Patents by Inventor Ronald W. Szeto
Ronald W. Szeto has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).
-
Patent number: 9332066Abstract: Each service in a computer network may have a connection rate limit. The number of new connections per time period may be limited by using a series of rules. In a specific embodiment of the present invention, a counter is increased each time a server is selected to handle a connection request. For each service, connections coming in are tracked. Therefore, the source of connection-request packets need not be examined. Only the destination service is important. This saves significant time in the examination of the incoming requests. Each service may have its own set of rules to best handle the new traffic for its particular situation. For server load balancing, a reset may be sent to the source address of the new connection request. For transparent cache switching, the connection request may be forwarded to the Internet.Type: GrantFiled: September 20, 2013Date of Patent: May 3, 2016Assignee: Foundry Networks, LLCInventors: Ronald W. Szeto, David Chun-Ying Cheung, Rajkumar Jalan
-
Patent number: 8893256Abstract: A system and method that provides for protection of a CPU of a router, by establishing a management port on a router. Hosts which are connected to a non-management ports of the router are denied access to management functions of a CPU of the router. The system and method can utilize an application specific integrated circuit, in conjunction with a CAM-ACL, which analyzes data packets received on the ports of router, and the ASIC operates to drop data packets which are directed to the CPU of the router. This system and method operates to filter data packets which may be generated in attempts to hack in to control functions of a network device, and the operation does not require that the CPU analyze all received data packets in connection with determining access to the control functions of the router.Type: GrantFiled: June 30, 2010Date of Patent: November 18, 2014Assignee: Brocade Communications Systems, Inc.Inventors: Ronald W. Szeto, Philip Kwan, Raymond Wai-Kit Kwong
-
Patent number: 8819252Abstract: Transaction rate limiting is provided to monitor new connections. If the number of new connections requested by a particular client exceeds a predetermined threshold value, then the client may be frozen out for a configured period of time. By denying access for the configured period of time, the client is prevented from monopolizing a particular client. Additionally, if the client does have malicious intent, a denial of service attack may be thwarted. The denial of service may be accomplished without alerting the client. This prevents a malicious client from regrouping and attempting an assault via a different mechanism.Type: GrantFiled: May 3, 2002Date of Patent: August 26, 2014Assignee: Foundry Networks, LLCInventors: Ronald W. Szeto, David Chun Ying Cheung, Rajkumar Jalan, Sridhar J. Devarapalli
-
Publication number: 20140025772Abstract: Each service in a computer network may have a connection rate limit. The number of new connections per time period may be limited by using a series of rules. In a specific embodiment of the present invention, a counter is increased each time a server is selected to handle a connection request. For each service, connections coming in are tracked. Therefore, the source of connection-request packets need not be examined. Only the destination service is important. This saves significant time in the examination of the incoming requests. Each service may have its own set of rules to best handle the new traffic for its particular situation. For server load balancing, a reset may be sent to the source address of the new connection request. For transparent cache switching, the connection request maybe forwarded to the Internet.Type: ApplicationFiled: September 20, 2013Publication date: January 23, 2014Applicant: Brocade Communications Systems, Inc.Inventors: Ronald W. Szeto, David Chun Ying Cheung, Rajkumar Jalan
-
Patent number: 8572228Abstract: Each service in a computer network may have a connection rate limit. The number of new connections per time period may be limited by using a series of rules. In a specific embodiment of the present invention, a counter is increased each time a server is selected to handle a connection request. For each service, connections coming in are tracked. Therefore, the source of connection-request packets need not be examined. Only the destination service is important. This saves significant time in the examination of the incoming requests. Each service may have its own set of rules to best handle the new traffic for its particular situation. For server load balancing, a reset may be sent to the source address of the new connection request. For transparent cache switching, the connection request may be forwarded to the Internet.Type: GrantFiled: May 21, 2010Date of Patent: October 29, 2013Assignee: Foundry Networks, LLCInventors: Ronald W. Szeto, David Chun Ying Cheung, Rajkumar Jalan
-
Patent number: 8554929Abstract: Each service in a computer network may have a connection rate limit. The number of new connections per time period may be limited by using a series of rules. In a specific embodiment of the present invention, a counter is increased each time a server is selected to handle a connection request. For each service, connections coming in are tracked. Therefore, the source of connection-request packets need not be examined. Only the destination service is important. This saves significant time in the examination of the incoming requests. Each service may have its own set of rules to best handle the new traffic for its particular situation. For server load balancing, a reset may be sent to the source address of the new connection request. For transparent cache switching, the connection request may be forwarded to the Internet.Type: GrantFiled: May 3, 2002Date of Patent: October 8, 2013Assignee: Foundry Networks, LLCInventors: Ronald W. Szeto, David Chun Ying Cheung, Rajkumar Jalan
-
Patent number: 8533823Abstract: A system and method that provides for using source IP addresses and MAC addresses in a network to provide security against attempts by users of the network to use false source IP addresses in data packets. The system and method provide for analyzing MAC addresses and source IP addresses at the datalink (layer 2) level, and to use the information derived from such analysis to block access through a port where a host device is using a false, or spoofed, source IP address in transmitted data packets. Further, the system and method provide for validating initially learned source IP addresses, and for determining whether the number of unsuccessful attempts to validate new source IP addresses exceeds a threshold level, and where the number does exceed the threshold number the system and method can provide for operation in a possible attack mode.Type: GrantFiled: February 25, 2009Date of Patent: September 10, 2013Assignee: Foundry Networks, LLCInventors: Ronald W. Szeto, Nitin Jain, Ravindran Suresh, Philip Kwan
-
Publication number: 20110082947Abstract: Each service in a computer network may have a connection rate limit. The number of new connections per time period may be limited by using a series of rules. In a specific embodiment of the present invention, a counter is increased each time a server is selected to handle a connection request. For each service, connections coming in are tracked. Therefore, the source of connection-request packets need not be examined. Only the destination service is important. This saves significant time in the examination of the incoming requests. Each service may have its own set of rules to best handle the new traffic for its particular situation.Type: ApplicationFiled: March 12, 2010Publication date: April 7, 2011Inventors: Ronald W. Szeto, David Chun Ying Cheung, Rajkumar Jalan
-
Publication number: 20100333191Abstract: A system and method that provides for protection of a CPU of a router, by establishing a management port on a router. Hosts which are connected to a non-management ports of the router are denied access to management functions of a CPU of the router. The system and method can utilize an application specific integrated circuit, in conjunction with a CAM-ACL, which analyzes data packets received on the ports of router, and the ASIC operates to drop data packets which are directed to the CPU of the router. This system and method operates to filter data packets which may be generated in attempts to hack in to control functions of a network device, and the operation does not require that the CPU analyze all received data packets in connection with determining access to the control functions of the router.Type: ApplicationFiled: June 30, 2010Publication date: December 30, 2010Applicant: Foundry Networks, Inc.Inventors: Ronald W. Szeto, Philip Kwan, Raymond Wai-Kit Kwong
-
Publication number: 20100235507Abstract: Each service in a computer network may have a connection rate limit. The number of new connections per time period may be limited by using a series of rules. In a specific embodiment of the present invention, a counter is increased each time a server is selected to handle a connection request. For each service, connections coming in are tracked. Therefore, the source of connection-request packets need not be examined. Only the destination service is important. This saves significant time in the examination of the incoming requests. Each service may have its own set of rules to best handle the new traffic for its particular situation. For server load balancing, a reset may be sent to the source address of the new connection request. For transparent cache switching, the connection request may be forwarded to the Internet.Type: ApplicationFiled: May 21, 2010Publication date: September 16, 2010Applicant: Brocade Communications Systems, Inc.Inventors: Ronald W. Szeto, David Chun Ying Cheung, Rajkumar Jalan
-
Patent number: 7774482Abstract: Each service in a computer network may have a connection rate limit. The number of new connections per time period may be limited by using a series of rules. In a specific embodiment of the present invention, a counter is increased each time a server is selected to handle a connection request. For each service, connections coming in are tracked. Therefore, the source of connection-request packets need not be examined. Only the destination service is important. This saves significant time in the examination of the incoming requests. Each service may have its own set of rules to best handle the new traffic for its particular situation. For server load balancing, a reset may be sent to the source address of the new connection request. For transparent cache switching, the connection request may be forwarded to the Internet.Type: GrantFiled: May 3, 2002Date of Patent: August 10, 2010Assignee: Foundry Networks, Inc.Inventors: Ronald W. Szeto, David Chun Ying Cheung, Rajkumar Jalan
-
Patent number: 7774833Abstract: A system and method that provides for protection of a CPU of a router, by establishing a management port on a router. Hosts which are connected to a non-management ports of the router are denied access to management functions of a CPU of the router. The system and method can utilize an application specific integrated circuit, in conjunction with a CAM-ACL, which analyzes data packets received on the ports of router, and the ASIC operates to drop data packets which are directed to the CPU of the router. This system and method operates to filter data packets which may be generated in attempts to hack in to control functions of a network device, and the operation does not require that the CPU analyze all received data packets in connection with determining access to the control functions of the router.Type: GrantFiled: September 23, 2003Date of Patent: August 10, 2010Assignee: Foundry Networks, Inc.Inventors: Ronald W. Szeto, Philip Kwan, Raymond Wai-Kit Kwong
-
Patent number: 7707295Abstract: Each service in a computer network may have a connection rate limit. The number of new connections per time period may be limited by using a series of rules. In a specific embodiment of the present invention, a counter is increased each time a server is selected to handle a connection request. For each service, connections coming in are tracked. Therefore, the source of connection-request packets need not be examined. Only the destination service is important. This saves significant time in the examination of the incoming requests. Each service may have its own set of rules to best handle the new traffic for its particular situation.Type: GrantFiled: May 3, 2002Date of Patent: April 27, 2010Assignee: Foundry Networks, Inc.Inventors: Ronald W. Szeto, David Chun Ying Cheung, Rajkumar Jalan
-
Publication number: 20090260083Abstract: A system and method that provides for using source IP addresses and MAC addresses in a network to provide security against attempts by users of the network to use false source IP addresses in data packets. The system and method provide for analyzing MAC addresses and source IP addresses at the datalink (layer 2) level, and to use the information derived from such analysis to block access through a port where a host device is using a false, or spoofed, source IP address in transmitted data packets. Further, the system and method provide for validating initially learned source IP addresses, and for determining whether the number of unsuccessful attempts to validate new source IP addresses exceeds a threshold level, and where the number does exceed the threshold number the system and method can provide for operation in a possible attack mode.Type: ApplicationFiled: February 25, 2009Publication date: October 15, 2009Applicant: Foundry Networks, Inc.Inventors: Ronald W. Szeto, Nitin Jain, Ravindran Suresh, Philip Kwan
-
Patent number: 7516487Abstract: A system and method that provides for using source IP addresses and MAC addresses in a network to provide security against attempts by users of the network to use false source IP addresses in data packets. The system and method provide for analyzing MAC addresses and source IP addresses at the datalink (layer 2) level, and to use the information derived from such analysis to block access through a port where a host device is using a false, or spoofed, source IP address in transmitted data packets. Further, the system and method provide for validating initially learned source IP addresses, and for determining whether the number of unsuccessful attempts to validate new source IP addresses exceeds a threshold level, and where the number does exceed the threshold number the system and method can provide for operation in a possible attack mode.Type: GrantFiled: May 20, 2004Date of Patent: April 7, 2009Assignee: Foundry Networks, Inc.Inventors: Ronald W. Szeto, Nitin Jain, Ravindran Suresh, Philip Kwan