专利快速检索-快速检索全球专利，免费商用专利数据库-IPRDB

1. 发明申请

US20130311766A1 ESTABLISHING NETWORK SECURITY USING INTERNET PROTOCOL SECURITY POLICIES 有权
标题翻译：使用互联网协议安全政策建立网络安全
公开(公告)号：US20130311766A1
公开(公告)日：2013-11-21
申请号：US13619811
申请日：2012-09-14
申请人： Victor B. Lortz , Ylian Saint-Hilaire , James L. Jason, JR.
发明人： Victor B. Lortz , Ylian Saint-Hilaire , James L. Jason, JR.
IPC分类号： H04L29/06
CPC分类号： H04L63/164 , H04L63/102
摘要： Techniques for configuring network security include obtaining non-packet flow information, evaluating a policy rule based on the obtained information, and proposing a security arrangement based on the evaluation. The non-packet flow information can include, for example, authentication information obtained during an Internet Key Exchange protocol session or information obtained from a layered service provider. Therefore, policies such as Internet Protocol security (IPsec) policies can be defined and implemented so that they more accurately reflect the network's security requirements.
摘要翻译：用于配置网络安全的技术包括获得非分组流信息，基于所获得的信息来评估策略规则，以及基于评估提出安全布置。非分组流信息可以包括例如在因特网密钥交换协议会话期间获得的认证信息或从分层服务提供商获得的信息。因此，可以定义和实现诸如因特网协议安全（IPsec）策略之类的策略，从而更准确地反映网络的安全需求。

2. 发明授权

US07536674B2 Method and system for configuring network processing software to exploit packet flow data locality 失效
标题翻译：配置网络处理软件利用数据包流数据的方法和系统
公开(公告)号：US07536674B2
公开(公告)日：2009-05-19
申请号：US10639501
申请日：2003-08-13
申请人： James L. Jason , Aaron R. Kunze , Erik J. Johnson , Harrick Vin , Ravi Sahita
发明人： James L. Jason , Aaron R. Kunze , Erik J. Johnson , Harrick Vin , Ravi Sahita
IPC分类号： G06F9/44 , G06F9/445
CPC分类号： H04L45/60 , G06F8/43 , G06F8/44 , H04L45/00
摘要： Embodiments of the present invention relate to a method and system for automatically configuring network processing software to reduce memory latency associated with parallel processing using a plurality of processing elements.
摘要翻译：本发明的实施例涉及一种用于自动配置网络处理软件以减少与使用多个处理元件的并行处理相关联的存储器延迟的方法和系统。

3. 发明授权

US07428583B1 Network policy distribution 有权
标题翻译：网络策略分配
公开(公告)号：US07428583B1
公开(公告)日：2008-09-23
申请号：US09704384
申请日：2000-10-31
申请人： Victor B. Lortz , Ylian Saint-Hilaire , James L. Jason, Jr.
发明人： Victor B. Lortz , Ylian Saint-Hilaire , James L. Jason, Jr.
IPC分类号： G06F15/173 , G06F15/16 , G06F15/177
CPC分类号： H04L67/30 , H04L41/0893 , H04L63/0428 , H04L63/105
摘要： A method includes receiving a specification for translating a network policy from a first schema to a second, different schema and translating the network policy into the second different schema based on the specification. A network system is configured based on the translated policy.
摘要翻译：一种方法包括接收用于将网络策略从第一模式转换到第二不同模式的规范，并且基于规范将网络策略转换为第二不同模式。基于已翻译的策略配置网络系统。

4. 发明授权

US07307952B2 Method and apparatus to determine whether data flow is restricted by a sending node, a receiving node, or by a network 有权
标题翻译：确定数据流是否受到发送节点，接收节点或网络限制的方法和装置
公开(公告)号：US07307952B2
公开(公告)日：2007-12-11
申请号：US10324974
申请日：2002-12-20
申请人： Gerhard W. Gross , James L. Jason, Jr.
发明人： Gerhard W. Gross , James L. Jason, Jr.
IPC分类号： H04L1/00
CPC分类号： H04L69/16 , H04L69/161 , H04L69/163
摘要： A method and apparatus to determine whether data flow is restricted by a sending node, a receiving node, or by a network. One embodiment of the invention comprises selectively reading a Sequence Number field (SN) and a Data Offset field (DO) from a Transmission Control Protocol (TCP) header in a data packet from a sender to a receiver. Selectively reading a Total Length field (TL) and an Internet Header Length field (IHL) from an Internet protocol (IP) header in the data packet from the sender to the receiver. Selectively reading an Acknowledgment Number field (AN) and a Window field (W) from a TCP header in a data packet from the receiver to the sender. And, using at least one of the SN, DO, TL, IHL, AN, and W from a network communication session to determine whether the sender, the receiver, or whether the network restricts data flow.
摘要翻译：一种确定数据流是否被发送节点，接收节点或网络限制的方法和装置。本发明的一个实施例包括从发送器到接收器的数据包中的传输控制协议（TCP）头部选择性地读取序列号字段（SN）和数据偏移字段（DO）。从发送方到接收方的数据包中的Internet协议（IP）头部选择性地读取总长度字段（TL）和互联网报头长度字段（IHL）。从接收器到发送器的数据包中的TCP头部选择性地读取确认编号字段（AN）和窗口字段（W）。并且，使用来自网络通信会话的SN，DO，TL，IHL，AN和W中的至少一个来确定发送者，接收者还是网络是否限制数据流。

5. 发明授权

US07028332B1 Method and apparatus for preventing packet retransmissions during IPsec security association establishment 失效
标题翻译：在IPsec安全关联建立期间防止分组重传的方法和装置
公开(公告)号：US07028332B1
公开(公告)日：2006-04-11
申请号：US09592841
申请日：2000-06-13
申请人： James L. Jason, Jr.
发明人： James L. Jason, Jr.
IPC分类号： H04L9/00 , G01S11/30
CPC分类号： H04L63/0227 , H04L63/164 , H04L63/20
摘要： Methods and apparatus for preventing packet retransmissions during Internet Protocol security (IPsec) security association establishment. Application socket requests are monitored. An application requests a Transmission Control Protocol (TCP) connection or transmission of User Datagram Protocol (UDP) data on a socket. A determination is made whether there is an active security association that exists to protect network flow associated with the request. The request is prevented from proceeding if no active security association exists to protect the network flow. A determination is made whether a security policy exists for the network flow if no active security association exists to protect the network flow. A security association negotiation component is alerted to initiate negotiation for a security association based on the security policy if the security policy exists for the network flow. The request is allowed to proceed, i.e. the TCP connection established or the UDP data sent, if the active security association exists or the security association is established from the negotiation.
摘要翻译：在Internet协议安全（IPsec）安全关联建立期间防止分组重传的方法和装置。监视应用程序套接字请求。应用程序在套接字上请求传输控制协议（TCP）连接或传输用户数据报协议（UDP）数据。确定是否存在存在的活动安全关联以保护与请求相关联的网络流。如果没有存在活动的安全关联来保护网络流，则阻止该请求进行。确定是否存在用于网络流的安全策略，如果不存在活动安全关联以保护网络流。如果存在网络流的安全策略，则安全关联协商组件被警告以基于安全策略为安全关联发起协商。允许请求继续进行，即建立的TCP连接或发送的UDP数据，如果存在活动安全关联或从协商建立安全关联。

6. 发明授权

US06636520B1 Method for establishing IPSEC tunnels 有权
标题翻译：建立IPSEC隧道的方法
公开(公告)号：US06636520B1
公开(公告)日：2003-10-21
申请号：US09469962
申请日：1999-12-21
申请人： James L. Jason , Michael D. Jeronimo , Ylian Saint-Hilaire
发明人： James L. Jason , Michael D. Jeronimo , Ylian Saint-Hilaire
IPC分类号： H04L1228
CPC分类号： H04L63/0272 , H04L63/164
摘要： A method and a system for establishing network tunnels are disclosed. In one embodiment, a transport action is identified in response to packet parameters. Once the transport action is determined, the transport action is pushed onto a pending stack. When a tunnel action is, subsequently, identified in response to the packet parameters, the tunnel action is also pushed onto the pending stack. Upon completion of rule evaluation, at least one tunnel is established according to a tunnel action stored in the pending stack. The action stored at the top of the pending stack is performed first and the action stored at the bottom of the pending stack is performed last.
摘要翻译：公开了一种建立网络隧道的方法和系统。在一个实施例中，响应于分组参数识别传输动作。一旦确定了传送动作，传送动作就被推到待处理的堆栈上。当随后响应于分组参数识别隧道动作时，隧道动作也被推送到等待堆栈。完成规则评估后，根据存储在待处理堆叠中的隧道动作建立至少一个隧道。首先执行存储在待处理堆栈顶部的操作，最后执行存储在待处理堆栈底部的操作。

7. 发明授权

US07725886B2 Merger of tables storing protocol data unit related data 有权
标题翻译：存储协议数据单元相关数据的表的合并
公开(公告)号：US07725886B2
公开(公告)日：2010-05-25
申请号：US10405787
申请日：2003-04-01
申请人： Aaron R. Kunze , Erik J. Johnson , James L. Jason , Harrick M. Vin
发明人： Aaron R. Kunze , Erik J. Johnson , James L. Jason , Harrick M. Vin
IPC分类号： G06F9/45
CPC分类号： H04L47/32 , H04L47/24 , H04L69/22
摘要： In general, in one aspect, the disclosure describes a method of determining if a first query for data related to a protocol data unit in a first table is a query to a table merged into a combination table formed from multiple tables. If so, the method can generate a second query for the first query for data stored by the combination table.
摘要翻译：一般来说，一方面，本公开描述了一种确定第一表中与协议数据单元相关的数据的第一查询是否是对被合并到由多个表形成的组合表中的表进行查询的方法。如果是这样，该方法可以为组合表存储的数据的第一个查询生成第二个查询。

8. 发明授权

US07725573B2 Methods and apparatus for supporting agile run-time network systems via identification and execution of most efficient application code in view of changing network traffic conditions 失效
标题翻译：鉴于网络流量状况的变化，通过识别和执行最有效的应用代码来支持敏捷运行时网络系统的方法和设备
公开(公告)号：US07725573B2
公开(公告)日：2010-05-25
申请号：US11288586
申请日：2005-11-29
申请人： Arun Raghunath , James L. Jason, Jr.
发明人： Arun Raghunath , James L. Jason, Jr.
IPC分类号： G06F15/173 , G06F9/44 , G06F9/45
CPC分类号： G06F9/44547
摘要： Methods and apparatus for supporting agile run-time network systems via identification and execution of most efficient application binary code in view of changing network traffic conditions. Under one embodiment of the method, respective application binaries are compiled for each of a plurality of profiled system states for a network system, wherein each profiled system state corresponds to a respective workload scenario for the network system. During ongoing run-time operations, the current workload condition for the network system is monitored, and an application binary from amongst the multiple application binaries that is most efficient for the current workload condition is identified, loaded and executed.
摘要翻译：鉴于变化的网络流量状况，通过识别和执行最有效的应用二进制代码来支持敏捷运行时网络系统的方法和装置。在该方法的一个实施例下，为网络系统的多个配置系统状态中的每一个编译相应的应用二进制文件，其中每个分类系统状态对应于网络系统的各自的工作负载情景。在持续的运行时操作期间，监视网络系统的当前工作负载条件，并识别，加载和执行对当前工作负载条件最有效的多个应用程序二进制文件中的应用程序二进制文件。

9. 发明授权

US07355971B2 Determining packet size in networking 有权
标题翻译：确定网络中的数据包大小
公开(公告)号：US07355971B2
公开(公告)日：2008-04-08
申请号：US10045671
申请日：2001-10-22
申请人： James L. Jason, Jr.
发明人： James L. Jason, Jr.
IPC分类号： H04J3/24 , H04L12/28 , G06F15/16
CPC分类号： H04L43/50 , H04L47/36 , H04L69/16 , H04L69/163
摘要： A method of determining a maximum packet size for data packets sent along a network path. A sending computer sends a packet to a receiving computer through a sending interface. The packet is fragmented during transfer to a receiving interface. The fragments are analyzed at the receiving interface and their size determined. The size of a fragment is compared to a pre-determined maximum packet size, and in response to the comparison, the maximum packet size is changed. The change is then reported to the sending interface and stored in a memory. Subsequent communications from the sending interface to the receiving interface are sent in packets of the size stored in the memory. Because the maximum packet size of a network path can change over time, test packets can be sent periodically to determine the maximum packet size.
摘要翻译：确定沿着网络路径发送的数据分组的最大分组大小的方法。发送计算机通过发送接口将数据包发送到接收计算机。传输到接收接口时，数据包被分段。在接收界面分析片段并确定它们的大小。将片段的大小与预定的最大分组大小进行比较，并且响应于比较，最大分组大小被改变。然后将更改报告给发送界面并存储在内存中。从发送接口到接收接口的后续通信以存储在存储器中的大小的分组发送。由于网络路径的最大分组大小可随时间而改变，所以可以周期性地发送测试分组以确定最大分组大小。

10. 发明授权

US07131137B1 Communication system including a security system 有权
标题翻译：通信系统包括一个安全系统
公开(公告)号：US07131137B1
公开(公告)日：2006-10-31
申请号：US09605361
申请日：2000-06-29
申请人： James L. Jason, Jr. , Ylian Saint-Hilaire
发明人： James L. Jason, Jr. , Ylian Saint-Hilaire
IPC分类号： H04L9/00 , H04L9/32 , G06F15/16
CPC分类号： H04L63/164 , H04L63/1408
摘要： A communication system including a security system, and a method of controlling a communication system. The communication system includes a communication network having a plurality of nodes, a server connected to a first one of the nodes, and a client processor. A magnetic medium within the client processor stores the security system for connecting the client processor to the communication network for communication with the server. The security system includes a transmission control protocol for controlling communication between an application on the client processor and the communication network and a security classifier for coupling the transmission control protocol to the communication network and determining a security classification for the client processor. A security association negotiator is responsive to the client processor opening a socket at a node of the communication network, for correlating the socket with a security association based on the determined security classification. A network interceptor couples the client processor with the transmission control protocol and is responsive to the socket being closed for deleting the security association. In accordance with the method, the completion status of the communication is monitored. Upon completion of the communication, the socket is closed, and in response to closing of the socket, the correlation of the security association with the socket is terminated.
摘要翻译：包括安全系统的通信系统和控制通信系统的方法。通信系统包括具有多个节点的通信网络，连接到第一个节点的服务器和客户机处理器。客户处理器内的磁介质存储用于将客户端处理器连接到通信网络以与服务器通信的安全系统。安全系统包括用于控制客户处理器上的应用和通信网络之间的通信的传输控制协议和用于将传输控制协议耦合到通信网络并确定客户端处理器的安全分类的安全分类器。安全关联协商者响应于在通信网络的节点处打开套接字的客户端处理器，用于基于所确定的安全分类将套接字与安全关联相关联。网络拦截器将客户处理器与传输控制协议耦合，并且响应于正在关闭的套接字来删除安全关联。根据该方法，监视通信的完成状态。通信完成后，套接字关闭，响应于套接字的关闭，终端安全关联与套接字的关联。

你已经成功收藏专利！

检索式保存成功!

IPRDB

热门服务

关于我们

友情链接

联系方式