METHOD AND SYSTEM FOR POLLING NETWORK CONTROLLERS
Granted: August 30, 2012
Application Number:
20120222044
Improving the performance of multitasking processors are provided. For example, a subset of M processors within a Symmetric Multi-Processing System (SMP) with N processors is dedicated for a specific task. The M (M>0) of the N processors are dedicate to a task, thus, leaving (N?M) processors for running normal operating system (OS). The processors dedicated to the task may have their interrupt mechanism disabled to avoid interrupt handler switching overhead. Therefore, these…
SELECTIVE AUTHORIZATION OF THE LOADING OF DEPENDENT CODE MODULES BY RUNNING PROCESSES
Granted: July 26, 2012
Application Number:
20120191972
Systems and methods for selective authorization of dependent code modules are provided. According to one embodiment, a kernel mode driver of a computer system intercepts file system or operating system activity, by a running process, relating to a dependent code module. Loading of the dependent code module is selectively authorized by authenticating a cryptographic hash value of the dependent code module with reference to a multi-level whitelist. The multi-level whitelist includes a…
DETERMINING TECHNOLOGY-APPROPRIATE REMEDIATION FOR VULNERABILITY
Granted: July 26, 2012
Application Number:
20120192281
A machine-actionable memory comprises one or more machine-actionable records arranged according to a data structure. Such a data structure may include links that respectively map between: a RID field, the contents of which denote an identification (ID) of a remediation (RID); at least one TID field, the contents of which denotes an ID of at least two technologies (TIDs), respectively; and at least one ACTID field, the contents of which denotes an ID of an action (ACTID). A method, of…
SYSTEMS AND METHODS FOR CONTENT TYPE CLASSIFICATION
Granted: June 28, 2012
Application Number:
20120163186
Various embodiments illustrated and described herein include systems, methods and software for content type classification. Some such embodiments include determining a potential state of classification for packets associated with a session based at least in part on a packet associated with the session that is a packet other than the first packet of the session.
MANAGING HIERARCHICALLY ORGANIZED SUBSCRIBER PROFILES
Granted: May 24, 2012
Application Number:
20120131215
Methods are provided for managing hierarchically organized subscriber profiles. According to one embodiment, a connection for a subscriber is created based on a service context of the subscriber. A connection request is received from a subscriber of a network service delivery environment. The subscriber is associated with a first-level profile identifier indicative of a service context for the subscriber. One or more other subscribers can be associated with the first-level profile…
METHODS AND SYSTEMS FOR A DISTRIBUTED PROVIDER EDGE
Granted: April 26, 2012
Application Number:
20120099596
Methods and systems for a distributed provider edge are provided. According to one embodiment, a one-to-one association is formed between a Virtual Routing and Forwarding device (VRF) of a provider edge device (PE) of a service provider and a customer site. The VRF includes a routing information base (RIB) and a forwarding information base (FIB). A network interface module is instantiated within the VRF for each network interface employed, such as an intranet, extranet, Virtual Private…
CONTENT PATTERN RECOGNITION LANGUAGE PROCESSOR AND METHODS OF USING THE SAME
Granted: April 26, 2012
Application Number:
20120102196
A device for detecting network traffic content is provided. The device includes a processor configured to receive a signature associated with content desired to be detected, and execute one or more functions based on the signature to determine whether network traffic content matches the content desired to be detected. The signature is defined by one or more predicates. A computer readable medium for use to detect network traffic content is also provided. The computer readable medium…
DETECTION OF UNDESIRED COMPUTER FILES IN ARCHIVES
Granted: April 12, 2012
Application Number:
20120090031
Systems and methods for content filtering are provided. According to one embodiment, a self-extracting archive is received with an electronic mail (email) message. Prior to delivery of the email message, a determination is made regarding whether a file contained in the archive may be malicious or undesired. A type of archive and associated structure of the archive are determined by examining identification bytes stored within a header portion of the archive that identify the type of…
APPLICATION CONTROL CONSTRAINT ENFORCEMENT
Granted: March 29, 2012
Application Number:
20120078863
Systems and methods for performing application control constraint enforcement are provided. According to one embodiment, file system or operating system activity of a computer system is intercepted relating to a code module. A cryptographic hash value of the code module is checked against a local whitelist database containing cryptographic hash values of approved code modules, which are known not to contain viruses or malicious code. The local whitelist database also contains execution…
SWITCH MANAGEMENT SYSTEM AND METHOD
Granted: March 22, 2012
Application Number:
20120072568
Methods and systems for managing a service provider switch are provided. According to one embodiment, a network operating system (NOS) is provided on each processor element (PE) of the switch. The NOS includes an object manager (OM) responsible for managing global software object groups, managing software object configurations, managing local software objects and groups and routing control information between address spaces based on locations of software objects. The OM performs…
NETWORK PACKET STEERING VIA CONFIGURABLE ASSOCIATION OF PACKET PROCESSING RESOURCES AND NETWORK INTERFACES
Granted: March 22, 2012
Application Number:
20120069850
Methods and systems are provided for steering network packets. According to one embodiment, a dynamically configurable steering table is stored within a memory of each network interface of a networking routing/switching device. The steering table represents a mapping that logically assigns each of the network interfaces to one of multiple packet processing resources of the network routing/switching device. The steering table has contained therein information indicative of a unique…
SERVICE PROCESSING SWITCH
Granted: March 8, 2012
Application Number:
20120057460
Methods and systems for providing IP services in an integrated fashion are provided. According to one embodiment, a load associated with multiple virtual routing processing resources of an IP service generator of a virtual router (VR) based switch is monitored. Packets are load balanced among the virtual routing processing resources. A packet flow cache is maintained with packet flow entries containing information indicative of packet processing actions for established packet flows. Deep…
METHOD, APPARATUS, SIGNALS, AND MEDIUM FOR MANAGING TRANSFER OF DATA IN A DATA NETWORK
Granted: January 26, 2012
Application Number:
20120023557
A method and apparatus for managing a transfer of data in a data network identifies data associated with a communication session between a first node and a second node in the data network. Further processing of the communication session occurs when a portion of the communication session meets a criterion and the communication session is permitted to continue when the portion of the communication session does not meet the criterion.
METHOD, APPARATUS, SIGNALS, AND MEDIUM FOR MANAGING TRANSFER OF DATA IN A DATA NETWORK
Granted: January 26, 2012
Application Number:
20120023228
A method and apparatus for managing a transfer of data in a data network identifies data associated with a communication session between a first node and a second node in the data network. Further processing of the communication session occurs when a portion of the communication session meets a criterion and the communication session is permitted to continue when the portion of the communication session does not meet the criterion.
SYSTEMS AND METHODS FOR UPDATING CONTENT DETECTION DEVICES AND SYSTEMS
Granted: January 19, 2012
Application Number:
20120017277
A method of updating a content detection module includes obtaining content detection data, and transmitting the content detection data to a content detection module, wherein the transmitting is performed not in response to a request from the content detection module. A method of sending content detection data includes obtaining content detection data, selecting an update station from a plurality of update stations, and sending the, content detection data to the selected update station. A…
FIREWALL INTERFACE CONFIGURATION TO ENABLE BI-DIRECTIONAL VOIP TRAVERSAL COMMUNICATIONS
Granted: January 5, 2012
Application Number:
20120005741
Methods and systems for an intelligent network protection gateway (NPG) are provided. According to one embodiment, a firewall prevents unauthorized network-lawyer access to internal hosts by hosts of an external network by performing network address translation (NAT) processing of Internet Protocol (IP) addresses. The firewall changes data in headers of VoIP packets and corresponding data contents of the VoIP packets, to enable bi-directional VoIP communications. An external VoIP…
HETEROGENEOUS MEDIA PACKET BRIDGING
Granted: September 29, 2011
Application Number:
20110235649
Methods and systems for bridging network packets transmitted over heterogeneous media channels are provided. According to one embodiment, a network-computing device comprises multiple network interfaces (netmods) and a shared processing resource. The shared processing resource executes a virtual bridging application representing a single bridging domain for all network packets received by the network-computing device. A translation data structure defines translations between a first…
MECHANISM FOR ENABLING LAYER TWO HOST ADDRESSES TO BE SHIELDED FROM THE SWITCHES IN A NETWORK
Granted: September 29, 2011
Application Number:
20110235639
Methods and systems for shielding layer two host addresses (e.g., MAC addresses) from a network are provided. A border component interposed between a network of switches and multiple local hosts receives from a first local host a first packet destined for a first destination host. The first local host has a first layer 2 (L2) address and a first layer 3 (L3) address associated therewith. The first packet includes the first L2 address as a source L2 address for the first packet, and…
MANAGING HIERARCHICALLY ORGANIZED SUBSCRIBER PROFILES
Granted: September 29, 2011
Application Number:
20110235548
Methods are provided for managing hierarchically organized subscriber profiles. According to one embodiment, a policy engine of a VR defines services available to subscribers in terms of profile identifiers. A scalable subscriber profile database is established having a memory requirement dependent upon the number of available service contexts by hierarchically organizing profile identifiers as leaf profile identifiers, which explicitly define services, and intermediate profile…
SYSTEMS AND METHODS FOR CATEGORIZING NETWORK TRAFFIC CONTENT
Granted: September 22, 2011
Application Number:
20110231402
A method for categorizing network traffic content includes determining a first characterization of the network traffic content determining a first probability of accuracy associated with the first characterization, and categorizing the network traffic content based at least in part on the first characterization and the first probability of accuracy. A method for use in a process to categorize network traffic content includes obtaining a plurality of data, each of the plurality of data…
