公开(公告)号：US08650630B2

公开(公告)日：2014-02-11

申请号：US12233474

申请日：2008-09-18

申请人： Vinod K. Choyi ,  Bassem Abdel-Aziz

发明人： Vinod K. Choyi ,  Bassem Abdel-Aziz

IPC分类号： G06F9/00

CPC分类号： H04L63/145 ,  H04L63/1491 ,  H04W8/06 ,  H04W12/12 ,  H04W80/04

摘要： Malicious sources within networks are identified using bait traffic, including mobile IP messages, transmitted between a collaborating network device and a collaborating mobile client that has a fixed connection to the network. The bait traffic entices a malicious source to transmit malicious packets towards the collaborating mobile client and/or the network device. Upon receiving a malicious packet, the collaborating mobile client or the network device is able to identify the source of the packet as a malicious source and report the presence of the malicious source within the network.

摘要翻译： 网络中的恶意来源使用诱饵流量来识别，包括在协作网络设备与具有与网络的固定连接的协作移动客户端之间传输的移动IP消息。 诱饵流量引起恶意源向协作移动客户端和/或网络设备传输恶意数据包。 在接收到恶意数据包时，协作移动客户端或网络设备能够将数据包的来源识别为恶意源，并报告网络中恶意源的存在。

公开(公告)号：US20090106156A1

公开(公告)日：2009-04-23

申请号：US11976248

申请日：2007-10-23

申请人： Vinod K. Choyi ,  Faud Khan ,  Dmitri Vinokurov

发明人： Vinod K. Choyi ,  Faud Khan ,  Dmitri Vinokurov

IPC分类号： G06F17/40 ,  H04L9/32

CPC分类号： H04L63/10 ,  G06F21/10 ,  H04L2463/101

摘要： A method of network-based digital rights enforcement, and related enforcement device, the method including one or more of the following: embedding information into digital content requested by an end user; providing a signature for the digital content to a service provider; providing a key to the service provider, the key being necessary for reading the information embedded into the digital content; providing an algorithm to the service provider for extracting the information embedded into the digital content; providing an identification to the service provider of a content provider that provides the digital content; extracting the signature from the digital content requested by the end user; analyzing the signature to determine whether a signature match exists; and determining whether the end user is a legitimate authorized user of the requested digital content or capable of distributing content.

摘要翻译： 一种基于网络的数字版权执法方法及相关执法装置，该方法包括以下一个或多个步骤：将信息嵌入到最终用户要求的数字内容中; 向服务提供商提供数字内容的签名; 为服务提供商提供密钥，是读取嵌入到数字内容中的信息所必需的关键; 向所述服务提供者提供用于提取嵌入到所述数字内容中的信息的算法; 向提供数字内容的内容提供商的服务提供商提供标识; 从最终用户请求的数字内容中提取签名; 分析签名以确定是否存在签名匹配; 以及确定最终用户是所请求的数字内容的合法授权用户还是能够分发内容。

公开(公告)号：US08769682B2

公开(公告)日：2014-07-01

申请号：US12233561

申请日：2008-09-18

申请人： Vinod K. Choyi ,  Pierrick Guingo ,  Faud A. Khan

发明人： Vinod K. Choyi ,  Pierrick Guingo ,  Faud A. Khan

IPC分类号： H04L29/06 ,  H04L12/24

CPC分类号： H04L63/1408 ,  H04L41/0213 ,  H04L63/1441 ,  H04L65/4076 ,  H04L2463/141 ,  H04N21/6405 ,  H04N21/64322 ,  H04N21/64723

摘要： Mechanism for identifying malicious content, DoS attacks, and illegal IPTV services. By monitoring the characteristics of various control messages being transmitted within a network that services Internet protocol television (IPTV) content to identify suspicious behavior (e.g., such as that associated with malicious content, denial of service (DoS) attacks, IPTV service stealing, etc.). In addition to monitoring control messages within such a network, deep packet inspection (DPI) may be performed for individual packets within an IPTV stream to identify malicious content therein (e.g., worms, viruses, etc. actually within the IPTV stream itself). By monitoring control messages and/or actual IPTV content within a network (e.g., vs. at the perimeter of a network only), protection against both outside and inside attacks can be effectuated. This network level basis of operation effectively guards against promulgation of malicious content to other devices within the network.

摘要翻译： 识别恶意内容，DoS攻击和非法IPTV服务的机制。 通过监视在网络内正在传输的各种控制消息的特征，服务于互联网协议电视（IPTV）内容以识别可疑行为（例如与恶意内容，拒绝服务（DoS）攻击，IPTV服务窃取等）相关联的行为 。）。 除了监视这样的网络内的控制消息之外，可以对IPTV流内的各个分组执行深度分组检查（DPI），以识别其中的实际在IPTV流本身内的恶意内容（例如，蠕虫，病毒等）。 通过监视网络内的控制消息和/或实际IPTV内容（例如，仅在网络的周边），可以实现对外部和内部攻击的保护。 这种网络级操作基础有效防止恶意内容向网络内的其他设备发布。

公开(公告)号：US20110167444A1

公开(公告)日：2011-07-07

申请号：US12652615

申请日：2010-01-05

申请人： Yong Sun ,  Vinod K. Choyi

发明人： Yong Sun ,  Vinod K. Choyi

IPC分类号： H04N7/167

CPC分类号： H04N7/17318 ,  H04N21/25816 ,  H04N21/4122 ,  H04N21/41407 ,  H04N21/63345 ,  H04N21/64322

摘要： A mobile IPTV system enables authenticating and off-loading of IPTV operations from a mobile device to an external fixed viewing device. The mobile device performs authentication to an IPTV network to receive decryption key(s) for use in decrypting IPTV content and provides the decryption key to the viewing device. The viewing device uses the decryption key to decrypt and render IPTV content thereon.

摘要翻译： 移动IPTV系统使得能够从移动设备到外部固定观看设备的IPTV操作的认证和关闭。 移动设备对IPTV网络进行认证，以接收用于解密IPTV内容的解密密钥，并向观看设备提供解密密钥。 观看设备使用解密密钥来解密和呈现IPTV内容。

公开(公告)号：US08713597B2

公开(公告)日：2014-04-29

申请号：US12652615

申请日：2010-01-05

申请人： Yong Sun ,  Vinod K. Choyi

发明人： Yong Sun ,  Vinod K. Choyi

IPC分类号： H04N7/167 ,  H04N7/173 ,  G06F7/04 ,  H04L9/08 ,  H04H20/71

CPC分类号： H04N7/17318 ,  H04N21/25816 ,  H04N21/4122 ,  H04N21/41407 ,  H04N21/63345 ,  H04N21/64322

摘要： A mobile IPTV system enables authenticating and off-loading of IPTV operations from a mobile device to an external fixed viewing device. The mobile device performs authentication to an IPTV network to receive decryption key(s) for use in decrypting IPTV content and provides the decryption key to the viewing device. The viewing device uses the decryption key to decrypt and render IPTV content thereon.

摘要翻译： 移动IPTV系统使得能够从移动设备到外部固定观看设备的IPTV操作的认证和关闭。 移动设备对IPTV网络进行认证，以接收用于解密IPTV内容的解密密钥，并向观看设备提供解密密钥。 观看设备使用解密密钥来解密和呈现IPTV内容。

公开(公告)号：US08180874B2

公开(公告)日：2012-05-15

申请号：US12008535

申请日：2008-01-11

申请人： Yong Sun ,  Vinod K. Choyi

发明人： Yong Sun ,  Vinod K. Choyi

IPC分类号： G06F15/173

CPC分类号： H04L12/4625 ,  H04L49/251 ,  H04L49/351 ,  H04L63/1458 ,  H04L63/1466 ,  H04L2463/145

摘要： A method for defending against MAC table overflow attacks comprises a plurality of operations. An operation is performed for determining whether each one of a plurality of MAC addresses within a MAC table has one-way traffic or two-way traffic corresponding thereto. Thereafter, operations are performed for designating each MAC address having two-way traffic corresponding thereto as a first category of MAC address and for designating each MAC address having one-way traffic corresponding thereto as a second category of MAC address. In response to the number of the MAC addresses designated as the second category of MAC address exceeding a prescribed threshold value, an operation is performed for causing a timeout value of at least a portion of the MAC addresses designated as the second category of MAC address to be less than a timeout value of the MAC addresses designated as the first category of MAC address.

摘要翻译： 防止MAC表溢出攻击的方法包括多个操作。 执行用于确定MAC表中的多个MAC地址中的每一个是否具有与其对应的单向业务或双向业务的操作。 此后，执行操作来指定具有对应于其的双向业务的每个MAC地址作为第一类MAC地址，并且用于指定具有与其对应的单向业务的每个MAC地址作为第二类MAC地址。 响应于指定为超过规定阈值的MAC地址的第二类别的MAC地址的数量，执行用于使指定为第二类别MAC地址的MAC地址的至少一部分的超时值的操作 小于指定为第一类MAC地址的MAC地址的超时值。

公开(公告)号：US20090182854A1

公开(公告)日：2009-07-16

申请号：US12008535

申请日：2008-01-11

申请人： Yong Sun ,  Vinod K. Choyi

发明人： Yong Sun ,  Vinod K. Choyi

IPC分类号： G06F15/173

CPC分类号： H04L12/4625 ,  H04L49/251 ,  H04L49/351 ,  H04L63/1458 ,  H04L63/1466 ,  H04L2463/145

摘要： A method for defending against MAC table overflow attacks comprises a plurality of operations. An operation is performed for determining whether each one of a plurality of MAC addresses within a MAC table has one-way traffic or two-way traffic corresponding thereto. Thereafter, operations are performed for designating each MAC address having two-way traffic corresponding thereto as a first category of MAC address and for designating each MAC address having one-way traffic corresponding thereto as a second category of MAC address. In response to the number of the MAC addresses designated as the second category of MAC address exceeding a prescribed threshold value, an operation is performed for causing a timeout value of at least a portion of the MAC addresses designated as the second category of MAC address to be less than a timeout value of the MAC addresses designated as the first category of MAC address.

摘要翻译： 防止MAC表溢出攻击的方法包括多个操作。 执行用于确定MAC表中的多个MAC地址中的每一个是否具有与其对应的单向业务或双向业务的操作。 此后，执行操作来指定具有对应于其的双向业务的每个MAC地址作为第一类MAC地址，并且用于指定具有与其对应的单向业务的每个MAC地址作为第二类MAC地址。 响应于指定为超过规定阈值的MAC地址的第二类别的MAC地址的数量，执行用于使指定为第二类别MAC地址的MAC地址的至少一部分的超时值的操作 小于指定为第一类MAC地址的MAC地址的超时值。