Patent application number | Description | Published |
20100325436 | METHOD, SYSTEM, AND DEVICE FOR OBTAINING KEYS - A communication system that obtains a key includes: a server that confirms support of Identity Based Encryption (IBE) authentication; the server obtains public parameters and a private key for IBE; and the server receives a PreMasterSecret key encrypted through the IBE, and obtains a plain text of the PreMasterSecret key according to the public parameters and the private key. The system includes a client and a server. The client includes an IBE negotiating module, a public parameter obtaining module, a server identifier obtaining module, and a processing module. The server includes an IBE negotiating module, a public parameter obtaining module, a private key obtaining module, and a processing module. Through combination of the IBE technology and the SSL/TLS technology, the modes of encrypting a PreMasterSecret key in the existing SSL/TLS protocol are diversified, and the use scope of the existing SSL/TLS protocol is extended substantially. | 12-23-2010 |
20110040968 | METHOD AND SYSTEM FOR FORWARDING DATA BETWEEN PRIVATE NETWORKS - In the field of communications technology, a method and a system for forwarding data between private networks are provided, which can enable terminals in different private networks to securely communicate with each other by using private network addresses. The method includes the following steps. A Secure Socket Layer (SSL) tunnel to an SSL Virtual Private Network (VPN) device in another private network is established. Address allocation information of the another private network is received through the SSL tunnel. The address allocation information and a mapping relation between the address allocation information and a public network IP address of the SSL VPN device transmitting the address allocation information and a session ID of the SSL tunnel transmitting the address allocation information are saved. A data packet whose destination address belongs to the another private network is forwarded to the SSL VPN device of the private network to which the destination address belongs, according to the address allocation information and the mapping relation. Through the method, the SSL VPN device can resolve private network addresses of other private networks. | 02-17-2011 |
20110107104 | METHOD, SYSTEM, AND DEVICE FOR NEGOTIATING SA ON IPv6 NETWORK - A method, system, and device for negotiating a security association (SA) on an Internet Protocol version 6 (IPv6) network are disclosed. In this method, the initiator and the responder generate an SA through the interaction of two messages. Compared with the conventional procedure for setting up an SA based on the Internet Key Exchange Protocol (IKE), the interaction procedure in the present invention is simplified significantly. Therefore, the negotiation is faster and more convenient. In addition, with the present invention, cryptographically generated address parameters (CGA Params) are carried in the message and the CGA may be verified so that the invader cannot spoof the address. | 05-05-2011 |
20110119534 | METHOD AND APPARATUS FOR PROCESSING PACKETS - A method and apparatus for processing packets are provided to extend the usage of a Cryptographically Generated Addresses (CGA) protocol. The method includes: receiving an Internet Protocol version 6 (IPv6) packet carrying CGA related information from a sender; obtaining the CGA related information from the IPv6 packet at the network layer, where the CGA related information includes the CGA parameters (CGA Params) and CGA signature (CGA Sig) of the sender; verifying the source address of the IPv6 packet according to the CGA Params and CGA Sig; transmitting the payload of the IPv6 packet after the verification succeeds. In the present invention, the packet is not limited to the IPv6 packet; the IP packet of a version later than IPv6 or the IP packet compatible with IPv6 may also be used. | 05-19-2011 |
20110264908 | Method and device for preventing network attacks - A method for preventing network attacks is provided, which includes: obtaining a data packet, where a source address of the data packet is a cryptographically generated address (CGA); determining that the obtained data packet includes a CGA parameter and signature information; authenticating the CGA parameter; authenticating the signature information according to the authenticated CGA parameter; and sending the data packet to a destination address when the signature information is authenticated. Accordingly, a device for preventing network attacks is also provided. A CGA parameter used by a data packet is directly used to ensure authenticity of a source address of the data packet, thus preventing network attacks performed by counterfeiting the address. In addition, by authenticating signature information, authenticity of identification of a sender of the data packet and bound address of the sender of the data packet are further ensured. Therefore, illegal data packets are filtered to prevent network attacks on servers, thus improving network security. | 10-27-2011 |
Patent application number | Description | Published |
20080222702 | SYSTEM AND METHOD FOR PREVENTING VIRUSES FROM INTRUDING INTO NETWORK - Some embodiments of the present invention provide a system and method for preventing viruses from intruding into a network. The system for preventing viruses from intruding into a network includes: a detection unit for performing virus detection to traffic passing through the network, and a control unit arranged between terminals and the network. The control unit is adapted to control access of the terminals to the network, and decide whether to allow the terminals to access the network according to detection result from the detection unit. According to the invention, all the traffic of a terminal infected by a virus is limited, and the connection between the terminal and the network is interrupted, thereby preventing the virus from diffusing and propagating widely over the network, and improving operation security of the network. | 09-11-2008 |
20090043898 | MESSAGE FORWARDING METHOD AND NETWORK DEVICE - A message forwarding method includes: receiving a SIP registration request message carrying a contact address; obtaining the contact address carried in the SIP registration request message; and determining that the contact address is one of SIP proxy server addresses in a network stored in advance; and executing an abnormal process on the SIP registration request message. The present invention also discloses a network device. The message forwarding method and network device in the present invention can prevent a SIP loop attack. | 02-12-2009 |
20100017376 | METHOD AND SYSTEM FOR DETECTING ACCESSING HOST CONTAINED IN NETWORK, AND STATISTIC AND ANALYZING SERVER - A detecting method is provided, which includes extracting an Internet Protocol Identifier value from an obtained data packet. The detecting method may further include searching in a record table containing a correspondence relationship between an Internet Protocol Identifier value and a terminal serial number to determine whether the record table contains an adjacent Internet Protocol Identifier value smaller than the extracted Internet Protocol Identifier value and modifying the adjacent Internet Protocol Identifier value that is smaller than the extracted Internet Protocol Identifier value to be the extracted Internet Protocol Identifier value if the record table contains the adjacent Internet Protocol Identifier value smaller than the extracted Internet Protocol Identifier value. Otherwise, the detecting method may also include, adding a new record of the extracted Internet Protocol Identifier value and the corresponding terminal serial number into the record table. When a notification is received, the detecting method may calculate the number of terminal serial numbers in the record table and output the number of terminal serial numbers as the number of hosts. The provided detecting method may further provide a corresponding statistic and analyzing server and a detecting system. | 01-21-2010 |
20100095351 | METHOD, DEVICE FOR IDENTIFYING SERVICE FLOWS AND METHOD, SYSTEM FOR PROTECTING AGAINST DENY OF SERVICE ATTACK - A method, device for identifying service flows and a method, system for protecting against a denial of service attack are provided. The method for identifying service flows includes: detecting a user access to a target system; dynamically generating a set of user identifier information according to the detected user access to the target system and a preset user access statistical model; when the service flow needs to be identified, extracting the user identifier information from the service flow; comparing the extracted user identifier information with the user identifier information in the set of user identifier information to determine whether they are matched; determining whether the service flow is legal service flow according to the comparison result. | 04-15-2010 |
20110093716 | METHOD, SYSTEM AND APPARATUS FOR ESTABLISHING COMMUNICATION - A method, a system, and an apparatus for establishing communication are disclosed. The method is invented to establish communication between at least two communication parties including a first communication party and a second communication party. The method includes: sending a Cryptographically Generated Address (CGA) request to the first communication party; receiving CGA parameters and a CGA signature returned by the first communication party; and authenticating the CGA parameters and the CGA signature, and establishing communication with the first communication party if the authentication succeeds. By using the method disclosed herein, in the process of establishing communication, the communication party authenticates the CGA parameters and CGA signature carried in the CGA extension header to determine authenticity of the CGA, thus preventing the IP address spoofing and preventing or mitigating the network security problems caused by the IP address spoofing. | 04-21-2011 |
Patent application number | Description | Published |
20110211685 | METHOD, APPARATUS, PROXY SERVER AND TERMINAL FOR FILTERING OUT SPAM CALL - A method for filtering out a spam call includes: transmitting test information to a calling terminal when receiving a call request from the calling terminal; determining whether feedback information corresponding to the test information and generated by the calling terminal in a one-key reply manner is correct; if the feedback information is incorrect, determining the call request as a spam call request, and filtering out the call request. An apparatus, a proxy server and a terminal are further provided, so as to effectively determine whether a call request from a calling terminal is a spam call request initiated by a machine or software, therefore improving the security and accuracy of a test, and reducing the cost as there is no need to install a speech recognition system. | 09-01-2011 |
20120284218 | NEURON DEVICE AND NEURAL NETWORK - A neuron device includes a bottom electrode, a top electrode, and a layer of metal oxide variable resistance material sandwiched between the bottom electrode and the top electrode, in which the neuron device is switched to a normal state upon application of reset pulse, and is switched to an excitation state upon application of stimulus pulses. The neuron device has a comprehensive response to different amplitude, different width of a stimulus voltage pulse and different number of a sequence of stimulus pulses, and provides functionalities of a weighting section and a computing section. The neuron device has a simple structure, excellent scalability, quick speed, low operation voltage, and is compatible with the conventional silicon-based CMOS fabrication process, and thus suitable for mass production. The neuron device is capable of performing many biological functions and complex logic operations. | 11-08-2012 |
20120300776 | METHOD FOR CREATING VIRTUAL LINK, COMMUNICATION NETWORK ELEMENT, AND ETHERNET NETWORK SYSTEM - Embodiments of the present invention provide a method for creating a virtual link, a communication network element, and an Ethernet network system. The method includes the following: a first communication network element receives a communication request message sent by a second communication network element; the first communication network element allocates a first virtual MAC address and a second virtual MAC address for the virtual link between the first communication network element and the second communication network element; the first communication network element sends a response message in response to the communication request message to the second communication network element, where the response message carries the first virtual MAC address and the second virtual MAC address. Using the technical solutions provided in the embodiments of the present invention, two communication network elements on the Ethernet are capable of performing communication using a fibre channel on the Ethernet. | 11-29-2012 |
20130033922 | RESISTIVE-SWITCHING DEVICE CAPABLE OF IMPLEMENTING MULTIARY ADDITION OPERATION AND METHOD FOR MULTIARY ADDITION OPERATION - The present disclosure provides a resistive-switching device capable of implementing multiary addition operation and a method for implementing multiary addition operation using the resistive-switching device. The resistive-switching device has a plurality of resistance values each corresponding to a respective data value stored by the resistive-switching device and ranging from a high resistance value to a low resistance value. The data value stored by the resistive-switching device is increased by ‘1’ successively with a series of set pulses having a same pulse width and a same voltage amplitude being applied thereto. The data value stored by the resistive-switching device is set to ‘0’ with a reset pulse being applied thereto, and meanwhile a data value stored by a higher-bit resistive-switching device is increased by ‘1’ with a set pulse being applied thereto. In this way, multiary addition operation is implemented. The operation of the resistive-switching device can implement data storage and the multiary addition operation simultaneously, and thus substantially simplifies the circuit structure. As a result, the data storage can be integrated with calculation. | 02-07-2013 |
20130094281 | METHOD FOR MEASURING DATA RETENTION CHARACTERISTIC OF RESISTIVE RANDOM ACCESS MEMORY DEVICE - A method for measuring data retention characteristic of an RRAM device includes: a) controlling a temperature of a sample stage to maintain the RRAM device at a predetermined temperature; b) setting the RRAM device to a high-resistance state or a low-resistance state; c) measuring data retention time by applying a predetermined voltage to the RRAM device so that a resistive state failure of the RRAM device occurs; d) repeating the steps a)-c) to perform a plurality of measurements; e) calculating a resistive state failure probability F(t) of the RRAM device from the data retention time in the plurality of measurements; and f) fitting the resistive state failure probability F(t), and calculating predicted data retention time t | 04-18-2013 |
20130119337 | RESISTIVE-SWITCHING DEVICE CAPABLE OF IMPLEMENTING MULTIARY ADDITION OPERATION AND METHOD FOR MULTIARY ADDITION OPERATION - A resistive-switching random access memory device includes a memory cell disposed between a bit line and a word line, the memory cell having a resistive-switching element ( | 05-16-2013 |
20130128653 | RESISTIVE RADOM ACCESS MEMORY DEVICE, METHOD FOR MANUFACTURING THE SAME, AND METHOD FOR OPERATING THE SAME - A resistive random access memory device, a method for manufacturing the resistive random access memory device, and a method for operating the resistive random access memory device are disclosed. The resistive random access memory device includes a resistive switching memory element including two electrodes and a layer of variable-resistance material between the two electrodes, wherein the layer of variable-resistance material exhibits bipolar resistive switching behavior; and a Schottky diode including a metal layer and a p-doped semiconductor layer which contact each other, wherein the metal layer of the Schottky diode is coupled to one of the two electrodes of the resistive switching memory element. The present disclosure provides the resistive random access memory device operating in bipolar resistive switching scheme. | 05-23-2013 |
20130315242 | Network Communication Method and Device - The present invention provides a network communication method and device. The method includes: receiving, by a VNC on a physical host, a network communication packet sent by a first virtual machine of which a host machine is the physical host and which has a mapping relationship with the VNC, where a source address carried in the network communication packet is an address of the first virtual machine, a destination address carried in the network communication packet is an address of a second virtual machine or an address of another physical host; selecting, by the physical host, a VPN network corresponding to the VNC on the physical host according to preset correspondence between the VPN network and the VNC; and sending, by the physical host, the network communication packet through the selected VPN network. The present invention lowers the restriction on setting an IP address of a virtual machine in a VPN. | 11-28-2013 |
20140347913 | RESISTIVE SWITCHING MEMORY DEVICE AND METHOD FOR OPERATING THE SAME - A resistive switching memory device and a method for operating the same are disclosed. The device includes a plurality of resistive switching memory units arranged in a matrix, each of which includes a switching element and a resistive switching device, and the switching element being connected to a word line at its control terminal, to the resistive switching device at one terminal, and to a bit line at the other terminal; a word line decoder adapted to decode an input address signal to switch on the switching element in at least one of resistive switching memory units; and a driving circuit adapted to apply a voltage pulse whose front edge changes slowly across the resistive switching device by the bit line synchronously with the switching-on of the switching element. Using the scheme of the above embodiments, the durability characteristic of the resistive switching device can be improved, such as degradation of high-low resistance value window and the failure of the device with transition times can be reduced. | 11-27-2014 |
20140359137 | METHOD, APPARATUS, NAME SERVER AND SYSTEM FOR ESTABLISHING FCOE COMMUNICATION CONNECTION - Embodiments of the present invention disclose a method, an apparatus, and a system for establishing an FCoE communication connection and a name server. According to a WWN world wide name identifier of a target to be accessed, a destination MAC address used to access the target to be accessed is acquired. According to the destination MAC address, a login operation is performed for the target to be accessed, to establish an FCoE fiber channel over Ethernet communication connection, so that an FCoE initiator may directly establish a communication connection with an FCoE target, thereby reducing data transmission delay and lightening the processing load of an original FCoE forwarder. | 12-04-2014 |
20150079931 | COMMUNICATIONS METHOD, DEVICE AND SYSTEM IN MOBILE BACKHAUL TRANSPORT NETWORK - A communications method, device, and system in a mobile backhaul transport network are used to resolve a problem in the prior art that communication security in a backhaul transport network cannot be ensured in an LTE scenario. A first network node sends a request message to a control server in the mobile backhaul transport network, where the request message is used to request security information of a second network node in the mobile backhaul transport network; the first network node receives the security information of the second network node, which is returned by the control server; the first network node establishes a secure tunnel with the second network node according to the security information of the second network node to perform communication. This enables two network nodes in a mobile backhaul transport network to perform secure communication and ensures security of communication between network nodes. | 03-19-2015 |
Patent application number | Description | Published |
20120147149 | SYSTEM AND METHOD FOR TRAINING A MODEL IN A PLURALITY OF NON-PERSPECTIVE CAMERAS AND DETERMINING 3D POSE OF AN OBJECT AT RUNTIME WITH THE SAME - This invention provides a system and method for training and performing runtime 3D pose determination of an object using a plurality of camera assemblies in a 3D vision system. The cameras are arranged at different orientations with respect to a scene, so as to acquire contemporaneous images of an object, both at training and runtime. Each of the camera assemblies includes a non-perspective lens that acquires a respective non-perspective image for use in the process. The searched object features in one of the acquired non-perspective image can be used to define the expected location of object features in the second (or subsequent) non-perspective images based upon an affine transform, which is computed based upon at least a subset of the intrinsics and extrinsics of each camera. The locations of features in the second, and subsequent, non-perspective images can be refined by searching within the expected location of those images. This approach can be used in training, to generate the training model, and in runtime operating on acquired images of runtime objects. The non-perspective cameras can employ telecentric lenses. | 06-14-2012 |
20120148145 | SYSTEM AND METHOD FOR FINDING CORRESPONDENCE BETWEEN CAMERAS IN A THREE-DIMENSIONAL VISION SYSTEM - This invention provides a system and method for determining correspondence between camera assemblies in a 3D vision system implementation having a plurality of cameras arranged at different orientations with respect to a scene, so as to acquire contemporaneous images of a runtime object and determine the pose of the object, and in which at least one of the camera assemblies includes a non-perspective lens. The searched 2D object features of the acquired non-perspective image, corresponding to trained object features in the non-perspective camera assembly, can be combined with the searched 2D object features in images of other camera assemblies (perspective or non-perspective), based on their trained object features to generate a set of 3D image features and thereby determine a 3D pose of the object. In this manner the speed and accuracy of the overall pose determination process is improved. The non-perspective lens can be a telecentric lens. | 06-14-2012 |
20130155199 | Multi-Part Corresponder for Multiple Cameras - Described are methods, systems, and apparatus, including computer program products for finding correspondences of one or more parts in a camera image of two or more cameras. For a first part in a first camera image of a first camera, a first 3D ray that is a first back-projection of a first feature coordinate of the first part in the first camera image to a 3D physical space is calculated. For a second part in a second camera image of a second camera, a second 3D ray that is a second back-projection of a second feature coordinate of the second part in the second camera image to the 3D physical space is calculated, wherein the first feature coordinate and the second feature coordinate correspond to a first feature as identified in a model. A first distance between the first 3D ray and the second 3D ray is calculated. | 06-20-2013 |