公开(公告)号：US08095699B2

公开(公告)日：2012-01-10

申请号：US11542092

申请日：2006-09-29

申请人： Sachin Garg ,  Paul D. Krivacek

发明人： Sachin Garg ,  Paul D. Krivacek

IPC分类号： G06F3/00

CPC分类号： G06F13/126 ,  G06F9/3881 ,  G06F13/4273 ,  Y02D10/14 ,  Y02D10/151

摘要： An interface to transfer data between a host processor and an external coprocessor is provided. The interface may operate in several write modes, in which in a first write mode the write operation is transferred across the interface in two clock cycles and in a second write mode the write operation is transferred across the interface in a single clock cycle. The interface can perform a first read operation initiated by the host processor and a second read operation initiated by the external coprocessor. The interface can include buffers to store read and write operations and clock gates to selectively gate off clock signals provided to the buffers to synchronize transfer of data into and out of the buffers. A selectable priority scheme can be modified to select between priorities that control a preference in transferring operations over the interface when both read and write operations are queued for transfer.

摘要翻译： 提供了在主处理器和外部协处理器之间传送数据的接口。 接口可以在几种写入模式下操作，其中在第一写入模式中，写入操作在两个时钟周期内在该接口上传送，并且在第二写入模式中，写入操作在单个时钟周期内通过该接口传送。 接口可以执行由主处理器发起的第一读取操作和由外部协处理器发起的第二读取操作。 接口可以包括用于存储读取和写入操作的缓冲器和时钟门，以选择性地关闭提供给缓冲器的时钟信号，以将数据传入和传出缓冲器。 可以修改可选择的优先级方案，以便在读取和写入操作都排队等待传输时，在优先级之间选择控制在接口上传送操作的优先级。

公开(公告)号：US20080155135A1

公开(公告)日：2008-06-26

申请号：US11542092

申请日：2006-09-29

申请人： Sachin Garg ,  Paul D. Krivacek

发明人： Sachin Garg ,  Paul D. Krivacek

IPC分类号： G06F13/28

CPC分类号： G06F13/126 ,  G06F9/3881 ,  G06F13/4273 ,  Y02D10/14 ,  Y02D10/151

摘要： In one aspect, an interface adapted to transfer data between a host processor and an external coprocessor is provided. The interface may be adapted to operate in a plurality of write modes, wherein in a first write mode the write operation is transferred across the interface in two clock cycles and in a second write mode the write operation is transferred across the interface in a single clock cycle. In another aspect, the interface is adapted to perform a first read operation initiated by the host processor and a second read operation initiated by the external coprocessor. In another aspect, the interface includes a plurality of buffers to store read and write operations and a plurality of clock gates to selectively gate of clock signals provided to the plurality of buffers to synchronize transfer of data into and out of the buffers. In another aspect, the interface includes a selectable priority scheme capable of being modified to select between a plurality of priorities that control a preference in transferring operations over the interface when both read and write operations are queued for transfer.

摘要翻译： 在一个方面，提供一种适于在主处理器和外部协处理器之间传送数据的接口。 该接口可以适于以多种写入模式操作，其中在第一写入模式中，写入操作在两个时钟周期内在该接口上传送，并且在第二写入模式中，写入操作以单个时钟在该接口上传送 周期。 在另一方面，接口适于执行由主机处理器发起的第一读取操作和由外部协处理器发起的第二读取操作。 在另一方面，接口包括多个用于存储读取和写入操作的缓冲器以及多个时钟门，用于选择性地提供给多个缓冲器的时钟信号的门，以同步数据传入和传出缓冲器。 在另一方面，接口包括可选择的优先级方案，其能够被修改为在读取和写入操作都排队等待传送时控制在接口上传送操作的优先级的多个优先级之间进行选择。

公开(公告)号：US20130013421A1

公开(公告)日：2013-01-10

申请号：US13178266

申请日：2011-07-07

申请人： Shrutivandana Sharma ,  Sachin Garg

发明人： Shrutivandana Sharma ,  Sachin Garg

IPC分类号： G06Q30/00

CPC分类号： G06Q30/0241 ,  G06Q30/0251 ,  G06Q30/0253 ,  G06Q30/0273

摘要： Methods and systems are disclosed in which a guaranteed delivery advertisement may be appended with a non-guaranteed delivery advertisement. The guaranteed delivery advertisement may be, for example, a manufacturer or brand advertisement, and the non-guaranteed delivery advertisement may be, for example, a retailer advertisement. The guaranteed delivery advertisement may relate to a particular brand and/or product and the non-guaranteed delivery advertisement may relate to a purchasing opportunity for that particular brand and/or product. The guaranteed delivery advertisement may be selected based on targeting information and the non-guaranteed delivery advertisement may be selected based on factors such as, for example, the manufacturer name, the product name, the product type, a related product, price, availability of the product, discount, location of the retailer, etc.

摘要翻译： 公开了一种方法和系统，其中保证递送广告可以附加非保证递送广告。 保证发送广告可以是例如制造商或品牌广告，并且非保证递送广告可以是例如零售商广告。 保证的交货广告可以涉及特定品牌和/或产品，并且非保证交货广告可以涉及该特定品牌和/或产品的购买机会。 可以基于目标信息来选择保证的发送广告，并且可以基于诸如制造商名称，产品名称，产品类型，相关产品，价格，可用性等因素来选择非保证递送广告 产品，折扣，零售商的位置等

公开(公告)号：US08353030B2

公开(公告)日：2013-01-08

申请号：US11610489

申请日：2006-12-13

申请人： Akshay Adhikari ,  Sachin Garg ,  Anjur Sundaresan Krishnakumar ,  Navjot Singh

发明人： Akshay Adhikari ,  Sachin Garg ,  Anjur Sundaresan Krishnakumar ,  Navjot Singh

IPC分类号： G06F21/00

CPC分类号： H04L63/1408 ,  H04L63/1458

摘要： A method is disclosed that enables mitigating at least some of the problems caused by a packet attack. When a first Internet Protocol (IP)-capable device is subjected to a packet attack, it indicates periodically to a second IP-capable device that certain communications with the first device are to be suspended. The periodic transmitting of the indication is performed at a slower rate than the keep-alive mechanism that is normally used to detect loss of connectivity. When the second device receives the transmitted indication, it refrains from transmitting keep-alive messages to the first device for a predetermined interval. Meanwhile, the first device also refrains from transmitting keep-alive messages to the second device for a similar interval. In transmitting the suspend indication, the illustrative embodiment seeks to prevent pairs of communicating devices that are experiencing packet attacks from continuing their operation under the erroneous assumption that each device is unavailable.

摘要翻译： 公开了一种能够减轻由分组攻击引起的至少一些问题的方法。 当第一个基于互联网协议（IP）的设备遭受分组攻击时，它周期性地向第二个具有IP能力的设备指示与第一设备的某些通信将被暂停。 指示的周期性发送以比通常用于检测连通性损失的保持活动机制更慢的速率执行。 当第二设备接收到发送的指示时，它不阻止向预定间隔向第一设备发送保持活动消息。 同时，第一设备也禁止以类似间隔向第二设备发送保持活动消息。 在发送挂起指示时，说明性实施例旨在防止正在经历分组攻击的通信设备的对在每个设备不可用的错误假设下继续其操作。

公开(公告)号：US07814547B2

公开(公告)日：2010-10-12

申请号：US12200069

申请日：2008-08-28

申请人： Sachin Garg ,  Navjot Singh ,  Timothy Kohchih Tsai ,  Yu-Sung Wu ,  Saurabh Bagchi

发明人： Sachin Garg ,  Navjot Singh ,  Timothy Kohchih Tsai ,  Yu-Sung Wu ,  Saurabh Bagchi

IPC分类号： H04L9/00

CPC分类号： H04L63/1433

摘要： A method for detecting intrusions that employ messages of two or more protocols is disclosed. Such intrusions might occur in Voice over Internet Protocol (VoIP) systems, as well as in systems in which two or more protocols support some service other than VoIP. In the illustrative embodiment of the present invention, a stateful intrusion-detection system is capable of employing rules that have cross-protocol pre-conditions. The illustrative embodiment can use such rules to recognize a variety of VoIP-based intrusion attempts, such as call hijacking, BYE attacks, etc. In addition, the illustrative embodiment is capable of using such rules to recognize other kinds of intrusion attempts in which two or more protocols support a service other than VoIP. The illustrative embodiment also comprises a stateful firewall that is capable of employing rules with cross-protocol pre-conditions.

摘要翻译： 公开了一种用于检测采用两种或多种协议的消息的入侵的方法。 这种入侵可能发生在语音互联网协议（VoIP）系统中，以及在两个或多个协议支持VoIP之外的一些服务的系统中。 在本发明的说明性实施例中，状态入侵检测系统能够采用具有交叉协议前提条件的规则。 说明性实施例可以使用这样的规则来识别各种基于VoIP的入侵尝试，例如呼叫劫持，BYE攻击等。此外，说明性实施例能够使用这样的规则来识别其他种类的入侵尝试，其中两个 或更多的协议支持VoIP以外的服务。 说明性实施例还包括能够使用具有交叉协议前提条件的规则的有状态防火墙。

公开(公告)号：US20100250362A1

公开(公告)日：2010-09-30

申请号：US12415846

申请日：2009-03-31

申请人： Eric Theodore Bax ,  Krishna Prasad Chitrapura ,  Sachin Garg ,  Darshan Kantak ,  Anand Kuratti ,  Joaquin Arturo Delgado Rodriguez

发明人： Eric Theodore Bax ,  Krishna Prasad Chitrapura ,  Sachin Garg ,  Darshan Kantak ,  Anand Kuratti ,  Joaquin Arturo Delgado Rodriguez

IPC分类号： G06Q30/00 ,  G06N5/02

CPC分类号： G06Q30/02 ,  G06Q30/0204 ,  G06Q30/0244 ,  G06Q30/0247 ,  G06Q30/0601

摘要： A system and method to distribute computation for an exchange in which advertisers buy online advertising space from publishers. The exchange maintains submarkets, each containing a subset of the ad calls supplied by publishers and a subset of the offers and budgets representing demand from advertisers. Portfolio optimization techniques allocate the supply of ad calls from publishers over the submarkets, with the goal of maximizing profits for publishers while limiting the volatility of those profits. Portfolio optimization techniques allocate the demand from advertisers over the submarkets, with the goal of maximizing return on investment for advertisers. The exchange re-allocates supply and demand over submarkets periodically. Also, periodically, the most effective submarkets are replicated and the least effective submarkets are eliminated.

摘要翻译： 分发用于广告客户从发布商购买在线广告空间的交换计算的系统和方法。 交易所维护子市场，每个子市场包含发布商提供的广告呼叫的一部分，以及代表广告客户需求的提议和预算的一部分。 投资组合优化技术将发行商的广告电话分配给子市场，目的是最大化发布商的利润，同时限制这些利润的波动。 投资组合优化技术将广告客户的需求分配给子市场，目标是最大限度地提高广告客户的投资回报。 交易所定期重新分配子市场的供求。 此外，定期地，复制最有效的子市场，并且消除最不有效的子市场。

公开(公告)号：US20090070875A1

公开(公告)日：2009-03-12

申请号：US11854439

申请日：2007-09-12

申请人： Sachin Garg ,  Navjot Singh ,  Akshay Adhikari ,  Yu-Sung Wu

发明人： Sachin Garg ,  Navjot Singh ,  Akshay Adhikari ,  Yu-Sung Wu

IPC分类号： G06F21/00

CPC分类号： H04L63/1416 ,  H04L65/1006

摘要： An apparatus and method are disclosed for detecting intrusions in Voice over Internet Protocol systems without an attack signature database. The illustrative embodiment is based on two observations: (1) various VoIP-related protocols are simple enough to be represented by a finite-state machine (FSM) of compact size, thereby avoiding the disadvantages inherent in signature-based intrusion-detection systems.; and (2) there exist intrusions that might not be detectable locally by the individual finite-state machines (FSMs) but that can be detected with a global (or distributed) view of all the FSMs. The illustrative embodiment maintains a FSM for each session/node/protocol combination representing the allowed (or “legal”) states and state transitions for the protocol at that node in that session, as well as a “global” FSM for the entire session that enforces constraints on the individual FSMs and is capable of detecting intrusions that elude the individual FSMs.

摘要翻译： 公开了一种用于在没有攻击签名数据库的情况下检测在因特网协议语音系统中的入侵的装置和方法。 说明性实施例基于两个观察：（1）各种VoIP相关协议足够简单以由紧凑尺寸的有限状态机（FSM）表示，从而避免了基于签名的入侵检测系统固有的缺点。 ; 和（2）存在可能由个体有限状态机（FSM）本地可检测到的入侵，但是可以用全局（或分布式）视图检测所有FSM的入侵。 说明性实施例为表示该会话中该节点处的协议的允许（或“合法”）状态和状态转换的每个会话/节点/协议组合维护FSM，以及整个会话的“全局”FSM， 强制对各个FSM的约束，并且能够检测排除各个FSM的入侵。

公开(公告)号：US20080313737A1

公开(公告)日：2008-12-18

申请号：US12200069

申请日：2008-08-28

申请人： Sachin Garg ,  Navjot Singh ,  Timothy Kohchih Tsai ,  Yu-Sung Wu ,  Saurabh Bagchi

发明人： Sachin Garg ,  Navjot Singh ,  Timothy Kohchih Tsai ,  Yu-Sung Wu ,  Saurabh Bagchi

IPC分类号： G06F21/00

CPC分类号： H04L63/1433

摘要： A method for detecting intrusions that employ messages of two or more protocols is disclosed. Such intrusions might occur in Voice over Internet Protocol (VoIP) systems, as well as in systems in which two or more protocols support some service other than VoIP. In the illustrative embodiment of the present invention, a stateful intrusion-detection system is capable of employing rules that have cross-protocol pre-conditions. The illustrative embodiment can use such rules to recognize a variety of VoIP-based intrusion attempts, such as call hijacking, BYE attacks, etc. In addition, the illustrative embodiment is capable of using such rules to recognize other kinds of intrusion attempts in which two or more protocols support a service other than VoIP. The illustrative embodiment also comprises a stateful firewall that is capable of employing rules with cross-protocol pre-conditions.

摘要翻译： 公开了一种用于检测采用两种或多种协议的消息的入侵的方法。 这种入侵可能发生在语音互联网协议（VoIP）系统中，以及在两个或多个协议支持VoIP之外的一些服务的系统中。 在本发明的说明性实施例中，状态入侵检测系统能够采用具有交叉协议前提条件的规则。 说明性实施例可以使用这样的规则来识别各种基于VoIP的入侵尝试，例如呼叫劫持，BYE攻击等。此外，说明性实施例能够使用这样的规则来识别其他种类的入侵尝试，其中两个 或更多的协议支持VoIP以外的服务。 说明性实施例还包括能够使用具有交叉协议前提条件的规则的有状态防火墙。

公开(公告)号：US07372856B2

公开(公告)日：2008-05-13

申请号：US10854702

申请日：2004-05-27

申请人： Sachin Garg ,  Navjot Singh ,  Timothy Kohchih Tsai

发明人： Sachin Garg ,  Navjot Singh ,  Timothy Kohchih Tsai

IPC分类号： H04L12/28 ,  H04L12/56

CPC分类号： H04L63/12 ,  H04L9/0662 ,  H04L9/3236 ,  H04L9/3297 ,  H04L29/06027 ,  H04L65/607 ,  H04L65/608 ,  H04L2209/38

摘要： A method for Real-time Transport Protocol (RTP) packet authentication on a packet data network. In particular, the invention relates to a method for preventing toll fraud, privacy compromise, voice quality degradation, or denial of service (DoS) on Voice over IP networks. The Real-time Transport Protocol (RTP) is susceptible to several security attacks, including thirdparty snooping of private conversations, injection of forged content, and introduction or modification of packets to degrade voice quality. The Secure Real-time Transport Protocol (SRTP) provides confidentiality, message authentication, and replay protection for RTP traffic. However, SRTP incurs an additional overhead to verify the HMAC-SHA1 message authentication code for each packet. SRTP+ significantly decrease the verification overhead compared to SRTP and thereby increases the number of faked packets required to mount a successful denial of service attack. SRTP+ provides packet authentication but not integrity. SRTP+ is compatible with SRTP.

摘要翻译： 一种用于分组数据网络上的实时传输协议（RTP）分组认证的方法。 具体地说，本发明涉及一种用于防止IP语音上网的长途欺诈，隐私泄露，语音质量下降或拒绝服务（DoS）的方法。 实时传输协议（RTP）易受多种安全攻击，包括私有对话的第三方窥探，伪造内容的注入，以及引入或修改数据包以降低语音质量。 安全实时传输协议（SRTP）为RTP流量提供机密性，消息认证和重放保护。 然而，SRTP需要额外的开销来验证每个数据包的HMAC-SHA1消息认证码。 与SRTP相比，SRTP +显着降低了验证开销，从而增加了成功拒绝服务攻击所需的假包数量。 SRTP +提供数据包身份验证，但不提供完整性。 SRTP +与SRTP兼容。

公开(公告)号：US20070237145A1

公开(公告)日：2007-10-11

申请号：US11393605

申请日：2006-03-30

申请人： Akshay Adhikari ,  Sachin Garg ,  Anjur Kishnakumar ,  Navjot Singh

发明人： Akshay Adhikari ,  Sachin Garg ,  Anjur Kishnakumar ,  Navjot Singh

IPC分类号： H04L12/56

CPC分类号： H04L9/12 ,  H04L9/3236 ,  H04L2209/20 ,  H04L2209/805

摘要： A method of authenticating a communications between a sender and a receiver includes agreeing, by a sender and receiver, on a shared secret, computing a first sequence of numbers at the sender using the shared secret, and computing a second sequence of numbers at the receiver using the shared secret. Successive values of the first sequence are respectively embedded in successive messages by the sender. Upon receiving a message, the receiver compares the embedded value of the first sequence with a list of values including at least one corresponding value from the second sequence and the received message to considered to originate from an authentic sender if the value of the first sequence matches the value of the second sequence. The method value is removed from a list of values in the second sequence for comparing.

摘要翻译： 认证发送方和接收方之间的通信的方法包括由发送方和接收方在共享秘密上同意使用共享秘密计算发送方的第一数字序列，并在接收方计算第二数目序列 使用共享的秘密。 第一序列的连续值分别由发送者嵌入连续的消息中。 在接收到消息时，接收机将第一序列的嵌入值与包括来自第二序列的至少一个对应值的值列表以及所接收到的消息进行比较，如果第一序列的值匹配则被认为来自真实发送者 第二个序列的值。 方法值从第二个序列中的值列表中删除以进行比较。