The present invention provides a fast categorizing device for network packets and categorizing method, which categorizes the packets by dividing the packet head into a plurality of processing units, and extracts the related elements from a rules table based on the value of each processing unit, wherein each element represents a bit stream and conducting the bitwise-AND operation on all the extracted bit streams; and, obtaining a rule identification code from the result of operation, so as to real-time and rapidly complete the categorizing for network packets.
The present invention provides a fast categorizing device for network packets and categorizing method, which categorizes the packets by dividing the packet head into a plurality of processing units, and extracts the related elements from a rules table based on the value of each processing unit, wherein each element represents a bit stream and conducting the bitwise-AND operation on all the extracted bit streams; and, obtaining a rule identification code from the result of operation, so as to real-time and rapidly complete the categorizing for network packets.
A multiple changeable addressing mapping circuit is disclosed for converting an input logic address of a field array in a data array into an output physical address. The circuit has multiple address mappers for process the conversion between the input logical address and the output physical address. The circuit also has a mapper selector for selecting an address mapper to output physical address. The circuit further has a control and interface circuit for setting the registers in the address mapper, and controlling the address mapper and mapper selector.
技術摘要-英文: A multiple changeable addressing mapping circuit is disclosed for converting an input logic address of a field array in a data array into an output physical address. The circuit has multiple address mappers for process the conversion between the input logical address and the output physical address. The circuit also has a mapper selector for selecting an address mapper to output physical address. The circuit further has a control and interface circuit for setting the registers in the address mapper, and controlling the address mapper and mapper selector.
Two stages of PPP negotiations are adopted for users to access a virtual private network (VPN). The access concentrator for providing PPP connections is designed to provide the two-stage connection. In the first stage, a user is verified as an authenticated VPN user, and a first network address is assigned. In the second stage, a service requested by the authenticated user is decoded for determining either the service being a VPN service or a non-VPN service. If the service is a non-VPN service, the request is processed by reference to the network address. Otherwise, a second PPP negotiation is executed between the access concentrator and a server in a VPN, and then the server of the VPN assigns the user a VPN address for providing VPN service.
技術摘要-英文: Two stages of PPP negotiations are adopted for users to access a virtual private network (VPN). The access concentrator for providing PPP connections is designed to provide the two-stage connection. In the first stage, a user is verified as an authenticated VPN user, and a first network address is assigned. In the second stage, a service requested by the authenticated user is decoded for determining either the service being a VPN service or a non-VPN service. If the service is a non-VPN service, the request is processed by reference to the network address. Otherwise, a second PPP negotiation is executed between the access concentrator and a server in a VPN, and then the server of the VPN assigns the user a VPN address for providing VPN service.
A multiple changeable addressing mapping circuit is disclosed for converting an input logic address of a field array in a data array into an output physical address. The circuit has multiple address mappers for process the conversion between the input logical address and the output physical address. The circuit also has a mapper selector for selecting an address mapper to output physical address. The circuit further has a control and interface circuit for setting the registers in the address mapper, and controlling the address mapper and mapper selector.
技術摘要-英文: A multiple changeable addressing mapping circuit is disclosed for converting an input logic address of a field array in a data array into an output physical address. The circuit has multiple address mappers for process the conversion between the input logical address and the output physical address. The circuit also has a mapper selector for selecting an address mapper to output physical address. The circuit further has a control and interface circuit for setting the registers in the address mapper, and controlling the address mapper and mapper selector.
一種在非安全的通訊管道中私密資料下載協定,可讓使用者們能夠記住自己的密碼由伺服器下載他們的秘密金匙,但使用者不需傳送自己的密碼到伺服器。這個協定包含兩個步驟的傳送但非常安全,在第一步驟是由使用者傳送ID, V, K 到伺服器端,在伺服器端收到這些值後,伺服器有辦法確認使用者是否為真(user authentication),其中伺服器端儲存有以Pa及ID為參數之雜湊函數所運算之值。
技術摘要-英文
There is provided a private data downloading protocol in a non-security communication channel, which allows the user to memorize his/her password to download the private key from a server, while the user is not required to transmit his/her password to the server. The protocol includes two steps of transmitting, but it is very safe. In the first step, the user transmits ID, V, K to the server side. After the server has received the values, the server is able to confirm the authentication, wherein the server side is stored with values generated by a hash function using Pa and ID as parameters.
技術摘要-中文: 一種在非安全的通訊管道中私密資料下載協定,可讓使用者們能夠記住自己的密碼由伺服器下載他們的秘密金匙,但使用者不需傳送自己的密碼到伺服器。這個協定包含兩個步驟的傳送但非常安全,在第一步驟是由使用者傳送ID, V, K 到伺服器端,在伺服器端收到這些值後,伺服器有辦法確認使用者是否為真(user authentication),其中伺服器端儲存有以Pa及ID為參數之雜湊函數所運算之值。
技術摘要-英文: There is provided a private data downloading protocol in a non-security communication channel, which allows the user to memorize his/her password to download the private key from a server, while the user is not required to transmit his/her password to the server. The protocol includes two steps of transmitting, but it is very safe. In the first step, the user transmits ID, V, K to the server side. After the server has received the values, the server is able to confirm the authentication, wherein the server side is stored with values generated by a hash function using Pa and ID as parameters.
In a multiple access control system with intelligent bandwidth allocation for wireless ATM networks, an intelligent bandwidth allocator is provided for statically allocating reservation type bandwidth and dynamically allocating contention type bandwidth to the mobile terminal. A traffic estimator/predicator is provided for predicting the CNF value of a subsequent frame by the CNF value of at least one frame, and determining the number of the SCR slots and ABR slots to be allocated. A multiple access controller is used for providing the reservation type bandwidth with a multiple access function in a reservation access manner, and providing the contention type bandwidth with a multiple access function in a contention access manner.
技術摘要-英文: In a multiple access control system with intelligent bandwidth allocation for wireless ATM networks, an intelligent bandwidth allocator is provided for statically allocating reservation type bandwidth and dynamically allocating contention type bandwidth to the mobile terminal. A traffic estimator/predicator is provided for predicting the CNF value of a subsequent frame by the CNF value of at least one frame, and determining the number of the SCR slots and ABR slots to be allocated. A multiple access controller is used for providing the reservation type bandwidth with a multiple access function in a reservation access manner, and providing the contention type bandwidth with a multiple access function in a contention access manner.
A flexible and high-speed network package classifying method is disclosed. A two dimensional transpose array is used to classify packages based on the tokens of fields provided by the package headers of the packages. In the first stage, an index of the field in a bit stream pool is found at first. In the second stage, based on the index, a corresponding bit stream is determined from the bit stream pool. Then, a proper package classification is acquired by the operation upon these bit streams.
技術摘要-英文
A flexible and high-speed network packet classifying method is disclosed. A plurality of aggregated flows (Aflows) are defined, each corresponding to an Aflow ID and described by symbols in fields of headers of a plurality of network packets. The tokens of the fields of the headers of the plurality of network packets are extracted. A bit stream pool of a memory is indexed responsive to the token of the field by using a two-stage index manager, wherein the bit stream pool has a plurality of bit streams, each having a plurality of bits arranged serially, and each bit corresponds to an aggregated flow. A bits-and operation is performed for a plurality of bit streams obtained from the bit stream pool for classifying network packets.
技術摘要-中文: A flexible and high-speed network package classifying method is disclosed. A two dimensional transpose array is used to classify packages based on the tokens of fields provided by the package headers of the packages. In the first stage, an index of the field in a bit stream pool is found at first. In the second stage, based on the index, a corresponding bit stream is determined from the bit stream pool. Then, a proper package classification is acquired by the operation upon these bit streams.
技術摘要-英文: A flexible and high-speed network packet classifying method is disclosed. A plurality of aggregated flows (Aflows) are defined, each corresponding to an Aflow ID and described by symbols in fields of headers of a plurality of network packets. The tokens of the fields of the headers of the plurality of network packets are extracted. A bit stream pool of a memory is indexed responsive to the token of the field by using a two-stage index manager, wherein the bit stream pool has a plurality of bit streams, each having a plurality of bits arranged serially, and each bit corresponds to an aggregated flow. A bits-and operation is performed for a plurality of bit streams obtained from the bit stream pool for classifying network packets.
The present invention provides a method for improving smooth handover in mobile communication, wherein when the mobile terminal device detects a message requesting registration sent by the agent server at a time, the time to the time period requesting registration last time is less than a default value, and the new registration request is ignored; otherwise, it will proceed a normal registration procedure. In the agent server, when it receives a new registration request and if the state of the previous registration request is the state like confirmation, tunnel generation or proxy ARP, the original registration request is deleted and only the new registration request is processed. If the state of prior registration request is sending response, it will continue processing the old registration request. Thus, the message amount sent by the mobile terminal device can be effectively reduced and the registration procedure is sorted.
技術摘要-英文: The present invention provides a method for improving smooth handover in mobile communication, wherein when the mobile terminal device detects a message requesting registration sent by the agent server at a time, the time to the time period requesting registration last time is less than a default value, and the new registration request is ignored; otherwise, it will proceed a normal registration procedure. In the agent server, when it receives a new registration request and if the state of the previous registration request is the state like confirmation, tunnel generation or proxy ARP, the original registration request is deleted and only the new registration request is processed. If the state of prior registration request is sending response, it will continue processing the old registration request. Thus, the message amount sent by the mobile terminal device can be effectively reduced and the registration procedure is sorted.