INTELLIGENT INTEGRATED NETWORK SECURITY DEVICE
Granted: May 27, 2010
Application Number:
20100132030
Methods, computer program products and apparatus for processing data packets are described. Methods include receiving the data packet, examining the data packet, determining a single flow record associated with the packet and extracting flow instructions for two or more devices from the single flow record.
REDUCING CONTENT ADDRESSABLE MEMORY (CAM) POWER CONSUMPTION COUNTERS
Granted: May 27, 2010
Application Number:
20100131703
A method may include counting the number of times each of a plurality of entries in a content addressable memory (CAM) matches one or more searches; grouping entries in the CAM into a first subset and a second subset based on the number of times each of the plurality of entries in the CAM matches one or more searches; and searching the first subset for a matching entry and, if no matching entry is found, searching the second subset for the matching entry.
FORWARDING PACKETS USING NEXT-HOP INFORMATION
Granted: May 20, 2010
Application Number:
20100124229
A method may include receiving a packet associated with a flow of packets, the packet including a destination address; selecting one of a plurality of memory banks, the selected memory bank being associated with the flow of packets, wherein each of the plurality of memory banks stores the same next-hop information for forwarding the packet to the destination address; accessing, in the selected memory bank, the next-hop information for forwarding the packet to the destination address; and…
SUMMARIZATION AND LONGEST-PREFIX MATCH WITHIN MPLS NETWORKS
Granted: May 20, 2010
Application Number:
20100124231
In general, techniques are described for summarizing label mappings and thereby enabling longest-prefix match within Multi-Protocol Label Switching (MPLS) networks. More specifically, a first router included within a first area of a network comprises a control unit that maintains a label space defining labels available for mapping to a plurality of addresses assigned to network devices within the network. The control unit reserves a contiguous set of the labels of the label space and…
SYSTEMS AND METHODS FOR REDUCING REFLECTIONS AND FREQUENCY DEPENDENT DISPERSIONS IN REDUNDANT LINKS
Granted: May 13, 2010
Application Number:
20100118726
A network device includes a group of high speed redundant transmission lines and a switch. The switch is configured to select one of the high speed redundant transmission lines. The switch causes reflections and frequency dependent dispersions in the selected high speed redundant transmission line. The network device further includes a transmitting device that is configured to adjust signals transmitted over the selected high speed redundant transmission line so as to reduce the…
ROUTING NETWORK PACKETS BASED ON ELECTRICAL POWER PROCUREMENT ARRANGEMENTS
Granted: May 13, 2010
Application Number:
20100118881
In general, this disclosure describes techniques of selecting routes for network packets through a computer network based, at least in part, on electrical power procurement arrangements of devices in the computer network. As described herein, there may be a plurality of routes through a computer network from a first device to a second device. Each of these routes may include one or more devices that consume electrical power. A route selection device may make a determination regarding how…
COURSE TIMING SYNCHRONIZATION
Granted: May 6, 2010
Application Number:
20100111236
A system for determining the burst start timing of a signal includes logic configured to receive the signal, generate correlation moduli and generate a first timing output based on the correlation moduli. The logic may also be configured to receive operating mode information and timing information and generate search controls. The logic may further be configured to identify a maximum of the correlation moduli using the search controls and determine a second timing output associated with…
FLOW CONSISTENT DYNAMIC LOAD BALANCING
Granted: April 29, 2010
Application Number:
20100106866
A device provides a flow table. The device receives a data unit, determines a data flow associated with the data unit, determines whether the flow table includes an entry corresponding to the data flow, determines a current utilization of a group of output ports of the device, selects an output port, of the group of output ports, for the data flow based on the current utilization of the group of output ports when the flow table does not store an entry corresponding to the data flow, and…
PPP TERMINATING EQUIPMENT, NETWORK EQUIPMENT AND METHOD OF RESPONDING TO LCP ECHO REQUIREMENT
Granted: April 22, 2010
Application Number:
20100098099
In a PPP terminating equipment 100 connected with a switch fabric and terminating PPP link, the PPP terminating equipment 100 has an LCP echo requirement detecting section 20 detecting whether or not a received packet is the LCP echo requirement packet, and an LCP echo response producing section 40 producing a response packet to the LCP echo requirement by rewriting the LCP header of the received LCP echo requirement packet. The PPP terminating equipment 100 thereby produces and returns…
DYNAMIC ACCESS CONTROL POLICY WITH PORT RESTRICTIONS FOR A NETWORK SECURITY APPLIANCE
Granted: April 15, 2010
Application Number:
20100095367
A network security appliance supports definition of a security policy to control access to a network. The security policy is defined by match criteria including a layer seven network application, a static port list of layer four ports for a transport-layer protocol, and actions to be applied to packet flows that match the match criteria. A rules engine dynamically identifies a type of layer seven network application associated with the received packet flow based on inspection of…
INTERCONNECT NETWORK FOR OPERATION WITHIN A COMMUNICATION NODE
Granted: March 18, 2010
Application Number:
20100067523
An interconnect network for operation within communication node, wherein the interconnect network may have features including the ability to transfer a variety of communication protocols, scalable bandwidth and reduced down-time. According to one embodiment of the invention, the communication node includes a plurality of I/O channels for coupling information into and out of the node, and the interconnect network includes at least one local interconnect module having local transfer…
AUTOMATIC HARDWARE-BASED RECOVERY OF A COMPROMISED COMPUTER
Granted: March 18, 2010
Application Number:
20100070800
In general, techniques are described for hardware-based detection and automatic restoration of a computing device from a compromised state. Moreover, the techniques provide for automatic, hardware-based restoration of selective software components from a trusted repository. The hardware-based detection and automatic restoration techniques may be integrated within a boot sequence of a computing device so as to efficiently and cleanly replace only any infected software component.
MOBILE RADIO SYSTEM CAPABLE OF CONTROLLING BASE RADIO STATION WITHOUT IMPOSSIBILITY
Granted: March 11, 2010
Application Number:
20100061283
A mobile radio system comprises first through N-th radio base stations, where N represents a positive integer which is greater than one. On a start-up sequence of an n-th radio base station, a base station control apparatus transmits an n-th individual identifier as a station identifier, to the n-th radio base station to allocate the n-th individual identifier to the n-th radio base station, where n is a variable between one and N, both inclusive. The base station control apparatus…
MODULAR IMPLEMENTATION OF A PROTOCOL IN A NETWORK DEVICE
Granted: March 4, 2010
Application Number:
20100054277
A system includes a gateway node that contains modular cards that separately implement control and data planes of a network protocol. The separate data and control cards provide for improved system reliability and improved flexibility in managing bandwidth. Control or data cards can be added to the gateway node as needed based on system load.
METHOD AND SYSTEM FOR PROVIDING SECURE ACCESS TO PRIVATE NETWORKS WITH CLIENT REDIRECTION
Granted: March 4, 2010
Application Number:
20100057845
Improved approaches for providing secure access to resources maintained on private networks are disclosed. The secure access can be provided through a public network using client software of client-server software and/or with file system software. Multiple remote users are able to gain restricted and controlled access to at least portions of a private network through a common access point, such as an intermediate server of the remote network.
METHOD AND SYSTEM FOR PROVIDING SECURE ACCESS TO PRIVATE NETWORKS
Granted: February 25, 2010
Application Number:
20100049795
Improved approaches for providing secure remote access to resources maintained on private networks are disclosed. According to one aspect, predetermined elements, such as applets, can be modified to redirect all communications to and from an application server through an intermediate server. The intermediate server in turn communicates with the application servers. According to another aspect, a communication framework can be provided to funnel communication between an applet and a…
WIRELESS NETWORK HAVING MULTIPLE SECURITY INTERFACES
Granted: February 25, 2010
Application Number:
20100050240
A number of wireless networks are established by a network device, each wireless network having an identifier. Requests are received from client devices to establish wireless network sessions via the wireless networks using the identifiers. Network privileges of the client devices are segmented into discrete security interfaces based on the identifier used to establish each wireless network session.
THERMAL MANAGEMENT OF ELECTRONIC DEVICES
Granted: February 18, 2010
Application Number:
20100039775
Thermal management is provided for a device. The device may include a substrate having a mounting area on a first surface of the substrate. The device may also include first thermal vias extending from the mounting area to at least an interior of the substrate. The device may also include at least one thermal plane substantially parallel to the first surface of the substrate, the at least one thermal plane being in thermal contact with at least one of the first thermal vias. The device…
SYSTEMS AND METHODS FOR PROVISIONING NETWORK DEVICES
Granted: February 18, 2010
Application Number:
20100042834
A method performed by a network device may include generating and storing a first public key and a first private key in a first device, transmitting a serial number and the first public key from the first device to a second device, generating, by the second device, a second public key and a second private key, transmitting the second public key from the second device to the first device and transmitting the serial number, the first public key, the second public key and the second private…
SCALABLE SECURITY SERVICES FOR MULTICAST IN A ROUTER HAVING INTEGRATED ZONE-BASED FIREWALL
Granted: February 18, 2010
Application Number:
20100043067
A multicast-capable firewall allows firewall security policies to be applied to multicast traffic. The multicast-capable firewall may be integrated within a routing device, thus allowing a single device to provide both routing functionality, including multicast support, as well as firewall services. The routing device provides a user interface by which a user specifies one or more zones to be recognized by the integrated firewall when applying stateful firewall services to multicast…
