrutivandana Sharma ,  Sachin Garg

IPC: G06Q30/00

CPC classification number: G06Q30/0241 ,  G06Q30/0251 ,  G06Q30/0253 ,  G06Q30/0273

Abstract: Methods and systems are disclosed in which a guaranteed delivery advertisement may be appended with a non-guaranteed delivery advertisement. The guaranteed delivery advertisement may be, for example, a manufacturer or brand advertisement, and the non-guaranteed delivery advertisement may be, for example, a retailer advertisement. The guaranteed delivery advertisement may relate to a particular brand and/or product and the non-guaranteed delivery advertisement may relate to a purchasing opportunity for that particular brand and/or product. The guaranteed delivery advertisement may be selected based on targeting information and the non-guaranteed delivery advertisement may be selected based on factors such as, for example, the manufacturer name, the product name, the product type, a related product, price, availability of the product, discount, location of the retailer, etc.

Abstract translation: 公开了一种方法和系统，其中保证递送广告可以附加非保证递送广告。 保证发送广告可以是例如制造商或品牌广告，并且非保证递送广告可以是例如零售商广告。 保证的交货广告可以涉及特定品牌和/或产品，并且非保证交货广告可以涉及该特定品牌和/或产品的购买机会。 可以基于目标信息来选择保证的发送广告，并且可以基于诸如制造商名称，产品名称，产品类型，相关产品，价格，可用性等因素来选择非保证递送广告 产品，折扣，零售商的位置等

公开(公告)号：US08353030B2

公开(公告)日：2013-01-08

申请号：US11610489

申请日：2006-12-13

Applicant: Akshay Adhikari ,  Sachin Garg ,  Anjur Sundaresan Krishnakumar ,  Navjot Singh

Inventor： Akshay Adhikari ,  Sachin Garg ,  Anjur Sundaresan Krishnakumar ,  Navjot Singh

IPC: G06F21/00

CPC classification number: H04L63/1408 ,  H04L63/1458

Abstract: A method is disclosed that enables mitigating at least some of the problems caused by a packet attack. When a first Internet Protocol (IP)-capable device is subjected to a packet attack, it indicates periodically to a second IP-capable device that certain communications with the first device are to be suspended. The periodic transmitting of the indication is performed at a slower rate than the keep-alive mechanism that is normally used to detect loss of connectivity. When the second device receives the transmitted indication, it refrains from transmitting keep-alive messages to the first device for a predetermined interval. Meanwhile, the first device also refrains from transmitting keep-alive messages to the second device for a similar interval. In transmitting the suspend indication, the illustrative embodiment seeks to prevent pairs of communicating devices that are experiencing packet attacks from continuing their operation under the erroneous assumption that each device is unavailable.

Abstract translation: 公开了一种能够减轻由分组攻击引起的至少一些问题的方法。 当第一个基于互联网协议（IP）的设备遭受分组攻击时，它周期性地向第二个具有IP能力的设备指示与第一设备的某些通信将被暂停。 指示的周期性发送以比通常用于检测连通性损失的保持活动机制更慢的速率执行。 当第二设备接收到发送的指示时，它不阻止向预定间隔向第一设备发送保持活动消息。 同时，第一设备也禁止以类似间隔向第二设备发送保持活动消息。 在发送挂起指示时，说明性实施例旨在防止正在经历分组攻击的通信设备的对在每个设备不可用的错误假设下继续其操作。

公开(公告)号：US07814547B2

公开(公告)日：2010-10-12

申请号：US12200069

申请日：2008-08-28

Applicant: Sachin Garg ,  Navjot Singh ,  Timothy Kohchih Tsai ,  Yu-Sung Wu ,  Saurabh Bagchi

Inventor： Sachin Garg ,  Navjot Singh ,  Timothy Kohchih Tsai ,  Yu-Sung Wu ,  Saurabh Bagchi

IPC: H04L9/00

CPC classification number: H04L63/1433

Abstract: A method for detecting intrusions that employ messages of two or more protocols is disclosed. Such intrusions might occur in Voice over Internet Protocol (VoIP) systems, as well as in systems in which two or more protocols support some service other than VoIP. In the illustrative embodiment of the present invention, a stateful intrusion-detection system is capable of employing rules that have cross-protocol pre-conditions. The illustrative embodiment can use such rules to recognize a variety of VoIP-based intrusion attempts, such as call hijacking, BYE attacks, etc. In addition, the illustrative embodiment is capable of using such rules to recognize other kinds of intrusion attempts in which two or more protocols support a service other than VoIP. The illustrative embodiment also comprises a stateful firewall that is capable of employing rules with cross-protocol pre-conditions.

Abstract translation: 公开了一种用于检测采用两种或多种协议的消息的入侵的方法。 这种入侵可能发生在语音互联网协议（VoIP）系统中，以及在两个或多个协议支持VoIP之外的一些服务的系统中。 在本发明的说明性实施例中，状态入侵检测系统能够采用具有交叉协议前提条件的规则。 说明性实施例可以使用这样的规则来识别各种基于VoIP的入侵尝试，例如呼叫劫持，BYE攻击等。此外，说明性实施例能够使用这样的规则来识别其他种类的入侵尝试，其中两个 或更多的协议支持VoIP以外的服务。 说明性实施例还包括能够使用具有交叉协议前提条件的规则的有状态防火墙。

公开(公告)号：US20100250362A1

公开(公告)日：2010-09-30

申请号：US12415846

申请日：2009-03-31

Applicant: Eric Theodore Bax ,  Krishna Prasad Chitrapura ,  Sachin Garg ,  Darshan Kantak ,  Anand Kuratti ,  Joaquin Arturo Delgado Rodriguez

Inventor： Eric Theodore Bax ,  Krishna Prasad Chitrapura ,  Sachin Garg ,  Darshan Kantak ,  Anand Kuratti ,  Joaquin Arturo Delgado Rodriguez

IPC: G06Q30/00 ,  G06N5/02

CPC classification number: G06Q30/02 ,  G06Q30/0204 ,  G06Q30/0244 ,  G06Q30/0247 ,  G06Q30/0601

Abstract: A system and method to distribute computation for an exchange in which advertisers buy online advertising space from publishers. The exchange maintains submarkets, each containing a subset of the ad calls supplied by publishers and a subset of the offers and budgets representing demand from advertisers. Portfolio optimization techniques allocate the supply of ad calls from publishers over the submarkets, with the goal of maximizing profits for publishers while limiting the volatility of those profits. Portfolio optimization techniques allocate the demand from advertisers over the submarkets, with the goal of maximizing return on investment for advertisers. The exchange re-allocates supply and demand over submarkets periodically. Also, periodically, the most effective submarkets are replicated and the least effective submarkets are eliminated.

Abstract translation: 分发用于广告客户从发布商购买在线广告空间的交换计算的系统和方法。 交易所维护子市场，每个子市场包含发布商提供的广告呼叫的一部分，以及代表广告客户需求的提议和预算的一部分。 投资组合优化技术将发行商的广告电话分配给子市场，目的是最大化发布商的利润，同时限制这些利润的波动。 投资组合优化技术将广告客户的需求分配给子市场，目标是最大限度地提高广告客户的投资回报。 交易所定期重新分配子市场的供求。 此外，定期地，复制最有效的子市场，并且消除最不有效的子市场。