CN102918801A - 将网络流量策略应用于应用会话的系统和方法 - Google Patents
将网络流量策略应用于应用会话的系统和方法 Download PDFInfo
- Publication number
- CN102918801A CN102918801A CN2011800260751A CN201180026075A CN102918801A CN 102918801 A CN102918801 A CN 102918801A CN 2011800260751 A CN2011800260751 A CN 2011800260751A CN 201180026075 A CN201180026075 A CN 201180026075A CN 102918801 A CN102918801 A CN 102918801A
- Authority
- CN
- China
- Prior art keywords
- user
- utility cession
- network
- strategy
- security
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/02—Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
- H04L63/0227—Filtering policies
- H04L63/0263—Rule management
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
- G06F21/44—Program or device authentication
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L12/00—Data switching networks
- H04L12/66—Arrangements for connecting between networks having differing types of switching systems, e.g. gateways
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/02—Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
- H04L63/0227—Filtering policies
- H04L63/0245—Filtering by information in the payload
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/02—Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
- H04L63/0227—Filtering policies
- H04L63/0254—Stateful filtering
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/10—Network architectures or network communication protocols for network security for controlling access to devices or network resources
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/10—Network architectures or network communication protocols for network security for controlling access to devices or network resources
- H04L63/102—Entity profiles
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/10—Network architectures or network communication protocols for network security for controlling access to devices or network resources
- H04L63/105—Multiple levels of security
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/16—Implementing security features at a particular protocol layer
- H04L63/164—Implementing security features at a particular protocol layer at the network layer
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/16—Implementing security features at a particular protocol layer
- H04L63/168—Implementing security features at a particular protocol layer above the transport layer
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/20—Network architectures or network communication protocols for network security for managing network security; network security policies in general
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/30—Network architectures or network communication protocols for network security for supporting lawful interception, monitoring or retaining of communications or communication related information
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/14—Session management
- H04L67/141—Setup of application sessions
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L69/00—Network arrangements, protocols or services independent of the application payload and not provided for in the other groups of this subclass
- H04L69/30—Definitions, standards or architectural aspects of layered protocol stacks
- H04L69/32—Architecture of open systems interconnection [OSI] 7-layer type protocol stacks, e.g. the interfaces between the data link level and the physical level
- H04L69/322—Intralayer communication protocols among peer entities or protocol data unit [PDU] definitions
- H04L69/329—Intralayer communication protocols among peer entities or protocol data unit [PDU] definitions in the application layer [OSI layer 7]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/08—Access security
- H04W12/084—Access security using delegated authorisation, e.g. open authorisation [OAuth] protocol
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/30—Security of mobile devices; Security of mobile applications
- H04W12/37—Managing security policies for mobile devices or for controlling mobile applications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L51/00—User-to-user messaging in packet-switching networks, transmitted according to store-and-forward or real-time protocols, e.g. e-mail
- H04L51/04—Real-time or near real-time messaging, e.g. instant messaging [IM]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/02—Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/02—Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
- H04L63/0227—Filtering policies
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/02—Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
- H04L63/0227—Filtering policies
- H04L63/0236—Filtering by address, protocol, port number or service, e.g. IP-address or URL
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/02—Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
- H04L63/029—Firewall traversal, e.g. tunnelling or, creating pinholes
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0407—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the identity of one or more communicating identities is hidden
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L65/00—Network arrangements, protocols or services for supporting real-time applications in data packet communication
- H04L65/10—Architectures or entities
- H04L65/102—Gateways
- H04L65/1023—Media gateways
- H04L65/1026—Media gateways at the edge
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/10—Protocols in which an application is distributed across nodes in the network
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/10—Protocols in which an application is distributed across nodes in the network
- H04L67/1001—Protocols in which an application is distributed across nodes in the network for accessing one among a plurality of replicated servers
- H04L67/1004—Server selection for load balancing
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/10—Protocols in which an application is distributed across nodes in the network
- H04L67/104—Peer-to-peer [P2P] networks
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/2866—Architectures; Arrangements
- H04L67/30—Profiles
- H04L67/306—User profiles
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/50—Network services
- H04L67/535—Tracking the activity of the user
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L69/00—Network arrangements, protocols or services independent of the application payload and not provided for in the other groups of this subclass
- H04L69/28—Timers or timing mechanisms used in protocols
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04M—TELEPHONIC COMMUNICATION
- H04M1/00—Substation equipment, e.g. for use by subscribers
- H04M1/72—Mobile telephones; Cordless telephones, i.e. devices for establishing wireless links to base stations without route selection
- H04M1/724—User interfaces specially adapted for cordless or mobile telephones
- H04M1/72403—User interfaces specially adapted for cordless or mobile telephones with means for local support of applications that increase the functionality
- H04M1/7243—User interfaces specially adapted for cordless or mobile telephones with means for local support of applications that increase the functionality with interactive means for internal management of messages
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/60—Context-dependent security
- H04W12/61—Time-dependent
Abstract
一种用于将安全策略应用于应用会话的方法,包括:经由安全网关识别在网络与应用之间的应用会话;通过安全网关利用关于应用会话的信息确定应用会话的用户标识;通过安全网关获得包括被映射至用户标识的网络参数的安全策略;以及通过安全网关将安全策略应用于应用会话。用户标识可以是根据应用会话的包识别的网络用户标识或应用用户标识。安全策略可包括被映射至用户标识的网络流量策略和/或被映射至用户标识的文档访问策略,其中网络流量策略被应用于应用会话。安全网关可进一步生成关于对应用会话应用安全策略的安全报告。
Description
技术领域
此发明总体上涉及数据网络,更具体地,涉及在应用会话过程中应用基于用户标识的网络流量策略的系统和方法。
背景技术
公司的保密数据网络对于日复一日的公司业务活动的运行而言是一个关键部分。公司员工为了在公司内部的通信以及与外部世界的通信而访问安全数据网络。在通信过程中,交换往往是专有的或保密的公司信息。
通常,员工借助于使用私人用户标识(诸如,用户名“Robert P.Williamson”或员工编号“NG01-60410”)的网络登录程序获得对公司的安全数据网络的访问。利用公司办公室应用(诸如,电子邮件、文件传送或文档控制)的随后的信息交换基于私人用户标识通过网络事件日志是可追踪的。
自从20世纪90年代末,我们已见证了公共通信应用和服务(诸如,雅虎(YahooTM)、美国在线(America OnlineTM)(AOL)或谷歌(GoogleTM)提供的电子邮件和即时通信、WebExTM或CentraTM提供的会议和协作服务、或者针对各种文件共享的点对点服务)的显著上升的流行。通常,公共通信服务允许用户通过利用公共用户标识(诸如,“butterdragon”、“fingernail1984”或“peterrabbit”)的消息、文字聊天或文档交换来交换信息。
然而,在公司设定中,当员工通过公司的安全数据网络用公共用户标识连接至公共信息服务时,由于公共用户标识并不与私人用户标识绑定,所以信息交换根本不容易追踪。
在一个实例中,公司的信息技术(IT)部门注意到,员工Victor已利用公司的电子邮件系统发送出了专有文档,违反了公司的保密政策。在向Victor发出警告后,IT部门没再发现其他违反。不幸地,他们未意识到这种情况,即,Vitor利用雅虎(YahooTM)电子邮件通过公共用户标识“PiratesOfCaribbeanYahoo”继续这种活动。
在另一实例中,在重要的贸易展览之前的两周,公司采取安全措施以监控经理级以上的员工的通信活动以确保竞争信息的机密性。然而,涵盖公司邮件、电话会议以及语音消息的这种安全措施证明是失败的,因为敏感信息在贸易展览之前以任何方式泄露给商业记者。可能无法确定泄露的源头,但商业记者私下披露他利用昵称为“opensecret2006”的AOL即时通信(AOL Instant MessagingTM)从公司的匿名员工得到该信息。
上面的讨论示出了需要安全性解决方案来将用户标识与公共应用相关联。
发明内容
一种用于将安全策略应用于应用会话的方法包括:经由安全网关识别在网络与应用之间的应用会话;通过安全网关利用关于应用会话的信息确定应用会话的用户标识;通过安全网关获得包括被映射至用户标识的网络参数的安全策略;以及通过安全网关将安全策略应用于应用会话。用户标识可以是根据应用会话的包识别的网络用户标识或应用用户标识。安全策略可包括被映射至用户标识的网络流量策略和/或被映射至用户标识的文档访问策略,其中网络流量策略被应用于应用会话。安全网关可进一步生成关于对应用会话应用安全策略的安全报告。
附图说明
图1a示出了安全网络。
图1b示出了访问会话和应用会话。
图1c示出了访问会话记录和应用会话记录。
图2示出了生成应用会话记录的处理。
图3示出了识别应用会话的处理。
图4a示出了确定应用会话的公共用户标识的处理。
图4b示出了在AIM登录包中的数据包。
图5示出了确定私人用户标识的处理。
图6示出了通过查询企业目录来获得安全策略的安全网关的实施方式。
图7示出了包括安全控制的安全策略。
图8示出了网络流量策略的多个实施方式。
具体实施方式
图1a示出了安全网络。
安全网络160包括主机130。用户120使用主机130来访问位于应用服务器190中的公共应用180。应用服务器190在安全网络160的外部。主机130与应用服务器190之间的网络流量通过安全网关150。安全网关150操作地耦接至处理器171和计算机可读介质172。计算机可读介质172存储用于实现如本文所描述的本发明的各种实施方式的计算机可读程序代码。
主机130是具有网络访问能力的计算装置。主机130操作地耦接至处理器173和计算机可读介质174。计算机可读介质174存储用于实现如本文所描述的本发明的各种实施方式的计算机可读程序代码。在一个实施方式中,主机130是工作站、台式个人计算机或膝上型个人计算机。在一个实施方式中,主机130是个人数字助理(PDA)、智能电话或移动电话。
在一个实施方式中,安全网络160是因特网协议(IP)网络。在一个实施方式中,安全网络160是企业数据网络或地区企业数据网络(regionalcorporate data network)。在一个实施方式中,安全网络160是因特网服务供应商网络。在一个实施方式中,安全网络160是住宅数据网络。在一个实施方式中,安全网络160包括诸如以太网的有线网络。在一个实施方式中,安全网络160包括诸如WiFi网络的无线网络。
公共应用180提供了允许用户120以实时方式与其他用户通信的服务。在一个实施方式中,该服务包括文字聊天。在一个实施方式中,该服务包括语音电话或视频电话。在一个实施方式中,该服务包括网络游戏。在一个实施方式中,该服务包括交换文档,诸如,发送或接收文本文档,PowerPointTM报告、ExcelTM数据表、图像文件、音乐文件或视频剪辑。在一个实施方式中,该服务包括诸如创建文档、商业计划以及协议的协作的文档处理,其中用户120与其他用户以实时方式协作。在一个实施方式中,该服务包括诸如电话会议的协作信息交换。在一个实施方式中,该服务是社交网络服务。在一个实施方式中,该服务包括实时协作和非实时协作。
在一个实例中,公共应用180提供美国在线即时信使(America OnlineInstant MessengerTM)服务。在一个实施方式中,公共应用180提供雅虎即时信使(Yahoo Instant MessengerTM)语音服务。在一个实施方式中,公共应用180提供诸如KazaaTM文件共享服务的文件共享服务。在一个实施方式中,公共应用180提供诸如MicrosoftTM网络游戏服务的网络游戏服务。在一个实施方式中,公共应用180提供诸如Google DocsTM、Salesforce.comTM的在线协作文档处理。在一个实施方式中,公共应用180提供诸如WebExTM的在线信息交换与通信。在一个实施方式中,公共应用180提供诸如现场视频流、现场音频流以及即时图片上传的现场信息流。
安全网关150位于安全网络160的边缘。安全网关150将安全网络160连接至公共应用180。安全网关150从安全网络160接收网络流量并且将网络流量传输至应用服务器190。同样,安全网关150从应用服务器190接收网络流量并且将该网络流量传输至安全网络160。
在一个实施方式中,安全网关150包括企业广域网(WAN)网关的功能。在一个实施方式中,安全网关150包括住宅宽带网关。在一个实施方式中,安全网关150包括用于因特网服务供应商的WAN网关的功能。
图1b示出了访问会话和应用会话。
用户120使用主机130,以在访问会话162过程中访问安全网络160。
主机130具有主机标识134。主机130使用主机标识134以连接至安全网络160。在一个实施方式中,主机标识134包括IP地址。在一个实施方式中,主机标识134包括介质访问控制层(MAC)地址。
在安全网络160内,用户120具有私人用户标识124。在一个实施方式中,私人用户标识124是员工编号或员工姓名。在一个实施方式中,私人用户标识124是因特网服务订阅标识。在一个实施方式中,访问会话162在使用私人用户标识124对于安全网络160成功的网络用户登录程序(诸如,员工网络登录)之后被建立。私人用户标识124与主机标识134相关联。在一个实施方式中,主机130是客户计算装置。私人用户标识124与连接了主机130的以太网交换端口相关联。在此实施方式中,私人用户标识124是端口号、因特网接口标识或以太网VLAN标识。
用户120使用主机130以在应用会话182中访问公共应用180。用户120在应用会话182过程中使用公共用户标识127。在一个实施方式中,公共应用180提示用户120在建立应用会话182之前登录。在应用用户登录程序过程中,用户120向公共应用180提供公共用户标识127。在另一实施方式中,公共应用180选择应用会话182的用户120的公共用户标识127。在一个实施方式中,公共用户标识127通过用户注册处理或服务订阅处理来建立。在应用会话182中的网络流量通过安全网关150。
图1c示出了访问会话记录和应用会话记录。
服务会话记录164记录关于访问会话162的信息。该信息包括私人用户标识124、主机标识134以及访问会话时间166。在一个实施方式中,访问会话时间166是当访问会话162建立时的开始时间。在一个实施方式中,访问会话时间166包括开始时间和当用户120完成访问会话162时的结束时间。在一个实施方式中,访问会话时间166是在访问会话162过程中的时间的时间戳。
应用会话记录184记录关于应用会话182的信息。该信息包括私人用户标识124、公共用户标识127以及应用会话时间186。在一个实施方式中,该信息还包括主机标识134。在一个实施方式中,应用会话时间186包括当应用会话182建立时的开始时间。在一个实施方式中,应用会话时间186包括在应用会话182过程中的时间戳。在一个实施方式中,应用会话时间186包括当安全网关150识别应用会话182时的时间戳。
图2示出了生成应用会话记录的处理。
生成应用会话记录184的处理包括多个步骤。
在步骤201中,安全网关150识别应用会话。
在步骤201中,安全网关150确定应用会话的公共用户标识。
在步骤203中,安全网关150使用关于应用会话的信息确定私人用户标识。
图3至图5分别示出了步骤201至步骤203。
图3示出了识别应用会话的处理。
安全网关150检查主机130与应用服务器190之间的网络流量,以识别公共应用180的应用会话182。
在一个实施方式中,安全网关150为了识别应用会话182检查主机130与应用服务器190之间的数据包339。
安全网关150包括公共应用180的应用标识符。应用标识符355包括用于识别应用会话182的信息。在一个实施方式中,应用标识符355包括传输层信息,诸如,传输控制协议(TCP)或用户图表协议(UDP);以及至少一个传输端口号,诸如,TCP端口号或UDP端口号。在一个实施方式中,应用标识符355包括应用层信息,诸如,一个或多个数据滤波器,其中数据滤波器规定了在数据包中的值和该值的位置。在一个实例中,数据滤波器是[具有值“0x52”的字节0]。在一个实例中,数字滤波器是[具有ASCII值“ADEH”的字节4-7]。
安全网关150对照应用标识符355来匹配数据包339。
在一个实施方式中,应用标识符355包括传输协议类型TCP以及目的地TCP端口号5190,该TCP端口号被AIM协议所使用。在此实施方式中,数据包339是从主机130至应用服务器190的TCP数据包。安全网关150对照应用标识符355来确定数据包339并且确定公共应用180提供AIM服务。
安全网关150创建应用会话记录184。安全网关150从数据包339的IP报头提取源IP地址,并且将源IP地址存储为主机标识134。在一个实施方式中,数据包339包括链路层信息,诸如源MAC地址;安全网关150提取并存储源MAC地址作为主机标识134。
在一个实施方式中,安全网关150连接至时钟359。时钟359表示当前时刻。安全网关150以应用会话时间186存储时钟359所表示的时刻。
图4a示出了确定应用会话182的公共用户标识的处理。
用于确定公共用户标识127的方法通常专用于公共应用180。在一个实施方式中,数据包339是应用包。例如,公共应用180提供AIM服务;数据包339是AIM包
AIM包包括多个字段,例如,
命令开始字段是在具有固定的十六进制值“0x02”的0字节偏移处开始的1个字节的数据字段;
信道ID字段是在1字节偏移处开始的1个字节的数据字段;
序列号字段是在2字节偏移处开始的2字节的整数;
数据字段长度字段是在4字节偏移处开始的2字节的数据字段;
族(family)字段是在6字节偏移处开始的2字节的数据字段;以及
图表类型(subtype)字段是在8字节偏移处开始的2字节的数据字段。
AIM登录包是包括具有固定的十六进制值“0x000x17”的族字段和具有固定的十六进制值“0x00 0x06”的图表类型字段的AIM包。
AIM登录包还包括好友姓名长度字段、在19字节偏移处开始的1个字节的整数以及在20字节偏移处开始的可变长度好友姓名字段。好友姓名长度字段表示好友姓名字段的以字节计的长度。
安全网关150与数据包339匹配以确定数据包339是否是AIM登录包。在一个实施方式中,数据包339是在图4b中示出的AIM登录包400。安全网关150提取好友姓名长度字段405。安全网关150还提取好友姓名字段407。在此实施方式中,好友姓名长度字段405是整数“13”并且好友姓名字段407是“JohnSmith1984”。安全网关150将“JohnSmith1984”作为公共用户标识124存储在应用会话记录184中。
在一个实施方式中,数据包339不是AIM登录包。安全网关150检查来自主机130的另一数据包。
图5示出了确定私人用户标识的处理。
安全网络160包括标识服务器570。标识服务器150操作地耦接至处理器581和计算机可读介质582。该计算机可读介质582存储用于实现如在本文中所描述的本发明的各种实施方式的计算机可读程序代码。标识服务器570包括访问会话162的访问会话记录164,在该访问会话过程中用户120访问应用会话182。
安全网关150查询标识服务器570。安全网关150将主机标识134和应用会话时间186发送至标识服务器570。
标识服务器570接收主机标识134和应用会话时间186。标识服务器570对照访问会话记录164来匹配主机标识134和应用会话时间186。标识服务器570确定主机标识134与访问会话记录164的主机标识相匹配。标识服务器570还确定由于应用会话时间186在访问会话记录164的开始时间与结束时间之间所以应用会话时间186与访问会话记录164的访问会话时间166相匹配。标识服务器570将访问会话记录164的私人用户标识124发送至安全网关以作为对查询的响应。
安全网关150从标识服务器570接收私人用户标识124,并且将私人用户标识124存储在应用会话记录184中。
在一个实施方式中,安全网关150在从公共应用180识别出用于公共用户标识127的登录批准指示之后将公共用户标识127存储在应用会话记录184中。
在一个实施方式中,安全网关150在确定了公共用户标识127之后立刻查询标识服务器570。在一个实施方式中,安全网关150在应用会话182结束之后查询标识服务器570。
在一个实施方式中,安全网关150以批请求方式通过发送多个主机标识来查询标识服务器570;并且以批响应方式接收多个私人用户标识。
在一个实施方式中,应用会话记录184包括与私人用户标识124相关联的附加用户信息,诸如,房间或办公室编号、房间或办公室位置、电话号码、电子邮件地址、信箱位置、部门名称/标识或经理姓名。
在一个实施方式中,安全网关150从标识服务器570获得附加用户信息。在一个实施方式中,安全网关150通过利用从标识服务器570接收的私人用户标识124通过查询不同的服务器(诸如,企业目录服务器)来获得附加用户信息。
在一个实施方式中,公共应用180利用文件传输协议(FTP)协议或专有协议来提供文件传输服务。在一个实施方式中,公共应用180利用简单邮件传输协议(SMTP)、因特网消息存取协议(IMAP)或邮局协议版本3(POP3)协议来提供电子邮件服务。
通过利用应用会话记录,可确定应用会话182的私人用户标识124和公共用户标识127。在如图6所示的一个实施方式中,一旦确定了公共用户标识和私人用户标识,则安全网关150通过查询企业目录470获得应用会话182的安全策略402。在一实施方式中,企业目录470包括安全策略402。在一个实施方式中,企业目录470是具有包括安全策略402的存储器601的服务器计算机。在一个实施方式中,企业目录470是包括安全策略402的数据库。在另一实施方式中,企业目录470是在计算机中运行的具有被存储在计算机可读介质(未示出)上的程序代码的软件模块。在一个实施方式中,企业目录470位于标识服务器570中。在一个实施方式中,企业目录470使用目录技术,诸如,微软活动目录(Microsoft ActiveDirectoryTM)、轻量级目录访问协议(LDAP)目录服务、网络服务、使用JavaTM技术的目录服务。在一个实施方式中,企业目录470包括主控(host)安全策略402和其他策略的策略服务器。
安全网关150查询企业目录470以获得安全策略,其中该查询包括用户标识424。用户标识424可包括私人用户标识124或公共用户标识127。企业目录470对照安全策略402来匹配用户标识424并且确定安全策略402适用于用户标识424。在一个实施方式中,安全策略402将网络参数映射至用户标识并且在用户标识424与安全策略402中的用户标识之间存在匹配。在一个实施方式中,安全策略402将网络参数映射至标识组(未示出)并且用户标识424是标识组的一员。响应于找到用户标识424与在安全策略402中的用户标识之间的匹配,企业目录470将安全策略402发送至安全网关150。
在一个实施方式中,安全网关150基于应用会话记录184和安全策略402生成安全报告475。在一个实施方式中,安全网关150基于预定的用户标识或预定的用户标识列表来生成安全报告475。例如,安全报告可基于用户标识或多个用户标识的输入来生成。在一个实施方式中,安全网关150基于预定义的进度表或当操作者要求时生成安全报告475。
在一个实施方式中,安全策略402包括如图7中所示的安全控制功能。安全网关150响应于对应用会话182的查询而应用从企业目录470接收的安全策略402。安全策略402通常由公司构建,以防止不合法地访问公司机密文档并且防止不合法地使用对公司运转很重要的公司安全网络160。在一个实施方式中,响应于接收安全策略402,安全网关150确认所接收的安全策略402包含与在查询中所发送的用户标识424相匹配的用户标识。响应于该确认,安全网关475将安全策略402应用于应用会话182。在图7中,安全策略402包括网络流量策略451或文档访问策略453。
图8示出了网络流量策略451的多个实施方式。在一个实施方式中,网络流量策略451规定了基于网络的应用会话访问控制,其表示用户标识424是否被拒绝或允许继续应用会话182。如果被拒绝,则安全网关150可停止转发应用会话182的数据包439。在一个实施方式中,网络策略451规定带宽速率容量,诸如,1Mbps、每日100MB或每月5GB。在一实施方式中,带宽速率容量以包来测量,诸如,每秒100包,每天1万包或每月4百万包。在一个实施方式中,网络流量策略451规定映射至应用会话182的用户标识424的服务质量(QOS)。例如,网络流量策略451表示标记在应用会话182的数据包中的差分服务代码点(DSCP)的改变。在一个实施方式中,网络流量策略451规定了排队延迟、排队优先权、包转发路径、链路接口偏好、服务器负载平衡偏好、包路由策略或处理应用会话182的数据包439的其他控制。
在一个实施方式中,网络流量策略451包括流量整形控制。在一个实例中,流量整形控制规定了诸如窗口段尺寸的变化的TCP属性,或TCP窗口调节。
在一个实施方式中,网络流量策略451表示基于规定速率或容量(诸如,每秒10个会话连接、35个并发会话、午餐期间的100个会话、一天500个会话、一天24个语音会话或一小时75个文件传输会话)的用户标识424的会话连接速率控制。在一个实施方式中,网络流量策略451可规定,当超出速率或容量时,是否拒绝应用会话182或丢弃应用会话182的数据包439。
在一个实施方式中,网络流量策略451包括映射至用户标识424的应用会话更改控制,规定如何对于具有用户标识424的用户更改应用会话182的数据包439。在一个实例中,应用会话更改控制规定安全网关150应对用户标识424的应用会话182执行网络地址转换(NAT)。在一个实例中,安全网关150应利用用户标识424的预定端口号来对应用会话182执行端口地址转换(PAT)。在另一实例中,在应用会话182是HTTP会话的情况下以及在应用会话182的数据包439中的统一资源定位符(URL)与用户标识424的预定URL相匹配的情况下,安全网关150应执行内容替换。在一个实例中,在应用会话182是文件传输会话的情况下以及在用户标识424的应用会话182的数据包439中发现与预定文件名匹配的文件名的情况下,安全网关150应执行文件名替换。在另一实例中,在应用会话182是可选地具有与URL的预定POST或GET请求匹配的数据包439的HTTP会话的情况下,安全网关150应插入用户标识424的信息片段(cookie)。
再参照图7,在一个实施方式中,文件访问策略453规定了是否允许或拒绝对文档447的访问。在一个实施方式中,文档447包括文件、商业协议、合同、电子数据表、演示、绘画、文本文件、手册、程序、软件程序的片段、设计、产品说明书、数据表、视频文件、音频文件、电子邮件、语音邮件、传真、文档的影印或任何商业文档。在一个实施方式中,文档447包括导向诸如数据库查询结果的数字信息的URL、网页、视频或一段音乐。在一个实施方式中,文档447包括信息的实时传输或信息流,诸如视频流、音频流、网络播放、播客(podcast)、视频展示、电话会议会话或电话。在一个实施方式中,文档访问策略453包括文档标识443和文档用户标识444。文档标识443识别文档447。文档用户标识444识别对文档447的访问受文档访问策略453的影响的用户。在一个实施方式中,安全网关150将用户标识424与文档用户标识444相比较。在一个实施方式中,响应于确定出用户标识424与文档用户标识444相匹配,安全网关150允许具有文档标识443的文档447被用户标识424访问。在另一实施方式中,安全网关150拒绝对具有文档标识443的文档447的访问。在拒绝访问的过程中,安全网关150可断开应用会话182或丢弃数据包439。在一个实施方式中,安全网关150确定数据包439包括文档标识443。响应于确认出数据包439包括文档标识443,安全网关150应用文档访问策略453。
在一个实施方式中,安全策略402包括时间457,其中安全策略402在时间457内是可应用的。在一个实施方式中,时间457表示开始时间,诸如,上午8点、下午4点、午夜。在一个实施方式中,时间457表示时间范围,诸如,上午8点至上午10点、下午7点至上午5点、早晨的时间、午餐时、高峰时段、黄金时间。安全网关150将时钟359与时间457相比较并且确定是否可应用安全策略402。
在一个实施方式中,在安全网关150确定了安全策略402是否可应用于用户标识424的应用会话182时,安全网关150生成安全消息472。在一个实施方式中,当安全网关150将安全策略402应用于应用会话182时,安全网关生成安全消息472。在一个实施方式中,安全报告475包括安全消息472。在一个实例中,安全消息472包括安全策略402和用户标识424。在一个实例中,安全消息472包括安全网关150利用安全策略402应用于应用会话182的操作。
本发明可采用完全是硬件的实施方式、完全是软件的实施方式或包含硬件和软件要素的实施方式的形式。在优选实施方式中,本发明可以软件实现,其包括但不限于固件、常驻软件、微代码等。
此外,本发明可采用可从计算机可用或计算机可读的介质(其提供由计算机或任意指令执行系统使用或与其相关的程序代码)得到的计算机程序产品的形式。对于此描述的目的,计算机可用的或计算机可读的介质可以是能获得、存储、通信、传播或传送被指令执行系统、设备或装置使用或与指令执行系统、设备或装置相关的程序的任何设备。
该介质可以是电子的、磁的、光的、电磁的、红外的或半导体系统(或设备或装置)或传播介质。计算机可读介质的实例包括半导体或固态存储器、磁带、可移除计算机磁盘、随机存取存储器(RAM)、只读存储器(ROM)、硬磁盘以及光盘。目前的光盘的实例包括只读光盘存储器(CD-ROM)、读/写光盘(CD-R/W)以及DVD。
适合存储和/或执行程序代码的数据处理系统将包括通过系统总线被直接或间接耦接至存储元件的至少一个处理器。存储元件可包括在程序代码的实际执行过程中所采用的本地存储器、大容量存储器以及为了降低在执行过程中必须从大容量存储器得到代码的次数而提供至少一些程序代码的暂时存储的高速缓冲存储器。
输入/输出或I/O装置(包括但不限于键盘、显示器、指示设备等)可直接或通过中间I/O控制器而耦接至该系统。
网络适配器也可被耦接至该系统,以使数据处理系统能够通过中间的私人或公共网络耦接至其他数据处理系统或远程打印机或存储装置。调制解调器、光缆调制解调器以及以太网卡只是网络适配器的几个当前可用类型。
提供了本发明的前述实施方式作为图示和描述。它们并不旨在将发明限制于所描述的确切形式。具体地,可设想,本文所描述的发明的功能实现可以硬件、软件、固件和/或其他可用功能组件或结构模块等价地实现,并且网络可以是有线的、无线的或有线与无线的结合。根据上述教导,可存在其他变形和实施方式,因此意味着本发明的范围并不受限于本文详细的描述,而是受所附权利要求的限制。
Claims (25)
1.一种对应用会话应用安全策略的方法,包括:
(a)经由安全网关识别在网络与应用之间的所述应用会话;
(b)通过所述安全网关利用关于所述应用会话的信息确定所述应用会话的用户标识;
(c)通过所述安全网关获得包括被映射至所述用户标识的网络参数的所述安全策略;以及
(d)通过所述安全网关将所述安全策略应用于所述应用会话。
2.根据权利要求1所述的方法,其中,所述确定(b)包括:
(b1)根据所述应用会话的应用会话记录来确定所述用户标识,其中,所述应用会话记录包括用于通过主机访问所述网络的所述用户标识、所述主机的主机标识以及应用会话时间。
3.根据权利要求2所述的方法,其中,所述应用会话记录的创建包括:
(b1i)通过发送在所述应用会话记录中的所述主机标识和所述应用会话时间来查询标识服务器,其中,所述标识服务器包括在第二主机与所述网络之间的访问会话的访问会话记录,其中,所述访问会话记录包括用于通过所述第二主机访问所述网络的第二用户标识、所述第二主机的第二主机标识以及访问会话时间;
(b1ii)通过所述标识服务器将在所述应用会话记录中的所述主机标识与在所述访问会话记录中的所述第二主机标识相比较,并且将所述访问会话时间与所述应用会话时间相比较;
(b1iii)通过所述标识服务器返回在所述访问会话记录中的所述第二用户标识、在所述应用会话记录中的所述主机标识是否与在所述访问会话记录中的所述第二主机标识相匹配、以及所述访问会话时间是否与所述应用会话时间相匹配;以及
(b1iv)将所述第二用户标识作为用于访问所述网络的网络用户标识存储在所述应用会话记录中。
4.根据权利要求1所述的方法,其中,所述用户标识包括用于访问所述网络的网络用户标识。
5.根据权利要求1所述的方法,其中,所述用户标识包括用于访问所述应用的用户标识,其中,根据所述应用会话的包来识别所述用户标识。
6.根据权利要求1所述的方法,其中,所述获得(c)和应用(d)包括:
(c1)获得包括被映射至所述用户标识的网络流量策略的所述安全策略;以及
(d1)将所述网络流量策略应用于所述应用会话。
7.根据权利要求6所述的方法,其中,所述网络流量策略包括下列中的一个或多个:
针对所述应用会话的包更改控制;
流量整形控制;
表示所述用户标识是否被拒绝或被允许继续所述应用会话的应用会话访问控制;以及
带宽控制。
8.根据权利要求7所述的方法,其中,针对所述应用会话的包更改控制包括下列中的一个或多个:
对所述应用会话执行网络地址转换;
利用预定端口号对所述应用会话执行端口地址转换;
在所述应用会话是超文本传输协议(HTTP)的情况下以及在所述应用会话的数据包中的统一资源定位符(URL)与预定URL相匹配的情况下,执行内容替代;
在所述应用会话是文件传输会话的情况下以及在所述应用会话的数据包中被找到与预定文件名匹配的文件名的情况下,执行文件名替代;以及
在所述应用会话是HTTP会话的情况下,插入用于所述用户标识的用户的信息片段。
9.根据权利要求7所述的方法,其中,所述流量整形控制包括下列中的一个或多个:
改变窗口段尺寸;以及
调节传输控制协议(TCP)窗口。
10.根据权利要求6所述的方法,其中,所述网络流量策略包括连接速率控制。
11.根据权利要求6所述的方法,其中,所述网络流量策略包括服务器负载平衡偏好。
12.根据权利要求6所述的方法,其中,所述网络流量策略包括服务质量。
13.根据权利要求12所述的方法,其中,所述服务质量表示标记在所述应用会话的数据包中的差分服务代码点(DSCP)的变化。
14.根据权利要求1所述的方法,其中,所述获得(c)和应用(d)包括:
(c1)获得包括被映射至所述用户标识的文档访问策略的所述安全策略;以及
(d1)将所述文档访问策略应用于所述应用会话。
15.根据权利要求14所述的方法,其中,所述文档访问策略包括文档标识和文档用户标识,其中所述施加(d1)包括:
(d1i)将所述用户标识与所述文档用户标识相比较;以及
(d1ii)响应于确定出所述用户标识与所述文档用户标识相匹配,允许通过所述用户标识访问具有所述文档标识的文档。
16.根据权利要求1所述的方法,还包括:
(e)生成关于所述安全策略对所述应用会话的应用的安全报告。
17.一种用于对应用会话应用安全策略的计算机程序产品,所述计算机程序产品包括:
具有在其中实施的计算机可读程序代码的计算机可读存储介质,所述计算机可读程序代码被配置为:
经由安全网关来识别在网络与应用之间的所述应用会话;
利用关于所述应用会话的信息来确定所述应用会话的用户标识;
获得包括被映射至所述用户标识的网络参数的所述安全策略;以及
将所述安全策略应用于所述应用会话。
18.根据权利要求17所述的计算机程序产品,其中,所述用户标识包括用于访问所述网络的网络用户标识。
19.根据权利要求17所述的计算机程序产品,其中,所述用户标识包括用于访问所述应用的用户标识,其中所述用户标识根据所述应用会话的包来识别。
20.根据权利要求17所述的计算机程序产品,其中,被配置为获得包括被映射至所述用户标识的网络参数的所述安全策略并且将所述安全策略应用于所述应用会话的所述计算机可读程序代码被进一步配置为:
获得包括被映射至所述用户识别的网络流量策略的所述安全策略;以及
将所述网络流量策略应用于所述应用会话。
21.根据权利要求17所述的计算机程序产品,其中,被配置为获得包括被映射至所述用户标识的网络参数的所述安全策略并且将所述安全策略应用于所述应用会话的所述计算机可读程序代码被进一步配置为:
获得包括被映射至所述用户标识的文档访问策略的所述安全策略;以及
将所述文档访问策略应用于所述应用会话。
22.一种系统,包括:
包括多个安全策略的企业目录;以及
安全网关,其中,所述安全网关:
经由所述安全网关来识别网络与应用之间的应用会话;
利用关于所述应用会话的信息来确定所述应用会话的用户标识;
从所述公司目录获得所述多个安全策略中包括被映射至所述用户标识的网络参数的安全策略;以及
将所述安全策略应用于所述应用会话。
23.根据权利要求22所述的系统,其中,所述用户标识包括用于访问所述网络的网络用户标识或用于访问所述应用的用户标识,其中,所述用户标识是根据所述应用会话的包来识别。
24.根据权利要求22所述的系统,其中,所述安全网关进一步:
获得包括被映射至所述用户标识的网络流量策略的所述安全策略;以及
将所述网络流量策略应用于所述应用会话。
25.根据权利要求22所述的系统,其中,所述安全网关进一步:
获得包括被映射至所述用户标识的文档访问策略的所述安全策略;以及
将所述文档访问策略应用于所述应用会话。
Applications Claiming Priority (3)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
US12/788,339 US8312507B2 (en) | 2006-10-17 | 2010-05-27 | System and method to apply network traffic policy to an application session |
US12/788,339 | 2010-05-27 | ||
PCT/US2011/037475 WO2011149796A2 (en) | 2010-05-27 | 2011-05-20 | System and method to apply network traffic policy to an application session |
Publications (2)
Publication Number | Publication Date |
---|---|
CN102918801A true CN102918801A (zh) | 2013-02-06 |
CN102918801B CN102918801B (zh) | 2016-05-25 |
Family
ID=45004686
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201180026075.1A Active CN102918801B (zh) | 2010-05-27 | 2011-05-20 | 将网络流量策略应用于应用会话的系统和方法 |
Country Status (5)
Country | Link |
---|---|
US (9) | US8312507B2 (zh) |
EP (1) | EP2577910B1 (zh) |
JP (1) | JP5946189B2 (zh) |
CN (1) | CN102918801B (zh) |
WO (1) | WO2011149796A2 (zh) |
Cited By (39)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN104253798A (zh) * | 2013-06-27 | 2014-12-31 | 中兴通讯股份有限公司 | 一种网络安全监控方法和系统 |
US8977749B1 (en) | 2012-07-05 | 2015-03-10 | A10 Networks, Inc. | Allocating buffer for TCP proxy session based on dynamic network conditions |
CN104618403A (zh) * | 2015-03-10 | 2015-05-13 | 网神信息技术(北京)股份有限公司 | 安全网关的访问控制方法和装置 |
CN104639509A (zh) * | 2013-11-14 | 2015-05-20 | 中国移动通信集团公司 | 一种业务处理方法和设备 |
CN104753857A (zh) * | 2013-12-26 | 2015-07-01 | 华为技术有限公司 | 网络流量控制设备及其安全策略配置方法及装置 |
US9094364B2 (en) | 2011-12-23 | 2015-07-28 | A10 Networks, Inc. | Methods to manage services over a service gateway |
US9215275B2 (en) | 2010-09-30 | 2015-12-15 | A10 Networks, Inc. | System and method to balance servers based on server load status |
US9219751B1 (en) | 2006-10-17 | 2015-12-22 | A10 Networks, Inc. | System and method to apply forwarding policy to an application session |
US9253152B1 (en) | 2006-10-17 | 2016-02-02 | A10 Networks, Inc. | Applying a packet routing policy to an application session |
US9270774B2 (en) | 2011-10-24 | 2016-02-23 | A10 Networks, Inc. | Combining stateless and stateful server load balancing |
US9338225B2 (en) | 2012-12-06 | 2016-05-10 | A10 Networks, Inc. | Forwarding policies on a virtual service network |
US9609052B2 (en) | 2010-12-02 | 2017-03-28 | A10 Networks, Inc. | Distributing application traffic to servers based on dynamic service response time |
US9705800B2 (en) | 2012-09-25 | 2017-07-11 | A10 Networks, Inc. | Load distribution in data networks |
US9712493B2 (en) | 2006-10-17 | 2017-07-18 | A10 Networks, Inc. | System and method to associate a private user identity with a public user identity |
US9742879B2 (en) | 2012-03-29 | 2017-08-22 | A10 Networks, Inc. | Hardware-based packet editor |
US9843484B2 (en) | 2012-09-25 | 2017-12-12 | A10 Networks, Inc. | Graceful scaling in software driven networks |
US9900252B2 (en) | 2013-03-08 | 2018-02-20 | A10 Networks, Inc. | Application delivery controller and global server load balancer |
US9906422B2 (en) | 2014-05-16 | 2018-02-27 | A10 Networks, Inc. | Distributed system to determine a server's health |
US9942152B2 (en) | 2014-03-25 | 2018-04-10 | A10 Networks, Inc. | Forwarding data packets using a service-based forwarding policy |
US9942162B2 (en) | 2014-03-31 | 2018-04-10 | A10 Networks, Inc. | Active application response delay time |
US9960967B2 (en) | 2009-10-21 | 2018-05-01 | A10 Networks, Inc. | Determining an application delivery server based on geo-location information |
US9986061B2 (en) | 2014-06-03 | 2018-05-29 | A10 Networks, Inc. | Programming a data network device using user defined scripts |
US9992229B2 (en) | 2014-06-03 | 2018-06-05 | A10 Networks, Inc. | Programming a data network device using user defined scripts with licenses |
US9992107B2 (en) | 2013-03-15 | 2018-06-05 | A10 Networks, Inc. | Processing data packets using a policy based network path |
US10002141B2 (en) | 2012-09-25 | 2018-06-19 | A10 Networks, Inc. | Distributed database in software driven networks |
US10021174B2 (en) | 2012-09-25 | 2018-07-10 | A10 Networks, Inc. | Distributing service sessions |
US10027761B2 (en) | 2013-05-03 | 2018-07-17 | A10 Networks, Inc. | Facilitating a secure 3 party network session by a network device |
US10038693B2 (en) | 2013-05-03 | 2018-07-31 | A10 Networks, Inc. | Facilitating secure network traffic by an application delivery controller |
US10044582B2 (en) | 2012-01-28 | 2018-08-07 | A10 Networks, Inc. | Generating secure name records |
US10129122B2 (en) | 2014-06-03 | 2018-11-13 | A10 Networks, Inc. | User defined objects for network devices |
US10230770B2 (en) | 2013-12-02 | 2019-03-12 | A10 Networks, Inc. | Network proxy layer for policy-based application proxies |
USRE47296E1 (en) | 2006-02-21 | 2019-03-12 | A10 Networks, Inc. | System and method for an adaptive TCP SYN cookie with time validation |
US10243791B2 (en) | 2015-08-13 | 2019-03-26 | A10 Networks, Inc. | Automated adjustment of subscriber policies |
US10268467B2 (en) | 2014-11-11 | 2019-04-23 | A10 Networks, Inc. | Policy-driven management of application traffic for providing services to cloud-based applications |
US10581976B2 (en) | 2015-08-12 | 2020-03-03 | A10 Networks, Inc. | Transmission control of protocol state exchange for dynamic stateful service insertion |
CN111295640A (zh) * | 2017-09-15 | 2020-06-16 | 帕洛阿尔托网络公司 | 使用会话app id和端点进程id相关性的精细粒度防火墙策略实施 |
US11165770B1 (en) | 2013-12-06 | 2021-11-02 | A10 Networks, Inc. | Biometric verification of a human internet user |
CN115037499A (zh) * | 2022-04-07 | 2022-09-09 | 水利部信息中心 | 一种基于语音的安全联动响应方法 |
CN116709330A (zh) * | 2017-06-15 | 2023-09-05 | 帕洛阿尔托网络公司 | 服务提供商网络中的基于位置的安全性 |
Families Citing this family (82)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US8151322B2 (en) | 2006-05-16 | 2012-04-03 | A10 Networks, Inc. | Systems and methods for user access authentication based on network access point |
KR101510472B1 (ko) * | 2008-10-02 | 2015-04-08 | 삼성전자주식회사 | 무선 센서 네트워크의 데이터 패킷을 보안하기 위한 장치 및 방법 |
US8489685B2 (en) | 2009-07-17 | 2013-07-16 | Aryaka Networks, Inc. | Application acceleration as a service system and method |
US8612744B2 (en) | 2011-02-10 | 2013-12-17 | Varmour Networks, Inc. | Distributed firewall architecture using virtual machines |
US9191327B2 (en) | 2011-02-10 | 2015-11-17 | Varmour Networks, Inc. | Distributed service processing of network gateways using virtual machines |
US9660992B1 (en) * | 2011-05-23 | 2017-05-23 | Palo Alto Networks, Inc. | User-ID information propagation among appliances |
US10560478B1 (en) | 2011-05-23 | 2020-02-11 | Palo Alto Networks, Inc. | Using log event messages to identify a user and enforce policies |
US9215235B1 (en) | 2011-05-23 | 2015-12-15 | Palo Alto Networks, Inc. | Using events to identify a user and enforce policies |
US8677447B1 (en) | 2011-05-25 | 2014-03-18 | Palo Alto Networks, Inc. | Identifying user names and enforcing policies |
US8813169B2 (en) | 2011-11-03 | 2014-08-19 | Varmour Networks, Inc. | Virtual security boundary for physical or virtual network devices |
US9529995B2 (en) | 2011-11-08 | 2016-12-27 | Varmour Networks, Inc. | Auto discovery of virtual machines |
US9386088B2 (en) | 2011-11-29 | 2016-07-05 | A10 Networks, Inc. | Accelerating service processing using fast path TCP |
WO2013116856A1 (en) * | 2012-02-02 | 2013-08-08 | Seven Networks, Inc. | Dynamic categorization of applications for network access in a mobile network |
TWI504245B (zh) * | 2012-03-19 | 2015-10-11 | Univ Nat Pingtung Sci & Tech | 視訊傳輸控制方法 |
JP6045163B2 (ja) * | 2012-03-23 | 2016-12-14 | 三菱電機株式会社 | 通信システムおよび時刻情報利用方法 |
US9106561B2 (en) | 2012-12-06 | 2015-08-11 | A10 Networks, Inc. | Configuration of a virtual service network |
US9178715B2 (en) | 2012-10-01 | 2015-11-03 | International Business Machines Corporation | Providing services to virtual overlay network traffic |
US9043939B2 (en) * | 2012-10-26 | 2015-05-26 | International Business Machines Corporation | Accessing information during a teleconferencing event |
US9531846B2 (en) | 2013-01-23 | 2016-12-27 | A10 Networks, Inc. | Reducing buffer usage for TCP proxy session based on delayed acknowledgement |
US9154484B2 (en) * | 2013-02-21 | 2015-10-06 | Cisco Technology, Inc. | Identity propagation |
US9824211B2 (en) * | 2013-03-15 | 2017-11-21 | Fireeye, Inc. | System and method to visualize user sessions |
US9122853B2 (en) | 2013-06-24 | 2015-09-01 | A10 Networks, Inc. | Location determination for user authentication |
US10484189B2 (en) * | 2013-11-13 | 2019-11-19 | Microsoft Technology Licensing, Llc | Enhanced collaboration services |
US9560081B1 (en) | 2016-06-24 | 2017-01-31 | Varmour Networks, Inc. | Data network microsegmentation |
US10264025B2 (en) | 2016-06-24 | 2019-04-16 | Varmour Networks, Inc. | Security policy generation for virtualization, bare-metal server, and cloud computing environments |
US9973472B2 (en) | 2015-04-02 | 2018-05-15 | Varmour Networks, Inc. | Methods and systems for orchestrating physical and virtual switches to enforce security boundaries |
US10091238B2 (en) | 2014-02-11 | 2018-10-02 | Varmour Networks, Inc. | Deception using distributed threat detection |
WO2016044413A1 (en) | 2014-09-16 | 2016-03-24 | CloudGenix, Inc. | Methods and systems for business intent driven policy based network traffic characterization, monitoring and control |
US9929988B2 (en) * | 2014-09-18 | 2018-03-27 | Bottomline Technologies (De) Inc. | Method for tracking and routing financial messages for mobile devices |
US9479479B1 (en) * | 2014-09-25 | 2016-10-25 | Juniper Networks, Inc. | Detector tree for detecting rule anomalies in a firewall policy |
US9294442B1 (en) | 2015-03-30 | 2016-03-22 | Varmour Networks, Inc. | System and method for threat-driven security policy controls |
US10178070B2 (en) | 2015-03-13 | 2019-01-08 | Varmour Networks, Inc. | Methods and systems for providing security to distributed microservices |
US9609026B2 (en) | 2015-03-13 | 2017-03-28 | Varmour Networks, Inc. | Segmented networks that implement scanning |
US9467476B1 (en) | 2015-03-13 | 2016-10-11 | Varmour Networks, Inc. | Context aware microsegmentation |
US10193929B2 (en) | 2015-03-13 | 2019-01-29 | Varmour Networks, Inc. | Methods and systems for improving analytics in distributed networks |
US9438634B1 (en) | 2015-03-13 | 2016-09-06 | Varmour Networks, Inc. | Microsegmented networks that implement vulnerability scanning |
US10009381B2 (en) | 2015-03-30 | 2018-06-26 | Varmour Networks, Inc. | System and method for threat-driven security policy controls |
US9380027B1 (en) | 2015-03-30 | 2016-06-28 | Varmour Networks, Inc. | Conditional declarative policies |
US10027591B1 (en) | 2015-03-31 | 2018-07-17 | Juniper Networks, Inc. | Apparatus, system, and method for applying policies to network traffic on specific days |
US9525697B2 (en) | 2015-04-02 | 2016-12-20 | Varmour Networks, Inc. | Delivering security functions to distributed networks |
US10448276B2 (en) * | 2015-05-26 | 2019-10-15 | Lg Electronics Inc. | Method and terminal for performing attach procedure for sponsored connectivity in wireless communication system |
US9483317B1 (en) | 2015-08-17 | 2016-11-01 | Varmour Networks, Inc. | Using multiple central processing unit cores for packet forwarding in virtualized networks |
JP6637059B2 (ja) * | 2015-09-29 | 2020-01-29 | 株式会社ソラコム | 移動体通信システムのゲートウェイの制御装置 |
CN105338082A (zh) * | 2015-10-30 | 2016-02-17 | 浪潮(北京)电子信息产业有限公司 | 基于应用代理服务器的负载均衡方法及装置 |
US10191758B2 (en) | 2015-12-09 | 2019-01-29 | Varmour Networks, Inc. | Directing data traffic between intra-server virtual machines |
US9762599B2 (en) | 2016-01-29 | 2017-09-12 | Varmour Networks, Inc. | Multi-node affinity-based examination for computer network security remediation |
US9680852B1 (en) | 2016-01-29 | 2017-06-13 | Varmour Networks, Inc. | Recursive multi-layer examination for computer network security remediation |
US9521115B1 (en) | 2016-03-24 | 2016-12-13 | Varmour Networks, Inc. | Security policy generation using container metadata |
US9787639B1 (en) | 2016-06-24 | 2017-10-10 | Varmour Networks, Inc. | Granular segmentation using events |
US10755334B2 (en) | 2016-06-30 | 2020-08-25 | Varmour Networks, Inc. | Systems and methods for continually scoring and segmenting open opportunities using client data and product predictors |
US10601776B1 (en) | 2017-04-21 | 2020-03-24 | Palo Alto Networks, Inc. | Security platform for service provider network environments |
US10594734B1 (en) * | 2017-04-21 | 2020-03-17 | Palo Alto Networks, Inc. | Dynamic per subscriber policy enablement for security platforms within service provider network environments |
US20180338007A1 (en) * | 2017-05-17 | 2018-11-22 | American Megatrends, Inc. | System and method for providing extensible communication gateway with session pooling |
US10868836B1 (en) * | 2017-06-07 | 2020-12-15 | Amazon Technologies, Inc. | Dynamic security policy management |
US10721272B2 (en) | 2017-06-15 | 2020-07-21 | Palo Alto Networks, Inc. | Mobile equipment identity and/or IOT equipment identity and application identity based security enforcement in service provider networks |
US10708306B2 (en) * | 2017-06-15 | 2020-07-07 | Palo Alto Networks, Inc. | Mobile user identity and/or SIM-based IoT identity and application identity based security enforcement in service provider networks |
US10834136B2 (en) | 2017-06-15 | 2020-11-10 | Palo Alto Networks, Inc. | Access point name and application identity based security enforcement in service provider networks |
US10693918B2 (en) | 2017-06-15 | 2020-06-23 | Palo Alto Networks, Inc. | Radio access technology based security in service provider networks |
US11050789B2 (en) | 2017-06-15 | 2021-06-29 | Palo Alto Networks, Inc. | Location based security in service provider networks |
US10812532B2 (en) | 2017-06-15 | 2020-10-20 | Palo Alto Networks, Inc. | Security for cellular internet of things in mobile networks |
CN107248960B (zh) * | 2017-06-21 | 2020-06-19 | 深圳市盛路物联通讯技术有限公司 | 一种基于传输时长的物联网数据上报控制方法及转发节点 |
CN107995304A (zh) * | 2017-12-13 | 2018-05-04 | 杭州迪普科技股份有限公司 | 一种基于cookie的会话保持方法及装置 |
CN110784330B (zh) * | 2018-07-30 | 2022-04-05 | 华为技术有限公司 | 一种应用识别模型的生成方法及装置 |
CN109246002B (zh) * | 2018-09-17 | 2020-10-30 | 武汉思普崚技术有限公司 | 一种深度安全网关与网元设备 |
US11290493B2 (en) * | 2019-05-31 | 2022-03-29 | Varmour Networks, Inc. | Template-driven intent-based security |
US11711374B2 (en) | 2019-05-31 | 2023-07-25 | Varmour Networks, Inc. | Systems and methods for understanding identity and organizational access to applications within an enterprise environment |
US11575563B2 (en) | 2019-05-31 | 2023-02-07 | Varmour Networks, Inc. | Cloud security management |
US11290494B2 (en) | 2019-05-31 | 2022-03-29 | Varmour Networks, Inc. | Reliability prediction for cloud security policies |
US11863580B2 (en) | 2019-05-31 | 2024-01-02 | Varmour Networks, Inc. | Modeling application dependencies to identify operational risk |
US11310284B2 (en) | 2019-05-31 | 2022-04-19 | Varmour Networks, Inc. | Validation of cloud security policies |
US11050678B2 (en) | 2019-10-24 | 2021-06-29 | International Business Machines Corporation | Situation-related prioritization of communication in networks |
US11532040B2 (en) | 2019-11-12 | 2022-12-20 | Bottomline Technologies Sarl | International cash management software using machine learning |
US11526859B1 (en) | 2019-11-12 | 2022-12-13 | Bottomline Technologies, Sarl | Cash flow forecasting using a bottoms-up machine learning approach |
US11343285B2 (en) * | 2020-01-31 | 2022-05-24 | Palo Alto Networks, Inc. | Multi-access edge computing services security in mobile networks by parsing application programming interfaces |
US11704671B2 (en) | 2020-04-02 | 2023-07-18 | Bottomline Technologies Limited | Financial messaging transformation-as-a-service |
CN112437058B (zh) * | 2020-11-11 | 2022-02-08 | 中国电子科技集团公司第三十研究所 | 基于会话流量日志的防火墙安全策略自动生成方法 |
US11818152B2 (en) | 2020-12-23 | 2023-11-14 | Varmour Networks, Inc. | Modeling topic-based message-oriented middleware within a security system |
US11876817B2 (en) | 2020-12-23 | 2024-01-16 | Varmour Networks, Inc. | Modeling queue-based message-oriented middleware relationships in a security system |
US11777978B2 (en) | 2021-01-29 | 2023-10-03 | Varmour Networks, Inc. | Methods and systems for accurately assessing application access risk |
CN115567229A (zh) * | 2021-06-30 | 2023-01-03 | 上海云盾信息技术有限公司 | 基于云的互联网访问控制方法、装置、介质、设备和系统 |
US11734316B2 (en) | 2021-07-08 | 2023-08-22 | Varmour Networks, Inc. | Relationship-based search in a computing environment |
US11811675B2 (en) | 2022-01-24 | 2023-11-07 | Bank Of America Corporation | System for triggering adaptive resource channel requisition within a distributed network |
Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN1449618A (zh) * | 2000-09-04 | 2003-10-15 | 国际商业机器公司 | 计算机系统之间的系统通信 |
CN1725702A (zh) * | 2004-07-20 | 2006-01-25 | 联想网御科技(北京)有限公司 | 一种网络安全设备及其组成的实现高可用性的系统及方法 |
US20060036733A1 (en) * | 2004-07-09 | 2006-02-16 | Toshiba America Research, Inc. | Dynamic host configuration and network access authentication |
EP1770915A1 (en) * | 2005-09-29 | 2007-04-04 | Matsushita Electric Industrial Co., Ltd. | Policy control in the evolved system architecture |
CN101094225A (zh) * | 2006-11-24 | 2007-12-26 | 中兴通讯股份有限公司 | 一种差异化安全服务的网络、系统和方法 |
Family Cites Families (599)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US4495570A (en) | 1981-01-14 | 1985-01-22 | Hitachi, Ltd. | Processing request allocator for assignment of loads in a distributed processing system |
US4403286A (en) | 1981-03-06 | 1983-09-06 | International Business Machines Corporation | Balancing data-processing work loads |
US4577272A (en) | 1983-06-27 | 1986-03-18 | E-Systems, Inc. | Fault tolerant and load sharing processing system |
US4720850A (en) | 1986-03-14 | 1988-01-19 | American Telephone And Telegraph Company At&T Bell Laboratories | Communication system control arrangement |
US4864492A (en) | 1986-09-17 | 1989-09-05 | International Business Machines Corporation | System and method for network configuration |
US4882699A (en) | 1988-09-19 | 1989-11-21 | International Business Machines Corp. | Communications network routing and management system |
US5031089A (en) | 1988-12-30 | 1991-07-09 | United States Of America As Represented By The Administrator, National Aeronautics And Space Administration | Dynamic resource allocation scheme for distributed heterogeneous computer systems |
US5341477A (en) | 1989-02-24 | 1994-08-23 | Digital Equipment Corporation | Broker for computer network server selection |
US5218676A (en) | 1990-01-08 | 1993-06-08 | The University Of Rochester | Dynamic routing system for a multinode communications network |
US5218602A (en) | 1991-04-04 | 1993-06-08 | Dsc Communications Corporation | Interprocessor switching network |
EP0522224B1 (en) | 1991-07-10 | 1998-10-21 | International Business Machines Corporation | High speed buffer management |
DE69123149T2 (de) | 1991-09-03 | 1997-03-13 | Hewlett Packard Co | Nachrichtweglenking-Apparat |
JPH06250869A (ja) | 1993-03-01 | 1994-09-09 | Hitachi Ltd | 分散制御システム |
US5931914A (en) | 1993-04-09 | 1999-08-03 | Industrial Technology Research Institute | Apparatus for communication protocol processing utilizing a state machine look up table |
GB2281793A (en) | 1993-09-11 | 1995-03-15 | Ibm | A data processing system for providing user load levelling in a network |
US5522042A (en) | 1994-01-28 | 1996-05-28 | Cabletron Systems, Inc. | Distributed chassis agent for distributed network management |
US5537542A (en) | 1994-04-04 | 1996-07-16 | International Business Machines Corporation | Apparatus and method for managing a server workload according to client performance goals in a client/server data processing system |
US5737420A (en) | 1994-09-07 | 1998-04-07 | Mytec Technologies Inc. | Method for secure data transmission between remote stations |
US5712912A (en) | 1995-07-28 | 1998-01-27 | Mytec Technologies Inc. | Method and apparatus for securely handling a personal identification number or cryptographic key using biometric techniques |
US5541994A (en) | 1994-09-07 | 1996-07-30 | Mytec Technologies Inc. | Fingerprint controlled public key cryptographic system |
US5944794A (en) | 1994-09-30 | 1999-08-31 | Kabushiki Kaisha Toshiba | User identification data management scheme for networking computer systems using wide area network |
US5563878A (en) | 1995-01-05 | 1996-10-08 | International Business Machines Corporation | Transaction message routing in digital communication networks |
US5675739A (en) | 1995-02-03 | 1997-10-07 | International Business Machines Corporation | Apparatus and method for managing a distributed data processing system workload according to a plurality of distinct processing goal types |
US5867636A (en) | 1995-06-06 | 1999-02-02 | Apple Computer, Inc. | Client server symmetric presentation-layer connection protocol for network printing systems |
US5603029A (en) | 1995-06-07 | 1997-02-11 | International Business Machines Corporation | System of assigning work requests based on classifying into an eligible class where the criteria is goal oriented and capacity information is available |
US5774668A (en) | 1995-06-07 | 1998-06-30 | Microsoft Corporation | System for on-line service in which gateway computer uses service map which includes loading condition of servers broadcasted by application servers for load balancing |
US5751971A (en) | 1995-07-12 | 1998-05-12 | Cabletron Systems, Inc. | Internet protocol (IP) work group routing |
JP2962203B2 (ja) | 1995-09-28 | 1999-10-12 | 日本電気株式会社 | オンライン情報処理システムにおける負荷分散方法 |
GB2305747A (en) | 1995-09-30 | 1997-04-16 | Ibm | Load balancing of connections to parallel servers |
US5757916A (en) | 1995-10-06 | 1998-05-26 | International Series Research, Inc. | Method and apparatus for authenticating the location of remote users of networked computing systems |
US6104717A (en) | 1995-11-03 | 2000-08-15 | Cisco Technology, Inc. | System and method for providing backup machines for implementing multiple IP addresses on multiple ports |
US5867661A (en) | 1996-02-15 | 1999-02-02 | International Business Machines Corporation | Method and apparatus of using virtual sockets for reducing data transmitted over a wireless communication link between a client web browser and a host web server using a standard TCP protocol |
US5754752A (en) | 1996-03-28 | 1998-05-19 | Tandem Computers Incorporated | End-to-end session recovery |
US5828847A (en) | 1996-04-19 | 1998-10-27 | Storage Technology Corporation | Dynamic server switching for maximum server availability and load balancing |
US5935207A (en) | 1996-06-03 | 1999-08-10 | Webtv Networks, Inc. | Method and apparatus for providing remote site administrators with user hits on mirrored web sites |
US6031978A (en) | 1996-06-28 | 2000-02-29 | International Business Machines Corporation | System, method and program for enabling a client to reconnect to a same server in a network of computer systems after the server has moved to a different network address |
US5835724A (en) | 1996-07-03 | 1998-11-10 | Electronic Data Systems Corporation | System and method for communication information using the internet that receives and maintains information concerning the client and generates and conveys the session data to the client |
US5774660A (en) | 1996-08-05 | 1998-06-30 | Resonate, Inc. | World-wide-web server with delayed resource-binding for resource-based load balancing on a distributed resource multi-node network |
US5918017A (en) | 1996-08-23 | 1999-06-29 | Internatioinal Business Machines Corp. | System and method for providing dynamically alterable computer clusters for message routing |
CA2265875C (en) | 1996-09-09 | 2007-01-16 | Dennis Jay Dupray | Location of a mobile station |
US6381632B1 (en) | 1996-09-10 | 2002-04-30 | Youpowered, Inc. | Method and apparatus for tracking network usage |
US6219793B1 (en) | 1996-09-11 | 2001-04-17 | Hush, Inc. | Method of using fingerprints to authenticate wireless communications |
US5923854A (en) | 1996-11-22 | 1999-07-13 | International Business Machines Corporation | Virtual internet protocol (IP) addressing |
US5917997A (en) | 1996-12-06 | 1999-06-29 | International Business Machines Corporation | Host identity takeover using virtual internet protocol (IP) addressing |
US5941988A (en) | 1997-01-27 | 1999-08-24 | International Business Machines Corporation | Session and transport layer proxies via TCP glue |
US5875296A (en) | 1997-01-28 | 1999-02-23 | International Business Machines Corporation | Distributed file system web server user authentication with cookies |
US5958053A (en) | 1997-01-30 | 1999-09-28 | At&T Corp. | Communications protocol with improved security |
US5951650A (en) | 1997-01-31 | 1999-09-14 | International Business Machines Corporation | Session traffic splitting using virtual internet protocol addresses associated with distinct categories of application programs irrespective of destination IP address |
US6041357A (en) | 1997-02-06 | 2000-03-21 | Electric Classified, Inc. | Common session token system and protocol |
US5935215A (en) | 1997-03-21 | 1999-08-10 | International Business Machines Corporation | Methods and systems for actively updating routing in TCP/IP connections using TCP/IP messages |
CA2203212A1 (en) | 1997-04-21 | 1998-10-21 | Vijayakumar Bhagavatula | Methodology for biometric encryption |
US6445704B1 (en) | 1997-05-02 | 2002-09-03 | Cisco Technology, Inc. | Method and apparatus for virtualizing a locally initiated outbound connection from a connection manager |
US6324177B1 (en) | 1997-05-02 | 2001-11-27 | Cisco Technology | Method and apparatus for managing connections based on a client IP address |
GB9709136D0 (en) | 1997-05-02 | 1997-06-25 | Certicom Corp | A log-on verification protocol |
BR9808737A (pt) | 1997-05-09 | 2001-01-16 | Gte Cyber Trust Solutions Inc | Certificados biométricos |
US5991408A (en) | 1997-05-16 | 1999-11-23 | Veridicom, Inc. | Identification and security using biometric measurements |
US6088728A (en) | 1997-06-11 | 2000-07-11 | Oracle Corporation | System using session data stored in session data storage for associating and disassociating user identifiers for switching client sessions in a server |
US5995981A (en) | 1997-06-16 | 1999-11-30 | Telefonaktiebolaget Lm Ericsson | Initialization of replicated data objects |
US6182146B1 (en) | 1997-06-27 | 2001-01-30 | Compuware Corporation | Automatic identification of application protocols through dynamic mapping of application-port associations |
US5946686A (en) | 1997-07-11 | 1999-08-31 | International Business Machines Corporation | Parallel file system and method with quota allocation |
GB9715256D0 (en) | 1997-07-21 | 1997-09-24 | Rank Xerox Ltd | Token-based docement transactions |
EP1021757A1 (en) | 1997-07-25 | 2000-07-26 | Starvox, Inc. | Apparatus and method for integrated voice gateway |
US6393475B1 (en) | 1997-07-28 | 2002-05-21 | Nortel Networks Limited | Method of performing a network management transaction using a web-capable agent |
US6006264A (en) | 1997-08-01 | 1999-12-21 | Arrowpoint Communications, Inc. | Method and system for directing a flow between a client and a server |
US6286039B1 (en) | 1997-08-28 | 2001-09-04 | Cisco Technology, Inc. | Automatic static to dynamic IP address and DNS address management for remote communications network access |
DE19739297C2 (de) | 1997-09-08 | 2001-11-15 | Phoenix Contact Gmbh & Co | Automatisierungsanlage und Anschaltvorrichtung zur transparenten Kommunikation zwischen zwei Netzen |
JP3369445B2 (ja) | 1997-09-22 | 2003-01-20 | 富士通株式会社 | ネットワークサービスサーバ負荷調整装置、方法および記録媒体 |
US9197599B1 (en) | 1997-09-26 | 2015-11-24 | Verizon Patent And Licensing Inc. | Integrated business system for web based telecommunications management |
US6714979B1 (en) | 1997-09-26 | 2004-03-30 | Worldcom, Inc. | Data warehousing infrastructure for web based reporting tool |
US7225249B1 (en) | 1997-09-26 | 2007-05-29 | Mci, Llc | Integrated systems for providing communications network management services and interactive generating invoice documents |
US7058600B1 (en) | 1997-09-26 | 2006-06-06 | Mci, Inc. | Integrated proxy interface for web based data management reports |
US6745229B1 (en) | 1997-09-26 | 2004-06-01 | Worldcom, Inc. | Web based integrated customer interface for invoice reporting |
US6128279A (en) | 1997-10-06 | 2000-10-03 | Web Balance, Inc. | System for balancing loads among network servers |
US8782199B2 (en) | 1997-10-14 | 2014-07-15 | A-Tech Llc | Parsing a packet header |
US7237036B2 (en) | 1997-10-14 | 2007-06-26 | Alacritech, Inc. | Fast-path apparatus for receiving data corresponding a TCP connection |
US6226680B1 (en) | 1997-10-14 | 2001-05-01 | Alacritech, Inc. | Intelligent network interface system method for protocol processing |
US6434620B1 (en) | 1998-08-27 | 2002-08-13 | Alacritech, Inc. | TCP/IP offload network interface device |
US6223205B1 (en) | 1997-10-20 | 2001-04-24 | Mor Harchol-Balter | Method and apparatus for assigning tasks in a distributed server system |
US6252878B1 (en) | 1997-10-30 | 2001-06-26 | Cisco Technology, Inc. | Switched architecture access server |
US6047268A (en) | 1997-11-04 | 2000-04-04 | A.T.&T. Corporation | Method and apparatus for billing for transactions conducted over the internet |
US6542926B2 (en) | 1998-06-10 | 2003-04-01 | Compaq Information Technologies Group, L.P. | Software partitioned multi-processor system with flexible resource sharing levels |
US6035398A (en) | 1997-11-14 | 2000-03-07 | Digitalpersona, Inc. | Cryptographic key generation using biometric data |
US6141759A (en) | 1997-12-10 | 2000-10-31 | Bmc Software, Inc. | System and architecture for distributing, monitoring, and managing information requests on a computer network |
US6003069A (en) | 1997-12-16 | 1999-12-14 | Lexmark International, Inc. | Client/server printer driver system |
US6038666A (en) | 1997-12-22 | 2000-03-14 | Trw Inc. | Remote identity verification technique using a personal identification device |
US6363075B1 (en) | 1998-01-23 | 2002-03-26 | Industrial Technology Research Institute | Shared buffer management mechanism and method using multiple linked lists in a high speed packet switching system |
US6167062A (en) | 1998-02-02 | 2000-12-26 | Tellabs Operations, Inc. | System and associated method for the synchronization and control of multiplexed payloads over a telecommunications network |
US6185598B1 (en) | 1998-02-10 | 2001-02-06 | Digital Island, Inc. | Optimized network resource location |
US7095852B2 (en) | 1998-02-13 | 2006-08-22 | Tecsec, Inc. | Cryptographic key split binder for use with tagged data elements |
US6131163A (en) | 1998-02-17 | 2000-10-10 | Cisco Technology, Inc. | Network gateway mechanism having a protocol stack proxy |
US6363081B1 (en) | 1998-03-04 | 2002-03-26 | Hewlett-Packard Company | System and method for sharing a network port among multiple applications |
US6353614B1 (en) | 1998-03-05 | 2002-03-05 | 3Com Corporation | Method and protocol for distributed network address translation |
US6076108A (en) | 1998-03-06 | 2000-06-13 | I2 Technologies, Inc. | System and method for maintaining a state for a user session using a web system having a global session server |
US6006269A (en) | 1998-03-11 | 1999-12-21 | Hewlett-Packard Company | Admission control system with messages admitted or deferred for re-submission at a later time on a priority basis |
US6098093A (en) | 1998-03-19 | 2000-08-01 | International Business Machines Corp. | Maintaining sessions in a clustered server environment |
US6459682B1 (en) | 1998-04-07 | 2002-10-01 | International Business Machines Corporation | Architecture for supporting service level agreements in an IP network |
US6167517A (en) | 1998-04-09 | 2000-12-26 | Oracle Corporation | Trusted biometric client authentication |
US6446225B1 (en) | 1998-04-23 | 2002-09-03 | Microsoft Corporation | Server system with scalable session timeout mechanism |
US6714931B1 (en) | 1998-04-29 | 2004-03-30 | Ncr Corporation | Method and apparatus for forming user sessions and presenting internet data according to the user sessions |
JPH11338836A (ja) | 1998-05-25 | 1999-12-10 | Nippon Telegr & Teleph Corp <Ntt> | コンピュータネットワークの負荷分散システム |
US6704317B1 (en) | 1998-05-27 | 2004-03-09 | 3Com Corporation | Multi-carrier LAN modem server |
US6314463B1 (en) | 1998-05-29 | 2001-11-06 | Webspective Software, Inc. | Method and system for measuring queue length and delay |
US6317786B1 (en) | 1998-05-29 | 2001-11-13 | Webspective Software, Inc. | Web service |
JP4522583B2 (ja) | 1998-07-08 | 2010-08-11 | ブリティッシュ・テレコミュニケーションズ・パブリック・リミテッド・カンパニー | 要求整合サーバ、要求整合システム及びそれらを使用した電子購買装置、電子取引システム及び方法 |
US6490624B1 (en) | 1998-07-10 | 2002-12-03 | Entrust, Inc. | Session management in a stateless network system |
US6223287B1 (en) | 1998-07-24 | 2001-04-24 | International Business Machines Corporation | Method for establishing a secured communication channel over the internet |
US7333484B2 (en) | 1998-08-07 | 2008-02-19 | Intel Corporation | Services processor having a packet editing unit |
WO2000019680A2 (en) | 1998-09-17 | 2000-04-06 | Tod Mcnamara | System and method for network flow optimization using traffic classes |
US6578066B1 (en) | 1999-09-17 | 2003-06-10 | Alteon Websystems | Distributed load-balancing internet servers |
GB2342195A (en) | 1998-09-30 | 2000-04-05 | Xerox Corp | Secure token-based document server |
US6119174A (en) | 1998-10-13 | 2000-09-12 | Hewlett-Packard Company | Methods and apparatus for implementing quality-of-service guarantees in data storage systems |
US6219706B1 (en) | 1998-10-16 | 2001-04-17 | Cisco Technology, Inc. | Access control for networks |
US6247057B1 (en) | 1998-10-22 | 2001-06-12 | Microsoft Corporation | Network server supporting multiple instance of services to operate concurrently by having endpoint mapping subsystem for mapping virtual network names to virtual endpoint IDs |
US6571274B1 (en) | 1998-11-05 | 2003-05-27 | Beas Systems, Inc. | Clustered enterprise Java™ in a secure distributed processing system |
US6321338B1 (en) | 1998-11-09 | 2001-11-20 | Sri International | Network surveillance |
US6763370B1 (en) | 1998-11-16 | 2004-07-13 | Softricity, Inc. | Method and apparatus for content protection in a secure content delivery system |
US6850965B2 (en) | 1998-11-17 | 2005-02-01 | Arthur Douglas Allen | Method for connection acceptance and rapid determination of optimal multi-media content delivery over network |
US6374359B1 (en) | 1998-11-19 | 2002-04-16 | International Business Machines Corporation | Dynamic use and validation of HTTP cookies for authentication |
US6507912B1 (en) | 1999-01-27 | 2003-01-14 | International Business Machines Corporation | Protection of biometric data via key-dependent sampling |
US6317834B1 (en) | 1999-01-29 | 2001-11-13 | International Business Machines Corporation | Biometric authentication system with encrypted models |
US6594268B1 (en) | 1999-03-11 | 2003-07-15 | Lucent Technologies Inc. | Adaptive routing system and method for QOS packet networks |
JP2000276432A (ja) | 1999-03-24 | 2000-10-06 | Nec Corp | トランザクション・メッセージの動的負荷分散方式 |
US6901145B1 (en) | 1999-04-08 | 2005-05-31 | Lucent Technologies Inc. | Generation of repeatable cryptographic key based on varying parameters |
JP2000307634A (ja) | 1999-04-15 | 2000-11-02 | Kdd Corp | パケット交換網の中継局による輻輳制御方法 |
EP1049307A1 (en) | 1999-04-29 | 2000-11-02 | International Business Machines Corporation | Method and system for dispatching client sessions within a cluster of servers connected to the World Wide Web |
US6226752B1 (en) | 1999-05-11 | 2001-05-01 | Sun Microsystems, Inc. | Method and apparatus for authenticating users |
TW526643B (en) | 1999-05-20 | 2003-04-01 | Ind Tech Res Inst | Data access control system and method |
US20010049741A1 (en) | 1999-06-18 | 2001-12-06 | Bryan D. Skene | Method and system for balancing load distribution on a wide area network |
US7188181B1 (en) | 1999-06-30 | 2007-03-06 | Sun Microsystems, Inc. | Universal session sharing |
US6650641B1 (en) | 1999-07-02 | 2003-11-18 | Cisco Technology, Inc. | Network address translation using a forwarding agent |
US6606315B1 (en) | 1999-07-02 | 2003-08-12 | Cisco Technology, Inc. | Synchronizing service instructions among forwarding agents using a service manager |
EP1067458A1 (en) | 1999-07-09 | 2001-01-10 | CANAL+ Société Anonyme | Running and testing applications |
US6374300B2 (en) | 1999-07-15 | 2002-04-16 | F5 Networks, Inc. | Method and system for storing load balancing information with an HTTP cookie |
US6567857B1 (en) | 1999-07-29 | 2003-05-20 | Sun Microsystems, Inc. | Method and apparatus for dynamic proxy insertion in network traffic flow |
US6892307B1 (en) | 1999-08-05 | 2005-05-10 | Sun Microsystems, Inc. | Single sign-on framework with trust-level mapping to authentication requirements |
JP2001051859A (ja) | 1999-08-11 | 2001-02-23 | Hitachi Ltd | 負荷情報連絡方法 |
ATE366437T1 (de) | 1999-08-13 | 2007-07-15 | Sun Microsystems Inc | Elegante verteilung des lastausgleichs für anwendungs-server |
WO2001014990A1 (en) | 1999-08-21 | 2001-03-01 | Webever, Inc. | Method for content delivery over the internet |
US8234650B1 (en) | 1999-08-23 | 2012-07-31 | Oracle America, Inc. | Approach for allocating resources to an apparatus |
US8019870B1 (en) | 1999-08-23 | 2011-09-13 | Oracle America, Inc. | Approach for allocating resources to an apparatus based on alternative resource requirements |
US8032634B1 (en) | 1999-08-23 | 2011-10-04 | Oracle America, Inc. | Approach for allocating resources to an apparatus based on resource requirements |
US7463648B1 (en) | 1999-08-23 | 2008-12-09 | Sun Microsystems, Inc. | Approach for allocating resources to an apparatus based on optional resource requirements |
US8179809B1 (en) | 1999-08-23 | 2012-05-15 | Oracle America, Inc. | Approach for allocating resources to an apparatus based on suspendable resource requirements |
US7703102B1 (en) | 1999-08-23 | 2010-04-20 | Oracle America, Inc. | Approach for allocating resources to an apparatus based on preemptable resource requirements |
US6339423B1 (en) | 1999-08-23 | 2002-01-15 | Entrust, Inc. | Multi-domain access control |
US6760758B1 (en) | 1999-08-31 | 2004-07-06 | Qwest Communications International, Inc. | System and method for coordinating network access |
US6772333B1 (en) | 1999-09-01 | 2004-08-03 | Dickens Coal Llc | Atomic session-start operation combining clear-text and encrypted sessions to provide id visibility to middleware such as load-balancers |
US6711618B1 (en) | 1999-09-03 | 2004-03-23 | Cisco Technology, Inc. | Apparatus and method for providing server state and attribute management for voice enabled web applications |
US6330560B1 (en) | 1999-09-10 | 2001-12-11 | International Business Machines Corporation | Multiple manager to multiple server IP locking mechanism in a directory-enabled network |
US7391865B2 (en) | 1999-09-20 | 2008-06-24 | Security First Corporation | Secure data parser method and system |
US6430622B1 (en) | 1999-09-22 | 2002-08-06 | International Business Machines Corporation | Methods, systems and computer program products for automated movement of IP addresses within a cluster |
US6742126B1 (en) | 1999-10-07 | 2004-05-25 | Cisco Technology, Inc. | Method and apparatus for identifying a data communications session |
US6748414B1 (en) | 1999-11-15 | 2004-06-08 | International Business Machines Corporation | Method and apparatus for the load balancing of non-identical servers in a network environment |
US6748413B1 (en) | 1999-11-15 | 2004-06-08 | International Business Machines Corporation | Method and apparatus for load balancing of parallel servers in a network environment |
US6952728B1 (en) * | 1999-12-01 | 2005-10-04 | Nortel Networks Limited | Providing desired service policies to subscribers accessing internet |
AU4710001A (en) | 1999-12-06 | 2001-06-12 | Warp Solutions, Inc. | System and method for enhancing operation of a web server cluster |
US6510464B1 (en) | 1999-12-14 | 2003-01-21 | Verizon Corporate Services Group Inc. | Secure gateway having routing feature |
US6564215B1 (en) | 1999-12-16 | 2003-05-13 | International Business Machines Corporation | Update support in database content management |
US6754706B1 (en) | 1999-12-16 | 2004-06-22 | Speedera Networks, Inc. | Scalable domain name system with persistence and load balancing |
US7269143B2 (en) | 1999-12-31 | 2007-09-11 | Ragula Systems (Fatpipe Networks) | Combining routers to increase concurrency and redundancy in external network access |
US6587866B1 (en) | 2000-01-10 | 2003-07-01 | Sun Microsystems, Inc. | Method for distributing packets to server nodes using network client affinity and packet distribution table |
US6820133B1 (en) | 2000-02-07 | 2004-11-16 | Netli, Inc. | System and method for high-performance delivery of web content using high-performance communications protocol between the first and second specialized intermediate nodes to optimize a measure of communications performance between the source and the destination |
US6725272B1 (en) | 2000-02-18 | 2004-04-20 | Netscaler, Inc. | Apparatus, method and computer program product for guaranteed content delivery incorporating putting a client on-hold based on response time |
JP3817429B2 (ja) | 2000-02-23 | 2006-09-06 | キヤノン株式会社 | 情報処理装置、情報処理方法及び情報処理プログラム |
US6877095B1 (en) | 2000-03-09 | 2005-04-05 | Microsoft Corporation | Session-state manager |
US8380854B2 (en) | 2000-03-21 | 2013-02-19 | F5 Networks, Inc. | Simplified method for processing multiple connections from the same client |
US6336137B1 (en) | 2000-03-31 | 2002-01-01 | Siebel Systems, Inc. | Web client-server system and method for incompatible page markup and presentation languages |
JP2001298449A (ja) * | 2000-04-12 | 2001-10-26 | Matsushita Electric Ind Co Ltd | セキュリティ通信方法、通信システム及びその装置 |
US6657974B1 (en) | 2000-04-14 | 2003-12-02 | International Business Machines Corporation | Method and apparatus for generating replies to address resolution protocol requests |
US8239445B1 (en) | 2000-04-25 | 2012-08-07 | International Business Machines Corporation | URL-based sticky routing tokens using a server-side cookie jar |
US6718383B1 (en) | 2000-06-02 | 2004-04-06 | Sun Microsystems, Inc. | High availability networking with virtual IP address failover |
WO2001092994A2 (en) | 2000-06-02 | 2001-12-06 | Kinetic Sciences Inc. | Method for biometric encryption of e-mail |
US8204082B2 (en) | 2000-06-23 | 2012-06-19 | Cloudshield Technologies, Inc. | Transparent provisioning of services over a network |
US7031267B2 (en) | 2000-12-21 | 2006-04-18 | 802 Systems Llc | PLD-based packet filtering methods with PLD configuration data update of filtering rules |
US7013482B1 (en) | 2000-07-07 | 2006-03-14 | 802 Systems Llc | Methods for packet filtering including packet invalidation if packet validity determination not timely made |
US7814180B2 (en) | 2000-07-13 | 2010-10-12 | Infoblox, Inc. | Domain name service server |
US6591262B1 (en) | 2000-08-01 | 2003-07-08 | International Business Machines Corporation | Collaborative workload management incorporating work unit attributes in resource allocation |
US6996617B1 (en) | 2000-08-17 | 2006-02-07 | International Business Machines Corporation | Methods, systems and computer program products for non-disruptively transferring a virtual internet protocol address between communication protocol stacks |
US6996631B1 (en) | 2000-08-17 | 2006-02-07 | International Business Machines Corporation | System having a single IP address associated with communication protocol stacks in a cluster of processing systems |
US7120697B2 (en) | 2001-05-22 | 2006-10-10 | International Business Machines Corporation | Methods, systems and computer program products for port assignments of multiple application instances using the same source IP address |
US6941384B1 (en) | 2000-08-17 | 2005-09-06 | International Business Machines Corporation | Methods, systems and computer program products for failure recovery for routed virtual internet protocol addresses |
US6954784B2 (en) | 2000-08-17 | 2005-10-11 | International Business Machines Corporation | Systems, method and computer program products for cluster workload distribution without preconfigured port identification by utilizing a port of multiple ports associated with a single IP address |
CN1200368C (zh) | 2000-08-18 | 2005-05-04 | 清华大学 | 一种将tcp用于不可靠传输网络的局域重传方法 |
US7711790B1 (en) | 2000-08-24 | 2010-05-04 | Foundry Networks, Inc. | Securing an accessible computer system |
US7010605B1 (en) | 2000-08-29 | 2006-03-07 | Microsoft Corporation | Method and apparatus for encoding and storing session data |
US6772334B1 (en) | 2000-08-31 | 2004-08-03 | Networks Associates, Inc. | System and method for preventing a spoofed denial of service attack in a networked computing environment |
US7398317B2 (en) | 2000-09-07 | 2008-07-08 | Mazu Networks, Inc. | Thwarting connection-based denial of service attacks |
JP2002091936A (ja) | 2000-09-11 | 2002-03-29 | Hitachi Ltd | 負荷分散装置及び負荷見積もり方法 |
US9525696B2 (en) | 2000-09-25 | 2016-12-20 | Blue Coat Systems, Inc. | Systems and methods for processing data flows |
US7454500B1 (en) | 2000-09-26 | 2008-11-18 | Foundry Networks, Inc. | Global server load balancing |
US6813635B1 (en) | 2000-10-13 | 2004-11-02 | Hewlett-Packard Development Company, L.P. | System and method for distributing load among redundant independent stateful world wide web server sites |
US6965930B1 (en) | 2000-10-20 | 2005-11-15 | International Business Machines Corporation | Methods, systems and computer program products for workload distribution based on end-to-end quality of service |
US6963917B1 (en) | 2000-10-20 | 2005-11-08 | International Business Machines Corporation | Methods, systems and computer program products for policy based distribution of workload to subsets of potential servers |
WO2002035359A2 (en) | 2000-10-26 | 2002-05-02 | Prismedia Networks, Inc. | Method and system for managing distributed content and related metadata |
US7039717B2 (en) | 2000-11-10 | 2006-05-02 | Nvidia Corporation | Internet modem streaming socket method |
US7739398B1 (en) | 2000-11-21 | 2010-06-15 | Avaya Inc. | Dynamic load balancer |
US20020078164A1 (en) | 2000-12-13 | 2002-06-20 | Marnetics Ltd. | System and method for data transfer acceleration in a TCP network environment |
US6978376B2 (en) * | 2000-12-15 | 2005-12-20 | Authentica, Inc. | Information security architecture for encrypting documents for remote access while maintaining access control |
US7218722B1 (en) | 2000-12-18 | 2007-05-15 | Westell Technologies, Inc. | System and method for providing call management services in a virtual private network using voice or video over internet protocol |
US6779033B1 (en) | 2000-12-28 | 2004-08-17 | Networks Associates Technology, Inc. | System and method for transacting a validated application session in a networked computing environment |
US20020095587A1 (en) | 2001-01-17 | 2002-07-18 | International Business Machines Corporation | Smart card with integrated biometric sensor |
US7301899B2 (en) | 2001-01-31 | 2007-11-27 | Comverse Ltd. | Prevention of bandwidth congestion in a denial of service or other internet-based attack |
US7155515B1 (en) | 2001-02-06 | 2006-12-26 | Microsoft Corporation | Distributed load balancing for single entry-point systems |
US7149817B2 (en) | 2001-02-15 | 2006-12-12 | Neteffect, Inc. | Infiniband TM work queue to TCP/IP translation |
WO2002069575A1 (en) | 2001-02-28 | 2002-09-06 | Gotham Networks, Inc. | Methods and apparatus for network routing device |
US7454523B2 (en) | 2001-03-16 | 2008-11-18 | Intel Corporation | Geographic location determination including inspection of network address |
US7313822B2 (en) | 2001-03-16 | 2007-12-25 | Protegrity Corporation | Application-layer security method and system |
US7533409B2 (en) | 2001-03-22 | 2009-05-12 | Corente, Inc. | Methods and systems for firewalling virtual private networks |
JP2002290459A (ja) | 2001-03-27 | 2002-10-04 | Nec Corp | パケット転送装置および方法 |
AU2002256018A1 (en) | 2001-03-29 | 2002-10-15 | Accenture Llp | Overall risk in a system |
US7349970B2 (en) | 2001-03-29 | 2008-03-25 | International Business Machines Corporation | Workload management of stateful program entities |
US20020143954A1 (en) | 2001-04-03 | 2002-10-03 | Aiken John Andrew | Methods, systems and computer program products for content-based routing via active TCP connection transfer |
US20020143953A1 (en) | 2001-04-03 | 2002-10-03 | International Business Machines Corporation | Automatic affinity within networks performing workload balancing |
US20020188754A1 (en) | 2001-04-27 | 2002-12-12 | Foster Michael S. | Method and system for domain addressing in a communications network |
US7711831B2 (en) | 2001-05-22 | 2010-05-04 | International Business Machines Corporation | Methods, systems and computer program products for source address selection |
US6839700B2 (en) | 2001-05-23 | 2005-01-04 | International Business Machines Corporation | Load balancing content requests using dynamic document generation cost information |
GB0113844D0 (en) | 2001-06-07 | 2001-08-01 | Marconi Comm Ltd | Real time processing |
CA2450434A1 (en) | 2001-06-18 | 2002-12-27 | Tatara Systems, Inc. | Method and apparatus for converging local area and wide area wireless data networks |
US6944678B2 (en) | 2001-06-18 | 2005-09-13 | Transtech Networks Usa, Inc. | Content-aware application switch and methods thereof |
US8180921B2 (en) | 2001-06-19 | 2012-05-15 | Intel Corporation | Method and apparatus for load balancing |
US7343399B2 (en) | 2001-06-25 | 2008-03-11 | Nortel Networks Limited | Apparatus and method for managing internet resource requests |
US6922727B2 (en) | 2001-06-26 | 2005-07-26 | International Business Machines Corporation | Method and system for managing parallel data transfer through multiple sockets to provide scalability to a computer network |
ES2235065T3 (es) * | 2001-07-03 | 2005-07-01 | Telefonaktiebolaget Lm Ericsson (Publ) | Metodo y sistema para gestionar multiples registros. |
US7305492B2 (en) | 2001-07-06 | 2007-12-04 | Juniper Networks, Inc. | Content service aggregation system |
US7509369B1 (en) | 2001-07-11 | 2009-03-24 | Swsoft Holdings, Ltd. | Balancing shared servers in virtual environments |
US7366794B2 (en) | 2001-07-13 | 2008-04-29 | Certicom Corp. | Method and apparatus for resolving a web site address when connected with a virtual private network (VPN) |
US7380279B2 (en) | 2001-07-16 | 2008-05-27 | Lenel Systems International, Inc. | System for integrating security and access for facilities and information systems |
US7072958B2 (en) | 2001-07-30 | 2006-07-04 | Intel Corporation | Identifying network management policies |
US20040187032A1 (en) | 2001-08-07 | 2004-09-23 | Christoph Gels | Method, data carrier, computer system and computer progamme for the identification and defence of attacks in server of network service providers and operators |
US7245632B2 (en) | 2001-08-10 | 2007-07-17 | Sun Microsystems, Inc. | External storage for modular computer systems |
US7039037B2 (en) | 2001-08-20 | 2006-05-02 | Wang Jiwei R | Method and apparatus for providing service selection, redirection and managing of subscriber access to multiple WAP (Wireless Application Protocol) gateways simultaneously |
US6895590B2 (en) | 2001-09-26 | 2005-05-17 | Intel Corporation | Method and system enabling both legacy and new applications to access an InfiniBand fabric via a socket API |
US7822871B2 (en) | 2001-09-28 | 2010-10-26 | Level 3 Communications, Llc | Configurable adaptive global traffic control and management |
FR2830397B1 (fr) | 2001-09-28 | 2004-12-03 | Evolium Sas | Procede pour ameliorer les performances d'un protocole de transmission utilisant un temporisateur de retransmission |
US20040015243A1 (en) | 2001-09-28 | 2004-01-22 | Dwyane Mercredi | Biometric authentication |
US7822970B2 (en) | 2001-10-24 | 2010-10-26 | Microsoft Corporation | Method and apparatus for regulating access to a computer via a computer network |
JP3730563B2 (ja) | 2001-11-02 | 2006-01-05 | キヤノンソフトウェア株式会社 | セッション管理装置およびセッション管理方法およびプログラムおよび記録媒体 |
US7958199B2 (en) | 2001-11-02 | 2011-06-07 | Oracle America, Inc. | Switching systems and methods for storage management in digital networks |
US7370353B2 (en) | 2001-11-05 | 2008-05-06 | Cisco Technology, Inc. | System and method for managing dynamic network sessions |
US20030101349A1 (en) | 2001-11-26 | 2003-05-29 | Po-Tong Wang | Method of using cryptography with biometric verification on security authentication |
US7512980B2 (en) | 2001-11-30 | 2009-03-31 | Lancope, Inc. | Packet sampling flow-based detection of network intrusions |
JP2003186776A (ja) | 2001-12-13 | 2003-07-04 | Hitachi Ltd | 輻輳制御システム |
AU2003201231A1 (en) | 2002-01-04 | 2003-07-30 | Lab 7 Networks, Inc. | Communication security system |
US6801940B1 (en) | 2002-01-10 | 2004-10-05 | Networks Associates Technology, Inc. | Application performance monitoring expert |
US7058718B2 (en) | 2002-01-15 | 2006-06-06 | International Business Machines Corporation | Blended SYN cookies |
US8090866B1 (en) | 2002-01-18 | 2012-01-03 | Cisco Technology, Inc. | TCP proxy connection management in a gigabit environment |
US20030140232A1 (en) | 2002-01-21 | 2003-07-24 | De Lanauze Pierre | Method and apparatus for secure encryption of data |
US7076555B1 (en) | 2002-01-23 | 2006-07-11 | Novell, Inc. | System and method for transparent takeover of TCP connections between servers |
CN1714545A (zh) | 2002-01-24 | 2005-12-28 | 艾维西系统公司 | 容错的数据通信的方法和系统 |
WO2003065252A1 (en) | 2002-02-01 | 2003-08-07 | John Fairweather | System and method for managing memory |
AU2003214987A1 (en) | 2002-02-04 | 2003-09-02 | Intel Corporation | Service processor having a queue operations unit and an output scheduler |
US7584262B1 (en) | 2002-02-11 | 2009-09-01 | Extreme Networks | Method of and system for allocating resources to resource requests based on application of persistence policies |
US7228359B1 (en) | 2002-02-12 | 2007-06-05 | Cisco Technology, Inc. | Methods and apparatus for providing domain name service based on a client identifier |
CA2372092C (en) | 2002-02-15 | 2010-04-06 | Cognos Incorporated | A queuing model for a plurality of servers |
US8260907B2 (en) | 2002-04-04 | 2012-09-04 | Ca, Inc. | Methods, systems and computer program products for triggered data collection and correlation of status and/or state in distributed data processing systems |
US20030195962A1 (en) | 2002-04-10 | 2003-10-16 | Satoshi Kikuchi | Load balancing of servers |
US20040153553A1 (en) | 2002-04-17 | 2004-08-05 | Gregory Chotkowski | System and method for use of mobile wireless devices for authentication of personal identification and registration with security network |
US7707295B1 (en) | 2002-05-03 | 2010-04-27 | Foundry Networks, Inc. | Connection rate limiting |
US8554929B1 (en) | 2002-05-03 | 2013-10-08 | Foundry Networks, Llc | Connection rate limiting for server load balancing and transparent cache switching |
KR100976750B1 (ko) | 2002-05-09 | 2010-08-18 | 오니시스 그룹 엘.에이., 엘엘시 | 암호 장치 및 방법, 암호 시스템 |
US20030219121A1 (en) | 2002-05-24 | 2003-11-27 | Ncipher Corporation, Ltd | Biometric key generation for secure storage |
US7340535B1 (en) | 2002-06-04 | 2008-03-04 | Fortinet, Inc. | System and method for controlling routing in a virtual router system |
US6888807B2 (en) | 2002-06-10 | 2005-05-03 | Ipr Licensing, Inc. | Applying session services based on packet flows |
US7277963B2 (en) | 2002-06-26 | 2007-10-02 | Sandvine Incorporated | TCP proxy providing application layer modifications |
US6744774B2 (en) | 2002-06-27 | 2004-06-01 | Nokia, Inc. | Dynamic routing over secure networks |
KR20050083594A (ko) | 2002-07-03 | 2005-08-26 | 오로라 와이어리스 테크놀로지즈 리미티드 | 바이오메트릭 개인키 인프라스트럭처 |
US7254133B2 (en) | 2002-07-15 | 2007-08-07 | Intel Corporation | Prevention of denial of service attacks |
US20040034784A1 (en) | 2002-08-15 | 2004-02-19 | Fedronic Dominique Louis Joseph | System and method to facilitate separate cardholder and system access to resources controlled by a smart card |
US7069438B2 (en) | 2002-08-19 | 2006-06-27 | Sowl Associates, Inc. | Establishing authenticated network connections |
US7430755B1 (en) | 2002-09-03 | 2008-09-30 | Fs Networks, Inc. | Method and system for providing persistence in a secure network access |
US7484089B1 (en) | 2002-09-06 | 2009-01-27 | Citicorp Developmemt Center, Inc. | Method and system for certificate delivery and management |
US7155514B1 (en) | 2002-09-12 | 2006-12-26 | Dorian Software Creations, Inc. | Apparatus for event log management |
US7337241B2 (en) | 2002-09-27 | 2008-02-26 | Alacritech, Inc. | Fast-path apparatus for receiving data corresponding to a TCP connection |
US7506360B1 (en) | 2002-10-01 | 2009-03-17 | Mirage Networks, Inc. | Tracking communication for determining device states |
US7236457B2 (en) | 2002-10-04 | 2007-06-26 | Intel Corporation | Load balancing in a network |
US7487248B2 (en) | 2002-10-08 | 2009-02-03 | Brian Moran | Method and system for transferring a computer session between devices |
US7391748B2 (en) | 2002-10-15 | 2008-06-24 | Cisco Technology, Inc. | Configuration of enterprise gateways |
US7792113B1 (en) | 2002-10-21 | 2010-09-07 | Cisco Technology, Inc. | Method and system for policy-based forwarding |
US7310686B2 (en) | 2002-10-27 | 2007-12-18 | Paxfire, Inc. | Apparatus and method for transparent selection of an Internet server based on geographic location of a user |
US8176186B2 (en) | 2002-10-30 | 2012-05-08 | Riverbed Technology, Inc. | Transaction accelerator for client-server communications systems |
US7406087B1 (en) | 2002-11-08 | 2008-07-29 | Juniper Networks, Inc. | Systems and methods for accelerating TCP/IP data stream processing |
US7269348B1 (en) | 2002-11-18 | 2007-09-11 | At&T Corp. | Router having dual propagation paths for packets |
US7386889B2 (en) | 2002-11-18 | 2008-06-10 | Trusted Network Technologies, Inc. | System and method for intrusion prevention in a communications network |
US7376969B1 (en) | 2002-12-02 | 2008-05-20 | Arcsight, Inc. | Real time monitoring and analysis of events from multiple network security devices |
US7945673B2 (en) | 2002-12-06 | 2011-05-17 | Hewlett-Packard Development Company, L.P. | Reduced wireless internet connect time |
DE10259755A1 (de) | 2002-12-19 | 2004-07-08 | Bt Ingnite Gmbh & Co | Automatische Terminal- oder Nutzeridentifizierung in Netzwerken |
US7379958B2 (en) | 2002-12-30 | 2008-05-27 | Nokia Corporation | Automatic and dynamic service information delivery from service providers to data terminals in an access point network |
US6904439B2 (en) | 2002-12-31 | 2005-06-07 | International Business Machines Corporation | System and method for aggregating user project information in a multi-server system |
US7234161B1 (en) | 2002-12-31 | 2007-06-19 | Nvidia Corporation | Method and apparatus for deflecting flooding attacks |
US7194480B2 (en) | 2002-12-31 | 2007-03-20 | International Business Machines Corporation | System and method for invoking methods on place objects in a distributed environment |
US7089231B2 (en) | 2002-12-31 | 2006-08-08 | International Business Machines Corporation | System and method for searching a plurality of databases distributed across a multi server domain |
US7269850B2 (en) | 2002-12-31 | 2007-09-11 | Intel Corporation | Systems and methods for detecting and tracing denial of service attacks |
US7167874B2 (en) | 2003-01-22 | 2007-01-23 | International Business Machines Corporation | System and method for command line administration of project spaces using XML objects |
US20040141005A1 (en) | 2003-01-22 | 2004-07-22 | International Business Machines Corporation | System and method for integrating online meeting materials in a place |
US7835363B2 (en) | 2003-02-12 | 2010-11-16 | Broadcom Corporation | Method and system to provide blade server load balancing using spare link bandwidth |
CA2419305C (en) | 2003-02-20 | 2006-03-21 | Ibm Canada Limited - Ibm Canada Limitee | Unified logging service for distributed applications |
US6950651B2 (en) | 2003-02-27 | 2005-09-27 | Avaya Technology Corp | Location-based forwarding over multiple networks |
US20040210623A1 (en) | 2003-03-06 | 2004-10-21 | Aamer Hydrie | Virtual network topology generation |
US7355992B2 (en) | 2003-03-18 | 2008-04-08 | Harris Corporation | Relay for extended range point-to-point wireless packetized data communication system |
WO2004084085A1 (ja) | 2003-03-18 | 2004-09-30 | Fujitsu Limited | サイト間連携による負荷分散システム |
US7188220B2 (en) | 2003-03-24 | 2007-03-06 | American Megatrends, Inc. | Method and system for managing the contents of an event log stored within a computer |
US20040210663A1 (en) | 2003-04-15 | 2004-10-21 | Paul Phillips | Object-aware transport-layer network processing engine |
US7308499B2 (en) | 2003-04-30 | 2007-12-11 | Avaya Technology Corp. | Dynamic load balancing for enterprise IP traffic |
US7088989B2 (en) | 2003-05-07 | 2006-08-08 | Nokia Corporation | Mobile user location privacy solution based on the use of multiple identities |
JP2004356816A (ja) | 2003-05-28 | 2004-12-16 | Hitachi Ltd | 通信システム、通信端末及び通信端末の動作プログラム |
US7246156B2 (en) | 2003-06-09 | 2007-07-17 | Industrial Defender, Inc. | Method and computer program product for monitoring an industrial network |
US20050108518A1 (en) | 2003-06-10 | 2005-05-19 | Pandya Ashish A. | Runtime adaptable security processor |
US7356577B2 (en) | 2003-06-12 | 2008-04-08 | Samsung Electronics Co., Ltd. | System and method for providing an online software upgrade in load sharing servers |
US20040254919A1 (en) | 2003-06-13 | 2004-12-16 | Microsoft Corporation | Log parser |
US7181524B1 (en) | 2003-06-13 | 2007-02-20 | Veritas Operating Corporation | Method and apparatus for balancing a load among a plurality of servers in a computer system |
CA2432483C (en) | 2003-06-17 | 2010-04-13 | Ibm Canada Limited - Ibm Canada Limitee | Multiple identity management in an electronic commerce site |
US7613822B2 (en) | 2003-06-30 | 2009-11-03 | Microsoft Corporation | Network load balancing with session information |
US7590736B2 (en) | 2003-06-30 | 2009-09-15 | Microsoft Corporation | Flexible network load balancing |
US7984129B2 (en) | 2003-07-11 | 2011-07-19 | Computer Associates Think, Inc. | System and method for high-performance profiling of application events |
US20050027862A1 (en) | 2003-07-18 | 2005-02-03 | Nguyen Tien Le | System and methods of cooperatively load-balancing clustered servers |
US7463590B2 (en) | 2003-07-25 | 2008-12-09 | Reflex Security, Inc. | System and method for threat detection and response |
US7133916B2 (en) | 2003-07-28 | 2006-11-07 | Etelemetry, Inc. | Asset tracker for identifying user of current internet protocol addresses within an organization's communications network |
KR100568231B1 (ko) | 2003-08-11 | 2006-04-07 | 삼성전자주식회사 | 도메인 네임 서비스 시스템 및 방법 |
US8938553B2 (en) | 2003-08-12 | 2015-01-20 | Riverbed Technology, Inc. | Cooperative proxy auto-discovery and connection interception through network address translation |
US7385923B2 (en) | 2003-08-14 | 2008-06-10 | International Business Machines Corporation | Method, system and article for improved TCP performance during packet reordering |
US7467202B2 (en) | 2003-09-10 | 2008-12-16 | Fidelis Security Systems | High-performance network content analysis platform |
KR100570836B1 (ko) | 2003-10-14 | 2006-04-13 | 한국전자통신연구원 | 부하 분산 세션 레이블을 이용한 서버간의 부하 분산장치 및 방법 |
CN100456690C (zh) | 2003-10-14 | 2009-01-28 | 北京邮电大学 | 基于全球网络定位的全局负载均衡方法 |
US7237267B2 (en) | 2003-10-16 | 2007-06-26 | Cisco Technology, Inc. | Policy-based network security management |
US7472190B2 (en) | 2003-10-17 | 2008-12-30 | International Business Machines Corporation | Method, system and program product for preserving a user state in an application |
US8122152B2 (en) | 2003-10-23 | 2012-02-21 | Trustwave Holdings, Inc. | Systems and methods for network user resolution |
JP2005141441A (ja) | 2003-11-06 | 2005-06-02 | Hitachi Ltd | 負荷分散システム |
US20050114321A1 (en) | 2003-11-26 | 2005-05-26 | Destefano Jason M. | Method and apparatus for storing and reporting summarized log data |
US20050125276A1 (en) * | 2003-12-05 | 2005-06-09 | Grigore Rusu | System and method for event tracking across plural contact mediums |
KR100623552B1 (ko) | 2003-12-29 | 2006-09-18 | 한국정보보호진흥원 | 자동침입대응시스템에서의 위험수준 분석 방법 |
JP2007523401A (ja) | 2003-12-31 | 2007-08-16 | アプライド アイデンティティー | コンピュータトランザクションの発信者が本人であることを立証する方法と装置 |
US20050213586A1 (en) | 2004-02-05 | 2005-09-29 | David Cyganski | System and method to increase network throughput |
US7607021B2 (en) | 2004-03-09 | 2009-10-20 | Cisco Technology, Inc. | Isolation approach for network users associated with elevated risk |
US7881215B1 (en) | 2004-03-18 | 2011-02-01 | Avaya Inc. | Stateful and stateless data processing |
US20050240989A1 (en) | 2004-04-23 | 2005-10-27 | Seoul National University Industry Foundation | Method of sharing state between stateful inspection firewalls on mep network |
US20060064478A1 (en) | 2004-05-03 | 2006-03-23 | Level 3 Communications, Inc. | Geo-locating load balancing |
US20060112170A1 (en) | 2004-05-03 | 2006-05-25 | Craig Sirkin | Geo-locating load balancing |
US7584301B1 (en) | 2004-05-06 | 2009-09-01 | Foundry Networks, Inc. | Host-level policies for global server load balancing |
US8423758B2 (en) | 2004-05-10 | 2013-04-16 | Tara Chand Singhal | Method and apparatus for packet source validation architecture system for enhanced internet security |
US7391725B2 (en) | 2004-05-18 | 2008-06-24 | Christian Huitema | System and method for defeating SYN attacks |
US8179786B2 (en) | 2004-05-19 | 2012-05-15 | Mosaid Technologies Incorporated | Dynamic traffic rearrangement and restoration for MPLS networks with differentiated services capabilities |
CA2509706A1 (en) | 2004-06-17 | 2005-12-17 | Ronald Neville Langford | Authenticating images identified by a software application |
US20060069774A1 (en) | 2004-06-17 | 2006-03-30 | International Business Machine Corporation | Method and apparatus for managing data center using Web services |
FI20040888A0 (fi) | 2004-06-28 | 2004-06-28 | Nokia Corp | Palvelujen ohjaaminen pakettivälitteisessä dataverkossa |
JP4353056B2 (ja) | 2004-07-06 | 2009-10-28 | パナソニック株式会社 | 移動ルータ、ホームエージェント、ルータ位置登録方法、及び移動ネットワークシステム |
JP4313266B2 (ja) | 2004-07-29 | 2009-08-12 | 株式会社エヌ・ティ・ティ・ドコモ | サーバ装置、その制御方法およびコネクション確立方法 |
US7360237B2 (en) | 2004-07-30 | 2008-04-15 | Lehman Brothers Inc. | System and method for secure network connectivity |
TW200606667A (en) | 2004-08-13 | 2006-02-16 | Reallusion Inc | System and method of converting and sharing data |
US7423977B1 (en) | 2004-08-23 | 2008-09-09 | Foundry Networks Inc. | Smoothing algorithm for round trip time (RTT) measurements |
JP4555025B2 (ja) | 2004-08-25 | 2010-09-29 | 株式会社エヌ・ティ・ティ・ドコモ | サーバ装置、クライアント装置および処理実行方法 |
US8112548B2 (en) | 2004-09-28 | 2012-02-07 | Yahoo! Inc. | Method for providing a clip for viewing at a remote device |
US7292592B2 (en) * | 2004-10-08 | 2007-11-06 | Telefonaktiebolaget Lm Ericsson (Publ) | Home network-assisted selection of intermediary network for a roaming mobile terminal |
TWI249314B (en) | 2004-10-15 | 2006-02-11 | Ind Tech Res Inst | Biometrics-based cryptographic key generation system and method |
US20060092950A1 (en) | 2004-10-28 | 2006-05-04 | Cisco Technology, Inc. | Architecture and method having redundancy in active/active stateful devices based on symmetric global load balancing protocol (sGLBP) |
US20060098645A1 (en) | 2004-11-09 | 2006-05-11 | Lev Walkin | System and method for providing client identifying information to a server |
US8458467B2 (en) * | 2005-06-21 | 2013-06-04 | Cisco Technology, Inc. | Method and apparatus for adaptive application message payload content transformation in a network infrastructure element |
US7634564B2 (en) | 2004-11-18 | 2009-12-15 | Nokia Corporation | Systems and methods for invoking a service from a plurality of event servers in a network |
EP1672460B1 (en) | 2004-12-15 | 2009-11-25 | STMicroelectronics (Research & Development) Limited | Computer user detection apparatus |
US20060173977A1 (en) | 2005-02-03 | 2006-08-03 | Next Generation Broadband | A process for dynamic user control on always-on ip network |
GB0502383D0 (en) * | 2005-02-04 | 2005-03-16 | Nokia Corp | User identities |
US7613193B2 (en) | 2005-02-04 | 2009-11-03 | Nokia Corporation | Apparatus, method and computer program product to reduce TCP flooding attacks while conserving wireless network bandwidth |
US20060190997A1 (en) * | 2005-02-22 | 2006-08-24 | Mahajani Amol V | Method and system for transparent in-line protection of an electronic communications network |
US20060187901A1 (en) | 2005-02-23 | 2006-08-24 | Lucent Technologies Inc. | Concurrent dual-state proxy server, method of providing a proxy and SIP network employing the same |
US8533473B2 (en) | 2005-03-04 | 2013-09-10 | Oracle America, Inc. | Method and apparatus for reducing bandwidth usage in secure transactions |
US7155071B2 (en) * | 2005-03-08 | 2006-12-26 | Harris Corporation | Device for Mach-Zehnder modulator bias control for duobinary optical transmission and associated system and method |
US20060206586A1 (en) | 2005-03-09 | 2006-09-14 | Yibei Ling | Method, apparatus and system for a location-based uniform resource locator |
WO2006098033A1 (ja) | 2005-03-17 | 2006-09-21 | Fujitsu Limited | 負荷分散用通信装置及び負荷分散管理装置 |
KR101141645B1 (ko) | 2005-03-29 | 2012-05-17 | 엘지전자 주식회사 | 데이터 블록 전송 제어 방법 |
US7551574B1 (en) | 2005-03-31 | 2009-06-23 | Trapeze Networks, Inc. | Method and apparatus for controlling wireless network access privileges based on wireless client location |
US7606147B2 (en) | 2005-04-13 | 2009-10-20 | Zeugma Systems Inc. | Application aware traffic shaping service node positioned between the access and core networks |
US7990847B1 (en) | 2005-04-15 | 2011-08-02 | Cisco Technology, Inc. | Method and system for managing servers in a server cluster |
KR100642935B1 (ko) | 2005-05-06 | 2006-11-10 | (주)아이디스 | 네임 서비스 시스템 및 방법 |
US7826487B1 (en) | 2005-05-09 | 2010-11-02 | F5 Network, Inc | Coalescing acknowledgement responses to improve network communications |
JP4101251B2 (ja) | 2005-05-24 | 2008-06-18 | 富士通株式会社 | 負荷分散プログラム、負荷分散方法、及び負荷分散装置 |
IES20050376A2 (en) | 2005-06-03 | 2006-08-09 | Asavie R & D Ltd | Secure network communication system and method |
US20060277303A1 (en) | 2005-06-06 | 2006-12-07 | Nikhil Hegde | Method to improve response time when clients use network services |
JP4557815B2 (ja) | 2005-06-13 | 2010-10-06 | 富士通株式会社 | 中継装置および中継システム |
US7774402B2 (en) | 2005-06-29 | 2010-08-10 | Visa U.S.A. | Adaptive gateway for switching transactions and data on unreliable networks using context-based rules |
US7609625B2 (en) | 2005-07-06 | 2009-10-27 | Fortinet, Inc. | Systems and methods for detecting and preventing flooding attacks in a network environment |
US20070011300A1 (en) | 2005-07-11 | 2007-01-11 | Hollebeek Robert J | Monitoring method and system for monitoring operation of resources |
US7496566B2 (en) | 2005-08-03 | 2009-02-24 | Intenational Business Machines Corporation | Priority based LDAP service publication mechanism |
US8160614B2 (en) | 2005-08-05 | 2012-04-17 | Targus Information Corporation | Automated concierge system and method |
US20070067838A1 (en) | 2005-09-19 | 2007-03-22 | Nokia Corporation | System, mobile node, network entity, method, and computer program product for network firewall configuration and control in a mobile communication system |
US7552199B2 (en) | 2005-09-22 | 2009-06-23 | International Business Machines Corporation | Method for automatic skill-gap evaluation |
EP1934705A4 (en) | 2005-09-23 | 2010-06-16 | Barclays Capital Inc | SYSTEM AND METHOD FOR EVENT RECORDING EXPERTISE |
US20070086382A1 (en) | 2005-10-17 | 2007-04-19 | Vidya Narayanan | Methods of network access configuration in an IP network |
JP4650203B2 (ja) | 2005-10-20 | 2011-03-16 | 株式会社日立製作所 | 情報システム及び管理計算機 |
RU2390791C2 (ru) | 2005-11-07 | 2010-05-27 | Квэлкомм Инкорпорейтед | Позиционирование для wlan и других беспроводных сетей |
US7606232B1 (en) | 2005-11-09 | 2009-10-20 | Juniper Networks, Inc. | Dynamic virtual local area network (VLAN) interface configuration |
US7653633B2 (en) | 2005-11-12 | 2010-01-26 | Logrhythm, Inc. | Log collection, structuring and processing |
US20070118881A1 (en) | 2005-11-18 | 2007-05-24 | Julian Mitchell | Application control at a policy server |
US20070180101A1 (en) | 2006-01-10 | 2007-08-02 | A10 Networks Inc. | System and method for storing data-network activity information |
US7694011B2 (en) | 2006-01-17 | 2010-04-06 | Cisco Technology, Inc. | Techniques for load balancing over a cluster of subscriber-aware application servers |
CN100452041C (zh) | 2006-01-18 | 2009-01-14 | 腾讯科技(深圳)有限公司 | 一种读取网络资源站点信息的方法及其系统 |
US7610622B2 (en) | 2006-02-06 | 2009-10-27 | Cisco Technology, Inc. | Supporting options in a communication session using a TCP cookie |
US7675854B2 (en) | 2006-02-21 | 2010-03-09 | A10 Networks, Inc. | System and method for an adaptive TCP SYN cookie with time validation |
US7808994B1 (en) | 2006-02-22 | 2010-10-05 | Juniper Networks, Inc. | Forwarding traffic to VLAN interfaces built based on subscriber information strings |
US7492766B2 (en) | 2006-02-22 | 2009-02-17 | Juniper Networks, Inc. | Dynamic building of VLAN interfaces based on subscriber information strings |
US7639789B2 (en) | 2006-03-01 | 2009-12-29 | Sony Ericsson Mobile Communications Ab | Contacting identity sharing |
US8832247B2 (en) | 2006-03-24 | 2014-09-09 | Blue Coat Systems, Inc. | Methods and systems for caching content at multiple levels |
JP5108244B2 (ja) | 2006-03-30 | 2012-12-26 | 株式会社エヌ・ティ・ティ・ドコモ | 通信端末及び再送制御方法 |
US8539075B2 (en) | 2006-04-21 | 2013-09-17 | International Business Machines Corporation | On-demand global server load balancing system and method of use |
US7680478B2 (en) * | 2006-05-04 | 2010-03-16 | Telefonaktiebolaget Lm Ericsson (Publ) | Inactivity monitoring for different traffic or service classifications |
US8151322B2 (en) | 2006-05-16 | 2012-04-03 | A10 Networks, Inc. | Systems and methods for user access authentication based on network access point |
US7613829B2 (en) | 2006-05-22 | 2009-11-03 | Nokia Corporation | Proximity enforcement in heterogeneous network environments |
US20070274285A1 (en) | 2006-05-23 | 2007-11-29 | Werber Ryan A | System and method for configuring a router |
KR100830413B1 (ko) | 2006-05-25 | 2008-05-20 | (주)씨디네트웍스 | 클라이언트용 서버 접속 시스템과 그를 포함하는 로드밸런싱 네트워크 시스템 |
US20070283429A1 (en) | 2006-05-30 | 2007-12-06 | A10 Networks Inc. | Sequence number based TCP session proxy |
US7552126B2 (en) | 2006-06-02 | 2009-06-23 | A10 Networks, Inc. | Access record gateway |
GB0611249D0 (en) | 2006-06-07 | 2006-07-19 | Nokia Corp | Communication system |
US20070288247A1 (en) * | 2006-06-11 | 2007-12-13 | Michael Mackay | Digital life server |
US20070294209A1 (en) * | 2006-06-20 | 2007-12-20 | Lyle Strub | Communication network application activity monitoring and control |
US20090313379A1 (en) | 2006-07-03 | 2009-12-17 | Telefonaktiebolaget L M Ericsson (Publ) | Topology Hiding Of Mobile Agents |
US7970934B1 (en) * | 2006-07-31 | 2011-06-28 | Google Inc. | Detecting events of interest |
EP1885096B1 (en) | 2006-08-01 | 2012-07-04 | Alcatel Lucent | Application session border element |
JP4916809B2 (ja) | 2006-08-04 | 2012-04-18 | 日本電信電話株式会社 | 負荷分散制御装置および方法 |
US7580417B2 (en) | 2006-08-07 | 2009-08-25 | Cisco Technology, Inc. | Method and apparatus for load balancing over virtual network links |
JP4757163B2 (ja) | 2006-09-29 | 2011-08-24 | 富士通株式会社 | レイヤ2ループ検出装置、レイヤ2ループ検出システムおよびレイヤ2ループ検出方法 |
US8347090B2 (en) | 2006-10-16 | 2013-01-01 | Nokia Corporation | Encryption of identifiers in a communication system |
US8312507B2 (en) | 2006-10-17 | 2012-11-13 | A10 Networks, Inc. | System and method to apply network traffic policy to an application session |
US7716378B2 (en) | 2006-10-17 | 2010-05-11 | A10 Networks, Inc. | System and method to associate a private user identity with a public user identity |
US8584199B1 (en) | 2006-10-17 | 2013-11-12 | A10 Networks, Inc. | System and method to apply a packet routing policy to an application session |
US8108550B2 (en) | 2006-10-25 | 2012-01-31 | Hewlett-Packard Development Company, L.P. | Real-time identification of an asset model and categorization of an asset to assist in computer network security |
JP4680866B2 (ja) | 2006-10-31 | 2011-05-11 | 株式会社日立製作所 | ゲートウェイ負荷分散機能を備えたパケット転送装置 |
JPWO2008053954A1 (ja) | 2006-11-01 | 2010-02-25 | パナソニック株式会社 | 通信制御方法、通信システム、ホームエージェント割り当てサーバ及びモバイルノード |
US7647635B2 (en) | 2006-11-02 | 2010-01-12 | A10 Networks, Inc. | System and method to resolve an identity interactively |
US8584195B2 (en) * | 2006-11-08 | 2013-11-12 | Mcafee, Inc | Identities correlation infrastructure for passive network monitoring |
US7974286B2 (en) | 2006-12-04 | 2011-07-05 | International Business Machines Corporation | Reduced redundant security screening |
JP4988766B2 (ja) | 2006-12-22 | 2012-08-01 | インターナショナル・ビジネス・マシーンズ・コーポレーション | メッセージ・ハブ装置、プログラム、および方法 |
US7992192B2 (en) | 2006-12-29 | 2011-08-02 | Ebay Inc. | Alerting as to denial of service attacks |
US8379515B1 (en) | 2007-02-01 | 2013-02-19 | F5 Networks, Inc. | TCP throughput control by imposing temporal delay |
CN100531098C (zh) | 2007-03-13 | 2009-08-19 | 华为技术有限公司 | 一种对等网络系统及重叠网间节点的互通方法 |
US20080229418A1 (en) | 2007-03-14 | 2008-09-18 | A10 Networks Inc. | System and Method to Customize a Security Log Analyzer |
US8352634B2 (en) | 2007-04-06 | 2013-01-08 | International Business Machines Corporation | On-demand propagation of routing information in distributed computing system |
US20080263626A1 (en) | 2007-04-17 | 2008-10-23 | Caterpillar Inc. | Method and system for logging a network communication event |
US7743155B2 (en) | 2007-04-20 | 2010-06-22 | Array Networks, Inc. | Active-active operation for a cluster of SSL virtual private network (VPN) devices with load distribution |
US20080271130A1 (en) | 2007-04-30 | 2008-10-30 | Shankar Ramamoorthy | Minimizing client-side inconsistencies in a distributed virtual file system |
US9143558B2 (en) | 2007-05-09 | 2015-09-22 | Radware, Ltd. | Geographic resiliency and load balancing for SIP application services |
US20080291911A1 (en) | 2007-05-21 | 2008-11-27 | Ist International, Inc. | Method and apparatus for setting a TCP retransmission timer |
US8191106B2 (en) * | 2007-06-07 | 2012-05-29 | Alcatel Lucent | System and method of network access security policy management for multimodal device |
US7743157B2 (en) | 2007-06-26 | 2010-06-22 | Sap Ag | System and method for switching between stateful and stateless communication modes |
US7904409B2 (en) | 2007-08-01 | 2011-03-08 | Yahoo! Inc. | System and method for global load balancing of requests for content based on membership status of a user with one or more subscription services |
US8032632B2 (en) | 2007-08-14 | 2011-10-04 | Microsoft Corporation | Validating change of name server |
US8626161B2 (en) | 2007-08-16 | 2014-01-07 | Qualcomm Incorporated | Idle mode mobility management in a multi-access system using PMIP |
US9407693B2 (en) | 2007-10-03 | 2016-08-02 | Microsoft Technology Licensing, Llc | Network routing of endpoints to content based on content swarms |
WO2009061973A1 (en) | 2007-11-09 | 2009-05-14 | Blade Network Technologies, Inc. | Session-less load balancing of client traffic across servers in a server group |
CN101163336B (zh) | 2007-11-15 | 2010-06-16 | 中兴通讯股份有限公司 | 一种手机终端访问权限认证的实现方法 |
CN101169785A (zh) | 2007-11-21 | 2008-04-30 | 浪潮电子信息产业股份有限公司 | 集群数据库系统的动态负载均衡方法 |
GB0723422D0 (en) | 2007-11-29 | 2008-01-09 | Level 5 Networks Inc | Virtualised receive side scaling |
US8125908B2 (en) | 2007-12-04 | 2012-02-28 | Extrahop Networks, Inc. | Adaptive network traffic classification using historical context |
US8756340B2 (en) | 2007-12-20 | 2014-06-17 | Yahoo! Inc. | DNS wildcard beaconing to determine client location and resolver load for global traffic load balancing |
JP5296373B2 (ja) | 2007-12-26 | 2013-09-25 | インターナショナル・ビジネス・マシーンズ・コーポレーション | 処理の所要時間を予め提供する技術 |
US8295204B2 (en) | 2008-02-22 | 2012-10-23 | Fujitsu Limited | Method and system for dynamic assignment of network addresses in a communications network |
US9100268B2 (en) | 2008-02-27 | 2015-08-04 | Alcatel Lucent | Application-aware MPLS tunnel selection |
US7930427B2 (en) | 2008-03-03 | 2011-04-19 | Microsoft Corporation | Client-side load balancing |
JP2009211343A (ja) | 2008-03-04 | 2009-09-17 | Kddi Corp | サーバ装置および通信システム |
US8185628B2 (en) | 2008-03-07 | 2012-05-22 | At&T Mobility Ii Llc | Enhanced policy capabilities for mobile data services |
US8104091B2 (en) | 2008-03-07 | 2012-01-24 | Samsung Electronics Co., Ltd. | System and method for wireless communication network having proximity control based on authorization token |
CN101247349A (zh) | 2008-03-13 | 2008-08-20 | 华耀环宇科技(北京)有限公司 | 一种网络流量快速分配方法 |
CN101547189B (zh) | 2008-03-28 | 2011-08-10 | 华为技术有限公司 | 一种CoD业务的建立方法,系统和装置 |
US7886021B2 (en) | 2008-04-28 | 2011-02-08 | Oracle America, Inc. | System and method for programmatic management of distributed computing resources |
CN101261644A (zh) | 2008-04-30 | 2008-09-10 | 杭州华三通信技术有限公司 | 访问统一资源定位符数据库的方法及装置 |
CN101577661B (zh) | 2008-05-09 | 2013-09-11 | 华为技术有限公司 | 一种路径切换的方法和设备 |
US20090292924A1 (en) | 2008-05-23 | 2009-11-26 | Johnson Erik J | Mechanism for detecting human presence using authenticated input activity |
US8326958B1 (en) | 2009-01-28 | 2012-12-04 | Headwater Partners I, Llc | Service activation tracking system |
JP4607254B2 (ja) | 2008-06-12 | 2011-01-05 | パナソニック株式会社 | ネットワーク監視装置、バスシステム監視装置、方法、およびプログラム |
US7990855B2 (en) | 2008-07-11 | 2011-08-02 | Alcatel-Lucent Usa Inc. | Method and system for joint reverse link access and traffic channel radio frequency overload control |
CN101631065B (zh) | 2008-07-16 | 2012-04-18 | 华为技术有限公司 | 一种无线多跳网络拥塞的控制方法和装置 |
US8271652B2 (en) | 2008-07-24 | 2012-09-18 | Netapp, Inc. | Load-derived probability-based domain name service in a network storage cluster |
US7890632B2 (en) | 2008-08-11 | 2011-02-15 | International Business Machines Corporation | Load balancing using replication delay |
US8307422B2 (en) | 2008-08-14 | 2012-11-06 | Juniper Networks, Inc. | Routing device having integrated MPLS-aware firewall |
JP5211987B2 (ja) | 2008-09-26 | 2013-06-12 | ブラザー工業株式会社 | 端末装置及びその時刻調整方法 |
US7864765B2 (en) | 2008-09-30 | 2011-01-04 | At&T Intellectual Property I, L.P. | Anycast-based internet protocol redirection to alleviate partial routing tables |
US8375001B2 (en) | 2008-10-03 | 2013-02-12 | Telefonaktiebolaget Lm Ericsson (Publ) | Master monitoring mechanism for a geographical distributed database |
US7958247B2 (en) | 2008-10-14 | 2011-06-07 | Hewlett-Packard Development Company, L.P. | HTTP push to simulate server-initiated sessions |
US8266288B2 (en) | 2008-10-23 | 2012-09-11 | International Business Machines Corporation | Dynamic expiration of domain name service entries |
US20100106854A1 (en) | 2008-10-29 | 2010-04-29 | Hostway Corporation | System and method for controlling non-existing domain traffic |
JP2010108409A (ja) | 2008-10-31 | 2010-05-13 | Hitachi Ltd | ストレージ管理方法及び管理サーバ |
US8359402B2 (en) | 2008-11-19 | 2013-01-22 | Seachange International, Inc. | Intercept device for providing content |
US8260926B2 (en) | 2008-11-25 | 2012-09-04 | Citrix Systems, Inc. | Systems and methods for GSLB site persistence |
US8125911B2 (en) | 2008-11-26 | 2012-02-28 | Cisco Technology, Inc. | First-hop domain reliability measurement and load balancing in a computer network |
US8356247B2 (en) | 2008-12-16 | 2013-01-15 | Rich Media Worldwide, Llc | Content rendering control system and method |
US8844018B2 (en) | 2008-12-18 | 2014-09-23 | At&T Intellectual Property I, L.P. | Methods and apparatus to enhance security in residential networks |
US8391895B2 (en) | 2008-12-23 | 2013-03-05 | Motorola Mobility Llc | Method and apparatus for providing location-based information |
CN101567818B (zh) | 2008-12-25 | 2011-04-20 | 中国人民解放军总参谋部第五十四研究所 | 基于硬件的大规模网络路由仿真方法 |
US9112871B2 (en) | 2009-02-17 | 2015-08-18 | Core Wireless Licensing S.A.R.L | Method and apparatus for providing shared services |
US8364163B2 (en) | 2009-02-23 | 2013-01-29 | Research In Motion Limited | Method, system and apparatus for connecting a plurality of client machines to a plurality of servers |
US20100228819A1 (en) | 2009-03-05 | 2010-09-09 | Yottaa Inc | System and method for performance acceleration, data protection, disaster recovery and on-demand scaling of computer applications |
CN101834777B (zh) | 2009-03-11 | 2015-07-29 | 瞻博网络公司 | 基于会话高速缓存的http加速 |
EP2234333B1 (en) | 2009-03-23 | 2015-07-15 | Corvil Limited | System and method for estimation of round trip times within a tcp based data network |
US8761204B2 (en) | 2010-05-18 | 2014-06-24 | Lsi Corporation | Packet assembly module for multi-core, multi-thread network processors |
US9081742B2 (en) | 2009-04-27 | 2015-07-14 | Intel Corporation | Network communications processor architecture |
US9461930B2 (en) | 2009-04-27 | 2016-10-04 | Intel Corporation | Modifying data streams without reordering in a multi-thread, multi-flow network processor |
US8259726B2 (en) | 2009-05-28 | 2012-09-04 | Force10 Networks, Inc. | Method and apparatus for forwarding table reduction |
US8296434B1 (en) | 2009-05-28 | 2012-10-23 | Amazon Technologies, Inc. | Providing dynamically scaling computing load balancing |
US8266088B2 (en) | 2009-06-09 | 2012-09-11 | Cisco Technology, Inc. | Tracking policy decisions in a network |
US8750226B2 (en) | 2009-06-10 | 2014-06-10 | Telefonaktiebolaget Lm Ericsson (Publ) | Performance monitoring in a communication network |
US8060579B2 (en) | 2009-06-12 | 2011-11-15 | Yahoo! Inc. | User location dependent DNS lookup |
US8289975B2 (en) | 2009-06-22 | 2012-10-16 | Citrix Systems, Inc. | Systems and methods for handling a multi-connection protocol between a client and server traversing a multi-core system |
US8863111B2 (en) | 2009-06-26 | 2014-10-14 | Oracle International Corporation | System and method for providing a production upgrade of components within a multiprotocol gateway |
US8165019B2 (en) | 2009-07-14 | 2012-04-24 | At&T Intellectual Property I, L.P. | Indirect measurement methodology to infer routing changes using statistics of flow arrival processes |
US9749387B2 (en) | 2009-08-13 | 2017-08-29 | Sap Se | Transparently stateful execution of stateless applications |
US8336091B2 (en) | 2009-09-01 | 2012-12-18 | Oracle International Corporation | Multi-level authentication |
US9960967B2 (en) | 2009-10-21 | 2018-05-01 | A10 Networks, Inc. | Determining an application delivery server based on geo-location information |
WO2011049135A1 (ja) | 2009-10-23 | 2011-04-28 | 日本電気株式会社 | ネットワークシステムとその制御方法、及びコントローラ |
JP5378946B2 (ja) | 2009-10-26 | 2013-12-25 | 株式会社日立製作所 | サーバ管理装置およびサーバ管理方法 |
US8311014B2 (en) | 2009-11-06 | 2012-11-13 | Telefonaktiebolaget L M Ericsson (Publ) | Virtual care-of address for mobile IP (internet protocol) |
JP5605854B2 (ja) | 2009-11-17 | 2014-10-15 | 株式会社 日立産業制御ソリューションズ | 生体情報を用いた認証システム及び認証装置 |
US9088611B2 (en) | 2009-11-25 | 2015-07-21 | Citrix Systems, Inc. | Systems and methods for client IP address insertion via TCP options |
US8190736B2 (en) | 2009-12-16 | 2012-05-29 | Quantum Corporation | Reducing messaging in a client-server system |
US8335853B2 (en) | 2009-12-17 | 2012-12-18 | Sonus Networks, Inc. | Transparent recovery of transport connections using packet translation techniques |
US8255528B2 (en) | 2009-12-23 | 2012-08-28 | Citrix Systems, Inc. | Systems and methods for GSLB spillover |
US8224971B1 (en) | 2009-12-28 | 2012-07-17 | Amazon Technologies, Inc. | Using virtual networking devices and routing information to initiate external actions |
US7991859B1 (en) | 2009-12-28 | 2011-08-02 | Amazon Technologies, Inc. | Using virtual networking devices to connect managed computer networks |
US20120290727A1 (en) | 2009-12-31 | 2012-11-15 | Bce Inc. | Method and system for increasing performance of transmission control protocol sessions in data networks |
US8789061B2 (en) | 2010-02-01 | 2014-07-22 | Ca, Inc. | System and method for datacenter power management |
US8301786B2 (en) | 2010-02-10 | 2012-10-30 | Cisco Technology, Inc. | Application session control using packet inspection |
US8804513B2 (en) | 2010-02-25 | 2014-08-12 | The Trustees Of Columbia University In The City Of New York | Methods and systems for controlling SIP overload |
US8903986B1 (en) | 2010-04-05 | 2014-12-02 | Symantec Corporation | Real-time identification of URLs accessed by automated processes |
JP5557590B2 (ja) | 2010-05-06 | 2014-07-23 | 株式会社日立製作所 | 負荷分散装置及びシステム |
US8533337B2 (en) | 2010-05-06 | 2013-09-10 | Citrix Systems, Inc. | Continuous upgrading of computers in a load balanced environment |
US8499093B2 (en) | 2010-05-14 | 2013-07-30 | Extreme Networks, Inc. | Methods, systems, and computer readable media for stateless load balancing of network traffic flows |
US20110289496A1 (en) | 2010-05-18 | 2011-11-24 | North End Technologies, Inc. | Method & apparatus for load balancing software update across a plurality of publish/subscribe capable client devices |
US8539068B2 (en) | 2010-06-07 | 2013-09-17 | Salesforce.Com, Inc. | Methods and systems for providing customized domain messages |
US20110307541A1 (en) | 2010-06-10 | 2011-12-15 | Microsoft Corporation | Server load balancing and draining in enhanced communication systems |
US8750119B2 (en) | 2010-07-06 | 2014-06-10 | Nicira, Inc. | Network control apparatus and method with table mapping engine |
US9680750B2 (en) | 2010-07-06 | 2017-06-13 | Nicira, Inc. | Use of tunnels to hide network addresses |
US9363312B2 (en) | 2010-07-28 | 2016-06-07 | International Business Machines Corporation | Transparent header modification for reducing serving load based on current and projected usage |
US8520672B2 (en) | 2010-07-29 | 2013-08-27 | Cisco Technology, Inc. | Packet switching device using results determined by an application node |
US8675488B1 (en) | 2010-09-07 | 2014-03-18 | Juniper Networks, Inc. | Subscriber-based network traffic management |
US8949410B2 (en) | 2010-09-10 | 2015-02-03 | Cisco Technology, Inc. | Server load balancer scaling for virtual servers |
US9215275B2 (en) | 2010-09-30 | 2015-12-15 | A10 Networks, Inc. | System and method to balance servers based on server load status |
US20120084460A1 (en) | 2010-10-04 | 2012-04-05 | Openwave Systems Inc. | Method and system for dynamic traffic steering |
US9237194B2 (en) | 2010-11-05 | 2016-01-12 | Verizon Patent And Licensing Inc. | Load balancer and firewall self-provisioning system |
US8533285B2 (en) | 2010-12-01 | 2013-09-10 | Cisco Technology, Inc. | Directing data flows in data centers with clustering services |
US9609052B2 (en) | 2010-12-02 | 2017-03-28 | A10 Networks, Inc. | Distributing application traffic to servers based on dynamic service response time |
EP2649858B1 (en) | 2010-12-07 | 2018-09-19 | Telefonaktiebolaget LM Ericsson (publ) | Method for enabling traffic acceleration in a mobile telecommunication network |
US9152293B2 (en) | 2010-12-09 | 2015-10-06 | Verizon Patent And Licensing Inc. | Server IP addressing in a computing-on-demand system |
US8965957B2 (en) | 2010-12-15 | 2015-02-24 | Sap Se | Service delivery framework |
CN103392321B (zh) | 2010-12-29 | 2016-11-02 | 思杰系统有限公司 | 用于基于策略集成横向部署的wan优化设备的系统和方法 |
US8477730B2 (en) | 2011-01-04 | 2013-07-02 | Cisco Technology, Inc. | Distributed load management on network devices |
CN102104548B (zh) | 2011-03-02 | 2015-06-10 | 中兴通讯股份有限公司 | 一种数据包接收处理方法和装置 |
US8732267B2 (en) | 2011-03-15 | 2014-05-20 | Cisco Technology, Inc. | Placement of a cloud service using network topology and infrastructure performance |
KR101528825B1 (ko) | 2011-04-18 | 2015-06-15 | 닛본 덴끼 가부시끼가이샤 | 단말, 제어 장치, 통신 방법, 통신 시스템, 통신 모듈, 프로그램 및 정보 처리 장치 |
US10558789B2 (en) | 2011-08-05 | 2020-02-11 | [24]7.ai, Inc. | Creating and implementing scalable and effective multimedia objects with human interaction proof (HIP) capabilities, with challenges comprising different levels of difficulty based on the degree on suspiciousness |
US8804620B2 (en) | 2011-10-04 | 2014-08-12 | Juniper Networks, Inc. | Methods and apparatus for enforcing a common user policy within a network |
US8885463B1 (en) | 2011-10-17 | 2014-11-11 | Juniper Networks, Inc. | Path computation element communication protocol (PCEP) extensions for stateful label switched path management |
US8897154B2 (en) | 2011-10-24 | 2014-11-25 | A10 Networks, Inc. | Combining stateless and stateful server load balancing |
US8918501B2 (en) | 2011-11-10 | 2014-12-23 | Microsoft Corporation | Pattern-based computational health and configuration monitoring |
US20140347479A1 (en) | 2011-11-13 | 2014-11-27 | Dor Givon | Methods, Systems, Apparatuses, Circuits and Associated Computer Executable Code for Video Based Subject Characterization, Categorization, Identification, Tracking, Monitoring and/or Presence Response |
US9788362B2 (en) | 2011-11-23 | 2017-10-10 | Telefonaktiebolaget L M Ericsson | Methods and arrangements for improving transmission control protocol performance in a cellular network |
US9386088B2 (en) | 2011-11-29 | 2016-07-05 | A10 Networks, Inc. | Accelerating service processing using fast path TCP |
US8880689B2 (en) | 2011-12-22 | 2014-11-04 | Empire Technology Development Llc | Apparatus, mobile terminal, and method to estimate quality of experience of application |
US9094364B2 (en) | 2011-12-23 | 2015-07-28 | A10 Networks, Inc. | Methods to manage services over a service gateway |
US8874790B2 (en) | 2011-12-30 | 2014-10-28 | Verisign, Inc. | DNS package in a partitioned network |
US9380635B2 (en) | 2012-01-09 | 2016-06-28 | Google Technology Holdings LLC | Dynamic TCP layer optimization for real-time field performance |
US8898222B2 (en) | 2012-01-19 | 2014-11-25 | International Business Machines Corporation | Processing STREAMS messages over a system area network |
JP2013152095A (ja) | 2012-01-24 | 2013-08-08 | Sony Corp | 時刻制御装置、時刻制御方法、およびプログラム |
US10044582B2 (en) | 2012-01-28 | 2018-08-07 | A10 Networks, Inc. | Generating secure name records |
KR101348739B1 (ko) | 2012-02-22 | 2014-01-08 | 유대영 | 엘이디조명장치 및 그를 가지는 엘이디조명시스템 |
US9386128B2 (en) | 2012-03-23 | 2016-07-05 | Qualcomm Incorporated | Delay based active queue management for uplink traffic in user equipment |
US9118618B2 (en) | 2012-03-29 | 2015-08-25 | A10 Networks, Inc. | Hardware-based packet editor |
KR101629596B1 (ko) | 2012-04-19 | 2016-06-13 | 엠파이어 테크놀로지 디벨롭먼트 엘엘씨 | 고객 하드웨어에 대한 플랫폼들의 인프라스트럭쳐 배치에 의한 장소 이동 |
US9027129B1 (en) | 2012-04-30 | 2015-05-05 | Brocade Communications Systems, Inc. | Techniques for protecting against denial of service attacks |
US9755994B2 (en) | 2012-05-21 | 2017-09-05 | Nvidia Corporation | Mechanism for tracking age of common resource requests within a resource management subsystem |
US8782221B2 (en) | 2012-07-05 | 2014-07-15 | A10 Networks, Inc. | Method to allocate buffer for TCP proxy session based on dynamic network conditions |
US9158577B2 (en) | 2012-08-08 | 2015-10-13 | Amazon Technologies, Inc. | Immediately launching applications |
EP2888853B1 (en) | 2012-08-23 | 2016-12-28 | Telefonaktiebolaget LM Ericsson (publ) | Tcp proxy server |
US10002141B2 (en) | 2012-09-25 | 2018-06-19 | A10 Networks, Inc. | Distributed database in software driven networks |
US10021174B2 (en) | 2012-09-25 | 2018-07-10 | A10 Networks, Inc. | Distributing service sessions |
US9705800B2 (en) | 2012-09-25 | 2017-07-11 | A10 Networks, Inc. | Load distribution in data networks |
US9843484B2 (en) | 2012-09-25 | 2017-12-12 | A10 Networks, Inc. | Graceful scaling in software driven networks |
US9106561B2 (en) | 2012-12-06 | 2015-08-11 | A10 Networks, Inc. | Configuration of a virtual service network |
US9654977B2 (en) | 2012-11-16 | 2017-05-16 | Visa International Service Association | Contextualized access control |
US9338225B2 (en) | 2012-12-06 | 2016-05-10 | A10 Networks, Inc. | Forwarding policies on a virtual service network |
US9531846B2 (en) | 2013-01-23 | 2016-12-27 | A10 Networks, Inc. | Reducing buffer usage for TCP proxy session based on delayed acknowledgement |
WO2014124417A1 (en) | 2013-02-11 | 2014-08-14 | Vindico Llc | Comprehensive measurement of the opportunity to see online advertisements |
US9900252B2 (en) | 2013-03-08 | 2018-02-20 | A10 Networks, Inc. | Application delivery controller and global server load balancer |
US20140258465A1 (en) | 2013-03-11 | 2014-09-11 | Cisco Technology, Inc. | Identification of originating ip address and client port connection to a web server via a proxy server |
US9992107B2 (en) | 2013-03-15 | 2018-06-05 | A10 Networks, Inc. | Processing data packets using a policy based network path |
US10613914B2 (en) | 2013-04-01 | 2020-04-07 | Oracle International Corporation | Orchestration service for a distributed computing system |
EP2796135A1 (en) | 2013-04-22 | 2014-10-29 | Polichem S.A. | Use of trifluoroacetic acid and salts thereof to treat hypercholesterolemia |
US10038693B2 (en) | 2013-05-03 | 2018-07-31 | A10 Networks, Inc. | Facilitating secure network traffic by an application delivery controller |
US10027761B2 (en) | 2013-05-03 | 2018-07-17 | A10 Networks, Inc. | Facilitating a secure 3 party network session by a network device |
US9560172B2 (en) | 2013-05-06 | 2017-01-31 | Alcatel Lucent | Stateless recognition of keep-alive packets |
US9225638B2 (en) | 2013-05-09 | 2015-12-29 | Vmware, Inc. | Method and system for service switching using service tags |
US9319476B2 (en) | 2013-05-28 | 2016-04-19 | Verizon Patent And Licensing Inc. | Resilient TCP splicing for proxy services |
US9122853B2 (en) | 2013-06-24 | 2015-09-01 | A10 Networks, Inc. | Location determination for user authentication |
US20150012746A1 (en) | 2013-07-02 | 2015-01-08 | Amol A. Kulkarni | Detecting user presence on secure in-band channels |
US9380646B2 (en) | 2013-09-24 | 2016-06-28 | At&T Intellectual Property I, L.P. | Network selection architecture |
US10230770B2 (en) | 2013-12-02 | 2019-03-12 | A10 Networks, Inc. | Network proxy layer for policy-based application proxies |
US9942152B2 (en) | 2014-03-25 | 2018-04-10 | A10 Networks, Inc. | Forwarding data packets using a service-based forwarding policy |
US9942162B2 (en) | 2014-03-31 | 2018-04-10 | A10 Networks, Inc. | Active application response delay time |
US9917851B2 (en) | 2014-04-28 | 2018-03-13 | Sophos Limited | Intrusion detection using a heartbeat |
US9906422B2 (en) | 2014-05-16 | 2018-02-27 | A10 Networks, Inc. | Distributed system to determine a server's health |
US10129122B2 (en) | 2014-06-03 | 2018-11-13 | A10 Networks, Inc. | User defined objects for network devices |
US9986061B2 (en) | 2014-06-03 | 2018-05-29 | A10 Networks, Inc. | Programming a data network device using user defined scripts |
US20150381465A1 (en) | 2014-06-26 | 2015-12-31 | Microsoft Corporation | Real Time Verification of Cloud Services with Real World Traffic |
US10268467B2 (en) | 2014-11-11 | 2019-04-23 | A10 Networks, Inc. | Policy-driven management of application traffic for providing services to cloud-based applications |
-
2010
- 2010-05-27 US US12/788,339 patent/US8312507B2/en active Active
-
2011
- 2011-05-20 CN CN201180026075.1A patent/CN102918801B/zh active Active
- 2011-05-20 EP EP11787174.9A patent/EP2577910B1/en active Active
- 2011-05-20 JP JP2013512107A patent/JP5946189B2/ja active Active
- 2011-05-20 WO PCT/US2011/037475 patent/WO2011149796A2/en active Application Filing
-
2012
- 2012-10-12 US US13/650,179 patent/US8595791B1/en active Active
-
2013
- 2013-07-16 US US13/943,642 patent/US9219751B1/en active Active
- 2013-10-23 US US14/061,720 patent/US8813180B1/en active Active
-
2014
- 2014-07-03 US US14/323,884 patent/US9270705B1/en active Active
-
2015
- 2015-12-17 US US14/972,338 patent/US9350744B2/en active Active
-
2016
- 2016-01-04 US US14/987,076 patent/US9497201B2/en active Active
- 2016-10-25 US US15/334,174 patent/US9661026B2/en active Active
-
2017
- 2017-05-22 US US15/601,954 patent/US10305859B2/en active Active
Patent Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN1449618A (zh) * | 2000-09-04 | 2003-10-15 | 国际商业机器公司 | 计算机系统之间的系统通信 |
US20060036733A1 (en) * | 2004-07-09 | 2006-02-16 | Toshiba America Research, Inc. | Dynamic host configuration and network access authentication |
CN1725702A (zh) * | 2004-07-20 | 2006-01-25 | 联想网御科技(北京)有限公司 | 一种网络安全设备及其组成的实现高可用性的系统及方法 |
EP1770915A1 (en) * | 2005-09-29 | 2007-04-04 | Matsushita Electric Industrial Co., Ltd. | Policy control in the evolved system architecture |
CN101094225A (zh) * | 2006-11-24 | 2007-12-26 | 中兴通讯股份有限公司 | 一种差异化安全服务的网络、系统和方法 |
Cited By (70)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
USRE47296E1 (en) | 2006-02-21 | 2019-03-12 | A10 Networks, Inc. | System and method for an adaptive TCP SYN cookie with time validation |
US9712493B2 (en) | 2006-10-17 | 2017-07-18 | A10 Networks, Inc. | System and method to associate a private user identity with a public user identity |
US9253152B1 (en) | 2006-10-17 | 2016-02-02 | A10 Networks, Inc. | Applying a packet routing policy to an application session |
US10305859B2 (en) | 2006-10-17 | 2019-05-28 | A10 Networks, Inc. | Applying security policy to an application session |
US9954899B2 (en) | 2006-10-17 | 2018-04-24 | A10 Networks, Inc. | Applying a network traffic policy to an application session |
US9954868B2 (en) | 2006-10-17 | 2018-04-24 | A10 Networks, Inc. | System and method to associate a private user identity with a public user identity |
US9661026B2 (en) | 2006-10-17 | 2017-05-23 | A10 Networks, Inc. | Applying security policy to an application session |
US9497201B2 (en) | 2006-10-17 | 2016-11-15 | A10 Networks, Inc. | Applying security policy to an application session |
US9270705B1 (en) | 2006-10-17 | 2016-02-23 | A10 Networks, Inc. | Applying security policy to an application session |
US9219751B1 (en) | 2006-10-17 | 2015-12-22 | A10 Networks, Inc. | System and method to apply forwarding policy to an application session |
US9960967B2 (en) | 2009-10-21 | 2018-05-01 | A10 Networks, Inc. | Determining an application delivery server based on geo-location information |
US10735267B2 (en) | 2009-10-21 | 2020-08-04 | A10 Networks, Inc. | Determining an application delivery server based on geo-location information |
US9961135B2 (en) | 2010-09-30 | 2018-05-01 | A10 Networks, Inc. | System and method to balance servers based on server load status |
US10447775B2 (en) | 2010-09-30 | 2019-10-15 | A10 Networks, Inc. | System and method to balance servers based on server load status |
US9215275B2 (en) | 2010-09-30 | 2015-12-15 | A10 Networks, Inc. | System and method to balance servers based on server load status |
US10178165B2 (en) | 2010-12-02 | 2019-01-08 | A10 Networks, Inc. | Distributing application traffic to servers based on dynamic service response time |
US9609052B2 (en) | 2010-12-02 | 2017-03-28 | A10 Networks, Inc. | Distributing application traffic to servers based on dynamic service response time |
US10484465B2 (en) | 2011-10-24 | 2019-11-19 | A10 Networks, Inc. | Combining stateless and stateful server load balancing |
US9906591B2 (en) | 2011-10-24 | 2018-02-27 | A10 Networks, Inc. | Combining stateless and stateful server load balancing |
US9270774B2 (en) | 2011-10-24 | 2016-02-23 | A10 Networks, Inc. | Combining stateless and stateful server load balancing |
US9094364B2 (en) | 2011-12-23 | 2015-07-28 | A10 Networks, Inc. | Methods to manage services over a service gateway |
US9979801B2 (en) | 2011-12-23 | 2018-05-22 | A10 Networks, Inc. | Methods to manage services over a service gateway |
US10044582B2 (en) | 2012-01-28 | 2018-08-07 | A10 Networks, Inc. | Generating secure name records |
US9742879B2 (en) | 2012-03-29 | 2017-08-22 | A10 Networks, Inc. | Hardware-based packet editor |
US10069946B2 (en) | 2012-03-29 | 2018-09-04 | A10 Networks, Inc. | Hardware-based packet editor |
US9154584B1 (en) | 2012-07-05 | 2015-10-06 | A10 Networks, Inc. | Allocating buffer for TCP proxy session based on dynamic network conditions |
US9602442B2 (en) | 2012-07-05 | 2017-03-21 | A10 Networks, Inc. | Allocating buffer for TCP proxy session based on dynamic network conditions |
US8977749B1 (en) | 2012-07-05 | 2015-03-10 | A10 Networks, Inc. | Allocating buffer for TCP proxy session based on dynamic network conditions |
US10021174B2 (en) | 2012-09-25 | 2018-07-10 | A10 Networks, Inc. | Distributing service sessions |
US10516577B2 (en) | 2012-09-25 | 2019-12-24 | A10 Networks, Inc. | Graceful scaling in software driven networks |
US10491523B2 (en) | 2012-09-25 | 2019-11-26 | A10 Networks, Inc. | Load distribution in data networks |
US9843484B2 (en) | 2012-09-25 | 2017-12-12 | A10 Networks, Inc. | Graceful scaling in software driven networks |
US9705800B2 (en) | 2012-09-25 | 2017-07-11 | A10 Networks, Inc. | Load distribution in data networks |
US10862955B2 (en) | 2012-09-25 | 2020-12-08 | A10 Networks, Inc. | Distributing service sessions |
US10002141B2 (en) | 2012-09-25 | 2018-06-19 | A10 Networks, Inc. | Distributed database in software driven networks |
US9544364B2 (en) | 2012-12-06 | 2017-01-10 | A10 Networks, Inc. | Forwarding policies on a virtual service network |
US9338225B2 (en) | 2012-12-06 | 2016-05-10 | A10 Networks, Inc. | Forwarding policies on a virtual service network |
US10341427B2 (en) | 2012-12-06 | 2019-07-02 | A10 Networks, Inc. | Forwarding policies on a virtual service network |
US9900252B2 (en) | 2013-03-08 | 2018-02-20 | A10 Networks, Inc. | Application delivery controller and global server load balancer |
US11005762B2 (en) | 2013-03-08 | 2021-05-11 | A10 Networks, Inc. | Application delivery controller and global server load balancer |
US9992107B2 (en) | 2013-03-15 | 2018-06-05 | A10 Networks, Inc. | Processing data packets using a policy based network path |
US10659354B2 (en) | 2013-03-15 | 2020-05-19 | A10 Networks, Inc. | Processing data packets using a policy based network path |
US10305904B2 (en) | 2013-05-03 | 2019-05-28 | A10 Networks, Inc. | Facilitating secure network traffic by an application delivery controller |
US10038693B2 (en) | 2013-05-03 | 2018-07-31 | A10 Networks, Inc. | Facilitating secure network traffic by an application delivery controller |
US10027761B2 (en) | 2013-05-03 | 2018-07-17 | A10 Networks, Inc. | Facilitating a secure 3 party network session by a network device |
CN104253798A (zh) * | 2013-06-27 | 2014-12-31 | 中兴通讯股份有限公司 | 一种网络安全监控方法和系统 |
CN104639509A (zh) * | 2013-11-14 | 2015-05-20 | 中国移动通信集团公司 | 一种业务处理方法和设备 |
US10230770B2 (en) | 2013-12-02 | 2019-03-12 | A10 Networks, Inc. | Network proxy layer for policy-based application proxies |
US11165770B1 (en) | 2013-12-06 | 2021-11-02 | A10 Networks, Inc. | Biometric verification of a human internet user |
US10051007B2 (en) | 2013-12-26 | 2018-08-14 | Huawei Technologies Co., Ltd. | Network traffic control device, and security policy configuration method and apparatus thereof |
CN104753857A (zh) * | 2013-12-26 | 2015-07-01 | 华为技术有限公司 | 网络流量控制设备及其安全策略配置方法及装置 |
WO2015096580A1 (zh) * | 2013-12-26 | 2015-07-02 | 华为技术有限公司 | 网络流量控制设备及其安全策略配置方法及装置 |
CN104753857B (zh) * | 2013-12-26 | 2018-03-09 | 华为技术有限公司 | 网络流量控制设备及其安全策略配置方法及装置 |
US9942152B2 (en) | 2014-03-25 | 2018-04-10 | A10 Networks, Inc. | Forwarding data packets using a service-based forwarding policy |
US10257101B2 (en) | 2014-03-31 | 2019-04-09 | A10 Networks, Inc. | Active application response delay time |
US9942162B2 (en) | 2014-03-31 | 2018-04-10 | A10 Networks, Inc. | Active application response delay time |
US9906422B2 (en) | 2014-05-16 | 2018-02-27 | A10 Networks, Inc. | Distributed system to determine a server's health |
US10686683B2 (en) | 2014-05-16 | 2020-06-16 | A10 Networks, Inc. | Distributed system to determine a server's health |
US10880400B2 (en) | 2014-06-03 | 2020-12-29 | A10 Networks, Inc. | Programming a data network device using user defined scripts |
US9986061B2 (en) | 2014-06-03 | 2018-05-29 | A10 Networks, Inc. | Programming a data network device using user defined scripts |
US9992229B2 (en) | 2014-06-03 | 2018-06-05 | A10 Networks, Inc. | Programming a data network device using user defined scripts with licenses |
US10129122B2 (en) | 2014-06-03 | 2018-11-13 | A10 Networks, Inc. | User defined objects for network devices |
US10749904B2 (en) | 2014-06-03 | 2020-08-18 | A10 Networks, Inc. | Programming a data network device using user defined scripts with licenses |
US10268467B2 (en) | 2014-11-11 | 2019-04-23 | A10 Networks, Inc. | Policy-driven management of application traffic for providing services to cloud-based applications |
CN104618403A (zh) * | 2015-03-10 | 2015-05-13 | 网神信息技术(北京)股份有限公司 | 安全网关的访问控制方法和装置 |
US10581976B2 (en) | 2015-08-12 | 2020-03-03 | A10 Networks, Inc. | Transmission control of protocol state exchange for dynamic stateful service insertion |
US10243791B2 (en) | 2015-08-13 | 2019-03-26 | A10 Networks, Inc. | Automated adjustment of subscriber policies |
CN116709330A (zh) * | 2017-06-15 | 2023-09-05 | 帕洛阿尔托网络公司 | 服务提供商网络中的基于位置的安全性 |
CN111295640A (zh) * | 2017-09-15 | 2020-06-16 | 帕洛阿尔托网络公司 | 使用会话app id和端点进程id相关性的精细粒度防火墙策略实施 |
CN115037499A (zh) * | 2022-04-07 | 2022-09-09 | 水利部信息中心 | 一种基于语音的安全联动响应方法 |
Also Published As
Publication number | Publication date |
---|---|
US20160119382A1 (en) | 2016-04-28 |
US10305859B2 (en) | 2019-05-28 |
US8595791B1 (en) | 2013-11-26 |
WO2011149796A3 (en) | 2012-04-19 |
US20160050233A1 (en) | 2016-02-18 |
EP2577910A2 (en) | 2013-04-10 |
CN102918801B (zh) | 2016-05-25 |
US9661026B2 (en) | 2017-05-23 |
US20100235880A1 (en) | 2010-09-16 |
EP2577910B1 (en) | 2019-10-02 |
JP5946189B2 (ja) | 2016-07-05 |
WO2011149796A2 (en) | 2011-12-01 |
US20170041350A1 (en) | 2017-02-09 |
EP2577910A4 (en) | 2015-12-16 |
US9219751B1 (en) | 2015-12-22 |
US9350744B2 (en) | 2016-05-24 |
US20160105446A1 (en) | 2016-04-14 |
US8813180B1 (en) | 2014-08-19 |
US20170289106A1 (en) | 2017-10-05 |
US9497201B2 (en) | 2016-11-15 |
US8312507B2 (en) | 2012-11-13 |
US9270705B1 (en) | 2016-02-23 |
JP2013528330A (ja) | 2013-07-08 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN102918801B (zh) | 将网络流量策略应用于应用会话的系统和方法 | |
US9954899B2 (en) | Applying a network traffic policy to an application session | |
US9954868B2 (en) | System and method to associate a private user identity with a public user identity |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
C06 | Publication | ||
PB01 | Publication | ||
C10 | Entry into substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
C14 | Grant of patent or utility model | ||
GR01 | Patent grant |