公开(公告)号：US07107464B2

公开(公告)日：2006-09-12

申请号：US09902770

申请日：2001-07-10

申请人： Yaniv Shapira ,  Drory Shohat ,  Moshe Zezak ,  Niv Gilboa

发明人： Yaniv Shapira ,  Drory Shohat ,  Moshe Zezak ,  Niv Gilboa

IPC分类号： G06F17/00

CPC分类号： H04L63/0485 ,  H04L63/0272 ,  H04L63/164

摘要： A novel and useful virtual private network (VPN) mechanism and related security association processor for maintaining the necessary security related parameters to perform security functions such as encryption, decryption and authentication. A security association database (SAD) and related circuitry is adapted to provide the necessary parameters to implement the IPSec group of security specifications for encryption/decryption and authentication. Each security association (SA) entry in the database comprises all the parameters that are necessary to receive and transmit VPN packets according to the IPSec specification.

摘要翻译： 一种新颖有用的虚拟专用网（VPN）机制和相关的安全关联处理器，用于维护必要的安全相关参数以执行诸如加密，解密和认证的安全功能。 安全关联数据库（SAD）和相关电路适用于提供必要的参数来实现用于加密/解密和认证的IPSec安全规范组。 数据库中的每个安全关联（SA）条目包括根据IPSec规范接收和发送VPN数据包所需的所有参数。

公开(公告)号：US08274979B2

公开(公告)日：2012-09-25

申请号：US12087171

申请日：2005-12-30

申请人： Andrea Bragagnini ,  Diego Buffa ,  Paolo Pellegrino ,  Luca Scevola ,  Drory Shohat ,  Zac Sadan ,  Niv Gilboa

发明人： Andrea Bragagnini ,  Diego Buffa ,  Paolo Pellegrino ,  Luca Scevola ,  Drory Shohat ,  Zac Sadan ,  Niv Gilboa

IPC分类号： H04L12/56 ,  G06F15/16

CPC分类号： H04L29/12009 ,  H04L29/1233 ,  H04L61/25 ,  H04L63/0209 ,  H04L63/0254 ,  H04L67/14 ,  H04L67/146

摘要： A method for secure communication between a local area network and a wide area network includes integrating a NAT functionality in a firewall associated with the local area network, wherein the NAT functionality is suitable to translate the source port of outgoing data packets with a NAT port value obtained by adding to a NAT offset value the value of the session ED used in a session database. When reply data packets coming from the wide area network are received by the firewall, the session ID is extracted from the NAT port value and is used for directly pointing to the session database, thus reducing the time required to recognize the session.

摘要翻译： 一种用于局域网与广域网之间的安全通信的方法，包括将NAT功能集成到与局域网相关联的防火墙中，其中NAT功能适用于将出端数据包的源端口转换为NAT端口值 通过向NAT偏移值中添加在会话数据库中使用的会话ED的值来获得。 当来自广域网的应答数据报文由防火墙接收时，从NAT端口值中提取会话ID，直接指向会话数据库，从而减少识别会话所需的时间。

公开(公告)号：US06816455B2

公开(公告)日：2004-11-09

申请号：US09851768

申请日：2001-05-09

申请人： Ronen Goldberg ,  Gady Daniely ,  Moshe Zezak ,  Drory Shohat

发明人： Ronen Goldberg ,  Gady Daniely ,  Moshe Zezak ,  Drory Shohat

IPC分类号： H04L1266

CPC分类号： H04L63/0254

摘要： A novel and useful dynamic packet filter that can be incorporated in a hardware based firewall suitable for use in portable computing devices such as cellular telephones and wireless connected PDAs adapted to connect to the Internet. The invention performs dynamic packet filtering on packets received over an input packet stream. The dynamic filter checks dynamic protocol behavior using information extracted from the received packet. Sessions are created and stored in a session database to track the state of communications between the source and destination. Recognition of a session is accelerated by use of a hash table to quickly determine the corresponding session record in the session database. Session related data is read from the session database and the received packet is checked against a set of rules to determine whether to allow or deny the packet.

公开(公告)号：US20090323703A1

公开(公告)日：2009-12-31

申请号：US12087171

申请日：2005-12-30

申请人： Andrea Bragagnini ,  Diego Buffa ,  Paolo Pellegrino ,  Luca Scevola ,  Drory Shohat ,  Zac Sadan ,  Niv Gilboa

发明人： Andrea Bragagnini ,  Diego Buffa ,  Paolo Pellegrino ,  Luca Scevola ,  Drory Shohat ,  Zac Sadan ,  Niv Gilboa

IPC分类号： H04L12/56

CPC分类号： H04L29/12009 ,  H04L29/1233 ,  H04L61/25 ,  H04L63/0209 ,  H04L63/0254 ,  H04L67/14 ,  H04L67/146

摘要： A method for secure communication between a local area network and a wide area network includes integrating a NAT functionality in a firewall associated with the local area network, wherein the NAT functionality is suitable to translate the source port of outgoing data packets with a NAT port value obtained by adding to a NAT offset value the value of the session ED used in a session database. When reply data packets coming from the wide area network are received by the firewall, the session ID is extracted from the NAT port value and is used for directly pointing to the session database, thus reducing the time required to recognize the session.

摘要翻译： 一种用于局域网与广域网之间的安全通信的方法，包括将NAT功能集成到与局域网相关联的防火墙中，其中NAT功能适用于将出端数据包的源端口转换为NAT端口值 通过向NAT偏移值中添加在会话数据库中使用的会话ED的值来获得。 当来自广域网的应答数据报文由防火墙接收时，从NAT端口值中提取会话ID，直接指向会话数据库，从而减少识别会话所需的时间。