公开(公告)号：US08601564B2

公开(公告)日：2013-12-03

申请号：US12387121

申请日：2009-04-28

Applicant: Stefan Wahl ,  Peter Domschitz ,  Juergen Sienel ,  Bernhard Noe

Inventor： Stefan Wahl ,  Peter Domschitz ,  Juergen Sienel ,  Bernhard Noe

IPC: H04L29/06

CPC classification number: H04L63/1416 ,  H04L65/1016

Abstract: The invention relates to a protection unit for protecting a packet-based network from attacks, comprising: a signature analyzer for analyzing a packet stream received in a security border node of the packet-based network and for detecting attacks by comparing signatures of the packet stream with a set of signatures of previously identified attacks, an anomaly detector for detecting anomalies in the packet stream, and a signature interference unit for updating the set of signatures when anomalies in the packet stream are detected, the updated set of signatures being subsequently used for performing the signature analysis. A distribution unit distributes at least one signature of the updated set of signatures to at least one further security border node of the packet-based network. The invention also relates to a security border node comprising such a protection unit, a network comprising at least two such protection units, and a corresponding protection method.

Abstract translation: 本发明涉及一种用于保护基于分组的网络免受攻击的保护单元，包括：签名分析器，用于分析在基于分组的网络的安全边界节点中接收的分组流，并通过比较分组流的签名来检测攻击 具有先前识别的攻击的一组签名，用于检测分组流中的异常的异常检测器，以及当检测到分组流中的异常时更新该组签名的签名干扰单元，随后将更新的签名组用于 执行签名分析。 分发单元将更新的签名集合的至少一个签名分发到基于分组的网络的至少一个另外的安全边界节点。 本发明还涉及包括这种保护单元的安全边界节点，包括至少两个这样的保护单元的网络和相应的保护方法。

公开(公告)号：US07860524B2

公开(公告)日：2010-12-28

申请号：US11358030

申请日：2006-02-22

Applicant: Volker Laible ,  Stefan Wahl ,  Dieter Kopp

Inventor： Volker Laible ,  Stefan Wahl ,  Dieter Kopp

IPC: H04B7/00

CPC classification number: H04M3/56 ,  H04L65/1016 ,  H04L65/4061 ,  H04M3/382 ,  H04M3/385 ,  H04M3/42221 ,  H04M3/42382 ,  H04M3/53 ,  H04M7/006 ,  H04M2203/2044 ,  H04M2203/2066 ,  H04M2203/6054 ,  H04M2207/20

Abstract: The invention concerns a method of providing a Push-to-Talk (=PTT) service within one or more telecommunication networks (1, 2, 3, 4) by means of a gateway-server (5) which sets up a virtual connection per PTT connection. The virtual connection provides information about the participating terminals (10, 20, 30, 40) of the PTT connection, the service type to reach each terminal (10, 20, 30, 40), and the connection status of each terminal (10, 20, 30, 40). Thus, the gateway-server (5) is capable of providing the PTT service within and/or across different telecommunication networks comprising radio access telecommunication networks (1), fixed wire-line telecommunication networks (2), circuit-switched telecommunication networks (3), and packet-switched telecommunication networks (4).

Abstract translation: 本发明涉及通过网关服务器（5）在一个或多个电信网络（1,2,3,4）内提供一键通（= PTT）服务的方法，该网关服务器设置每个虚拟连接 PTT连接。 虚拟连接提供关于PTT连接的参与终端（10,20,30,40）的信息，到达每个终端（10,20,30,40）的服务类型，以及每个终端（10， 20，30，40）。 因此，网关服务器（5）能够在不同的电信网络内和/或跨越无线电接入电信网络（1），固定有线电信网络（2），电路交换电信网络（3） ）和分组交换电信网络（4）。

公开(公告)号：US20060182111A1

公开(公告)日：2006-08-17

申请号：US11351120

申请日：2006-02-10

Applicant: Stefan Wahl

Inventor： Stefan Wahl

IPC: H04L12/56

CPC classification number: H04L29/12009 ,  H04L29/06027 ,  H04L29/125 ,  H04L29/12528 ,  H04L29/12537 ,  H04L61/2564 ,  H04L61/2575 ,  H04L61/2578 ,  H04L65/1006 ,  H04L65/1069

Abstract: A method to establish an Internet connection between a first (1) and a second (2) user agent is described, wherein a NAT-table entry in a controllable NAT (7) located in the Internet (3) is generated, wherein said NAT-table entry comprises public IP-address:Port pairs that are communicated to the user agents (1, 2), wherein the user agents (1, 2) use said public IP-address:port pairs for establishing an Internet connection between each other via the controllable NAT (7).

Abstract translation: 描述了在第一（1）和第二（2）用户代理之间建立因特网连接的方法，其中生成位于因特网（3）中的可控NAT（7）中的NAT表条目，其中所述NAT - 表项包括公共IP地址：传送给用户代理（1,2）的端口对，其中用户代理（1,2）使用所述公共IP地址：端口对来建立彼此之间的因特网连接 通过可控的NAT（7）。

公开(公告)号：US5602845A

公开(公告)日：1997-02-11

申请号：US560026

申请日：1995-11-17

Applicant: Stefan Wahl

Inventor： Stefan Wahl

IPC: G06F7/58 ,  H04L12/54 ,  H04L12/70 ,  H04L12/56

CPC classification number: H04L12/5601 ,  G06F7/588 ,  H04L2012/568

Abstract: For traffic mixing, an implementation involves generating a random element in a device that detects nondeterministic events already occurring in operation of the device and mapping them to the random element by means of an assignment rule. The traffic mixing in an ATM switching element (SE) is achieved by cyclically writing data packets into a buffer (MEM) and cyclically reading data packets out of a buffer (MEM). The write cycle in this case is clocked by the arrival of a data packet, that is, by a nondeterministic event. The read cycle is clocked by a stable clock signal.

Abstract translation: 对于流量混合，实现包括在检测设备操作中已经出现的非确定性事件的设备中生成随机元素，并通过分配规则将它们映射到随机元素。 ATM交换元件（SE）中的流量混合通过将数据分组循环地写入缓冲器（MEM）并从缓冲器（MEM）中循环读取数据分组来实现。 这种情况下的写周期由数据包的到达，即非确定性事件计时。 读周期由稳定的时钟信号计时。

公开(公告)号：US5173897A

公开(公告)日：1992-12-22

申请号：US630268

申请日：1990-12-19

Applicant: Karl Schrodi ,  Gert Eilenberger ,  Stefan Wahl ,  Bodo Pfeiffer ,  Bozo Cesar

Inventor： Karl Schrodi ,  Gert Eilenberger ,  Stefan Wahl ,  Bodo Pfeiffer ,  Bozo Cesar

IPC: G06F13/00 ,  H04L12/70 ,  H04L12/935

CPC classification number: H04L49/3027 ,  H04L2012/565

Abstract: To be able to load an ATM switching network as efficiently as possible, the successive cells of one and the same connection are routed to the output by as many different paths as possible; however, mutual overtaking of successive cells must be avoided or corrected. Each cell is held at the output until it is certain that no older cell can be buffered in the switching network. Before the cell is passed on, a check is made to determine whether the cells received from the switching network later include an older cell which must be passed on before that cell. At the input end, consecutive numbers ("Sequence Numbers") are allocated to the cells. A buffer (1) at the output end is operated, at least in part (1 . . . d), in the manner of a shift register, thereby introducing a predetermined delay. Prior to the output of a cell, at least the shift-register-like portion of the buffer is examined as to whether a cell written in later is to be put out earlier: if so, the two cells are interchanged.

Abstract translation: 为了能够尽可能高效地加载ATM交换网络，同一连接的连续小区通过尽可能多的不同路径被路由到输出; 然而，必须避免或纠正连续单元的相互超越。 每个单元被保持在输出端，直到确定没有较旧的单元可以在交换网络中缓冲。 在传输小区之前，进行检查以确定从交换网络接收的小区是否包括在该小区之前必须传递的较旧的小区。 在输入端，连续的数字（“序列号”）被分配给单元。 输出端的缓冲器（1）至少部分地（1·d）以移位寄存器的方式运行，从而引入预定的延迟。 在单元的输出之前，至少检查缓冲器的移位寄存器状部分，以便稍后写入的单元是否被提前：如果是，两个单元被互换。

公开(公告)号：US06434610B1

公开(公告)日：2002-08-13

申请号：US09350160

申请日：1999-07-09

Applicant: Stefan Wahl

Inventor： Stefan Wahl

IPC: G06F1516

CPC classification number: H04N21/23 ,  H04L49/90 ,  H04L49/9036 ,  H04N21/21

Abstract: A procedure for operating a server (SERV) that supplies subscribers with data streams of different contents (CONT1 to CONT3), as well as a server and a control unit for executing the procedure. The contents (CONT1 to CONT3) are each stored in a memory unit or in several memory units of the server, and in order to supply a subscriber (SUB1 to SUB8) with a data stream of a particular content, the particular content is read out from the memory unit or from one of the memory units in which the content is stored, and sent to the subscriber as a data stream. A Busy list is set up for each of the contents (CONT1 to CONT3) stored in the memory units (DSD1 to DSD5) of the server (SERV). Each memory unit (DSD1 to DSD4) in which a content is stored, is allocated to the Busy list of the content stored in it. Each memory unit (DSD5) that is not at that time needed for supplying a subscriber, is allocated to a Free list. If a further memory unit is needed in order to supply subscriber with a particular content, a memory unit allocated to the Free list is selected for this purpose, and it is first attempted to select a memory unit allocated to the Free list that is also allocated to the Busy list of the particular content.

Abstract translation: 用于操作为用户提供不同内容（CONT1至CONT3）的数据流的服务器（SERV）的过程以及用于执行该过程的服务器和控制单元。 内容（CONT1〜CONT3）分别存储在服务器的存储单元或多个存储单元中，为了向用户（SUB1〜SUB8）提供特定内容的数据流，读出特定内容 从存储器单元或存储单元中存储有内容的存储器单元之一发送到用户作为数据流。 为存储在服务器（SERV）的存储单元（DSD1至DSD5）中的每个内容（CONT1至CONT3）设置忙列表。 其中存储内容的每个存储单元（DSD1至DSD4）被分配给存储在其中的内容的忙列表。 每个不在当时提供用户所需的存储单元（DSD5）被分配给一个空闲列表。 如果需要另外的存储器单元以向用户提供特定的内容，则为此目的选择分配给自由列表的存储器单元，并且首先尝试选择分配给自由列表的存储器单元，该存储器单元也被分配 到忙碌的列表中的特定内容。

公开(公告)号：US5629925A

公开(公告)日：1997-05-13

申请号：US429719

申请日：1995-04-27

Applicant: Bodo Pfeiffer ,  Stefan Wahl

Inventor： Bodo Pfeiffer ,  Stefan Wahl

IPC: H04M3/22 ,  H04L12/937 ,  H04L12/939 ,  H04Q3/52 ,  H04Q11/04 ,  H04G11/00 ,  H04J3/02

CPC classification number: H04L49/55 ,  H04L49/254

Abstract: A method of operating a switching network, a switching network, and an exchange with such a switching network are described. The switching network consists of several switching modules and an interconnect network between these switching modules. The interconnect network includes a switch unit and interconnects the switching modules in accordance with a logic interconnection structure. The switch unit is simple and can be implemented by all-optical means. By means of the switch unit the logic interconnection structure can be reconfigured. This makes it possible to reconfigure the switching network in the event of a failure of a switching module or according to the load characteristic (video, voice, computer-computer communication). Further, a uniform switch unit can be used to meet different requirements ("flexible hardware").

Abstract translation: 描述了一种操作交换网络，交换网络和与这种交换网络的交换的方法。 交换网络由几个交换模块和这些交换模块之间的互连网络组成。 互连网络包括开关单元，并且根据逻辑互连结构互连开关模块。 开关单元简单，可通过全光学手段实现。 通过开关单元，逻辑互连结构可以重新配置。 这样就可以在交换模块出现故障或根据负载特性（视频，语音，计算机 - 计算机通信）等情况下重新配置交换网络。 此外，可以使用统一的开关单元来满足不同的要求（“灵活的硬件”）。

公开(公告)号：US5535366A

公开(公告)日：1996-07-09

申请号：US665788

申请日：1991-03-06

Applicant: Bodo Pfeiffer ,  Thomas Banniza ,  Bozo Cesar ,  Stefan Wahl ,  Klaus-Dieter Menk

Inventor： Bodo Pfeiffer ,  Thomas Banniza ,  Bozo Cesar ,  Stefan Wahl ,  Klaus-Dieter Menk

IPC: G06F13/00 ,  H04L12/56

CPC classification number: H04L12/5601 ,  H04L49/108

Abstract: A buffer or other communications resource in, e.g., an ATM switch element receives random data which is then used by different data sinks. After the data has been outputted to the data sinks, the communications resource (e.g., the memory locations of the buffer) are released, i.e., labeled as free again. However, a resource which is not marked as free as a result of an error (whether erroneously the data is not retrieved or whether the release procedure is erroneous) remains blocked. To avoid permanent blockage of those memory locations whose contents have been in the buffer so long that they definitely (or at least very likely) should have been called for, information on the time of entry is stored together with the data. All memory locations are checked at regular intervals for the age of their contents. Upon attainment of a predetermined age, the location is labeled as free.

Abstract translation: 例如ATM交换单元中的缓冲器或其他通信资源接收随后的数据，然后由不同的数据宿使用。 在将数据输出到数据接收器之后，通信资源（例如，缓冲器的存储器位置）被释放，即再标记为空闲。 然而，由于错误而不被标记为空闲的资源（无论数据是否被检索是错误还是释放过程都是错误的）仍然被阻止。 为了避免永久性地阻止其内容已经在缓冲区中的那些内存位置被肯定地（或至少很可能）应该被调用的内存位置，输入时的信息与数据一起存储。 对于其内容的年龄，定期检查所有记忆位置。 在达到预定年龄后，该位置被标记为空闲。

公开(公告)号：US08850239B2

公开(公告)日：2014-09-30

申请号：US13376550

申请日：2010-06-18

Applicant: Stefan Wahl ,  Markus Bauer

Inventor： Stefan Wahl ,  Markus Bauer

IPC: G06F1/00 ,  G06F9/46 ,  H02J3/00 ,  H02J3/14

CPC classification number: H02J3/14 ,  H02J3/005 ,  Y02B70/3225 ,  Y04S20/222

Abstract: The network computing cluster includes one or more network computing stations and one or more power autarkic network computing stations supplied by one or more associated local power generators. The power autarkic network computing stations and the local power generators are connected with a local power network. A control signal is sent to a resource managing unit of the network computing cluster via a communication network. The control signal indicates the ability of the power autarkic network computing stations to process IT-services. The resource managing unit receives the control signal via the communication network. Triggered by the control signal, the resource managing unit sends a signal for transferring an IT-service processed by a network computing station of the network computing stations to the network computing station via the communication network. The processed IT-service is transferred to one of the power autarkic network computing stations via the communication network.

Abstract translation: 网络计算集群包括由一个或多个相关联的本地发电机提供的一个或多个网络计算站和一个或多个电力自给自足网络计算站。 电力自给网络计算站和本地发电机与本地电力网连接。 控制信号通过通信网络发送到网络计算簇的资源管理单元。 控制信号指示电力自动网络计算站处理IT服务的能力。 资源管理单元经由通信网络接收控制信号。 由控制信号触发，资源管理单元经由通信网络发送用于将由网络计算站的网络计算站处理的IT服务传送到网络计算站的信号。 经处理的IT服务经由通信网络传送到一个电力自给网络计算站。

公开(公告)号：US08365284B2

公开(公告)日：2013-01-29

申请号：US12457069

申请日：2009-06-01

Applicant: Stefan Wahl

Inventor： Stefan Wahl

IPC: H04L29/06

CPC classification number: H04L63/1416 ,  H04L65/1006

Abstract: The invention relates to a security border node (2a) for protecting a packet-based network from attacks, comprising: an anomaly detection unit (10) for performing an anomaly detection, in particular a statistical analysis, on session control messages (11), in particular on SIP messages contained in a packet stream (5) received in the security border node (2a). The security border node further comprises a message context provisioning unit (13) for providing at least one session control message (11) to the anomaly detection unit (10) together with message context information (12, 17, 24) related to a client (22) and/or to a session (23) to which the session control message (11, 11a to 11f) is attributed. The invention also relates to a method for protecting a packet-based network from attacks, to a computer program product, and to a packet-based network.