专利快速检索-快速检索全球专利，免费商用专利数据库-IPRDB

1. 发明授权

US08463887B2 Systems and methods for server surge protection in a multi-core system 有权
公开(公告)号：US08463887B2
公开(公告)日：2013-06-11
申请号：US12645803
申请日：2009-12-23
申请人： Roy Rajan , Saravanakumar Annamalaisami
发明人： Roy Rajan , Saravanakumar Annamalaisami
IPC分类号： G06F15/173
CPC分类号： H04L47/32 , H04L67/1002 , H04L67/1008 , H04L67/1029 , H04L69/16
摘要： The present application is directed towards systems and methods for providing connection surge protection to one or more servers by an intermediary multi-core system. A packet processing engine of a multi-core device deployed as an intermediary between a plurality of clients and one or more servers determines an estimated number of total pending requests received by all packet processing engines based on a value of a local counter of received requests, the total number of pending requests received by all other packet processing engines at a last predetermined interval, and a rate of change of the total number of pending requests received by all other packet processing engines multiplied by the time since the last predetermined interval. The packet processing engine applies a surge protection policy to received pending requests responsive to the determined estimated number of total pending requests.

2. 发明申请

US20110154488A1 SYSTEMS AND METHODS FOR GENERATING AND MANAGING COOKIE SIGNATURES FOR PREVENTION OF HTTP DENIAL OF SERVICE IN MULTI-CORE SYSTEM 有权
标题翻译：用于生成和管理COOKIE签名的系统和方法，用于防止多核系统中的服务质量问题
公开(公告)号：US20110154488A1
公开(公告)日：2011-06-23
申请号：US12645938
申请日：2009-12-23
申请人： Roy Rajan , Saravanakumar Annamalaisami
发明人： Roy Rajan , Saravanakumar Annamalaisami
IPC分类号： G06F21/00
CPC分类号： G06F15/167 , H04L63/123 , H04L63/168
摘要： The present application is directed towards systems and methods for generating and maintaining cookie consistency for security protection across a plurality of cores in a multi-core system. A packet processing engine executing on one core designated as a primary packet processing engine generates and maintains a global random seed. The global random seed may be used as an initial seed for creation of cookie signatures by each of a plurality of packet processing engines executing on a plurality of cores of the multi-core system using a deterministic pseudo-random number generation function such that each core creates an identical set of cookie signatures.
摘要翻译：本申请涉及用于生成和维护跨多核系统中的多个核心的安全保护的cookie一致性的系统和方法。在指定为主分组处理引擎的一个核上执行的分组处理引擎生成并维护全局随机种子。全局随机种子可以被用作通过使用确定性伪随机数生成函数在多核系统的多个核上执行的多个分组处理引擎中的每一个来创建cookie签名的初始种子，使得每个核心创建一组相同的cookie签名。

3. 发明申请

US20090234972A1 Systems and Methods for Content Injection 有权
标题翻译：内容注入系统和方法
公开(公告)号：US20090234972A1
公开(公告)日：2009-09-17
申请号：US12399493
申请日：2009-03-06
申请人： Jagannath RAGHU , Saravana ANNAMALAISAMI , Roy RAJAN
发明人： Jagannath RAGHU , Saravana ANNAMALAISAMI , Roy RAJAN
IPC分类号： G06F15/16
CPC分类号： H04L67/2823 , H04L67/02 , H04L67/2804 , H04L67/2819 , H04L67/42
摘要： The present solution is directed towards a policy-based intermediary that dynamically and flexibly injects content in responses between a client and a server based on one or more policies. The present solution addresses the challenges of injecting content in a client-server transaction. The intermediary determines when and what content to inject into a response of a client-server transaction based on a request and/or response policy. The injected content may include timestamp and/or variable tracking of different events in a client-server transaction. For example, when an intermediary appliance is deployed in a system to accelerate system performance and improve user experience, the appliance may inject content based on policy to monitor the acceleration performance of the deployed appliance.
摘要翻译：本解决方案针对基于策略的中介，其基于一个或多个策略来动态地和灵活地在客户端和服务器之间的响应中注入内容。本解决方案解决了在客户端 - 服务器事务中注入内容的挑战。中介确定根据请求和/或响应策略注入到客户机 - 服务器事务的响应中的何时和什么内容。注入的内容可以包括客户端 - 服务器事务中的不同事件的时间戳和/或可变跟踪。例如，当中间设备部署在系统中以加速系统性能并改善用户体验时，设备可以基于策略来注入内容以监视所部署的设备的加速性能。

4. 发明申请

US20080034413A1 SYSTEMS AND METHODS FOR USING A CLIENT AGENT TO MANAGE HTTP AUTHENTICATION COOKIES 有权
标题翻译：使用客户端管理HTTP认证机构的系统和方法
公开(公告)号：US20080034413A1
公开(公告)日：2008-02-07
申请号：US11462308
申请日：2006-08-03
申请人： Junxiao He , Charu Venkatraman , Roy Rajan , Ajay Soni
发明人： Junxiao He , Charu Venkatraman , Roy Rajan , Ajay Soni
IPC分类号： H04L9/32
CPC分类号： H04L12/4641 , H04L63/0272 , H04L63/08 , H04L63/166 , H04L67/02
摘要： Systems and methods are described for using a client agent to manage HTTP authentication cookies. One method includes intercepting, by a client agent executing on a client, a connection request from the client; establishing, by the client agent, a transport layer virtual private network connection with a network appliance; transmitting, by the client agent via the established connection, an HTTP request comprising an authentication cookie; and transmitting, by the client agent via the connection, the connection request. A second method includes intercepting, by a client agent executing on a client, an HTTP communication comprising a cookie from an appliance on a virtual private network to the client; removing, by the client agent, the cookie from the HTTP communication; storing, by the client agent, the received cookie; transmitting, by the client agent, the modified HTTP communication to an application executing on the client; intercepting, by the client agent, an HTTP request from the client; inserting, by the client agent in the HTTP request, the received cookie; and transmitting the modified HTTP request to the appliance. Corresponding systems are also described.
摘要翻译：描述了使用客户端代理来管理HTTP身份验证cookie的系统和方法。一种方法包括由在客户端上执行的客户端代理截取来自客户端的连接请求; 由客户端代理建立与网络设备的传输层虚拟专用网络连接; 由所述客户端代理经由建立的连接发送包括认证cookie的HTTP请求; 以及由所述客户端代理经由所述连接发送所述连接请求。第二种方法包括由在客户端上执行的客户端代理拦截包括来自虚拟专用网络上的设备到客户端的cookie的HTTP通信; 由客户端代理从HTTP通信中删除该cookie; 由客户代理存储接收到的cookie; 由客户端代理将经修改的HTTP通信传送到在客户机上执行的应用程序; 由客户端代理拦截来自客户端的HTTP请求; 由客户端代理在HTTP请求中插入接收到的cookie; 以及将修改的HTTP请求发送到所述设备。还描述了相应的系统。

5. 发明授权

US08843645B2 Systems and methods for detecting incomplete requests, TCP timeouts and application timeouts 有权
标题翻译：用于检测不完整请求，TCP超时和应用程序超时的系统和方法
公开(公告)号：US08843645B2
公开(公告)日：2014-09-23
申请号：US12822825
申请日：2010-06-24
申请人： Saravanakumar Annamalaisami , Ashok Kumar Jagadeeswaran , Mahesh Mylarappa , Roy Rajan
发明人： Saravanakumar Annamalaisami , Ashok Kumar Jagadeeswaran , Mahesh Mylarappa , Roy Rajan
IPC分类号： G06F15/16 , H04L29/06
CPC分类号： H04L63/1458 , H04L63/166 , H04L63/168
摘要： Described herein is a method and system for preventing Denial of Service (DoS) attacks. An intermediary device is deployed between clients and servers. The device receives a first packet of an application layer transaction via a transport layer connection between the device and client. The device records a last activity time for the transport layer connection based upon the timestamp of the first packet. The device receives subsequent data packets and determines whether the data in the packets completes a protocol data structure of the application layer protocol. If the device determines that the subsequent packet completes the protocol data structure, the last activity time is updated. If the device determines that the application layer protocol remains incomplete, the device retains the last activity time and determines that the duration of inactivity for the transport layer connection exceeds a predetermined threshold. The device may subsequently drop the connection.
摘要翻译：这里描述了防止拒绝服务（DoS）攻击的方法和系统。中间设备部署在客户端和服务器之间。设备经由设备和客户端之间的传输层连接来接收应用层事务的第一分组。设备根据第一个数据包的时间戳记记录传输层连接的最后活动时间。该设备接收后续的数据包，并确定包中的数据是否完成了应用层协议的协议数据结构。如果设备确定后续分组完成协议数据结构，则最后的活动时间被更新。如果设备确定应用层协议保持不完整，则设备保留最后的活动时间，并确定传输层连接的不活动持续时间超过预定阈值。该设备可以随后丢弃连接。

6. 发明授权

US08392562B2 Systems and methods for managing preferred client connectivity to servers via multi-core system 有权
公开(公告)号：US08392562B2
公开(公告)日：2013-03-05
申请号：US12645828
申请日：2009-12-23
申请人： Roy Rajan , Ashwin Jagadish , Saravanakumar Annamalaisami
发明人： Roy Rajan , Ashwin Jagadish , Saravanakumar Annamalaisami
IPC分类号： G06F15/173
CPC分类号： H04L67/14 , G06F9/5055
摘要： The present application is directed towards systems and methods for providing a cookie by an intermediary device comprising a plurality of packet processing engines executing on a corresponding plurality of cores, the cookie identifying a session of a user that was redirected responsive to a service exceeding a response time limit. The cookie may be generated with identifiers based off a name of a virtual server managing a service of a server, and a name of a policy associated with the virtual server. Each packet processing engine of the plurality of packet processing engines may interpret cookies generated by other packet processing engines due to the name of the virtual server and name of the policy, and may provide preferred client connectivity based on cookies included in requests for access to a service.

7. 发明授权

US08214505B2 Systems and methods of handling non-HTTP client or server push on HTTP Vserver 有权
标题翻译：在HTTP Vserver上处理非HTTP客户端或服务器的系统和方法
公开(公告)号：US08214505B2
公开(公告)日：2012-07-03
申请号：US12820730
申请日：2010-06-22
申请人： Ashok Kumar Jagadeeswaran , Roy Rajan , Saravanakumar Annamalaisami
发明人： Ashok Kumar Jagadeeswaran , Roy Rajan , Saravanakumar Annamalaisami
IPC分类号： G06F15/16
CPC分类号： H04L67/22 , H04L67/02
摘要： The present application presents systems and methods for handling by an HTTP virtual server (HTTPVS), connections via which non-HTTP data is transmitted between clients and servers. HTTPVS intercepts a request from a client to establish first transport layer connection (TLC) with a server. HTTPVS establishes second TLC with the servers in response to receiving an acknowledgment from a client to establish the first TLC. HTTPVS determines if a first network packet transmitted via first TLC comprises an HTTP payload or non-HTTP payload. If HTTPVP the first network packet includes HTTP payload, HTTPVS may process all transmissions from the first TLC in accordance with connection tracking and forward the processed transmissions to the server via the second TLC. If HTTPVS determines that the first network packet does not include an HTTP payload, HTTPVS may link the first TLC and the second TLC so the client and server exchange non-HTTP communication without interruption.
摘要翻译：本应用程序提供了由HTTP虚拟服务器（HTTPVS）处理的系统和方法，通过该连接在客户端和服务器之间传输非HTTP数据。 HTTPVS拦截来自客户端的请求，以建立与服务器的第一传输层连接（TLC）。 HTTPVS与服务器建立第二个TLC，响应于从客户端收到建立第一个TLC的确认。 HTTPVS确定通过第一TLC发送的第一网络分组是否包含HTTP有效载荷或非HTTP有效载荷。如果第一网络分组的HTTPVP包括HTTP有效载荷，则HTTPVS可以根据连接跟踪处理来自第一TLC的所有传输，并且经由第二TLC将处理后的传输转发到服务器。如果HTTPVS确定第一个网络数据包不包含HTTP有效载荷，则HTTPVS可以链接第一个TLC和第二个TLC，以便客户端和服务器不间断地交换非HTTP通信。

8. 发明授权

US07907621B2 Systems and methods for using a client agent to manage ICMP traffic in a virtual private network environment 有权
标题翻译：在虚拟专用网络环境中使用客户端代理来管理ICMP流量的系统和方法
公开(公告)号：US07907621B2
公开(公告)日：2011-03-15
申请号：US11462253
申请日：2006-08-03
申请人： Amarnath Mullick , Charu Venkatraman , Shashi Nanjundaswamy , Junxiao He , Roy Rajan , Ajay Soni
发明人： Amarnath Mullick , Charu Venkatraman , Shashi Nanjundaswamy , Junxiao He , Roy Rajan , Ajay Soni
IPC分类号： H04L12/28
CPC分类号： H04L12/4641 , H04L41/046 , H04L41/0893 , H04L43/00 , H04L43/0811 , H04L43/0817 , H04L43/10 , H04L63/0272 , H04L63/166
摘要： Systems and methods are described for using a client agent executing on a client to send ICMP messages to an appliance connected via a virtual private network Methods include: establishing, via a client agent executing on a client, a transport layer virtual private network connection with an appliance; intercepting, by the client agent at the network layer, an ICMP request originating from the client; and transmitting, by the client agent via a transport layer connection, the ICMP request to the appliance. Addition methods describe determining, by the appliance, the address identified by the ICMP request corresponds to a second client, the second client also connected via a virtual private network to the remote machine; and transmitting, by the appliance to the second client via the virtual private network connection, the ICMP request. Corresponding systems are also described.
摘要翻译：描述了使用在客户端上执行的客户端代理将ICMP消息发送到经由虚拟专用网连接的设备的系统和方法。方法包括：通过在客户端上执行的客户端代理来建立传输层虚拟专用网络连接器具; 由网络层的客户代理拦截来自客户端的ICMP请求; 以及由所述客户端代理经由传输层连接向所述设备发送所述ICMP请求。附加方法描述了由设备确定由ICMP请求标识的地址对应于第二客户端，第二客户端还经由虚拟专用网络连接到远程机器; 以及由所述设备经由所述虚拟专用网络连接向所述第二客户端发送所述ICMP请求。还描述了相应的系统。

9. 发明授权

US08850070B2 Systems and methods for content injection 有权
标题翻译：内容注入系统和方法
公开(公告)号：US08850070B2
公开(公告)日：2014-09-30
申请号：US12399493
申请日：2009-03-06
申请人： Jagannath Raghu , Saravana Annamalaisami , Roy Rajan
发明人： Jagannath Raghu , Saravana Annamalaisami , Roy Rajan
IPC分类号： G06F15/16 , H04L29/08
CPC分类号： H04L67/2823 , H04L67/02 , H04L67/2804 , H04L67/2819 , H04L67/42
摘要： The present solution is directed towards a policy-based intermediary that dynamically and flexibly injects content in responses between a client and a server based on one or more policies. The present solution addresses the challenges of injecting content in a client-server transaction. The intermediary determines when and what content to inject into a response of a client-server transaction based on a request and/or response policy. The injected content may include timestamp and/or variable tracking of different events in a client-server transaction. For example, when an intermediary appliance is deployed in a system to accelerate system performance and improve user experience, the appliance may inject content based on policy to monitor the acceleration performance of the deployed appliance.
摘要翻译：本解决方案针对基于策略的中介，其基于一个或多个策略来动态地和灵活地在客户端和服务器之间的响应中注入内容。本解决方案解决了在客户端 - 服务器事务中注入内容的挑战。中介确定根据请求和/或响应策略注入到客户机 - 服务器事务的响应中的何时和什么内容。注入的内容可以包括客户端 - 服务器事务中的不同事件的时间戳和/或可变跟踪。例如，当中间设备部署在系统中以加速系统性能并改善用户体验时，设备可以基于策略来注入内容以监视所部署的设备的加速性能。

10. 发明申请

US20130151650A1 SYSTEMS AND METHODS FOR GENERATING AND MANAGING COOKIE SIGNATURES FOR PREVENTION OF HTTP DENIAL OF SERVICE IN A MULTI-CORE SYSTEM 有权
标题翻译：用于生成和管理COOKIE签名的系统和方法，用于防止多核系统中的服务质量问题
公开(公告)号：US20130151650A1
公开(公告)日：2013-06-13
申请号：US13762129
申请日：2013-02-07
申请人： ROY RAJAN , Saravanakumar Annamalaisami
发明人： ROY RAJAN , Saravanakumar Annamalaisami
IPC分类号： G06F15/167
CPC分类号： G06F15/167 , H04L63/123 , H04L63/168
摘要： The present application is directed towards systems and methods for generating and maintaining cookie consistency for security protection across a plurality of cores in a multi-core system. A packet processing engine executing on one core designated as a primary packet processing engine generates and maintains a global random seed. The global random seed may be used as an initial seed for creation of cookie signatures by each of a plurality of packet processing engines executing on a plurality of cores of the multi-core system using a deterministic pseudo-random number generation function such that each core creates an identical set of cookie signatures.
摘要翻译：本申请涉及用于生成和维护跨多核系统中的多个核心的安全保护的cookie一致性的系统和方法。在指定为主分组处理引擎的一个核上执行的分组处理引擎生成并维护全局随机种子。全局随机种子可以被用作通过使用确定性伪随机数生成函数在多核系统的多个核上执行的多个分组处理引擎中的每一个来创建cookie签名的初始种子，使得每个核心创建一组相同的cookie签名。

你已经成功收藏专利！

检索式保存成功!

IPRDB

热门服务

关于我们

友情链接

联系方式