Apparatus and method for processing encrypted packets in a computer network device
    1.
    发明授权
    Apparatus and method for processing encrypted packets in a computer network device 有权
    在计算机网络设备中处理加密分组的装置和方法

    公开(公告)号:US07023863B1

    公开(公告)日:2006-04-04

    申请号:US10922647

    申请日:2004-08-19

    IPC分类号: H04L12/28 H04L12/56

    CPC分类号: H04L63/02 H04L63/164

    摘要: Disclosed is an architecture for a network access server wherein a switching device is placed between a network gateway device and a first network, where the switching device detects the presence or absence of a security protocol field in the header information of data packets received from the first network and routes the data packets accordingly. When the security protocol field is absent, the switching device routes the data packet to the network gateway device for processing in accordance with a protocol service provided by the network access server. When the security protocol field is present, the switching device decrypts the data packet, processes the data packet in accordance with the protocol service provided by the network access server, and routes the data packet to another device within the network access server on the basis of decrypted address information within the data packet.

    摘要翻译: 公开了一种用于网络接入服务器的架构,其中交换设备位于网络网关设备和第一网络之间,其中交换设备检测从第一网络接收的数据分组的报头信息中存在或不存在安全协议字段 网络并相应地路由数据包。 当安全协议字段不存在时,交换设备根据网络接入服务器提供的协议服务将数据包路由到网关设备进行处理。 当存在安全协议字段时,交换设备解密数据包,根据网络接入服务器提供的协议服务处理数据包,并将数据包路由到网络接入服务器内的其他设备 数据包内的解密地址信息。

    Method and system for reflexive tunneling
    2.
    发明授权
    Method and system for reflexive tunneling 失效
    反射隧道的方法和系统

    公开(公告)号:US06292839B1

    公开(公告)日:2001-09-18

    申请号:US09207807

    申请日:1998-12-09

    IPC分类号: G06F1300

    CPC分类号: H04L12/4633

    摘要: A method and system for reflexive tunneling. One aspect of the invention includes a method for reflexive tunneling using hidden virtual tunnels. A first peer application sends data packets to a second peer application and intermediate network devices create a hidden virtual tunnel to send the data packets. The hidden virtual tunnel is “hidden” from the first peer application and the second peer application. The hidden virtual tunnels may allow supplemental services to be added to a network device such as a gateway in less time with less expense. Another aspect of the invention includes a method for reflexive tunneling using transparent virtual tunnels with multiple segments. A first peer application associated with a first network device on a first network with multiple communication channels sends data packets to a second peer application associated with a second network device on a second network over a pre-determined communications channel forming a first segment of transparent virtual tunnel. Intermediate network devices create a second segment of the transparent virtual tunnel, by adding headers to the data packets between the first and second networks. Reflexive tunneling with transparent virtual tunnels with multiple segments between the first and second networks, may allow peer applications on a network device with multiple communication channels on a communication link to communicate with other peer applications on other independent devices without confusion.

    摘要翻译: 一种反身隧道的方法和系统。 本发明的一个方面包括使用隐藏的虚拟隧道进行反射隧道的方法。 第一对等应用程序向第二对等应用发送数据包,并且中间网络设备创建隐藏的虚拟隧道以发送数据包。 隐藏的虚拟隧道是从第一个对等应用程序和第二个对等应用程序“隐藏”的。 隐藏的虚拟隧道可以允许补充服务以较少的时间以较少的费用被添加到诸如网关的网络设备。 本发明的另一方面包括使用具有多个段的透明虚拟隧道的反射隧道的方法。 与具有多个通信信道的第一网络上的与第一网络设备相关联的第一对等应用通过预定的通信信道在第二网络上将数据分组发送到与第二网络设备相关联的第二对等应用,形成透明虚拟的第一段 隧道。 中间网络设备通过向第一和第二网络之间的数据分组添加报头来创建透明虚拟隧道的第二段。 具有在第一和第二网络之间具有多个段的透明虚拟隧道的反射隧道可以允许具有通信链路上的多个通信信道的网络设备上的对等应用与其他独立设备上的其他对等应用通信而不混淆。

    Method and protocol for synchronized transfer-window based firewall traversal
    3.
    发明授权
    Method and protocol for synchronized transfer-window based firewall traversal 失效
    基于同步传输窗口的防火墙穿越的方法和协议

    公开(公告)号:US06202081B1

    公开(公告)日:2001-03-13

    申请号:US09119987

    申请日:1998-07-21

    申请人: Stanley T. Naudus

    发明人: Stanley T. Naudus

    IPC分类号: G06F1516

    CPC分类号: H04L63/029

    摘要: A protocol and method for synchronized transfer-window based firewall traversal is provided. The firewall traversal protocol includes messages for securely opening and closing a virtual data transfer-window through a firewall. The method allows a first network device inside a firewall to allow a virtual data transfer-window through a firewall to be opened with a second network device outside the firewall by sending the second network device secure information with the firewall traversal protocol. The secure information allows the second network device outside the firewall to securely traverse the firewall through the virtual data transfer-window to reach the first network device inside the firewall. The protocol and method help to improve firewall security and may help make the firewall less vulnerable to a number of common firewall attacks.

    摘要翻译: 提供了一种基于同步传输窗口的防火墙穿越协议和方法。 防火墙穿越协议包括通过防火墙安全打开和关闭虚拟数据传输窗口的消息。 该方法允许防火墙内的第一网络设备允许通过防火墙的虚拟数据传输窗口与防火墙外部的第二网络设备一起通过用防火墙遍历协议发送第二网络设备安全信息来打开。 安全信息允许防火墙外部的第二个网络设备通过虚拟数据传输窗口安全地穿过防火墙,以到达防火墙内部的第一个网络设备。 协议和方法有助于提高防火墙安全性,并可能有助于使防火墙不易遭受一些常见的防火墙攻击。

    System and method for simulating telephone use in a network telephone system
    4.
    发明授权
    System and method for simulating telephone use in a network telephone system 失效
    用于模拟网络电话系统中电话使用的系统和方法

    公开(公告)号:US06487196B1

    公开(公告)日:2002-11-26

    申请号:US09093838

    申请日:1998-05-29

    IPC分类号: H04M1253

    摘要: A system and method in a network-based telephone system for simulating a typical plain old telephone system (POTS) connection by generating sounds in response to conditions in the telephone connection that simulate POTS sounds that occur during the typical POTS connection. Telephones in a network-based telephone system are connected to a wide-area network (WAN) such as the Internet via an Internet telephony gateway. A calling telephone connects to the local exchange carrier to permit a user to connect to a calling Internet telephony gateway by dialing an access telephone number. The calling Internet telephony gateway receives access information and the destination telephone number and uses the destination telephone number to determine the Internet telephony gateway that is closest to the called telephone with the destination telephone number. The calling Internet telephony gateway connects to the called Internet telephony gateway which connects to the called telephone number. During the setup of the connection, the calling Internet telephony gateway generates dialing sounds to the calling telephone. The Internet telephony gateway may also generate busy signals, fast busy signals, click sounds and comfort noise sounds to provide the caller with a POTS feel.

    摘要翻译: 基于网络的电话系统中的系统和方法,用于通过响应于模拟在典型POTS连接期间发生的POTS声音的电话连接中的条件产生声音来模拟典型的普通老式电话系统(POTS)连接。 基于网络的电话系统中的电话通过因特网电话网关连接到诸如因特网的广域网(WAN)。 呼叫电话连接到本地交换运营商,以允许用户通过拨打接入电话号码连接到呼叫的因特网电话网关。 呼叫Internet电话网关接收接入信息和目的地电话号码,并使用目的地电话号码来确定最接近具有目的地电话号码的被叫电话的因特网电话网关。 呼叫的因特网电话网关连接到连接到被叫电话号码的被叫的因特网电话网关。 在建立连接期间,呼叫Internet电话网关向呼叫电话生成拨号声音。 互联网电话网关还可以产生忙信号,快忙信号,点击声和舒适噪声声,以向呼叫者提供POTS感觉。

    Method and apparatus for real time protocol feedback mixer traversal
    5.
    发明授权
    Method and apparatus for real time protocol feedback mixer traversal 失效
    用于实时协议反馈混合器遍历的方法和装置

    公开(公告)号:US07016339B1

    公开(公告)日:2006-03-21

    申请号:US09791188

    申请日:2001-02-22

    IPC分类号: H04L12/66

    摘要: Method and apparatus for Real Time protocol mixer traversal. Data including at least one feedback component are transmitted from a first to a second node. The feedback component is transmitted to the first node. Alternatively, a method includes transmitting Real Time Protocol data to a mixer from a first and a second node participating in a real time communications session. The mixer has a first feedback decoupling and a second feedback decoupling array. A feedback stream is sent from the first node and the second node to the mixer. The first and second feedback stream are responsive to the mixed stream. The first and second feedback stream are separated into a first and a second feedback component part. The first part is associated with Real Time Protocol information received from the first node. The second feedback component is representative of the information received from the second node. The first and second feedback component parts are combined into a plurality of feedback streams comprising the feedback components. The mixer feedback streams are transmitted to the nodes. A communications system includes a first and a second node. Data is transmitted from the first to the second node. A mixer receives feedback including at least one feedback component. The feedback component is transmitted to the first node and is responsive to the real time data received by the second node.

    摘要翻译: 用于实时协议混合器遍历的方法和装置。 包括至少一个反馈分量的数据从第一节点传送到第二节点。 反馈分量被发送到第一节点。 或者,一种方法包括从参与实时通信会话的第一和第二节点向混合器发送实时协议数据。 混频器具有第一反馈去耦和第二反馈去耦阵列。 反馈流从第一节点和第二节点发送到混频器。 第一和第二反馈流响应混合流。 第一和第二反馈流被分成第一和第二反馈分量部分。 第一部分与从第一个节点接收的实时协议信息相关联。 第二反馈分量代表从第二节点接收的信息。 第一和第二反馈分量部分被组合成包括反馈分量的多个反馈流。 混合器反馈流被传送到节点。 通信系统包括第一和第二节点。 数据从第一个节点传送到第二个节点。 混合器接收包括至少一个反馈分量的反馈。 反馈分量被发送到第一节点并且响应于由第二节点接收的实时数据。

    Method and apparatus for adaptive prioritization of multiple information types in highly congested communication devices
    6.
    发明授权
    Method and apparatus for adaptive prioritization of multiple information types in highly congested communication devices 失效
    用于在高度拥塞的通信设备中对多种信息类型进行自适应优先化的方法和装置

    公开(公告)号:US06535486B1

    公开(公告)日:2003-03-18

    申请号:US09611763

    申请日:2000-07-07

    IPC分类号: G01R3108

    摘要: A method and apparatus are used in a gateway to discard selected frames received with a selected encoded-information-type from a communication link with a larger bandwidth to avoid overflowing an internal delay variance removing queue used for protocol translation to a communication link with a smaller bandwidth. The discarded frames do not decrease the quality of translated information. A visual delay variance removing queue congestion indicator is included to indicate three levels of congestion in the delay variance removing queue for received frames. The method and apparatus are used in a multimedia gateway which is translating audio/video conferencing protocols (e.g., H.320, H.323/LAN H.323/PPP and H.324) received from a communication link with a large bandwidth and sent to a communication link with a smaller bandwidth.

    摘要翻译: 在网关中使用方法和装置来从具有较大带宽的通信链路丢弃用选定的编码信息类型接收的选定帧,以避免将用于协议转换的内部延迟方差消除队列溢出到具有较小的通信链路的通信链路 带宽。 丢弃的帧不会降低翻译信息的质量。 包括视觉延迟方差去除队列拥塞指示符以指示接收帧的延迟方差消除队列中的三个拥塞级别。 该方法和装置用于多媒体网关中,该多媒体网关正在转换从具有大带宽的通信链路接收的音频/视频会议协议(例如,H.320,H.323 / LAN H.323 / PPP和H.324) 发送到具有较小带宽的通信链路。

    System and method for efficiently transporting dual-tone multi-frequency/multiple frequency (DTMF/MF) tones in a telephone connection on a network-based telephone system
    7.
    发明授权
    System and method for efficiently transporting dual-tone multi-frequency/multiple frequency (DTMF/MF) tones in a telephone connection on a network-based telephone system 失效
    在基于网络的电话系统上的电话连接中有效传输双音多频/多频(DTMF / MF)音的系统和方法

    公开(公告)号:US06259691B1

    公开(公告)日:2001-07-10

    申请号:US09122201

    申请日:1998-07-24

    申请人: Stanley T. Naudus

    发明人: Stanley T. Naudus

    IPC分类号: H04J312

    CPC分类号: H04M7/1295

    摘要: A method and system in a network telephony system for transporting audio signals with lower delay when DTMF is not present. The method of transporting audio signals determines whether DTMF signals are included in the audio signal, or are likely to be transported according to the called or calling parties. A delay is imposed in the audio when DTMF signals are sensed or determined to be present as indicated by the calling party, the destination telephone number, the called party, and various other indicators. A timer may be used to trigger a reduction and elimination in the audio delay after an initial period in the call for calls in which DTMF signaling is used for an initial period of the call. The timer may also trigger the reduction and elimination in the audio delay when no DTMF signals have been received after a period of time. The system uses a DTMF detector to sense DTMF signals in the audio signal and to signal the delay generator to impose a delay in the audio stream. The delay generator may impose the delay by elongating the time between talk-spurts or by inserting fill packets in the audio stream. The delay may be removed from the audio stream when DTMF is not likely to be present.

    摘要翻译: 一种网络电话系统中的方法和系统,用于在不存在DTMF时传输具有较低延迟的音频信号。 传输音频信号的方法确定DTMF信号是否包括在音频信号中,或者可能根据被叫或呼叫方传输。 当呼叫方,目的地电话号码,被叫方和各种其他指示符所指示的DTMF信号被感测或确定存在时,音频中施加延迟。 定时器可用于触发在呼叫中的初始时段之后的音频延迟中的减少和消除,其中在呼叫的初始时段中使用DTMF信令。 一段时间后,当没有接收到DTMF信号时,定时器还可以触发音频延迟的减少和消除。 该系统使用DTMF检测器来感测音频信号中的DTMF信号,并且向延迟发生器发出信号以在音频流中施加延迟。 延迟发生器可以通过延长通话流之间的时间或通过在音频流中插入填充分组来施加延迟。 当DTMF不可能存在时,延迟可以从音频流中移除。

    Method and apparatus for sending delay sensitive information assisted by packet switched networks

    公开(公告)号:US06412006B1

    公开(公告)日:2002-06-25

    申请号:US09021249

    申请日:1998-02-10

    申请人: Stanley T. Naudus

    发明人: Stanley T. Naudus

    IPC分类号: H04L1228

    摘要: A method and apparatus for sending delay sensitive information assisted by packet switched networks for network nodes in a computer network. Delay sensitive information such as voice information is sent over higher cost delay sensitive connections. Control and status information for the delay sensitive connections is sent in control messages over lower cost packet switched connections to the nodes in the computer network. Information in the control messages is stored in status tables on the network nodes. The status table is used by network nodes to determine the status of any delay sensitive connections in the computer network and is used to establish a lowest cost connection path or a desired quality of service connection path when a delay sensitive connection between network nodes is requested. Sending delay sensitive control and status information over the lower cost packet switch connections to the network nodes and using status tables on the network nodes to establish delay sensitive connections significantly decreases the costs associated with using delay sensitive connections.

    Distributed processing of high level protocols, in a network access server
    9.
    发明授权
    Distributed processing of high level protocols, in a network access server 失效
    分布式处理高级协议,在网络接入服务器中

    公开(公告)号:US06304574B1

    公开(公告)日:2001-10-16

    申请号:US08970834

    申请日:1997-11-14

    IPC分类号: H04L1266

    摘要: A method and apparatus for distributing protocol processing among a plurality of computing platforms. Data communications equipment such as Remote Access Devices, Communication Servers, Terminal Servers, and Dial-up Routers provide single user or large-scale multiple user communication access to various computing environments. The equipment costs and performance of such access equipment is related to the amount of CPU processing capability and memory required to support the desired number of serial communication links. It is common to use protocols that terminate in their entirely in the same processing machine. This invention encompasses methods developed to increase the cost/performance capabilities of the communication equipment that supports these serial links, primarily by means of distributing the protocol processing for higher level protocols across multiple computing platforms, including devices such as modems. Examples of such higher level protocols include PPP, SLIP and RTP.

    摘要翻译: 一种用于在多个计算平台之间分配协议处理的方法和装置。 诸如远程访问设备,通信服务器,终端服务器和拨号路由器之类的数据通信设备提供对各种计算环境的单用户或大规模多用户通信访问。 这种接入设备的设备成本和性能与支持所需数量的串行通信链路所需的CPU处理能力和内存量相关。 通常使用终止于其完全在同一加工机器中的协议。 本发明包括为了增加支持这些串行链路的通信设备的成本/性能能力而开发的方法,主要是通过在多个计算平台(包括诸如调制解调器)之类的多个计算平台上分配用于较高级协议的协议处理。 这种更高级协议的示例包括PPP,SLIP和RTP。