INTEGRATED SECURITY SWITCH
Granted: December 10, 2009
Application Number:
20090303994
An integrated security switch and related method for managing connectivity and security among networks. The integrated security switch includes a security function connectable with a first network and at least one switching function connectable with a second network. A common management interface driven by both command line interface and graphic user interface protocols manages the switching function via a management path dedicated between the security function and the switching…
MANAGING INTERWORKING COMMUNICATIONS PROTOCOLS
Granted: December 3, 2009
Application Number:
20090300159
Systems and methods for managing interworking protocols are provided. According to one embodiment, a policy-based provisioning methodology is used by a service management system (SMS) to provision subscriber interfaces of service processing switches based upon parameters of a predefined policy. The subscriber interfaces communicate data in accordance with a first protocol. The parameters include a window size, a window timeout, a number of allowed bad events, an event window size and/or…
Systems and methods for content type classification
Granted: October 29, 2009
Application Number:
20090268617
A method for determining a type of content includes receiving a first packet, determining a state of classification for the first packet or for a session with which the first packet is associated, receiving a second packet, and determining a content type for the second packet based at least in part on the determined state. A method for determining a type of content includes receiving a packet associated with a session, determining whether a content type has been determined for the…
NETWORK PACKET STEERING VIA CONFIGURABLE ASSOCIATION OF PROCESSING RESOURCES AND NETWORK INTERFACES
Granted: September 24, 2009
Application Number:
20090238181
Methods and systems are provided for steering network packets. According to one embodiment a method is provided for steering incoming network packets. Each network packet processing resource of a network routing/switching device is dynamically assigned to one or more network interfaces of the network routing/switching device. Each of the network packet processing resources includes one or more processing elements and a memory. Incoming network packets received by the network interfaces…
SCALABLE IP-SERVICES ENABLED MULTICAST FORWARDING WITH EFFICIENT RESOURCE UTILIZATION
Granted: September 10, 2009
Application Number:
20090225754
Methods, apparatus and data structures are provided for managing multicast IP flows. According to one embodiment, a memory of a router has stored therein a data structure, which includes information relating to multicast sessions being handled by the router and including a first pointer for each multicast session, at least one chain of blocks of second pointers and one or more TCBs. Each first pointer points to a chain of blocks of second pointers. Each second pointer corresponds to an…
HIERARCHICAL METERING IN A VIRTUAL ROUTER-BASED NETWORK SWITCH
Granted: September 10, 2009
Application Number:
20090225759
Methods and systems are provided for applying metering and rate-limiting in a virtual router environment and supporting a hierarchy of metering/rate-limiting contexts per packet flow. According to one embodiment, multiple first level metering options and multiple second level metering options associated with a hierarchy of metering levels are provided. A virtual routing engine receives packets associated with a first packet flow and packets associated with a second packet flow. The…
IMAGE SPAM FILTERING BASED ON SENDERS' INTENTION ANALYSIS
Granted: April 30, 2009
Application Number:
20090110233
Systems and methods for an anti-spam detection module that can detect image spam are provided. According to one embodiment, an image spam detection process involves determining and measuring various characteristics of images that may be embedded within or otherwise associated with an electronic mail (email) message. An approximate display location of the embedded images is determined. The existence of one or more abnormal factors associated with the embedded images is identified. A…
ROUTING TRAFFIC THROUGH A VIRTUAL ROUTER-BASED NETWORK SWITCH
Granted: March 19, 2009
Application Number:
20090073977
Methods and systems are provided for routing traffic through a virtual router-based network switch. According to one embodiment, a flow data structure is established that identifies current packet flows associated with multiple virtual routers in the virtual router-based network device. When an incoming packet is received by the virtual router-based network device, it is then determined whether the incoming packet is associated with a current packet flow by accessing the flow data…
RECONFIGURABLE SPAM DETECTION SYSTEM BASED ON GLOBAL INTELLIGENCE
Granted: March 5, 2009
Application Number:
20090063371
Systems are provided for delaying e-mail classification until global intelligence has an opportunity to be gathered. According to one embodiment, a spam detection system includes a global intelligence network and a network device. The global intelligence network contains global intelligence servers coupled to a public network and configured to (i) gather intelligence from distributed anti-spam engines, (ii) maintain and update e-mail message signatures and associated reputation…
USE OF GLOBAL INTELLIGENCE TO MAKE LOCAL INFORMATION CLASSIFICATION DECISIONS
Granted: March 5, 2009
Application Number:
20090064323
Methods and systems are provided for delaying local information classification until global intelligence has an opportunity to be gathered. According to one embodiment, an initial information identification process, e.g., an initial spam detection, is performed on received electronic information, e.g., an e-mail message. Based on the initial information identification process, classification of the received electronic information is attempted. If the received electronic information…
SYSTEM AND METHOD FOR DELIVERING SECURITY SERVICES
Granted: February 19, 2009
Application Number:
20090046728
Systems and methods are provided for delivering security services. According to one embodiment, multiple virtual routers are established within a service processing switch, which is operable to be logically interposed between a public communications network and multiple subscriber sites. Each of the virtual routers has associated therewith a subset of processing and storage resources of the service processing switch. Subscribers are provided with respective sets of customized application…
CIRCUITS AND METHODS FOR EFFICIENT DATA TRANSFER IN A VIRUS CO-PROCESSING SYSTEM
Granted: February 12, 2009
Application Number:
20090044273
Various embodiments of the present invention circuits and methods for improved virus processing. As one example, such methods may include providing a system memory, a general purpose processor and a virus co processor. The methods further include receiving a data segment at the general purpose processor, and storing the data segment to the system memory using virtual addresses. The date segment is accessed from the system memory by the virus co processor using the virtual addresses. The…
CONTENT FILTERING OF REMOTE FILE-SYSTEM ACCESS PROTOCOLS
Granted: January 1, 2009
Application Number:
20090006423
Methods and systems for content filtering of remote file-system access protocols are provided. According to one embodiment, holding buffers in which data collected from a remote file-system access protocol is stored, a holding buffer context table, a file map table and a usage table corresponding to each holding buffer are created within one or more computer-readable media. References to each of the holding buffers are tracked within the holding buffer context table. References to a…
MANAGING HIERARCHICALLY ORGANIZED SUBSCRIBER PROFILES
Granted: January 1, 2009
Application Number:
20090007228
Apparatus are provided for managing hierarchically organized subscriber profiles. According to one embodiment, a router includes a subscriber manager, a database and a virtual interface. The subscriber manager is operable to receive a connection request from a subscriber of a service provider. The database has stored therein hierarchically organized profile identifiers, including multiple lower-level profile identifiers, which explicitly define subscriber services, and multiple…
MANAGING HIERARCHICALLY ORGANIZED SUBSCRIBER PROFILES
Granted: December 25, 2008
Application Number:
20080317040
Apparatus are provided for managing hierarchically organized subscriber profiles. According to one embodiment, a router includes multiple virtual interfaces and a policy engine. The virtual interfaces define connections between the router and corresponding subscribers of a service provider. A first virtual interface is operable to receive packets from a first subscriber and to process the packets in accordance with a first-level profile identifier. The policy engine is coupled with the…
MANAGING HIERARCHICALLY ORGANIZED SUBSCRIBER PROFILES
Granted: December 25, 2008
Application Number:
20080317231
Methods are provided for managing hierarchically organized subscriber profiles. According to one embodiment, subscriber services are modified without requiring a change to the subscriber's first-level profile identifier and without requiring the subscriber to reestablish a connection with the service provider. A database of hierarchically organized profile identifiers, including multiple lower-level profile identifiers, explicitly defining subscriber services, and multiple first-level…
MANAGING HIERARCHICALLY ORGANIZED SUBSCRIBER PROFILES
Granted: December 25, 2008
Application Number:
20080320553
Methods are provided for managing hierarchically organized subscriber profiles. According to one embodiment of the present invention, a subscriber connection is created with a virtual router operable within a telecommunications system of a service provider. A connection request is received from a subscriber of multiple subscribers of the service provider at a subscriber manager of the virtual router. The virtual router maintains a database of hierarchically organized profile identifiers,…
CONTENT FILTERING OF REMOTE FILE-SYSTEM ACCESS PROTOCOLS
Granted: November 13, 2008
Application Number:
20080282337
Methods and systems for content filtering of remote file-system access protocols are provided. According to one embodiment, a transparent proxy running within a network gateway logically interposed between a client and a server intercepts remote file-system access protocol requests/responses. Responsive to receipt of a remote file-system access protocol request from the client, the network gateway issues the remote file-system access protocol request to the server on behalf of the…
DISTRIBUTED VIRTUAL SYSTEM TO SUPPORT MANAGED, NETWORK-BASED SERVICES
Granted: October 23, 2008
Application Number:
20080259934
Methods and systems are provided for allocating network resources of a distributed virtual system to support managed, network-based services. According to one embodiment, a VR-based switch having multiple processing elements is configured for operation at an Internet POP. An NOS is provided on each of the processing elements. Resources of the VR-based switch are segmented between a first and second subscriber by mapping VRs assigned to the first and second subscriber onto appropriate…
SERVICE PROCESSING SWITCH
Granted: October 23, 2008
Application Number:
20080259936
A system and method for providing IP services. A packet is received at a line interface/network module and forwarded to a virtual routing engine The virtual routing engine determines if the packet requires processing by a virtual services engine. If the packet requires processing by the virtual services engine, the packet is routed to the virtual services engine for processing.
