-
公开(公告)号:US12028378B2
公开(公告)日:2024-07-02
申请号:US18068470
申请日:2022-12-19
CPC分类号: H04L63/166 , H04L9/0822 , H04L9/0827 , H04L63/0435 , H04L2463/062
摘要: A method for resuming a Transport Layer Security (TLS) session in a Service Function Chain comprising a plurality of Service Function nodes coupled to a Service Function Forwarder. A request is received at a first Service Function node to establish a TLS session, and a Pre-Shared Key (PSK) and a PSK identifier that uniquely correspond to the first Service Function node and the TLS session are generated. The PSK identifier is forwarded to one or more of the Service Function Forwarder and the plurality of Service Function nodes. A request to resume the TLS session is received from a client device that previously disconnected. It is determined that the connection request contains the PSK identifier, a second Service Function node is selected, and the TLS session is re-established between the client device and the second Service Function node using the same PSK as the prior TLS session.
-
公开(公告)号:US11343178B2
公开(公告)日:2022-05-24
申请号:US16558367
申请日:2019-09-03
IPC分类号: H04L45/64 , H04L45/302 , H04L12/46 , H04L47/31 , H04L47/11
摘要: A network node in a service function chain system receives a peer detection packet from a service function device in a service function path. The peer detection packet includes an inner packet with a header, such as a network service header. The network node detects a status indicator in the header that indicates a degradation in performing a service function at the service function device. The network node adjusts the service function path to compensate for the degradation in performing the service function at the service function device.
-
公开(公告)号:US10863333B2
公开(公告)日:2020-12-08
申请号:US16277309
申请日:2019-02-15
摘要: Systems, methods, and computer-readable mediums for federating an enterprise and a SaaS provider across one or more network slices of a network service provider. A SaaS provided by a SaaS provider for provisioning to an enterprise can be recognized. One or more network slices within a network of a network service provider between the enterprise and the SaaS provider can be identified. The one or more network slices can be used to provision the SaaS to the enterprise. As follows, the SaaS provider can be federated with the enterprise across one or more network service providers, including the network service provider. Specifically, the SaaS provider can be federated with the enterprise by uniquely associating the one or more network slices provided by the network service provider with the SaaS provisioned by the SaaS provider to the enterprise.
-
4.发明授权公开(公告)号:US10791485B2
公开(公告)日:2020-09-29
申请号:US16161951
申请日:2018-10-16
摘要: A disclosed method is performed at a server (e.g., a content delivery network (CDN) server). The server receives from a QUIC client a first token, where the first token includes a first connection identifier that identifies a first path connecting the QUIC client to the server. The server validates the first token, including validating path properties associated with the first path extracted from the first token. The server further generates a second token associated with a second connection identifier that identifies a second path connecting the QUIC client to the server in accordance with a successful validation of the first token. Additionally, the server transmits the second token to the QUIC client.
-
公开(公告)号:US10523657B2
公开(公告)日:2019-12-31
申请号:US14942898
申请日:2015-11-16
摘要: In one embodiment, a first request may be received from a first endpoint to access a cloud-based conference platform. The first request can include a first access token. Based at least on the first request, a first certificate may be provided to the first endpoint, wherein the first certificate may not include an identity of the first endpoint. A second request may be received from a second endpoint to access the cloud-based conference platform. The second request can include a second access token. Based at least on the second request, a second certificate can be provided to the second endpoint, wherein the second certificate may not include an identity of the second endpoint. Data can be routed within the cloud-based conference platform between the first endpoint and second endpoint based at least upon the first certificate and the second certificate.
-
6.发明申请公开(公告)号:US20190327111A1
公开(公告)日:2019-10-24
申请号:US16502572
申请日:2019-07-03
IPC分类号: H04L12/46 , H04L12/741 , H04L29/08 , H04L12/751
摘要: A network node in a service function chaining system receives multiple media streams of a media session between endpoints. Each media stream is encapsulated with a service header indicating a service function path and a session identifier. The network node determines that multiple service functions connected to the network node perform a particular service function in the service function path. The network node provides all of the media streams of the media session to a single service function instance to ensure that the media session is processed by the single service function.
-
公开(公告)号:US10009336B2
公开(公告)日:2018-06-26
申请号:US15157588
申请日:2016-05-18
CPC分类号: H04L63/0823 , H04L9/30 , H04L9/3263 , H04L9/3268 , H04L61/1511 , H04L61/6013 , H04L63/0428 , H04L63/1466 , H04L63/166 , H04L67/2847 , H04L69/326
摘要: In one embodiment, a Domain Name Service (DNS) server pre-fetches domain information regarding a domain that includes certificate information for the domain. The DNS server receives a DNS request that includes a security request for the domain in metadata of a Network Service Header (NSH) of the DNS request. The DNS server retrieves the certificate information for the domain from the pre-fetched information regarding the domain, in response to receiving the security request. The DNS server sends, to a Transport Layer Security (TLS) proxy, a DNS response for the domain that includes the certificate information in metadata of an NSH of the DNS response.
-
公开(公告)号:US20180159894A1
公开(公告)日:2018-06-07
申请号:US15366354
申请日:2016-12-01
IPC分类号: H04L29/06
CPC分类号: H04L63/1458 , H04L63/02 , H04L63/1416 , H04L2463/141
摘要: Presented herein are techniques for mitigating a distributed denial of service attack. A method includes, at a network security device, such as a firewall, monitoring network traffic, flowing through the firewall, destined for a network device, determining whether the network traffic is below a predetermined amount, while the network traffic is below the predetermined amount, sending to the network device a plurality of probes, receiving responses from the network device in response to the probes, and setting one or more thresholds for subsequent traffic destined for the network device based on the responses received from the network device.
-
公开(公告)号:US09954774B2
公开(公告)日:2018-04-24
申请号:US15066467
申请日:2016-03-10
发明人: Prashanth Patil , K. Tirumaleswar Reddy , Gonzalo Salgueiro , James N. Guichard , Carlos M. Pignataro
IPC分类号: H04L12/721
CPC分类号: H04L45/566 , H04L45/302
摘要: In one embodiment, a service function classifier device determines a classification of a packet using one or more packet classification rules. The device selects a service function path based on the classification of the packet. The device determines one or more traffic flow characteristics based on the classification of the packet. The device generates a service function chaining (SFC) header that identifies the selected service function path and the determined one or more traffic flow characteristics. The SFC header is configured to cause a device along the service function path to forward the encapsulated packet based on the identified service function path and the determined one or more traffic flow characteristics. The device sends the packet along the selected service function path as an encapsulated packet that includes the generated SFC header.
-
10.发明申请Domain Name Service Redirection for a Content Delivery Network with Security as a Service 审中-公开具有安全即服务的内容传送网络的域名服务重定向公开(公告)号:US20160380975A1
公开(公告)日:2016-12-29
申请号:US14748499
申请日:2015-06-24
CPC分类号: H04L63/0281 , H04L61/1511 , H04L61/6068 , H04L63/107 , H04L67/02 , H04L67/10 , H04L67/28
摘要: In one implementation, a cloud connector obtains location information for a proxy server of a security as a service (SecaaS) function. The cloud connector receives a content request from a user device for content hosted in a content delivery network (CDN). A domain name service (DNS) request, with location information, is forwarded to a DNS authoritative server. An identification of a downstream CDN server is received from the DNS authoritative server. The identification of the downstream CDN is based on the location information for the proxy server of the SecaaS function. The content is obtained from the downstream CDN server through the proxy server of the SecaaS function.
摘要翻译: 在一个实现中,云连接器获得作为服务(SecaaS)功能的安全服务器的代理服务器的位置信息。 云连接器从用户设备接收内容传送网络(CDN)中托管的内容的内容请求。 具有位置信息的域名服务(DNS)请求被转发到DNS权威服务器。 从DNS权威服务器接收到下游CDN服务器的标识。 下游CDN的识别基于SecaaS功能的代理服务器的位置信息。 内容通过SecaaS功能的代理服务器从下游CDN服务器获取。
-
-
-
-
-
-
-
-
-
搜索结果
111 条记录 (耗时 0.025 秒)
