公开(公告)号：US09489456B1

公开(公告)日：2016-11-08

申请号：US11561123

申请日：2006-11-17

申请人： Hrishikesh A. Vidwans

发明人： Hrishikesh A. Vidwans

IPC分类号： G06F17/30

CPC分类号： G06F3/0608 ,  G06F3/0643 ,  G06F3/0652 ,  G06F3/067 ,  G06F12/0813 ,  G06F17/30132 ,  G06F17/30203 ,  G06F17/30864 ,  G06F2212/1044 ,  G06F2212/154 ,  G06F2212/163 ,  G06F2212/463

摘要： A process for opening and reading a file over a network, including a WAN. An edge file gateway receives a request from an application to open a file cached with the edge file gateway at one point on a network and stored on a file server connected to a central server at another point on the network. The edge file gateway forwards the request to open the file to the central server, along with any offsets and lengths stored from any previous requests to read the file. The central server responds by sending any file data described in the offsets and lengths to the edge file gateway. When the edge file gateway receives a read request, the edge file gateway stores the offset and length for the request, if a predefined storage limit is not exceeded, and attempts to satisfy the request from cached file data.

摘要翻译： 通过网络打开和读取文件的过程，包括WAN。 边缘文件网关接收来自应用程序的请求，以在网络上的一个点处打开与边缘文件网关缓存的文件，并存储在连接到网络上另一点的中央服务器的文件服务器上。 边缘文件网关转发请求以将文件打开到中央服务器，以及从任何先前请求读取文件所存储的任何偏移量和长度。 中央服务器通过将偏移和长度中描述的任何文件数据发送到边缘文件网关进行响应。 当边缘文件网关接收到读取请求时，如果未超过预定义的存储限制，边缘文件网关将存储请求的偏移量和长度，并尝试从缓存的文件数据中满足请求。

公开(公告)号：US20160127906A9

公开(公告)日：2016-05-05

申请号：US13857002

申请日：2013-04-04

申请人： BLUE COAT SYSTEMS, INC.

发明人： Qing Li ,  Gregory S. Clark

IPC分类号： H04W12/08

CPC分类号： H04W12/08 ,  G06F3/0481 ,  G06Q50/184 ,  H04L63/0263 ,  H04L63/18 ,  H04W24/08 ,  H04W84/12

摘要： A network access point secures a WiFi network, and acts as a picocell, by identifying applications running on computer-based devices, such as mobile phones, tablet computers, and the like, that seek to access the Internet (or another network) via the access point and applying network access policies to data communications by those applications according to application, location, context, device and/or user characteristics.

摘要翻译： 网络接入点通过识别在基于计算机的设备（例如移动电话，平板计算机等）上运行的应用来确保WiFi网络并充当微微小区，其寻求经由网络（或另一网络）访问因特网（或另一网络） 接入点，并根据应用，位置，上下文，设备和/或用户特征将网络接入策略应用于那些应用的数据通信。

公开(公告)号：US08849991B2

公开(公告)日：2014-09-30

申请号：US12968453

申请日：2010-12-15

申请人： Joseph H. Levy ,  Matthew Scott Wood ,  Daniel Arnold ,  Kenny Foisy ,  Dave Tubbs

发明人： Joseph H. Levy ,  Matthew Scott Wood ,  Daniel Arnold ,  Kenny Foisy ,  Dave Tubbs

IPC分类号： G06F15/173 ,  H04L12/26 ,  G06F17/30

CPC分类号： G06F17/30902 ,  H04L43/18

摘要： HTTP layered reconstruction is disclosed. A database is queried to identify a location of a previously reconstructed HTML artifact file or packet data of a HTML file in a repository that stores packet data captured from a network. The reconstructed HTML file is analyzed. Links to external files are identified and the database is queried to identify a location of previously reconstructed artifact files or packet data of associated external files. The external files are reconstructed, as needed. A web page is then reconstructed based on the reconstructed HTML file and reconstructed external files, presenting a view of the web page as it originally appeared to a user. A user may specify which external file types to include and/or not include. New versions of external files may be obtained and indicated in the reconstructed web page when associated artifact files or packet data are not stored within the repository.

摘要翻译： 公开了HTTP分层重建。 查询数据库以识别存储从网络捕获的分组数据的存储库中的先前重建的HTML工件文件或HTML文件的分组数据的位置。 分析重建的HTML文件。 识别与外部文件的链接，并查询数据库以识别先前重建的工件文件或相关外部文件的数据包数据的位置。 根据需要重构外部文件。 然后基于重构的HTML文件和重建的外部文件来重构网页，呈现网页最初对用户看来的视图。 用户可以指定要包括和/或不包括的外部文件类型。 当相关联的工件文件或分组数据不存储在存储库中时，可以在重建的网页中获得并指示新版本的外部文件。

公开(公告)号：US08842687B1

公开(公告)日：2014-09-23

申请号：US11479949

申请日：2006-06-30

申请人： Simon Adrian Jackson ,  Hogan Lew

发明人： Simon Adrian Jackson ,  Hogan Lew

IPC分类号： H04L12/28

CPC分类号： H04L49/557 ,  H04L49/208 ,  H04L49/555

摘要： An exemplary embodiment provides for methods, apparatuses and systems to facilitate the detection of network device failures in a variety of network topologies. This is accomplished by equipping a network device, or other devices used in conjunction with network devices, with a bypass port or network interface, such as a secondary outgoing network traffic communication port. In a normal operating mode, network traffic received at a first network interface or port is forwarded, after processing on the packet processing path of the network device, from a second network interface or port. In one implementation, the second network interface or port and the bypass port or network interface are connected to corresponding interfaces of a router or two routers. When a network device failure occurs network traffic bypasses the packet processing path of the network device and is forwarded from the bypass port or interface.

摘要翻译： 示例性实施例提供方法，装置和系统以便于检测各种网络拓扑中的网络设备故障。 这是通过将网络设备或与网络设备结合使用的其他设备配备有诸如二次出站网络流量通信端口的旁路端口或网络接口来实现的。 在正常操作模式中，在对网络设备的分组处理路径进行处理之后，从第二网络接口或端口转发在第一网络接口或端口处接收的网络流量。 在一个实现中，第二网络接口或端口以及旁路端口或网络接口连接到路由器或两个路由器的对应接口。 当网络设备发生故障时，网络流量会绕过网络设备的数据包处理路径，并从旁路端口或接口转发。

公开(公告)号：US08793307B2

公开(公告)日：2014-07-29

申请号：US12695996

申请日：2010-01-28

申请人： Wei Lu ,  Jamshid Mahdavi ,  Darrell Long

发明人： Wei Lu ,  Jamshid Mahdavi ,  Darrell Long

IPC分类号： G06F15/16

CPC分类号： H04L67/2842

摘要： A cache logically disposed in a communication path between a client and a server receives a request for a content item and, in response thereto, requests from the server header information concerning the content item and an initial portion of data that makes up the content item. The cache then computes a first hashing value from the header information and a second hashing value from the initial portion of data. A content identifier is created by combining the first hashing value and the second hashing value. Using the content identifier, the cache determines whether a copy of the content item is stored by the cache; and, if so provides same to the client. Otherwise, the cache requests the content item from the server and, upon receipt thereof, provides it to the client.

摘要翻译： 逻辑上设置在客户端和服务器之间的通信路径中的高速缓存器接收对内容项目的请求，并响应于此，来自服务器的关于内容项目的信息的请求以及组成内容项的数据的初始部分。 然后，高速缓存从头信息计算第一散列值，并从数据的初始部分计算第二哈希值。 通过组合第一哈希值和第二散列值来创建内容标识符。 使用内容标识符，缓存确定高速缓存是否存储内容项的副本; 如果是这样，给客户端一样。 否则，高速缓存从服务器请求内容项，并在接收到该内容时将其提供给客户端。

公开(公告)号：US08788708B2

公开(公告)日：2014-07-22

申请号：US13345081

申请日：2012-01-06

申请人： Qing Li

发明人： Qing Li

IPC分类号： G06F15/16

CPC分类号： H04L63/04 ,  H04L61/1511 ,  H04L63/0272

摘要： In one embodiment, a method includes receiving an address of a DNS server of a network. A secure communication tunnel is established with a client of the network. The client is notified that requests to the address of the DNS server of the network should not pass through the secure communication tunnel. A request for a DNS lookup of a name of a host of the network is received through the secure communication tunnel. A DNS referral that includes the address of the DNS server of the network is sent to the client.

摘要翻译： 在一个实施例中，一种方法包括接收网络的DNS服务器的地址。 与网络的客户端建立安全通信隧道。 通知客户端对网络的DNS服务器地址的请求不应通过安全通信隧道。 通过安全通信隧道接收对网络主机名称的DNS查询的请求。 将包含网络DNS服务器地址的DNS引用发送给客户端。

公开(公告)号：US20140095865A1

公开(公告)日：2014-04-03

申请号：US13631646

申请日：2012-09-28

申请人： BLUE COAT SYSTEMS, INC.

发明人： Srinivas Yerra ,  Krists Krilovs ,  Dharmendra Mohan ,  Ron Frederick ,  Tammy Green

IPC分类号： H04L29/06 ,  H04L9/32

CPC分类号： H04L63/0823 ,  H04L9/3265 ,  H04L9/3271 ,  H04L2209/76

摘要： Various techniques are described to authenticate the identity of a proxy in a client-proxy-server configuration. The configuration may have a client-side and a server-side SSL session. In the server-side session, if the proxy has access to the private keys of the client, the proxy may select a client certificate from a collection of client certificates and send the selected certificate to the server to satisfy a client authentication request of the server. If the proxy does not have access to the private keys, the proxy may instead send an emulated client certificate to the server. Further, the client certificate received from the client may be embedded within the emulated client certificate so as to allow the server to directly authenticate the client, in addition to the proxy. An emulated client certificate chain may be formed instead of an emulated client certificate. Similar techniques may be applied to the client-side session.

摘要翻译： 描述了各种技术来验证客户端 - 代理服务器配置中代理的身份。 该配置可能具有客户端和服务器端SSL会话。 在服务器端会话中，如果代理可以访问客户端的私钥，则代理可以从客户端证书的集合中选择客户端证书，并将所选择的证书发送到服务器以满足服务器的客户端认证请求 。 如果代理无权访问私钥，代理可能会将仿真的客户端证书发送到服务器。 此外，从客户端接收的客户端证书可以嵌入在仿真的客户端证书中，以便除了代理之外，允许服务器直接认证客户端。 可以形成模拟的客户端证书链，而不是模拟的客户端证书。 类似的技术可以应用于客户端会话。

公开(公告)号：US08671157B2

公开(公告)日：2014-03-11

申请号：US13218348

申请日：2011-08-25

申请人： Eric Maki

发明人： Eric Maki

IPC分类号： G06F15/16 ,  G06F7/04

CPC分类号： H04L61/1511 ,  H04L63/126 ,  H04L63/1466 ,  H04L2463/145

摘要： The present invention describes a system, method, and article of manufacture for resolving names received in network protocol requests by a network intermediary device coupled between a client network and a server network. A deferred trust model caching engine in the network intermediary device includes a transactor module configured to efficiently process a protocol request with a sequence of determinant criteria, although the sequence can occur in different orders. The deferred trust model caching engine includes a cacheability evaluator component configured to determine whether the protocol request is for a resource that the protocol permits to be cached by the network intermediate device, and a supplier trust evaluator component configured to compare information about the client's network protocol request and a cached object representation to determine if the object is trustworthy or not. The cached object representation associates an object with a supplier identity and a supplier trust property.

摘要翻译： 本发明描述了一种用于解决在由客户端网络和服务器网络之间耦合的网络中介设备在网络协议请求中接收的名称的系统，方法和制品。 网络中间设备中的延迟信任模型缓存引擎包括被配置为利用一系列行列式准则有效地处理协议请求的交易模块，尽管顺序可以以不同的顺序发生。 延迟信任模型缓存引擎包括可缓存性评估器组件，其被配置为确定协议请求是否用于协议允许被网络中间设备缓存的资源，以及供应商信任评估器组件，被配置为比较关于客户端的网络协议 请求和缓存的对象表示，以确定对象是否可信任。 缓存对象表示将对象与供应商标识和供应商信任属性相关联。

公开(公告)号：US08458344B2

公开(公告)日：2013-06-04

申请号：US13101661

申请日：2011-05-05

申请人： Qing Li ,  Yusheng Huang

发明人： Qing Li ,  Yusheng Huang

IPC分类号： G06F15/16 ,  G06F12/14 ,  G06F21/00 ,  G06F153/173

CPC分类号： H04L29/06183 ,  H04L12/4633

摘要： In one embodiment, an intermediary device situated along a communication path between two endpoint devices may receive communication packets sent along the communication path. If the intermediary device receives a connection-initiating packet having a customization indicator and a connection-acknowledgement packet having a customization indicator, then the intermediary device may install a bypass rule.

公开(公告)号：US08316429B2

公开(公告)日：2012-11-20

申请号：US11344787

申请日：2006-01-31

申请人： Darrell Long ,  Lee Dolsen ,  Doug Moen

发明人： Darrell Long ,  Lee Dolsen ,  Doug Moen

IPC分类号： H04L9/32

CPC分类号： H04L63/0236 ,  H04L63/0823 ,  H04L63/12 ,  H04L63/166

摘要： A host computer system is categorized according to uniform resource locator (URL) information extracted from a digital certificate purportedly associated with said host. Thereafter, a secure communication session (e.g., an SSL session) with said host may be granted or denied according to results of the categorizing. If granted, messages associated with the secure session may be tunneled through a proxy without decryption, or, in some cases, even though the secure communication session was authorized messages may be decrypted at the proxy.

摘要翻译： 主计算机系统根据从与所述主机相关联的数字证书提取的统一资源定位符（URL）信息进行分类。 此后，可以根据分类的结果来授予或拒绝与所述主机的安全通信会话（例如，SSL会话）。 如果被许可，则与安全会话关联的消息可以通过代理进行隧道传送而不进行解密，或者在某些情况下，即使安全通信会话被授权，消息也可以在代理处被解密。