公开(公告)号：US09712494B2

公开(公告)日：2017-07-18

申请号：US15372208

申请日：2016-12-07

申请人： MPH Technologies Oy

发明人： Sami Vaarala ,  Antti Nuopponen

IPC分类号： H04L9/32 ,  G06F15/16 ,  H04L29/06 ,  H04L9/08 ,  H04L29/12

CPC分类号： H04L63/0281 ,  H04L9/0841 ,  H04L9/0844 ,  H04L9/321 ,  H04L29/1216 ,  H04L29/12481 ,  H04L29/1249 ,  H04L61/157 ,  H04L61/2557 ,  H04L61/256 ,  H04L63/0272 ,  H04L63/0428 ,  H04L63/061 ,  H04L63/08 ,  H04L63/123 ,  H04L63/164 ,  H04L2209/80

摘要： The method and system enable secure forwarding of a message from a first computer to a second computer via an intermediate computer in a telecommunication network. A message is formed in the first computer or in a computer that is served by the first computer, and in the latter case, sending the message to the first computer. In the first computer, a secure message is then formed by giving the message a unique identity and a destination address. The message is sent from the first computer to the intermediate computer after which the destination address and the unique identity are used to find an address to the second computer. The current destination address is substituted with the found address to the second computer, and the unique identity is substituted with another unique identity. Then the message is forwarded to the second computer.

公开(公告)号：US20160065619A1

公开(公告)日：2016-03-03

申请号：US14570372

申请日：2014-12-15

申请人： A10 Networks, Inc.

发明人： Lee Chen ,  Ronald Wai Lun Szeto

IPC分类号： H04L29/06

CPC分类号： H04L63/20 ,  H04L29/12433 ,  H04L29/12481 ,  H04L61/2539 ,  H04L61/2557 ,  H04L63/0209 ,  H04L63/0218 ,  H04L63/0227 ,  H04L63/0281 ,  H04L65/1069

摘要： A system and method for a distributed multi-processing security gateway establishes a host side session, selects a proxy network address for a server, uses the proxy network address to establish a server side session, receives a data packet, assigns a central processing unit core from a plurality of central processing unit cores in a multi-core processor of the security gateway to process the data packet, processes the data packet according to security policies, and sends the processed data packet. The proxy network address is selected such that a same central processing unit core is assigned to process data packets from the server side session and the host side session. By assigning central processing unit cores in this manner, higher capable security gateways are provided.

摘要翻译： 用于分布式多处理安全网关的系统和方法建立主机侧会话，为服务器选择代理网络地址，使用代理网络地址建立服务器端会话，接收数据包，分配中央处理单元核心 从安全网关的多核处理器中的多个中央处理单元核心处理数据分组，根据安全策略处理数据分组，并发送处理后的数据分组。 代理网络地址被选择为使得相同的中央处理单元核心被分配以处理来自服务器端会话和主机侧会话的数据分组。 通过以这种方式分配中央处理单元核心，提供了更高能力的安全网关。

公开(公告)号：US08918857B1

公开(公告)日：2014-12-23

申请号：US13875180

申请日：2013-05-01

申请人： A10 Networks, Inc.

发明人： Lee Chen ,  Ronald Wai Lun Szeto

IPC分类号： G06F21/00 ,  H04L29/06

CPC分类号： H04L63/20 ,  H04L29/12433 ,  H04L29/12481 ,  H04L61/2539 ,  H04L61/2557 ,  H04L63/0209 ,  H04L63/0218 ,  H04L63/0227 ,  H04L63/0281 ,  H04L65/1069

摘要： A system and method for a distributed multi-processing security gateway establishes a host side session, selects a proxy network address for a server, uses the proxy network address to establish a server side session, receives a data packet, assigns a central processing unit core from a plurality of central processing unit cores in a multi-core processor of the security gateway to process the data packet, processes the data packet according to security policies, and sends the processed data packet. The proxy network address is selected such that a same central processing unit core is assigned to process data packets from the server side session and the host side session. By assigning central processing unit cores in this manner, higher capable security gateways are provided.

摘要翻译： 用于分布式多处理安全网关的系统和方法建立主机侧会话，为服务器选择代理网络地址，使用代理网络地址建立服务器端会话，接收数据包，分配中央处理单元核心 从安全网关的多核处理器中的多个中央处理单元核心处理数据分组，根据安全策略处理数据分组，并发送处理后的数据分组。 代理网络地址被选择为使得相同的中央处理单元核心被分配以处理来自服务器端会话和主机侧会话的数据分组。 通过以这种方式分配中央处理单元核心，提供了更高能力的安全网关。

公开(公告)号：US08914871B1

公开(公告)日：2014-12-16

申请号：US13875184

申请日：2013-05-01

申请人： A10 Networks, Inc.

发明人： Lee Chen ,  Ronald Wai Lun Szeto

IPC分类号： G06F21/00 ,  H04L29/06

CPC分类号： H04L63/20 ,  H04L29/12433 ,  H04L29/12481 ,  H04L61/2539 ,  H04L61/2557 ,  H04L63/0209 ,  H04L63/0218 ,  H04L63/0227 ,  H04L63/0281 ,  H04L65/1069

摘要： A system and method for a distributed multi-processing security gateway establishes a host side session, selects a proxy network address for a server, uses the proxy network address to establish a server side session, receives a data packet, assigns a central processing unit core from a plurality of central processing unit cores in a multi-core processor of the security gateway to process the data packet, processes the data packet according to security policies, and sends the processed data packet. The proxy network address is selected such that a same central processing unit core is assigned to process data packets from the server side session and the host side session. By assigning central processing unit cores in this manner, higher capable security gateways are provided.

公开(公告)号：US08667170B2

公开(公告)日：2014-03-04

申请号：US10558629

申请日：2005-04-14

申请人： Katsunori Matsuura

发明人： Katsunori Matsuura

IPC分类号： G06F15/173 ,  G06F15/16

CPC分类号： H04L29/12009 ,  H04L29/12481 ,  H04L29/1249 ,  H04L61/2557 ,  H04L61/256 ,  H04L63/0227 ,  H04L63/029

摘要： The conventional address translation techniques cannot allow multiple terminal devices to be accessed by using one identical port number because they can associates one port number with only one device if the terminals do not support encapsulation.According to the present invention, access from a global network to a private network is restricted in accordance with an access control rule established for each device or network sending a packet. Furthermore, address translation is performed in accordance with address translation rules established on a per sending device basis to provide communication between a global network and a private network.When a connection request is received from the global network and if authentication of the connection request is successful, an access control rule is established on a per sending device basis or on a per sending network basis and recorded. After the communication ends, the added access control rule and address translation rule are deleted.

摘要翻译： 传统的地址转换技术不能通过使用一个相同的端口号来访问多个终端设备，因为如果终端不支持封装，则可以将一个端口号与一个设备相关联。 根据本发明，根据针对发送分组的每个设备或网络建立的访问控制规则来限制从全局网络到专用网络的访问。 此外，根据在每个发送设备基础上建立的地址转换规则来执行地址转换，以提供全球网络和专用网络之间的通信。 当从全球网络接收到连接请求并且如果连接请求的认证成功时，则基于每个发送设备或每个发送网络建立访问控制规则并进行记录。 通信结束后，删除附加的访问控制规则和地址转换规则。

公开(公告)号：US20130128892A1

公开(公告)日：2013-05-23

申请号：US13739895

申请日：2013-01-11

申请人： Goutham P. Rao ,  Robert A. Rodriguez ,  Eric R. Brueggemann

发明人： Goutham P. Rao ,  Robert A. Rodriguez ,  Eric R. Brueggemann

IPC分类号： H04L12/56

CPC分类号： H04L45/72 ,  H04L12/2856 ,  H04L12/2898 ,  H04L29/12009 ,  H04L29/12367 ,  H04L29/12481 ,  H04L45/00 ,  H04L47/20 ,  H04L61/2514 ,  H04L61/2557 ,  H04L63/0227 ,  H04L63/0272 ,  H04L63/101 ,  H04L63/164 ,  H04L63/166 ,  H04L63/20

摘要： A method for routing packets from a gateway to an endpoint includes the step of associating a private internet protocol (IP) address with an endpoint having a public IP address. A packet addressed to the private IP address of the endpoint is captured. A policy is applied to the packet. The packet is transmitted to the public IP address of the endpoint, responsive to the application of the policy to the packet.

摘要翻译： 用于将分组从网关路由到端点的方法包括将私有网际协议（IP）地址与具有公共IP地址的端点相关联的步骤。 捕获到寻址到端点的私有IP地址的数据包。 策略应用于数据包。 响应于策略应用到分组，该分组被发送到端点的公共IP地址。

公开(公告)号：US08291119B2

公开(公告)日：2012-10-16

申请号：US11161093

申请日：2005-07-22

申请人： Goutham P. Rao ,  Robert A. Rodriguez ,  Eric R. Brueggemann

发明人： Goutham P. Rao ,  Robert A. Rodriguez ,  Eric R. Brueggemann

IPC分类号： G06F15/16 ,  G06F15/173 ,  H04L29/06 ,  H04L12/28

CPC分类号： H04L45/72 ,  H04L12/2856 ,  H04L12/2898 ,  H04L29/12009 ,  H04L29/12367 ,  H04L29/12481 ,  H04L45/00 ,  H04L47/20 ,  H04L61/2514 ,  H04L61/2557 ,  H04L63/0227 ,  H04L63/0272 ,  H04L63/101 ,  H04L63/164 ,  H04L63/166 ,  H04L63/20

摘要： A method for securing remote access to private networks includes a receiver intercepting from a data link layer a packet in a first plurality of packets destined for a first system on a private network. A filter intercepts from the data link layer a packet in a second plurality of packets transmitted from a second system on the private network, destined for an system on a second network. A transmitter in communication with the receiver and the filter performing a network address translation on at least one intercepted packet and transmitting the at least one intercepted packet to a destination.

摘要翻译： 用于确保对私有网络的远程访问的方法包括从数据链路层截取在专用网络上用于第一系统的第一多个分组中的分组的接收机。 过滤器从数据链路层截取从专用网络上的第二系统发送的第二多个分组中的分组，目的地是在第二网络上的系统。 与所述接收机和所述滤波器通信的发射机在至少一个被拦截的分组上执行网络地址转换，并将所述至少一个被拦截的分组发送到目的地。

公开(公告)号：US08234409B2

公开(公告)日：2012-07-31

申请号：US13276217

申请日：2011-10-18

申请人： Amit Paunikar ,  Bikramjit Singh

发明人： Amit Paunikar ,  Bikramjit Singh

IPC分类号： G06F15/16

CPC分类号： H04L61/2007 ,  H04L29/1233 ,  H04L29/12367 ,  H04L29/12481 ,  H04L45/745 ,  H04L61/106 ,  H04L61/2046 ,  H04L61/2514 ,  H04L61/2557

摘要： An intelligent network address translation system and methods for intelligent network address translation. In one embodiment, a network packet is received from a host device, and a stored record associated with the host device is identified. The stored record includes information relating to connection parameters associated with the host device. Using the stored record, a processor determines whether the network packet should be assigned a dedicated address. If so, then the network packet is transmitted using communication parameters including a dedicated IP address. If the packet should not be assigned a dedicated address, then the packet is transmitted using connection parameters including a default public IP address and a port number.

摘要翻译： 智能网地址转换系统和智能网地址转换方法。 在一个实施例中，从主机设备接收网络分组，并且识别与主机设备相关联的存储的记录。 存储的记录包括与与主机设备相关联的连接参数有关的信息。 使用存储的记录，处理器确定网络分组是否应被分配专用地址。 如果是这样，则使用包括专用IP地址的通信参数来发送网络分组。 如果分组不应该被分配专用地址，则使用包括默认公共IP地址和端口号的连接参数来发送分组。

公开(公告)号：US20120036224A1

公开(公告)日：2012-02-09

申请号：US13276217

申请日：2011-10-18

申请人： Amit Paunikar ,  Bikramjit Singh

发明人： Amit Paunikar ,  Bikramjit Singh

IPC分类号： G06F15/16

CPC分类号： H04L61/2007 ,  H04L29/1233 ,  H04L29/12367 ,  H04L29/12481 ,  H04L45/745 ,  H04L61/106 ,  H04L61/2046 ,  H04L61/2514 ,  H04L61/2557

摘要： An intelligent network address translation system and methods for intelligent network address translation. In one embodiment, a network packet is received from a host device, and a stored record associated with the host device is identified. The stored record includes information relating to connection parameters associated with the host device. Using the stored record, a processor determines whether the network packet should be assigned a dedicated address. If so, then the network packet is transmitted using communication parameters including a dedicated IP address. If the packet should not be assigned a dedicated address, then the packet is transmitted using connection parameters including a default public IP address and a port number.

摘要翻译： 智能网地址转换系统和智能网地址转换方法。 在一个实施例中，从主机设备接收网络分组，并且识别与主机设备相关联的存储的记录。 存储的记录包括与与主机设备相关联的连接参数有关的信息。 使用存储的记录，处理器确定网络分组是否应被分配专用地址。 如果是这样，则使用包括专用IP地址的通信参数来发送网络分组。 如果分组不应该被分配专用地址，则使用包括默认公共IP地址和端口号的连接参数来发送分组。

公开(公告)号：USRE43057E1

公开(公告)日：2012-01-03

申请号：US11299236

申请日：2005-12-09

申请人： Andrew T. Molitor

发明人： Andrew T. Molitor

IPC分类号： H04L12/28

CPC分类号： H04L29/12509 ,  H04L29/12009 ,  H04L29/12481 ,  H04L29/12528 ,  H04L61/2557 ,  H04L61/2567 ,  H04L61/2575 ,  H04L67/104

摘要： A system for performing Network Address Translation, which allows applications to request information concerning address translations to be performed, so that those applications may send useful information to other applications for the purposes of allowing applications to communicate through the NAT device in the absence of statically defined rules for specific channels of communication.

摘要翻译： 用于执行网络地址转换的系统，其允许应用程序请求关于地址转换的信息被执行，使得那些应用可以向其他应用发送有用的信息，以便在没有静态定义的情况下允许应用通过NAT设备进行通信 特定通信渠道的规则。