4033 results about "Protocol stack" patented technology

Improvements in intrusion detection are disclosed by providing integrated intrusion detection services. Preferably, these services are integrated into a system or server that is the potential target of attack. Stack-based security processing is leveraged for access to cleartext data within the layers of the protocol stack. Layer-specific attacks may therefore be processed efficiently. Evaluation of incoming traffic for an intrusion is preferably performed only after an error condition of some type has been detected. This approach reduces the overhead of intrusion detection by reducing the number of packets to be inspected, and at the same time allows more efficient packet inspection through use of context-specific information that may be used to direct the inspection to particular candidate attacks. Generic attack class capability is also disclosed. Intrusion detection policy information may be used to direct the actions to be taken upon detecting an attack.

Disclosed is a system for minimizing the effects of faults over an air link of a wireless transmission channel utilizing Transport Control Protocol (TCP). The system includes a TCP-Aware Agent Sublayer (TAS) in a protocol stack, which has a mechanism for caching both TCP packets during forward transmission and acknowledgment (ACK) return packets. The caching mechanism is located near a wireless link of the wireless transmission channel. The system also includes a link monitoring agent coupled to the TAS. The link monitoring agent monitors the condition of the wireless transmission channel for an occurrence of a predefined fault. Once a predefined fault is detected, a system response is implemented based on the type of fault encountered. When the fault is an air link packet loss, an associated packet is immediately retransmitted from the cache, and when the fault is a temporary disconnect, a congestion window of the TCP source is closed.

An operating system kernel, including a protocol stack, includes a network layer for receiving a message from a data network, a stackable file system layer coupled to the network layer for inspecting the message, wherein the stackable file system layer is coupled to a storage device, the stackable file system determining and storing file system level information determined from the message, and a wrapped file system comprising a file targeted by the message coupled to the stackable file system layer for receiving the message inspected by the stackable file system.

A system for reducing the cost of network managment by using a proxy agent and subchannel communications so fewer SNMP licenses and fewer protocol stacks are needed. Subchannel communication is achieved in a plurality of different embodiments. Embodiments having single subchannel transceivers, multiple transceivers, single multiplexer and multiple multiplexers are disclosed. An NMS process using routing table CRC to automatically detect when the NMS topology information is incorrect and automated topology discovery is disclosed. A process for automated discovery of redundant cables during automated topology discovery is disclosed.

The present invention provides the benefits of negotiated network resources to session-unaware applications. When a session-unaware application runs on a mobile device, the device, knowing that the application is session-unaware, negotiates appropriate network-policy parameters for the application. The application remains unaware, but it receives the benefits of the network-policy parameter negotiation. The network-policy parameter negotiation is carried on between the mobile device and a “network policy mediator” in the network. Together, they reserve the appropriate network resources and secure the appropriate guarantees. In some embodiments, a software “shim” runs in the network-protocol stack on the mobile device. By intercepting network-access attempts sent by the session-unaware application, the shim knows to begin the network-policy parameter negotiation. In some embodiments, the mobile device downloads information about session-unaware applications from the network. This information includes a list of which network-policy parameter guarantees would be most beneficial to each application.

A system, apparatus, and method for maintaining a socket connection over a wireless network. For example, one embodiment of the invention is a wireless data processing device for emulating a socket connection comprising: a wireless radio for establishing a wireless communication channel with a wireless service provider over a wireless network; a network protocol stack including at least one layer configured to establish a socket connection with a remote server over the wireless network, the network protocol stack further including an application layer for executing applications capable of transmitting and receiving data over the socket connection; and a resumable socket module configured to emulate an open socket connection transparently to applications within the application layer, even when the wireless communication channel is temporarily lost, the resumable socket module counting a number of bytes transmitted or to be transmitted to the remote server and maintaining a buffer containing the bytes transmitted or to be transmitted.

The invention discloses a multimode terminal and a data transmitting method thereof. The multimode terminal of the invention is provided with at least one mobile communication protocol stack, one wireless local area network protocol stack, a shared buffer area and a transmitting controller, wherein, the mobile communication protocol stack is used for storing IP data packet received from the internet to the shared buffer area and then informing the transmitting control layer; the transmitting control layer is used for informing the wireless local area network protocol stack storage address of the IP data packet in the shared buffer area; the wireless local area network protocol stack is used for taking the IP data packet out of the share buffer area and sending the IP data packet to a radio installation, and anyone of the mobile communication protocol stack, the transmitting control layer and the wireless local area network protocol stack modifies target IP address of the IP data packet to be the IP address of the radio installation in the wireless local area network connection. The multimode terminal and data transmitting method of the invention can effectively improve data transmission utilization.

A computer system aggregates a plurality of network resources of a computer system. The computer system has a plurality of processing nodes. Each of the processing nodes includes one or more of the plurality of network resources. The one or more resources of each processing node makes up a bypass protocol stack operable to provide offloaded connections over a network to instances of one or more applications running on the system. Each of the applications is uniquely associated with a first port number. The system is identified on the network by a global IP address and each of the plurality of nodes is identified by a unique local IP address. Each of the plurality of resources is uniquely identified by an assigned private IP address. At each of the processing nodes, a listening socket is created for each instance of the plurality of applications running on the node. The listening socket is created by associating it with a first endpoint tuple that includes the public IP address uniquely identifying the node and the first port number associated with the application for which the listening socket is created. The first endpoint tuple associated with each listening socket created is translated to a set of bypass endpoint tuples, each of the set of bypass tuples including a different one of the assigned private IP addresses identifying the one or more network resources of the node. Each listening socket is associated with the set of bypass tuples. A global address translation map is maintained for each set of bypass tuples associated with each of the listening sockets created for an instance of each of the applications running on the plurality of processing nodes.

A method and system for using a communication network having a relay node to provide wireless communication with a mobile station. A protocol stack is implemented in the relay node in which the protocol stack includes a media access control layer defining a media access control protocol. The media access control protocol defines a set of headers providing media access control layer data plane functions in the relay node.

A system and method for detecting network intrusions using a protocol stack multiplexor is described. A network protocol stack includes a plurality of hierarchically structured protocol layers. Each such protocol layer includes a read queue and a write queue for staging transitory data packets and a set of procedures for processing the transitory data packets in accordance with the associated protocol. A protocol stack multiplexor is interfaced directly to at least one such protocol layer through a set of redirected pointers to the processing procedures of the interfaced protocol layer. A data packet collector references at least one of the read queue and the write queue for the associated protocol layer. A data packet exchanger communicates a memory reference to each transitory data packet from the referenced at least one of the read queue and the write queue for the associated protocol layer. An analysis module receives the communicated memory reference and performs intrusion detection based thereon.

The disclosed embodiments relate to a communication device for use in a node of a system having a plurality of nodes. Each of the plurality of nodes may include network interface controllers ("NICs") and each of the NICs may have a public identifier and a private identifier associated therewith. A first protocol stack may operate according to a first protocol that is associated with the public identifier and a second protocol stack may operate according to a second protocol that is associated with the private identifier. A storage device may associate the public identifier of one or more of the NICs with the first protocol stack and the private identifier of one or more of the NICs with the second protocol stack. Received messages that incorporate the public identifier may be directed to the first protocol stack and messages that incorporate the private identifier may be directed to the second protocol stack.

Methods and systems for processing data communicated over a network. In one aspect, an exemplary embodiment includes processing a first group of network packets in a first processor which executes a first network protocol stack, where the first group of network packets are communicated through a first network interface port, and processing a second group of network packets in a second processor which executes a second network protocol stack, where the second group of network packets is communicated through the first network interface port. Other methods and systems are also described.

A secure voice over internet protocol (VoIP) terminal includes a modular security manager for use in conjunction with a protocol stack thereof, wherein the security manager includes a plurality of interfaces to the stack. In an SIP embodiment, these may include a security stack interface (SSA) between an SIP manager of an SIP stack and the security manager, a security terminal interface (SST) between a telephony application and the security manager, a security media interface (SSM) between the security manager and a media controller, and a security manager application interface (SMA) between the security manager and a security application (PGP) outside the stack.

A wireless proximity network is extended to provide peer-to peer communication among ad hoc networks. A mobile device (peer) coupled to an access point serves an adhoc network via a short-range communication link. The peer executes a Bluetooth protocol stack. Each peer has a routing table about all the peers in the adhoc network. A peer to peer software layer (P2P) runs on top of the Bluetooth protocol stack and beneath a multi-user application layer. The P2P software handles application deployment, peer management and communications for applications and provides information about existing peers on the adhoc network; routes messages between peers within an ad hoc network and from one peer to another in different adhoc networks. The access point is connected to a wireless LAN via a wireless router. The access point has an IP-BT address conversion table and communicates with other access points via wireless routers using TCP/IP protocols.

A method is provided for efficiently processing messages staged for authentication in a security layer of a protocol stack in a wireless vehicle-to-vehicle communication system. The vehicle-to-vehicle communication system includes a host vehicle receiver for receiving messages transmitted by one or more remote vehicles. The host receiver is configured to authenticate received messages in a security layer of a protocol stack. A wireless message broadcast by a remote vehicle is received. The wireless message contains characteristic data of the remote vehicle. The characteristic data is analyzed for determining whether the wireless message is in compliance with a predetermined parameter of the host vehicle. The wireless message is discarded prior to a transfer of the wireless message to the security layer in response to a determination that the wireless message is not in compliance with the predetermined parameter of the host vehicle. Otherwise, the wireless message is transferred to the security layer.

A gateway is provided for interfacing packet-based phone services with controllers of emergency call centers. For each type of electronic medium to be interfaced, the gateway comprises a specific I/O interface and a specific module such as a protocol stack. The gateway also comprises an auxiliary information gateway application that integrates the I/O interfaces and modules into a logical framework that enables inter-working therebetween. A controller that includes the functionality of the gateway device is also provided. Methods for enabling emergency calls, and more generally for enabling a multi-media session, are also provided.

A method of running a target device in a hardware-in-the-loop network simulation via a host computer may include launching a network application on a host computer each having a protocol stack and a network device connected to a simulated network of target devices, interposing, on the host computer, a target device interface and adaptor between the protocol stack and the network device and transferring data and control information between the network application and the target device via the network device, whereby the target device runs on the host computer as if the target device were running directly on a host computer having a network device directly compatible with the target device.

The invention provides mechanisms for transferring processor control of secure Internet Protocol (IPSec) security association (SA) functions between a host and a target processing devices of a computerized system, such as processors in a host CPU and a NIC. In one aspect of the invention, the computation associated with authentication and/or encryption is offloaded while the host maintains control of when SA functions are offloaded, uploaded, invalidated, and re-keyed. The devices coordinate to maintain metrics for the SA, including support for both soft and hard limits on SA expiration. Timer requirements are minimized for the target. The offloaded SA function may be embedded in other offloaded state objects of intermediate software layers of a network stack.

A system, apparatus, and method are directed to converting from a use of a HTTPS connection to a tunnel connection while maintaining an underlying connection between a client and a server. An HTTPS connection is employed to establish a network connection between a client device and a network device. A gateway is selected to receive a request from the client device. In one embodiment, selecting may comprise using load-balancing, cookie-persistence, or the like. Subsequently, the HTTPS connection is transitioned to another application layer communication protocol connection. Transitioning may comprise converting from a use of a first protocol stack configured to process a HTTP connection to a second protocol stack configured to process a non-HTTP based application protocol connection, and establishing a tunnel between the client device and a server through the selected gateway.

A method and system capable of providing mobility support for IPv4/IPv6 inter-networking to a mobile node is disclosed. The mobile node in the system has an address mapper, an IPv4 protocol stack and an IPv6 protocol stack in the network layer. When moving from IPv4 to IPv6 networks, the mobile node registered an IPv4 address receives router advertisement packets from an IPv6 router, so as to obtain a IPv6 care-of-address, and resolve the IPv6 care-of-address by an IPv4 care-of-address. The address mapper issues an IPv4 message to register the IPv4 care-of-address. When moving from IPv6 to IPv4 networks, the mobile node registered an IPv6 address receives agent advertisement messages from a foreign agent, so as to obtain an IPv4 care-of-address, resolve the IPv4 care-of-address by an IPv6 care-of-address. The address mapper issues an IPv6 message to register and update binding information by the IPv6 care-of-address.